[stgt] tgtd segfault during heavy I/O

[Andy Grover]

On 07/14/2011 12:52 AM, FUJITA Tomonori wrote:
> On Tue, 12 Jul 2011 17:31:30 -0700
> Andy Grover <agrover at redhat.com> wrote:
> 
>> We are also seeing this issue reported, yes based on aborting tasks:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=719687
>>
>> From looking at the code, it looks like target_cmd_io_done() may be
>> called twice for the same command, which leads to iscsi_scsi_cmd_done
>> being called twice, and double-freeing the iscsi_task?
>>
>> 1st: abort_task_set -> abort_cmd -> target_cmd_io_done
>> 2nd: abort_task_set -> abort_cmd -> cmd->dev->cmd_done() [__cmd_done] ->
>> post_cmd_done -> target_cmd_io_done
> 
> Yeah, I think that you are right. Surely, that code looks buggy.
> 
> The command that is not in the 'processed' state should live in
> tgt_cmd_queue. So what we need to do is that unlinking the command
> from the queue and freeing the command resource.
> 
> Right?

I was wrong. __cmd_done takes the aborting command off the cmd_queue, so
post_cmd_done is not calling target_cmd_io_done on the aborted cmd, only
subsequent commands that can now be executed. So target_cmd_io_done is
not called twice on the same command.

Sorry for leading in the wrong direction. I am now thinking Kiefer
Chang's mention that using a single thread per LUN helps the problem may
point to where the issue lies.

Regards -- Andy
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html