Re: ata_eh_report() unable to handle kernel NULL pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jan 14, 2015 at 11:30:33PM +0900, Sergey Senozhatsky wrote:
> On (01/13/15 10:27), Tejun Heo wrote:
> > On Tue, Jan 13, 2015 at 11:25:09PM +0900, Sergey Senozhatsky wrote:
> > > Hi,
> > > 
> > > linux-next 20150112
> > > 
> > > [  934.572323] ata2: exception Emask 0x50 SAct 0x0 SErr 0x4090800 action 0xe frozen
> > > [  934.572329] ata2: irq_stat 0x00400040, connection status changed
> > > [  934.572332] ata2: SError: { HostInt PHYRdyChg 10B8B DevExch }
> > > [  934.572341] BUG: unable to handle kernel NULL pointer dereference at 0000000000000460
> > > [  934.572346] IP: [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
> > 
> > Any chance you can run addr2line on it and map it to the source line?
> >
> 
> Hello,
> 
> sorry for the delay, emails from my android gmail app are blocked as "outlook
> spam".
> 
> here it is in reverse order, RIP is the last one.
> 
> ~/_next$ addr2line -e vmlinux -i ffffffff812c97a3
>    _next/drivers/ata/libata-eh.c:4020
> ~/_next$ addr2line -e vmlinux -i ffffffff812cfb7e
>    _next/drivers/ata/libahci.c:1438
> ~/_next$ addr2line -e vmlinux -i ffffffff812cf943
>    _next/drivers/ata/libahci.c:1470
> ~/_next$ addr2line -e vmlinux -i ffffffff812cfb7e
>    _next/drivers/ata/libahci.c:1438
> ~/_next$ addr2line -e vmlinux -i ffffffff812d0bab
>    _next/drivers/ata/libahci.c:1383
> ~/_next$ addr2line -e vmlinux -i ffffffff812c05c0
>    _next/include/linux/libata.h:1085
>    _next/drivers/ata/libata-core.c:3715
> ~/_next$ addr2line -e vmlinux -i ffffffff812c96e5
>    _next/drivers/ata/libata-eh.c:3991
> ~/_next$ addr2line -e vmlinux -i ffffffff812c722c
>    _next/drivers/ata/libata-eh.c:2485
>    _next/drivers/ata/libata-eh.c:2583

Ah, the culprit is cbba5b0ee4c6 ("libata: use
__scsi_format_command()") which moved qc->dev->cdb_len deref to before
the loop verifies the qc is valid.

Hannes, I think the right thing to do is moving that variable
declaration inside the if (ata_is_atapi()) block.  Can you please take
care of it?

Thanks a lot.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux