Project

General

Profile

Actions
Copy link

Bug #12077

open

use after free in sd_log_info

Added by Mike Gerdts over 3 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
kernel
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

While trying to reproduce #4454 or #12076 (see #12076 for scripts), I hit:

> ::status
debugging crash dump vmcore.8 (64-bit) from omni-2
operating system: 5.11 omni-physio-0-g59a9ce0e70 (i86pc)
build version: gfx-drm - heads/master-0-gbdc58b1-dirty

image uuid: ecaf6267-db35-4182-aec3-f6d3255b1cfc
panic message: BAD TRAP: type=e (#pf Page fault) rp=ffffff0015724800 addr=ffffff140756e000
dump content: kernel pages only
> $C
ffffff0015724980 sd_log_info+0x52(200, ffffff140756e000, fffffffff7f8f2a8)
ffffff0015724a10 sd_ssc_send+0x1aa(ffffff02696e6cc0, ffffff0015724a40, 80000000, 1, 1)
ffffff0015724b00 sd_send_scsi_READ_CAPACITY+0x127(ffffff02696e6cc0, ffffff0015724b18, ffffff0015724b14, 1)
ffffff0015724b50 sd_target_change_task+0xae(ffffff140756e000)
ffffff0015724c00 taskq_thread+0x315(ffffff0264539148)
ffffff0015724c10 thread_start+0xb()
> fffffffff7f8f2a8/s
0xfffffffff7f8f2a8:             sd_ssc_send: uscsi_status: 0x%02x  uscsi_resid:0x%x
Actions
Copy link
 #2

Updated by Mike Gerdts over 3 years ago

  • Category set to kernel
Actions
Copy link
 #3

Updated by John Levon over 3 years ago

  • Assignee set to John Levon
Actions
Copy link
 #4

Updated by John Levon over 2 years ago

  • Assignee deleted (John Levon)
Actions
Copy link

Also available in: Atom PDF