Fix below use-after-free warning which is observed during controller reset. [ 1765.313756] ------------[ cut here ]------------ [ 1765.313759] refcount_t: underflow; use-after-free. [ 1765.313774] WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 [ 1765.313783] Modules linked in: mpt3sas(OE) joydev uinput snd_seq_dummy snd_hrtimer nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set rfkill nf_tables nfnetlink qrtr vfat fat snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer iTCO_wdt iTCO_vendor_support snd soundcore ses enclosure intel_rapl_msr intel_rapl_common lpc_ich i2c_i801 virtio_balloon i2c_smbus pcspkr xfs libcrc32c sd_mod t10_pi qxl drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec ahci sr_mod libahci cdrom crct10dif_pclmul sg crc32_pclmul crc32c_intel raid_class libata drm ghash_clmulni_intel serio_raw e1000 scsi_transport_sas virtio_console virtio_blk virtio_scsi dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse [ 1765.313851] [last unloaded: mpt3sas] [ 1765.313854] CPU: 23 PID: 5399 Comm: sg_reset Kdump: loaded Tainted: G OE --------- --- 5.14.0-70.13.1.rt21.83.el9_0.x86_64 #1 [ 1765.313858] Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 [ 1765.313860] RIP: 0010:refcount_warn_saturate+0xa6/0xf0 [ 1765.313863] Code: 05 fd 59 ac 01 01 e8 82 83 53 00 0f 0b c3 80 3d eb 59 ac 01 00 75 95 48 c7 c7 b0 02 38 96 c6 05 db 59 ac 01 01 e8 63 83 53 00 <0f> 0b c3 80 3d ca 59 ac 01 00 0f 85 72 ff ff ff 48 c7 c7 08 03 38 [ 1765.313866] RSP: 0018:ffffa5aa4238fd78 EFLAGS: 00010286 [ 1765.313868] RAX: 0000000000000000 RBX: ffff91c9037fe9a0 RCX: 0000000000000000 [ 1765.313870] RDX: 0000000000000000 RSI: ffffffff9636e23c RDI: 00000000ffffffff [ 1765.313872] RBP: ffff91c9099b2200 R08: ffffffff96a72740 R09: ffffa5aa4238fd10 [ 1765.313873] R10: 0000000000000001 R11: ffffffffffffffff R12: ffff91c9037fec40 [ 1765.313875] R13: 00000000ffffffff R14: ffff91c9037fec60 R15: ffff91c9099b22b8 [ 1765.313879] FS: 00007fd16c624600(0000) GS:ffff91d05fdc0000(0000) knlGS:0000000000000000 [ 1765.313884] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1765.313886] CR2: 00007fd16c5d78ab CR3: 0000000106228000 CR4: 0000000000350ee0 [ 1765.313887] Call Trace: [ 1765.313911] _scsih_fw_event_cleanup_queue+0x1ce/0x200 [mpt3sas] [ 1765.313936] mpt3sas_scsih_clear_outstanding_scsi_tm_commands+0xd1/0x140 [mpt3sas] [ 1765.313955] mpt3sas_base_hard_reset_handler+0x17f/0x260 [mpt3sas] [ 1765.313973] _scsih_host_reset+0x88/0xca [mpt3sas] [ 1765.313996] scsi_try_host_reset+0x3a/0xd0 [ 1765.314003] scsi_ioctl_reset+0x22b/0x290 [ 1765.314006] scsi_ioctl+0x18/0x60 [ 1765.314011] blkdev_ioctl+0x13e/0x280 [ 1765.314017] __x64_sys_ioctl+0x82/0xb0 [ 1765.314021] do_syscall_64+0x3b/0x90 [ 1765.314026] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1765.314031] RIP: 0033:0x7fd16c45cc0b [ 1765.314034] Code: 73 01 c3 48 8b 0d 1d 62 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed 61 1b 00 f7 d8 64 89 01 48 [ 1765.314051] RSP: 002b:00007ffeffd46b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1765.314053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd16c45cc0b [ 1765.314055] RDX: 00007ffeffd46b74 RSI: 0000000000002284 RDI: 0000000000000003 [ 1765.314056] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000 [ 1765.314057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeffd46b74 [ 1765.314059] R13: 00007ffeffd48618 R14: 0000557f24af890d R15: 0000557f24afa020 [ 1765.314062] ---[ end trace 0000000000000002 ]--- Sreekanth Reddy (1): mpt3sas: Fix use-after-free warning drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.27.0
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
