Created attachment 275411 [details]
KASAN complaint

Rebooting a system with an mpt3sas adapter causes the following complaint to be reported on the serial console:

BUG: KASAN: use-after-free in mpt3sas_scsih_scsi_lookup_get+0xbd/0x120 [mpt3sas]
Read of size 1 at addr ffff880807f4030a by task systemd-shutdow/1

CPU: 26 PID: 1 Comm: systemd-shutdow Not tainted 4.17.0-rc1-dbg+ #2
Hardware name: ASUSTeK COMPUTER INC. Z10PE-D16 WS/Z10PE-D16 WS, BIOS 3407 03/10/2017
Call Trace:
 dump_stack+0x7c/0xbb
 print_address_description+0x65/0x270
 kasan_report+0x232/0x350
 mpt3sas_scsih_scsi_lookup_get+0xbd/0x120 [mpt3sas]
 _scsih_flush_running_cmds+0x85/0x130 [mpt3sas]
 scsih_shutdown+0x4f/0xe0 [mpt3sas]
 pci_device_shutdown+0x42/0x80
 device_shutdown+0x1af/0x2f0
 kernel_restart+0x9/0x50
 __do_sys_reboot+0x24e/0x2a0
 do_syscall_64+0x5d/0x200
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

(gdb) list *(mpt3sas_scsih_scsi_lookup_get+0xbd)
0x1fb2d is in mpt3sas_scsih_scsi_lookup_get (drivers/scsi/mpt3sas/mpt3sas_scsih.c:1468).
1463                    u32 unique_tag = smid - 1;
1464
1465                    scmd = scsi_host_find_tag(ioc->shost, unique_tag);
1466                    if (scmd) {
1467                            st = scsi_cmd_priv(scmd);
1468                            if (st->cb_idx == 0xFF)
1469                                    scmd = NULL;
1470                    }
1471            }
1472            return scmd;