On Tue, May 31, 2022 at 09:28:11AM +0900, Damien Le Moal wrote: > If sd_probe() sees an error before sdkp->device is initialized, > sd_zbc_release_disk() is called, which causes a NULL pointer dereference > when sd_is_zoned() is called. Avoid this by also testing if a scsi disk > device pointer is set in sd_is_zoned(). Wouldn't a fix like the one below make more sense? Until sd_revalidate_disk and thus sd_zbc_revalidate_zones is called none of the zone information is filled out, and thus we don't need to clear it. But at that point we've already initialized the device and thus the release will handler deal with all the real cleanup: diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 749316462075e..dabdc0eeb3dca 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3542,7 +3542,6 @@ static int sd_probe(struct device *dev) out_put: put_disk(gd); out_free: - sd_zbc_release_disk(sdkp); kfree(sdkp); out: scsi_autopm_put_device(sdp);
