On Tue, Feb 26, 2019 at 06:34:40AM -0500, Sreekanth Reddy wrote: > During expander reset handling, the driver invokes kernel function > scsi_host_find_tag() to obtain outstanding requests associated with > the scsi host managed by the driver. Kernel’s block layer may return > stale entry for one or more outstanding requests if blk-mq is enabled. > This may lead to Kernel panic if the returned value is inaccessible or > the memory pointed by the returned value is reused. Why do you even call mpt3sas_scsih_scsi_lookup_get for a tag not under driver control? I am pretty sure thay is the underlying problem and you need to address it instead of papering over it.
