On 01/13/15 at 11:14am, Cong Wang wrote: > On Tue, Jan 13, 2015 at 12:41 AM, Thomas Graf <tg...@suug.ch> wrote: > > I can't reproduce it in my KVM box either so far. It looks like a > > mutex_lock() on an uninitialized mutex or use after free but I can't > > find such a code path so far. > > Couldn't that be the delayed work is still running after rhashtable > is destroyed by its caller? I mean, cancel_delayed_work_sync() > should be called in rhashtable_destroy()? > > Of course, it may be caller's responsibility to ensure that, I haven't > looked into it that much.
Yes, we came to the very same conclusion in a different email thread and found the offending race condition. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
