On Thu, 2017-04-20 at 15:13 -0700, James Bottomley wrote: > How is that possible? Once the device goes into the CANCEL state, it > no longer can be found by starget_for_each_device() because > scsi_device_get() returns NULL ...
scsi_target_block() is not serialized against __scsi_remove_device(). I think the following sequence of events can cause a queue to be stopped for a device in the CANCEL state: (a) scsi_target_block() triggers a call to scsi_get_device(). (b) __scsi_remove_device() is called from the context of another thread. (c) __scsi_remove_device() changes the device state into SDEV_CANCEL. (d) scsi_internal_device_block() calls blk_mq_stop_hw_queue(). Bart.
