Would anyone please take a look at this ? Thanks in advance Jianchao On 05/23/2018 11:55 AM, jianchao.wang wrote: > > > Hi all > > Our customer met a panic triggered by BUG_ON in blk_finish_request. >>From the dmesg log, the BUG_ON was triggered after command abort occurred many times. > There is a race condition in the following scenario. > > cpu A cpu B > kworker interrupt > > scmd_eh_abort_handler() > -> scsi_try_to_abort_cmd() > -> qla2xxx_eh_abort() > -> qla2x00_eh_wait_on_command() qla2x00_status_entry() > -> qla2x00_sp_compl() > -> qla2x00_sp_free_dma() > -> scsi_queue_insert() > -> __scsi_queue_insert() > -> blk_requeue_request() > -> blk_clear_rq_complete() > -> scsi_done > -> blk_complete_request > -> blk_mark_rq_complete > -> elv_requeue_request() -> __blk_complete_request() > -> __elv_add_request() > // req will be queued here > BLK_SOFTIRQ > scsi_softirq_done() > -> scsi_finish_command() > -> scsi_io_completion() > -> scsi_end_request() > -> blk_finish_request() // BUG_ON(blk_queued_rq(req)) !!! > > The issue will not be triggered most of time, because the request is marked as complete by timeout path. > So the scsi_done from qla2x00_sp_compl does nothing. > But as the scenario above, if the complete state has been cleaned by blk_requeue_request, we will get > the request both requeued and completed, and then BUG_ON(blk_queued_rq(req)) in blk_finish_request comes up. > > Is there any solution for this in qla2xxx driver side ? > > Thanks > Jianchao > >
