https://bugzilla.kernel.org/show_bug.cgi?id=200317 Bug ID: 200317 Summary: Null pointer dereference error in linux/drivers/scsi/scsi_transport_fc.c Product: SCSI Drivers Version: 2.5 Kernel Version: 4.17.3 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Other Assignee: scsi_drivers-other@xxxxxxxxxxxxxxxxxxxx Reporter: wangyxlandq@xxxxxxxxx Regression: No In function fc_eh_timed_out , which is defined in linux/drivers/scsi/scsi_transport_fc.c 2083-2086, struct fc_rport *rport = starget_to_rport(scsi_target(scmd->device)); if (rport->port_state == FC_PORTSTATE_BLOCKED) return BLK_EH_RESET_TIMER; starget_to_rport is a macro defined in linux/include/scsi/scsi_transport_fc.h, #define starget_to_rport(s) \ scsi_is_fc_rport(s->dev.parent) ? dev_to_rport(s->dev.parent) : NULL Since starget_to_rport may return a NULL value, the variable rport may be assigned NULL. Thus there is a potential Null Pointer Deref error in if (rport->port_state == FC_PORTSTATE_BLOCKED). There should be a NULL value check for rport . -- You are receiving this mail because: You are watching the assignee of the bug.
