Potential fix for the following kernel bug report:
authorbvassche <bvassche@d57e44dd-8a1f-0410-8b47-8ef2f437770f>
Fri, 18 Sep 2009 18:58:55 +0000 (18:58 +0000)
committerbvassche <bvassche@d57e44dd-8a1f-0410-8b47-8ef2f437770f>
Fri, 18 Sep 2009 18:58:55 +0000 (18:58 +0000)
 ------------[ cut here ]------------
 ib_srpt: srpt_xmit_response: tag= 26 channel in bad state 2
 scst: ***ERROR***: Target driver ib_srpt xmit_response() returned fatal error
 ib_srpt: srpt_xmit_response: tag= 38 channel in bad state 2
 scst: ***ERROR***: Target driver ib_srpt xmit_response() returned fatal error
 ib_srpt: srpt_xmit_response: tag= 27 channel in bad state 2
<repeated many times>
 kernel BUG at /root/scst/scst/src/scst_targ.c:3089!
 invalid opcode: 0000 [1] SMP
 CPU 0
...
 RIP: 0010:[<ffffffffa04759f6>]  [<ffffffffa04759f6>] scst_tgt_cmd_done+0x26/0x30 [scst]
 RSP: 0018:ffff88039ad27b50  EFLAGS: 00010297
 RAX: 0000000000000200 RBX: ffff8803ad9c68f8 RCX: 0000000000000000
 RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffff8803ad9c68f8
 RBP: ffff88039ad27b50 R08: 0000000000000000 R09: 0000000000000000
 R10: ffff88039ad277c0 R11: ffff88041ad278cf R12: ffff8803c2972180
 R13: ffff88039ada0000 R14: 0000000000000001 R15: ffff8803fb00c2b0
 FS:  0000000000000000(0000) GS:ffffffff807dd000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
 CR2: 00007f9281e64000 CR3: 0000000000201000 CR4: 00000000000006e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Process ib_cm/0 (pid: 8299, threadinfo ffff88039ad26000, task ffff88039ad40000)
 Stack:  ffff88039ad27b80 ffffffffa04c0c47 ffff88039a8db900 ffff8803c2972180
  ffff8803fb00c240 ffff8803fb00c284 ffff88039ad27bc0 ffffffffa04c0d93
  ffff88042a4959c0 ffff88042a9d7800 ffff88042544da00 ffff88042a9d7898
 Call Trace:
  [<ffffffffa04c0c47>] srpt_abort_scst_cmd+0xd7/0x160 [ib_srpt]
  [<ffffffffa04c0d93>] srpt_release_channel+0xc3/0x190 [ib_srpt]
  [<ffffffffa04c0e82>] srpt_find_and_release_channel+0x22/0x30 [ib_srpt]
  [<ffffffffa04c227d>] srpt_cm_handler+0x6d/0xbb8 [ib_srpt]
  [<ffffffff80247526>] ? try_to_wake_up+0x126/0x2f0
  [<ffffffff802476fd>] ? default_wake_function+0xd/0x10
  [<ffffffff80267106>] ?  autoremove_wake_function+0x16/0x40
  [<ffffffff8023c99a>] ? __wake_up_common+0x5a/0x90
  [<ffffffff8023dece>] ? __wake_up+0x4e/0x70
  [<ffffffff80263271>] ? __queue_work+0x41/0x50
  [<ffffffff8026331d>] ? queue_work_on+0x4d/0x60
  [<ffffffff8026344f>] ? queue_work+0x1f/0x30
  [<ffffffff8026350d>] ? queue_delayed_work+0x2d/0x40
  [<ffffffffa0373255>] ? wait_for_response+0xd5/0xe0 [ib_mad]
  [<ffffffffa04b4e07>] cm_process_work+0x27/0x130 [ib_cm]
  [<ffffffffa04b5cf1>] cm_drep_handler+0xf1/0x180 [ib_cm]
  [<ffffffffa04b7790>] ? cm_work_handler+0x0/0x1b8 [ib_cm]
  [<ffffffffa04b7895>] cm_work_handler+0x105/0x1b8 [ib_cm]
  [<ffffffffa04b7790>] ? cm_work_handler+0x0/0x1b8 [ib_cm]
  [<ffffffff802628c2>] run_workqueue+0xc2/0x1a0
  [<ffffffff80262bcf>] worker_thread+0xaf/0x130
  [<ffffffff802670f0>] ? autoremove_wake_function+0x0/0x40
  [<ffffffff80262b20>] ? worker_thread+0x0/0x130
  [<ffffffff80266cbe>] kthread+0x4e/0x90
  [<ffffffff80213c99>] child_rip+0xa/0x11
  [<ffffffff80266c70>] ? kthread+0x0/0x90
  [<ffffffff80213c8f>] ? child_rip+0x0/0x11
 Code: 00 00 00 00 00 55 48 89 e5 e8 a7 cc d9 df 83 7f 28 78 75 17 80 67 2d f7 c7 47 28 0d 00 00 00 ba 01 00 00 00 e8 8c fc ff ff c9 c3 <0f> 0b eb fe 66 0f 1f 44 00 00 55 48 89 e5 41 54 53 e8 74 cc d9
 RIP  [<ffffffffa04759f6>] scst_tgt_cmd_done+0x26/0x30 [scst]
  RSP <ffff88039ad27b50>
 ---[ end trace a7f20725e9471e16 ]---

