On 2025/07/20 20:35, Nilay Shroff wrote: > We observed a kernel crash when the I/O scheduler allocates an sbitmap > for a hardware queue (hctx) that has no associated software queues (ctx), > and later attempts to free it. When no software queues are mapped to a > hardware queue, the sbitmap is initialized with a depth of zero. In such > cases, the sbitmap_init_node() function should set sb->alloc_hint to NULL. > However, if this is not done, sb->alloc_hint may contain garbage, and > calling sbitmap_free() will pass this invalid pointer to free_percpu(), > resulting in a kernel crash. Reviewed-by: Damien Le Moal <dlemoal@xxxxxxxxxx> -- Damien Le Moal Western Digital Research
