On Sat, Jun 03, 2023 at 06:39:12PM -0400, Tian Lan wrote:
> From: Tian Lan <tian.lan@xxxxxxxxxxxx>
>
> The nr_active counter continues to increase over time which causes the
> blk_mq_get_tag to hang until the thread is rescheduled to a different
> core despite there are still tags available.
>
> kernel-stack
>
> INFO: task inboundIOReacto:3014879 blocked for more than 2 seconds
> Not tainted 6.1.15-amd64 #1 Debian 6.1.15~debian11
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:inboundIORe state:D stack:0 pid:3014879 ppid:4557 flags:0x00000000
> Call Trace:
> <TASK>
> __schedule+0x351/0xa20
> scheduler+0x5d/0xe0
> io_schedule+0x42/0x70
> blk_mq_get_tag+0x11a/0x2a0
> ? dequeue_task_stop+0x70/0x70
> __blk_mq_alloc_requests+0x191/0x2e0
>
> kprobe output showing RQF_MQ_INFLIGHT bit is not cleared before
> __blk_mq_free_request being called.
>
> 320 320 kworker/29:1H __blk_mq_free_request rq_flags 0x220c0
> b'__blk_mq_free_request+0x1 [kernel]'
> b'bt_iter+0x50 [kernel]'
> b'blk_mq_queue_tag_busy_iter+0x318 [kernel]'
> b'blk_mq_timeout_work+0x7c [kernel]'
> b'process_one_work+0x1c4 [kernel]'
> b'worker_thread+0x4d [kernel]'
> b'kthread+0xe6 [kernel]'
> b'ret_from_fork+0x1f [kernel]'
>
> This issue arises when both bt_iter() and blk_mq_end_request_batch()
> are iterating on the same request. The leak happens when
> blk_mq_find_and_get_req() is executed(from bt_iter) before
> req_ref_put_and_test() gets called by blk_mq_end_request_batch().
> And because non-flush request freed by blk_mq_put_rq_ref() bypasses the
> active request tracking, the counter would slowly leak overtime.
>
> Fixes: f794f3351f26 ("block: add support for blk_mq_end_request_batch()")
f794f3351f26 is merged to v5.16, and the leak starts.
> Fixes: 2e315dc07df0 ("blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter")
2e315dc07df0 is merged to v5.14, when everything is just fine.
Both two aren't marked as -stable, so 'Fixes: 2e315dc07df0' is actually
not correct.
thanks,
Ming
