Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753869AbaFIRrS (ORCPT ); Mon, 9 Jun 2014 13:47:18 -0400 Received: from mx1.redhat.com ([209.132.183.28]:31410 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753783AbaFIRrO (ORCPT ); Mon, 9 Jun 2014 13:47:14 -0400 Date: Mon, 9 Jun 2014 13:47:08 -0400 From: Vivek Goyal To: Joe Lawrence Cc: linux-kernel@vger.kernel.org, Tejun Heo Subject: Re: docker crashes rcuos in __blkg_release_rcu Message-ID: <20140609174708.GA31499@redhat.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jun 08, 2014 at 06:22:00PM -0400, Joe Lawrence wrote: [..] > Summary thus far: > > R12: ffff88103c17a130 = struct rcu_head *rcu_head > R13: ffff88103c17a080 = struct blkcg_gq *blkg > ffff88103fc7df90 = struct request_queue *blkg->q (contains 0x6b > poison-pattern) > > commit 2a4fd070 "blkcg: move bulk of blkcg_gq release operations to the > RCU callback" shuffled around some code in this space, introducing the > the calls to spin_[un]lock_irq(blkg->q->queue_lock). > Hi Joe, Thanks for reporting and debugging this issue. So in summary it looks like that we have freed request queue associated with the blkg and when blkg is freed later and tries to access spin lock embedded in request queue, it crashes. So the question is why request queue is being freed early. Are there any reference counting issues. I will spend some more time staring at the code. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/