On Thu, Apr 14, 2022 at 06:44:09PM +0200, Michal Koutný wrote:
I suspect the double-queuing is a result of the fact that there exists only the single reference to the css->refcnt. I.e. it's percpu_ref_kill_and_confirm()'d and released both at the same time.
(Normally (when not killing the last reference), css->destroy_work reuse is not a problem because of the sequenced chain css_killed_work_fn()->css_put()->css_release().)
If this is the case, we need to hold an extra reference to be put by the css_killed_work_fn(), right?
Thanks.