https://bugzilla.kernel.org/show_bug.cgi?id=199419

            Bug ID: 199419
           Summary: mpt3sas triggers KASAN complaint during reboot
           Product: SCSI Drivers
           Version: 2.5
    Kernel Version: v4.17-rc1
          Hardware: x86-64
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
          Assignee: scsi_drivers-ot...@kernel-bugs.osdl.org
          Reporter: bvanass...@acm.org
        Regression: No

Created attachment 275411
  --> https://bugzilla.kernel.org/attachment.cgi?id=275411&action=edit
KASAN complaint

Rebooting a system with an mpt3sas adapter causes the following complaint to be
reported on the serial console:

BUG: KASAN: use-after-free in mpt3sas_scsih_scsi_lookup_get+0xbd/0x120
[mpt3sas]
Read of size 1 at addr ffff880807f4030a by task systemd-shutdow/1

CPU: 26 PID: 1 Comm: systemd-shutdow Not tainted 4.17.0-rc1-dbg+ #2
Hardware name: ASUSTeK COMPUTER INC. Z10PE-D16 WS/Z10PE-D16 WS, BIOS 3407
03/10/2017
Call Trace:
 dump_stack+0x7c/0xbb
 print_address_description+0x65/0x270
 kasan_report+0x232/0x350
 mpt3sas_scsih_scsi_lookup_get+0xbd/0x120 [mpt3sas]
 _scsih_flush_running_cmds+0x85/0x130 [mpt3sas]
 scsih_shutdown+0x4f/0xe0 [mpt3sas]
 pci_device_shutdown+0x42/0x80
 device_shutdown+0x1af/0x2f0
 kernel_restart+0x9/0x50
 __do_sys_reboot+0x24e/0x2a0
 do_syscall_64+0x5d/0x200
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

(gdb) list *(mpt3sas_scsih_scsi_lookup_get+0xbd)
0x1fb2d is in mpt3sas_scsih_scsi_lookup_get
(drivers/scsi/mpt3sas/mpt3sas_scsih.c:1468).
1463                    u32 unique_tag = smid - 1;
1464
1465                    scmd = scsi_host_find_tag(ioc->shost, unique_tag);
1466                    if (scmd) {
1467                            st = scsi_cmd_priv(scmd);
1468                            if (st->cb_idx == 0xFF)
1469                                    scmd = NULL;
1470                    }
1471            }
1472            return scmd;

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

Reply via email to