On Thu, Nov 24, 2016 at 7:20 AM, Daniel Borkmann <dan...@iogearbox.net> wrote: > > Ok, strange, qdisc_destroy() calls into ops->destroy(), where ingress > drops its entire chain via tcf_destroy_chain(), so that will be NULL > eventually. The tps are freed by call_rcu() as well as qdisc itself > later on via qdisc_rcu_free(), where it frees per-cpu bstats as well. > Outstanding readers should either bail out due to if (!cl) or can still > process the chain until read section ends, but during that time, cl->q > resp. bstats should be good. Do you happen to know what's at address > ffff880a68b04028? I was wondering wrt call_rcu() vs call_rcu_bh(), but > at least on ingress (netif_receive_skb_internal()) we hold rcu_read_lock() > here. The KASAN report is reliably happening at this location, right?
I am confused as well, I don't see how it could be related to my patch yet. I will take a deep look in the weekend. Thanks!
