On Wed, Jun 20, 2018 at 01:50:38PM +0000, Bart Van Assche wrote:
On Wed, 2018-06-20 at 11:57 +0200, [email protected] wrote:
The function scsi_device_dev_release_usercontext calls blk_put_queue
with request_queue then set request_queue to NULL. If the function
scsi_device_dev_release_usercontext is racy then the next call to
blk_put_queue will trigger the NULL pointer dereference below.
How did you trigger this bug? Which SCSI LLD drivers were involved, and
which scenario or workload triggered this kernel oops?
I think iscsi_tcp is my LLD driver. Here a list of my modules with
'scsi' name:
# lsmod|grep scsi
iscsi_tcp 20480 4
libiscsi_tcp 24576 1 iscsi_tcp
libiscsi 57344 3 ib_iser,libiscsi_tcp,iscsi_tcp
scsi_transport_iscsi 106496 4 ib_iser,libiscsi,iscsi_tcp
The bug is trigger by a 'iscsiadm -m node -T targetname --logout' but it
occurs maybe 1-2% of the times.
Thanks,
Anthoine
