Bug 199419
| Summary: | mpt3sas triggers KASAN complaint during reboot | ||
|---|---|---|---|
| Product: | SCSI Drivers | Reporter: | Bart Van Assche (bvanassche) |
| Component: | Other | Assignee: | scsi_drivers-other |
| Status: | NEW --- | ||
| Severity: | normal | ||
| Priority: | P1 | ||
| Hardware: | x86-64 | ||
| OS: | Linux | ||
| Kernel Version: | v4.17-rc1 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | KASAN complaint | ||
Created attachment 275411 [details] KASAN complaint Rebooting a system with an mpt3sas adapter causes the following complaint to be reported on the serial console: BUG: KASAN: use-after-free in mpt3sas_scsih_scsi_lookup_get+0xbd/0x120 [mpt3sas] Read of size 1 at addr ffff880807f4030a by task systemd-shutdow/1 CPU: 26 PID: 1 Comm: systemd-shutdow Not tainted 4.17.0-rc1-dbg+ #2 Hardware name: ASUSTeK COMPUTER INC. Z10PE-D16 WS/Z10PE-D16 WS, BIOS 3407 03/10/2017 Call Trace: dump_stack+0x7c/0xbb print_address_description+0x65/0x270 kasan_report+0x232/0x350 mpt3sas_scsih_scsi_lookup_get+0xbd/0x120 [mpt3sas] _scsih_flush_running_cmds+0x85/0x130 [mpt3sas] scsih_shutdown+0x4f/0xe0 [mpt3sas] pci_device_shutdown+0x42/0x80 device_shutdown+0x1af/0x2f0 kernel_restart+0x9/0x50 __do_sys_reboot+0x24e/0x2a0 do_syscall_64+0x5d/0x200 entry_SYSCALL_64_after_hwframe+0x49/0xbe (gdb) list *(mpt3sas_scsih_scsi_lookup_get+0xbd) 0x1fb2d is in mpt3sas_scsih_scsi_lookup_get (drivers/scsi/mpt3sas/mpt3sas_scsih.c:1468). 1463 u32 unique_tag = smid - 1; 1464 1465 scmd = scsi_host_find_tag(ioc->shost, unique_tag); 1466 if (scmd) { 1467 st = scsi_cmd_priv(scmd); 1468 if (st->cb_idx == 0xFF) 1469 scmd = NULL; 1470 } 1471 } 1472 return scmd;