fnic_wq_copy_cleanup_handler() is using scsi_host_find_tag() to map id to a scsi command. However, as per discussion on the mailinglist scsi_host_find_tag() might return a non-started request, so we need to check the returned command with blk_mq_request_started() to avoid the function tripping over a non-initialized command. Signed-off-by: Hannes Reinecke <hare@xxxxxxx> --- drivers/scsi/fnic/fnic_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fnic/fnic_scsi.c b/drivers/scsi/fnic/fnic_scsi.c index c7f37afa3069..19324b52c089 100644 --- a/drivers/scsi/fnic/fnic_scsi.c +++ b/drivers/scsi/fnic/fnic_scsi.c @@ -1466,7 +1466,7 @@ void fnic_wq_copy_cleanup_handler(struct vnic_wq_copy *wq, return; sc = scsi_host_find_tag(fnic->lport->host, id); - if (!sc) + if (!sc || !blk_mq_request_started(sc->request)) return; io_lock = fnic_io_lock_hash(fnic, sc); -- 2.29.2