git-svn-id: https://scst.svn.sourceforge.net/svnroot/scst/trunk@1115 d57e44dd-8a1f-0410-8b47-8ef2f437770f

srpt/src/ib_srpt.c

index f20c467..4be7057 100644 (file)
@@ -904,25 +904,26 @@ static void srpt_abort_scst_cmd(struct srpt_device *sdev,
                                ioctx->state == SRPT_STATE_PROCESSED);
                }
 #endif
+       }
 
-               orig_ioctx_state = ioctx->state;
-               ioctx->state = SRPT_STATE_ABORTED;
+       orig_ioctx_state = ioctx->state;
+       ioctx->state = SRPT_STATE_ABORTED;
 
-               if (orig_ioctx_state == SRPT_STATE_NEED_DATA) {
-                       WARN_ON(scst_cmd_get_data_direction(ioctx->scmnd)
-                               == SCST_DATA_READ);
-                       scst_rx_data(scmnd,
-                                    tell_initiator ? SCST_RX_STATUS_ERROR
-                                    : SCST_RX_STATUS_ERROR_FATAL,
-                                    SCST_CONTEXT_THREAD);
-                       goto out;
-               } else if (ioctx->state == SRPT_STATE_PROCESSED)
-                       ;
-               else
-                       WARN_ON("unexpected cmd state");
-       }
+       if (orig_ioctx_state == SRPT_STATE_NEED_DATA) {
+               WARN_ON(scst_cmd_get_data_direction(ioctx->scmnd)
+                       == SCST_DATA_READ);
+               scst_rx_data(scmnd,
+                            tell_initiator ? SCST_RX_STATUS_ERROR
+                            : SCST_RX_STATUS_ERROR_FATAL,
+                            SCST_CONTEXT_THREAD);
+               goto out;
+       } else if (ioctx->state == SRPT_STATE_PROCESSED)
+               ;
+       else
+               WARN_ON("unexpected cmd state");
 
        scst_set_delivery_status(scmnd, SCST_CMD_DELIVERY_FAILED);
+       WARN_ON(scmnd->state != SCST_CMD_STATE_XMIT_WAIT);
        scst_tgt_cmd_done(scmnd, scst_estimate_context());
 out:
        return;
@@ -960,6 +961,7 @@ static void srpt_handle_send_comp(struct srpt_rdma_ch *ch,
                                     scst_cmd_get_sg_cnt(ioctx->scmnd),
                                     scst_to_tgt_dma_dir(dir));
 
+               WARN_ON(ioctx->scmnd->state != SCST_CMD_STATE_XMIT_WAIT);
                scst_tgt_cmd_done(ioctx->scmnd, context);
        } else
                srpt_reset_ioctx(ch, ioctx);
@@ -2397,6 +2399,7 @@ out_aborted:
        ret = SCST_TGT_RES_SUCCESS;
        scst_set_delivery_status(scmnd, SCST_CMD_DELIVERY_ABORTED);
        ioctx->state = SRPT_STATE_ABORTED;
+       WARN_ON(scmnd->state != SCST_CMD_STATE_XMIT_WAIT);
        scst_tgt_cmd_done(scmnd, SCST_CONTEXT_SAME);
        goto out;
 }