Jan, > Once we unlock adapter->hw_lock in pvscsi_queue_lck() nothing prevents > just queued scsi_cmnd from completing and freeing the request. Thus > cmd->cmnd[0] dereference can dereference already freed request leading > to kernel crashes or other issues (which one of our customers > observed). Store cmd->cmnd[0] in a local variable before unlocking > adapter->hw_lock to fix the issue. Applied to 5.2/scsi-fixes. Thanks! -- Martin K. Petersen Oracle Linux Engineering
