* ata_eh_report() unable to handle kernel NULL pointer dereference
@ 2015-01-13 14:25 Sergey Senozhatsky
2015-01-13 15:27 ` Tejun Heo
0 siblings, 1 reply; 4+ messages in thread
From: Sergey Senozhatsky @ 2015-01-13 14:25 UTC (permalink / raw)
To: Tejun Heo; +Cc: linux-ide, linux-kernel
Hi,
linux-next 20150112
[ 934.572323] ata2: exception Emask 0x50 SAct 0x0 SErr 0x4090800 action 0xe frozen
[ 934.572329] ata2: irq_stat 0x00400040, connection status changed
[ 934.572332] ata2: SError: { HostInt PHYRdyChg 10B8B DevExch }
[ 934.572341] BUG: unable to handle kernel NULL pointer dereference at 0000000000000460
[ 934.572346] IP: [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
[ 934.572354] PGD 0
[ 934.572357] Oops: 0000 [#1] PREEMPT SMP
[ 934.572360] Modules linked in: ipv6 rndis_host cdc_ether usbnet broadcom mii crc32c_intel tg3 microcode psmouse evdev ac i2c_i801 lpc_ich wmi battery processor ehci_pci ehci_hcd usbcore sd_mod ahci
[ 934.572382] CPU: 3 PID: 81 Comm: scsi_eh_1 Not tainted 3.19.0-rc4-next-20150112-dbg-dirty #441
[ 934.572384] Hardware name: Acer Aspire 5741G /Aspire 5741G , BIOS V1.20 02/08/2011
[ 934.572387] task: ffff880151a1a0c0 ti: ffff88009ad8c000 task.ti: ffff88009ad8c000
[ 934.572388] RIP: 0010:[<ffffffff812c722c>] [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
[ 934.572392] RSP: 0018:ffff88009ad8fba8 EFLAGS: 00010246
[ 934.572394] RAX: 0000000000000000 RBX: ffff88009ade4000 RCX: 0000000000000000
[ 934.572396] RDX: 0000000000000000 RSI: ffffffff81580e6d RDI: ffff88009ad8fc0a
[ 934.572398] RBP: ffff88009ad8fc78 R08: 0000000000000001 R09: 0000000000000000
[ 934.572400] R10: 0000000080582700 R11: ffffffff82613e00 R12: ffff88009ade5e98
[ 934.572402] R13: ffffffff81580e6d R14: 0000000000000020 R15: ffff88009ad8fc02
[ 934.572404] FS: 0000000000000000(0000) GS:ffff880157d80000(0000) knlGS:0000000000000000
[ 934.572406] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 934.572408] CR2: 0000000000000460 CR3: 000000000180b000 CR4: 00000000000007e0
[ 934.572409] Stack:
[ 934.572410] ffff88009ad8fc48 ffffffff81580e6d ffffffff81580e6d ffffffff81580e6d
[ 934.572414] ffffffff81580e6d ffffffff81580e6d ffffffff81580e6d ffff88009ade4000
[ 934.572418] 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 934.572421] Call Trace:
[ 934.572426] [<ffffffff812c96e5>] ata_do_eh+0x2b/0x93
[ 934.572429] [<ffffffff812c05c0>] ? ata_phys_link_offline+0x29/0x29
[ 934.572434] [<ffffffff812d0bab>] ? ahci_do_softreset+0x192/0x192
[ 934.572437] [<ffffffff812cfb7e>] ? ahci_dev_classify+0x4d/0x4d
[ 934.572440] [<ffffffff812cf943>] ? ahci_pmp_attach+0x11d/0x11d
[ 934.572442] [<ffffffff812cfb7e>] ? ahci_dev_classify+0x4d/0x4d
[ 934.572445] [<ffffffff812c97a3>] ata_std_error_handler+0x56/0x5e
[ 934.572448] [<ffffffff812cfe8f>] ahci_error_handler+0x33/0x54
[ 934.572451] [<ffffffff812c9297>] ata_scsi_port_error_handler+0x21c/0x582
[ 934.572454] [<ffffffff812c968f>] ata_scsi_error+0x92/0xbd
[ 934.572460] [<ffffffff812b1b23>] scsi_error_handler+0x1ae/0x802
