On Wed, 2019-03-13 at 13:19 -0700, James Smart wrote: +AD4 I've got an oops for the following stack: +AD4 ... +AD4 lpfc+AF8-send+AF8-taskmgmt+-0x28a +AFs-lpfc+AF0 +AD4 lpfc+AF8-bus+AF8-reset+AF8-handler+-0x16a +AFs-lpfc+AF0 +AD4 scsi+AF8-try+AF8-bus+AF8-reset+-0x3a +AD4 scsi+AF8-ioctl+AF8-reset+-0x143 +AD4 scsi+AF8-ioctl+-0x18e +AFs-sg+AF0 +AD4 +AD4 The issue is that lpfc eventually calls blk+AF8-mq+AF8-unique+AF8-tag() as +AD4 everything is scsi-mq enabled. blk+AF8-mq+AF8-unique+AF8-tag() oops as rq-+AD4-mq+AF8-hctx +AD4 is NULL. It is NULL as scsi+AF8-ioctl+AF8-reset built up a dummy request struct +AD4 without a queue: +AD4 +AD4 +AD4 blk+AF8-rq+AF8-init(NULL, rq)+ADs +AD4 +AD4 +AD4 +AD4 scmd +AD0 (struct scsi+AF8-cmnd +ACo)(rq +- 1)+ADs +AD4 +AD4 scsi+AF8-init+AF8-command(dev, scmd)+ADs +AD4 +AD4 scmd-+AD4-request +AD0 rq+ADs +AD4 +AD4 scmd-+AD4-cmnd +AD0 scsi+AF8-req(rq)-+AD4-cmd+ADs +AD4 +AD4 What's the best way to approach fixing this ? SCSI LLD bus reset handlers may use the members initialized by scsi+AF8-ioctl+AF8-reset() but must not assume that all other struct scsi+AF8-cmnd members are valid. Several years ago a similar crash was fixed in ib+AF8-srp. Bart.
