[PATCH] scsi/mvsas: Fix oops when ata command timeout.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kernel message follows:

[  511.712011] sd 11:0:0:0: [sdf] command ffff8800a4e81400 timed out
[  511.712022] sas: Enter sas_scsi_recover_host busy: 1 failed: 1
[  511.712024] sas: trying to find task 0xffff8800a4d24c80
[  511.712026] sas: sas_scsi_find_task: aborting task 0xffff8800a4d24c80
[  511.712029] drivers/scsi/mvsas/mv_sas.c 1631:mvs_abort_task() mvi=ffff8800b5300000 task=ffff8800a4d24c80 slot=ffff8800b5325038 slot_idx=x0
[  511.712035] BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
[  511.712040] IP: [<ffffffff815f8c0c>] _raw_spin_lock_irqsave+0xc/0x30
[  511.712047] PGD 0 
[  511.712049] Oops: 0002 [#1] SMP 
[  511.712052] Modules linked in: mvsas libsas scsi_transport_sas raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq async_tx [last unloaded: mvsas]
[  511.712062] CPU 3 
[  511.712066] Pid: 7322, comm: scsi_eh_11 Not tainted 3.5.0+ #106 To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M.
[  511.712068] RIP: 0010:[<ffffffff815f8c0c>]  [<ffffffff815f8c0c>] _raw_spin_lock_irqsave+0xc/0x30
[  511.712073] RSP: 0018:ffff880098d3bcb0  EFLAGS: 00010086
[  511.712074] RAX: 0000000000000286 RBX: 0000000000000058 RCX: 00000000000000c3
[  511.712076] RDX: 0000000000000100 RSI: 0000000000000046 RDI: 0000000000000058
[  511.712078] RBP: ffff880098d3bcb0 R08: 000000000000000a R09: 0000000000000000
[  511.712080] R10: 00000000000004e8 R11: 00000000000004e7 R12: ffff8800a4d24c80
[  511.712082] R13: 0000000000000050 R14: ffff8800b5325038 R15: ffff8800a4eafe00
[  511.712084] FS:  0000000000000000(0000) GS:ffff8800bdb80000(0000) knlGS:0000000000000000
[  511.712086] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  511.712088] CR2: 0000000000000058 CR3: 00000000a4ce6000 CR4: 00000000000407e0
[  511.712090] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  511.712091] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  511.712093] Process scsi_eh_11 (pid: 7322, threadinfo ffff880098d3a000, task ffff8800a61dde40)
[  511.712095] Stack:
[  511.712096]  ffff880098d3bce0 ffffffff81060683 ffff880000000000 0000000000000000
[  511.712099]  ffff8800a4d24c80 ffff8800b5300000 ffff880098d3bcf0 ffffffffa0076a88
[  511.712102]  ffff880098d3bd50 ffffffffa0079bb5 ffff880000000000 ffff880000000018
[  511.712106] Call Trace:
[  511.712110]  [<ffffffff81060683>] complete+0x23/0x60
[  511.712115]  [<ffffffffa0076a88>] mvs_tmf_timedout+0x18/0x20 [mvsas]
[  511.712119]  [<ffffffffa0079bb5>] mvs_slot_complete+0x765/0x7d0 [mvsas]
[  511.712125]  [<ffffffffa005a17d>] sas_scsi_recover_host+0x55d/0xdb0 [libsas]
[  511.712128]  [<ffffffff8106d600>] ? idle_balance+0xe0/0x130
[  511.712133]  [<ffffffff813b150c>] scsi_error_handler+0xcc/0x470
[  511.712136]  [<ffffffff815f7ad0>] ? __schedule+0x370/0x730
[  511.712139]  [<ffffffff8105f728>] ? __wake_up_common+0x58/0x90
[  511.712142]  [<ffffffff813b1440>] ? scsi_eh_get_sense+0x110/0x110
[  511.712146]  [<ffffffff810571be>] kthread+0x8e/0xa0
[  511.712150]  [<ffffffff816015f4>] kernel_thread_helper+0x4/0x10
[  511.712153]  [<ffffffff81057130>] ? flush_kthread_work+0x120/0x120
[  511.712156]  [<ffffffff816015f0>] ? gs_change+0xb/0xb
[  511.712157] Code: 8a 00 01 00 00 89 d0 f0 66 0f b1 0f 66 39 d0 0f 94 c0 0f b6 c0 5d c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 9c 58 fa ba 00 01 00 00 <f0> 66 0f c1 17 0f b6 ce 38 d1 74 11 0f 1f 84 00 00 00 00 00 f3 
[  511.712191] RIP  [<ffffffff815f8c0c>] _raw_spin_lock_irqsave+0xc/0x30
[  511.712194]  RSP <ffff880098d3bcb0>
[  511.712196] CR2: 0000000000000058
[  511.712198] ---[ end trace a781c7b1e65db92c ]---

Signed-off-by: Jianpeng Ma <majianpeng@xxxxxxxxx>
---
 drivers/scsi/mvsas/mv_sas.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c
index 4539d59..af6a1c5 100644
--- a/drivers/scsi/mvsas/mv_sas.c
+++ b/drivers/scsi/mvsas/mv_sas.c
@@ -1629,7 +1629,10 @@ int mvs_abort_task(struct sas_task *task)
 			mv_dprintk("mvs_abort_task() mvi=%p task=%p "
 				   "slot=%p slot_idx=x%x\n",
 				   mvi, task, slot, slot_idx);
-			mvs_tmf_timedout((unsigned long)task);
+			if (task->slow_task != NULL)
+				mvs_tmf_timedout((unsigned long)task);
+			else
+				task->task_state_flags |= SAS_TASK_STATE_ABORTED;
 			mvs_slot_task_free(mvi, task, slot, slot_idx);
 			rc = TMF_RESP_FUNC_COMPLETE;
 			goto out;
-- 
1.7.9.5
?韬{.n?????%??檩??w?{.n???{炳??Ф?塄}?财??j:+v??????2??璀??摺?囤??z夸z罐?+?????w棹f
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux