https://bugzilla.kernel.org/show_bug.cgi?id=101891 --- Comment #3 from Dāvis <davispuh@xxxxxxxxx> --- I narrowed it down to this section of mvs_abort_task function (drivers/scsi/mvsas/mv_sas.c) } else if (task->task_proto & SAS_PROTOCOL_SATA || task->task_proto & SAS_PROTOCOL_STP) { if (SAS_SATA_DEV == dev->dev_type) { struct mvs_slot_info *slot = task->lldd_task; u32 slot_idx = (u32)(slot - mvi->slot_info); mv_dprintk("mvs_abort_task() mvi=%p task=%p " "slot=%p slot_idx=x%x\n", mvi, task, slot, slot_idx); task->task_state_flags |= SAS_TASK_STATE_ABORTED; mvs_slot_task_free(mvi, task, slot, slot_idx); rc = TMF_RESP_FUNC_COMPLETE; goto out; } } Basically this line "u32 slot_idx = (u32)(slot - mvi->slot_info)". I think (slot - mvi->slot_info) returns 0x10 and that's why (there's no "mvs_abort_task()" in journal so it crashes before that. kernel: mvsas 0000:07:00.0: mvsas prep failed[0]! kernel: sas: Enter sas_scsi_recover_host busy: 1 failed: 1 kernel: sas: trying to find task 0xffff8801fff87500 kernel: sas: sas_scsi_find_task: aborting task 0xffff8801fff87500 kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 kernel: IP: [<ffffffffa017afa5>] mvs_slot_task_free+0x5/0x1f0 [mvsas] kernel: PGD 0 kernel: Oops: 0000 [#1] PREEMPT SMP kernel: Modules linked in: nls_iso8859_4 nls_cp775 vfat fat fuse nvidia(PO) xt_CHECKSUM ipt_MASQUERADE nf_nat_masq kernel: serio_raw pcspkr fam15h_power snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_inte kernel: kernel: CPU: 3 PID: 222 Comm: scsi_eh_7 Tainted: P O 4.1.5-ARCH-dirty #2 kernel: Hardware name: Gigabyte Technology Co., Ltd. GA-990FXA-UD3/GA-990FXA-UD3, BIOS FFe 11/08/2013 kernel: task: ffff880222718000 ti: ffff88007fc9c000 task.ti: ffff88007fc9c000 kernel: RIP: 0010:[<ffffffffa017afa5>] [<ffffffffa017afa5>] mvs_slot_task_free+0x5/0x1f0 [mvsas] kernel: RSP: 0018:ffff88007fc9fd00 EFLAGS: 00010a13 kernel: RAX: 2e8ba2e8ba2e8ba3 RBX: ffff8801fff87500 RCX: 45d175ba2d18107b kernel: RDX: 0000000000000000 RSI: ffff8801fff87500 RDI: ffff88007fb80000 kernel: RBP: ffff88007fc9fd58 R08: 000000000000000a R09: 000000000000060d kernel: R10: 0000000000020cd8 R11: 000000000000060d R12: ffff88007fb836a0 kernel: R13: ffff8800ce394e00 R14: ffff88007fb80000 R15: ffff8801fff87508 kernel: FS: 00007f0720ffe700(0000) GS:ffff88022ecc0000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b kernel: CR2: 0000000000000010 CR3: 0000000224182000 CR4: 00000000000406e0 kernel: Stack: kernel: ffffffffa017dce2 ffff880000000018 ffff88007fc9fd68 ffff88007fc9fd28 kernel: 0000000020e55177 ffff88022536f208 0000000000000005 ffff88007fc9fdb0 kernel: ffff8801fff87508 ffff8800ce321000 ffff8801fff87500 ffff88007fc9fe28 kernel: Call Trace: kernel: [<ffffffffa017dce2>] ? mvs_abort_task+0x272/0x2b0 [mvsas] kernel: [<ffffffffa030aeab>] sas_scsi_recover_host+0x47b/0xc20 [libsas] kernel: [<ffffffffa00dfb0c>] scsi_error_handler+0xfc/0x580 [scsi_mod] kernel: [<ffffffff81588152>] ? __schedule+0x372/0xa30 kernel: [<ffffffffa00dfa10>] ? scsi_eh_get_sense+0x190/0x190 [scsi_mod] kernel: [<ffffffff81097818>] kthread+0xd8/0xf0 kernel: [<ffffffff81097740>] ? kthread_worker_fn+0x170/0x170 kernel: [<ffffffff8158c8a2>] ret_from_fork+0x42/0x70 kernel: [<ffffffff81097740>] ? kthread_worker_fn+0x170/0x170 Code: 84 00 00 00 00 00 66 66 66 66 90 55 48 8b 87 b0 00 00 00 89 f6 48 89 e5 f0 48 0f b3 30 5d c3 0f 1f 80 00 00 00 00 66 66 66 66 90 <48> 83 7a 10 00 0f 84 60 01 00 00 55 48 kernel: Code: 84 00 00 00 00 00 66 66 66 66 90 55 48 8b 87 b0 00 00 00 89 f6 48 89 e5 f0 48 0f b3 30 5d c3 0f 1f 8 kernel: RIP [<ffffffffa017afa5>] mvs_slot_task_free+0x5/0x1f0 [mvsas] kernel: RSP <ffff88007fc9fd00> kernel: CR2: 0000000000000010 kernel: ---[ end trace 93debf717bb54039 ]--- -- You are receiving this mail because: You are watching the assignee of the bug.-- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
