https://bugzilla.kernel.org/show_bug.cgi?id=199419
Bug ID: 199419
Summary: mpt3sas triggers KASAN complaint during reboot
Product: SCSI Drivers
Version: 2.5
Kernel Version: v4.17-rc1
Hardware: x86-64
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: [email protected]
Reporter: [email protected]
Regression: No
Created attachment 275411
--> https://bugzilla.kernel.org/attachment.cgi?id=275411&action=edit
KASAN complaint
Rebooting a system with an mpt3sas adapter causes the following complaint to be
reported on the serial console:
BUG: KASAN: use-after-free in mpt3sas_scsih_scsi_lookup_get+0xbd/0x120
[mpt3sas]
Read of size 1 at addr ffff880807f4030a by task systemd-shutdow/1
CPU: 26 PID: 1 Comm: systemd-shutdow Not tainted 4.17.0-rc1-dbg+ #2
Hardware name: ASUSTeK COMPUTER INC. Z10PE-D16 WS/Z10PE-D16 WS, BIOS 3407
03/10/2017
Call Trace:
dump_stack+0x7c/0xbb
print_address_description+0x65/0x270
kasan_report+0x232/0x350
mpt3sas_scsih_scsi_lookup_get+0xbd/0x120 [mpt3sas]
_scsih_flush_running_cmds+0x85/0x130 [mpt3sas]
scsih_shutdown+0x4f/0xe0 [mpt3sas]
pci_device_shutdown+0x42/0x80
device_shutdown+0x1af/0x2f0
kernel_restart+0x9/0x50
__do_sys_reboot+0x24e/0x2a0
do_syscall_64+0x5d/0x200
entry_SYSCALL_64_after_hwframe+0x49/0xbe
(gdb) list *(mpt3sas_scsih_scsi_lookup_get+0xbd)
0x1fb2d is in mpt3sas_scsih_scsi_lookup_get
(drivers/scsi/mpt3sas/mpt3sas_scsih.c:1468).
1463 u32 unique_tag = smid - 1;
1464
1465 scmd = scsi_host_find_tag(ioc->shost, unique_tag);
1466 if (scmd) {
1467 st = scsi_cmd_priv(scmd);
1468 if (st->cb_idx == 0xFF)
1469 scmd = NULL;
1470 }
1471 }
1472 return scmd;
--
You are receiving this mail because:
You are watching the assignee of the bug.
