[stgt] help tgt segfault

FUJITA Tomonori fujita.tomonori at lab.ntt.co.jp
Fri Feb 6 08:01:44 CET 2009


On Tue, 03 Feb 2009 12:51:45 +0100
Tomasz Chmielewski <mangoo at wpkg.org> wrote:

> FUJITA Tomonori schrieb:
> 
> (...)
> 
> > Can you try this patch with 0.9.3 and send the log of 0.9.3? Please
> > test it with one target and one initiator with a slow link.
> > 
> > I'll try to reproduce the problem with the same configuration.
> 
> Feb  3 12:45:44 superthecus tgtd: Target daemon logger with pid=3022 started!
> Feb  3 12:45:45 superthecus tgtd: main(391) the main daemon (0.9.3) started
> Feb  3 12:48:50 superthecus tgtd: conn_close(99) connection closed, 0x9b420b4 26
> Feb  3 12:48:50 superthecus tgtd: conn_close(105) sesson 0x9b422d0 1
> Feb  3 12:48:50 superthecus tgtd: conn_close(146) Forcing release of rx task 0x9b49260 48
> Feb  3 12:49:35 superthecus kernel: tgtd[3021]: segfault at 28 ip 0805832f sp 77d454c0 error 4 in tgtd[8048000+24000]
> Feb  3 12:49:35 superthecus tgtd: conn_close(99) connection closed, 0x9b49264 28
> Feb  3 12:49:35 superthecus tgtd: conn_close(105) sesson 0x9ba56b0 1
> Feb  3 12:49:35 superthecus tgtd: conn_close(128) Forcing release of tx task 0x9c19478 10000003 1
> Feb  3 12:49:35 superthecus tgtd: conn_close(128) Forcing release of tx task 0x9c196b0 10000004 1

Can you try this patch?


diff --git a/usr/iscsi/conn.c b/usr/iscsi/conn.c
index e4b431e..309c2bb 100644
--- a/usr/iscsi/conn.c
+++ b/usr/iscsi/conn.c
@@ -62,6 +62,7 @@ int conn_init(struct iscsi_connection *conn)
 
 	INIT_LIST_HEAD(&conn->clist);
 	INIT_LIST_HEAD(&conn->tx_clist);
+	INIT_LIST_HEAD(&conn->task_list);
 
 	return 0;
 }
@@ -102,7 +103,17 @@ void conn_close(struct iscsi_connection *conn)
 	if (!conn->session)
 		goto done;
 
-	eprintf("sesson %p %d\n", conn->session, conn->session->refcount);
+	eprintf("sesson %p %llu %d\n", conn->session,
+		(unsigned long long)conn->session->tsih, conn->session->refcount);
+
+	{
+		struct iscsi_connection *ent, *next;
+
+		list_for_each_entry_safe(ent, next, &conn->session->conn_list,
+					 clist) {
+			eprintf("conn %p %u\n", conn, conn->cid);
+		}
+	}
 
 	/*
 	 * We just closed the ep so we are not going to send/recv anything.
@@ -128,7 +139,14 @@ void conn_close(struct iscsi_connection *conn)
 			task, task->tag, op);
 		switch (op) {
 		case ISCSI_OP_SCSI_CMD:
-			iscsi_free_cmd_task(task);
+			if (task->scmd.c_target)
+				iscsi_free_cmd_task(task);
+			else {
+				eprintf("%x %d %d\n", task->req.flags & ISCSI_FLAG_CMD_WRITE,
+					task->r2t_count, task->unsol_count);
+
+				iscsi_free_task(task);
+			}
 			break;
 		case ISCSI_OP_NOOP_OUT:
 		case ISCSI_OP_LOGOUT:
@@ -155,7 +173,22 @@ void conn_close(struct iscsi_connection *conn)
 	}
 	conn->tx_task = NULL;
 
+	while (!list_empty(&conn->task_list)) {
+		task = list_entry(conn->task_list.prev, struct iscsi_task,
+				  c_siblings);
+
+		struct iscsi_cmd *r = (struct iscsi_cmd *) &task->req;
+
+		eprintf("%p %x %x %d %d\n", task, r->cdb[0],
+			task->req.flags & ISCSI_FLAG_CMD_WRITE,
+			task->r2t_count, task->unsol_count);
+		iscsi_free_task(task);
+	}
+
 done:
+	eprintf("sesson %p %llx %d %d\n", conn->session,
+		(unsigned long long)conn->session->tsih, conn->session->refcount,
+		conn->refcount);
 	conn_put(conn);
 }
 
diff --git a/usr/iscsi/iscsid.c b/usr/iscsi/iscsid.c
index c22a6f6..9d7c04c 100644
--- a/usr/iscsi/iscsid.c
+++ b/usr/iscsi/iscsid.c
@@ -245,6 +245,8 @@ static void login_security_done(struct iscsi_connection *conn)
 						 clist) {
 				conn_close(ent);
 			}
+			eprintf("%p %llu\n", session,
+				(unsigned long long)session->tsih);
 
 			session = NULL;
 		} else if (req->tsih != session->tsih) {
@@ -258,8 +260,13 @@ static void login_security_done(struct iscsi_connection *conn)
 		}
 
 		/* add a new connection to the session */
-		if (session)
+		if (session) {
+			eprintf("%p %llu %p\n", session,
+				(unsigned long long)session->tsih, conn);
 			conn_add_to_session(conn, session);
+		}
+		eprintf("%p %llu %p\n", session,
+			(unsigned long long)session->tsih, conn);
 	} else {
 		if (req->tsih) {
 			/* fail the login */
@@ -1045,6 +1052,7 @@ static struct iscsi_task *iscsi_alloc_task(struct iscsi_connection *conn,
 	INIT_LIST_HEAD(&task->c_hlist);
 	INIT_LIST_HEAD(&task->c_list);
 
+	list_add(&task->c_siblings, &conn->task_list);
 	conn_get(conn);
 	return task;
 }
@@ -1053,6 +1061,8 @@ void iscsi_free_task(struct iscsi_task *task)
 {
 	struct iscsi_connection *conn = task->conn;
 
+	list_del(&task->c_siblings);
+
 	conn->tp->free_data_buf(conn, scsi_get_in_buffer(&task->scmd));
 	conn->tp->free_data_buf(conn, scsi_get_out_buffer(&task->scmd));
 
diff --git a/usr/iscsi/iscsid.h b/usr/iscsi/iscsid.h
index 4a8deb9..71dc418 100644
--- a/usr/iscsi/iscsid.h
+++ b/usr/iscsi/iscsid.h
@@ -109,6 +109,8 @@ struct iscsi_task {
 	/* linked to conn->tx_clist or session->cmd_pending_list */
 	struct list_head c_list;
 
+	struct list_head c_siblings;
+
 	unsigned long flags;
 
 	int result;
@@ -186,6 +188,8 @@ struct iscsi_connection {
 		} chap;
 	} auth;
 
+	struct list_head task_list;
+
 	struct iscsi_transport *tp;
 };
 
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the stgt mailing list