On Sun, 2018-04-08 at 16:11 +0800, Joseph Qi wrote: > This is because scsi_remove_device() will call blk_cleanup_queue(), and > then all blkgs have been destroyed and root_blkg is NULL. > Thus tg is NULL and trigger NULL pointer dereference when get td from > tg (tg->td). > It seems that we cannot simply move blkcg_exit_queue() up to > blk_cleanup_queue().
Had you considered to add a blk_queue_enter() / blk_queue_exit() pair in generic_make_request()? blk_queue_enter() namely checks the DYING flag. Thanks, Bart.