[ 934.572465] [<ffffffff810683c2>] ? trace_hardirqs_on_caller+0x180/0x19c
[ 934.572468] [<ffffffff810683eb>] ? trace_hardirqs_on+0xd/0xf
[ 934.572473] [<ffffffff813c0d5d>] ? _raw_spin_unlock_irqrestore+0x46/0x5b
[ 934.572476] [<ffffffff812b1975>] ? scsi_eh_get_sense+0x19e/0x19e
[ 934.572480] [<ffffffff81051a1c>] kthread+0x10e/0x116
[ 934.572484] [<ffffffff8105bee3>] ? arch_vtime_task_switch+0x106/0x113
[ 934.572488] [<ffffffff8105190e>] ? kthread_create_on_node+0x1b6/0x1b6
[ 934.572491] [<ffffffff813c162c>] ret_from_fork+0x7c/0xb0
[ 934.572494] [<ffffffff8105190e>] ? kthread_create_on_node+0x1b6/0x1b6
[ 934.572495] Code: 03 00 00 00 48 8b 93 88 01 00 00 48 c7 85 76 ff ff ff 00 00 00 00 48 8d bd 7e ff ff ff 48 c7 45 8a 00 00 00 00 f3 ab 48 8d 7d 92 <44> 8b aa 60 04 00 00 b1 3e f3 aa f6 83 d2 01 00 00 01 0f 84 55
[ 934.572532] RIP [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
[ 934.572535] RSP <ffff88009ad8fba8>
[ 934.572537] CR2: 0000000000000460
[ 934.572540] ---[ end trace 62160753352ee227 ]---
-ss
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ata_eh_report() unable to handle kernel NULL pointer dereference
2015-01-13 14:25 ata_eh_report() unable to handle kernel NULL pointer dereference Sergey Senozhatsky
@ 2015-01-13 15:27 ` Tejun Heo
2015-01-14 14:30 ` Sergey Senozhatsky
0 siblings, 1 reply; 4+ messages in thread
From: Tejun Heo @ 2015-01-13 15:27 UTC (permalink / raw)
To: Sergey Senozhatsky; +Cc: linux-ide, linux-kernel
On Tue, Jan 13, 2015 at 11:25:09PM +0900, Sergey Senozhatsky wrote:
> Hi,
>
> linux-next 20150112
>
> [ 934.572323] ata2: exception Emask 0x50 SAct 0x0 SErr 0x4090800 action 0xe frozen
> [ 934.572329] ata2: irq_stat 0x00400040, connection status changed
> [ 934.572332] ata2: SError: { HostInt PHYRdyChg 10B8B DevExch }
> [ 934.572341] BUG: unable to handle kernel NULL pointer dereference at 0000000000000460
> [ 934.572346] IP: [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
Any chance you can run addr2line on it and map it to the source line?
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ata_eh_report() unable to handle kernel NULL pointer dereference
2015-01-13 15:27 ` Tejun Heo
@ 2015-01-14 14:30 ` Sergey Senozhatsky
2015-01-14 14:47 ` Tejun Heo
0 siblings, 1 reply; 4+ messages in thread
From: Sergey Senozhatsky @ 2015-01-14 14:30 UTC (permalink / raw)
To: Tejun Heo; +Cc: Sergey Senozhatsky, linux-ide, linux-kernel
On (01/13/15 10:27), Tejun Heo wrote:
> On Tue, Jan 13, 2015 at 11:25:09PM +0900, Sergey Senozhatsky wrote:
> > Hi,
> >
> > linux-next 20150112
> >
> > [ 934.572323] ata2: exception Emask 0x50 SAct 0x0 SErr 0x4090800 action 0xe frozen
> > [ 934.572329] ata2: irq_stat 0x00400040, connection status changed
> > [ 934.572332] ata2: SError: { HostInt PHYRdyChg 10B8B DevExch }
> > [ 934.572341] BUG: unable to handle kernel NULL pointer dereference at 0000000000000460
> > [ 934.572346] IP: [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
>
> Any chance you can run addr2line on it and map it to the source line?
