I've been trying to boot the linux-next tree and my system is getting a kernel panic from an attempt to dereference a NULL pointer inside ata_eh_link_report(). The following commit introduced the bug. commit: cbba5b0ee4c6c2fc8b78a21d0900099d480cf2e9 The bug appears when the local variable cdb_len is initialized with qc->dev->cdb_len without first checking qc->flags for ATA_QCFLAG_FAILED. For whatever reason, qc->dev is NULL when it runs through my motherboard's Marvell 91xx Config ATA device. Signed-off-by: Jack Williams <jacwil014@xxxxxxxxx> --- drivers/ata/libata-eh.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c index 7478c8d0c2cb..b09efdd6d125 100644 --- a/drivers/ata/libata-eh.c +++ b/drivers/ata/libata-eh.c @@ -2481,16 +2481,18 @@ static void ata_eh_link_report(struct ata_link *link) for (tag = 0; tag < ATA_MAX_QUEUE; tag++) { struct ata_queued_cmd *qc = __ata_qc_from_tag(ap, tag); struct ata_taskfile *cmd = &qc->tf, *res = &qc->result_tf; const u8 *cdb = qc->cdb; - size_t cdb_len = qc->dev->cdb_len; + size_t cdb_len; char data_buf[20] = ""; char cdb_buf[70] = ""; if (!(qc->flags & ATA_QCFLAG_FAILED) || ata_dev_phys_link(qc->dev) != link || !qc->err_mask) continue; + cdb_len = qc->dev->cdb_len; + if (qc->dma_dir != DMA_NONE) { static const char *dma_str[] = { [DMA_BIDIRECTIONAL] = "bidi", [DMA_TO_DEVICE] = "out", -- 2.0.5 -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html