>
Hello,
sorry for the delay, emails from my android gmail app are blocked as "outlook
spam".
here it is in reverse order, RIP is the last one.
~/_next$ addr2line -e vmlinux -i ffffffff812c97a3
_next/drivers/ata/libata-eh.c:4020
~/_next$ addr2line -e vmlinux -i ffffffff812cfb7e
_next/drivers/ata/libahci.c:1438
~/_next$ addr2line -e vmlinux -i ffffffff812cf943
_next/drivers/ata/libahci.c:1470
~/_next$ addr2line -e vmlinux -i ffffffff812cfb7e
_next/drivers/ata/libahci.c:1438
~/_next$ addr2line -e vmlinux -i ffffffff812d0bab
_next/drivers/ata/libahci.c:1383
~/_next$ addr2line -e vmlinux -i ffffffff812c05c0
_next/include/linux/libata.h:1085
_next/drivers/ata/libata-core.c:3715
~/_next$ addr2line -e vmlinux -i ffffffff812c96e5
_next/drivers/ata/libata-eh.c:3991
~/_next$ addr2line -e vmlinux -i ffffffff812c722c
_next/drivers/ata/libata-eh.c:2485
_next/drivers/ata/libata-eh.c:2583
just in case: RIP <ffffffff812c722c>
ffffffff812c6e7f <ata_eh_report>:
ffffffff812c6e7f: 55 push %rbp
ffffffff812c6e80: 48 89 fe mov %rdi,%rsi
ffffffff812c6e83: ba 01 00 00 00 mov $0x1,%edx
ffffffff812c6e88: 48 89 e5 mov %rsp,%rbp
ffffffff812c6e8b: 41 57 push %r15
ffffffff812c6e8d: 41 56 push %r14
ffffffff812c6e8f: 41 55 push %r13
ffffffff812c6e91: 41 54 push %r12
ffffffff812c6e93: 53 push %rbx
ffffffff812c6e94: 48 81 ec a8 00 00 00 sub $0xa8,%rsp
ffffffff812c6e9b: 48 89 bd 68 ff ff ff mov %rdi,-0x98(%rbp)
ffffffff812c6ea2: 31 ff xor %edi,%edi
ffffffff812c6ea4: e8 7e 46 ff ff callq ffffffff812bb527 <ata_link_next>
ffffffff812c6ea9: 48 85 c0 test %rax,%rax
ffffffff812c6eac: 49 89 c4 mov %rax,%r12
ffffffff812c6eaf: 0f 84 08 07 00 00 je ffffffff812c75bd <ata_eh_report+0x73e>
ffffffff812c6eb5: 41 f6 84 24 b4 04 00 testb $0x8,0x4b4(%r12)
ffffffff812c6ebc: 00 08
ffffffff812c6ebe: 49 8b 1c 24 mov (%r12),%rbx
ffffffff812c6ec2: c7 85 70 ff ff ff 00 movl $0x0,-0x90(%rbp)
ffffffff812c6ec9: 00 00 00
ffffffff812c6ecc: 66 c7 85 74 ff ff ff movw $0x0,-0x8c(%rbp)
ffffffff812c6ed3: 00 00
ffffffff812c6ed5: 0f 85 ce 06 00 00 jne ffffffff812c75a9 <ata_eh_report+0x72a>
ffffffff812c6edb: 41 80 bc 24 bc 04 00 cmpb $0x0,0x4bc(%r12)
ffffffff812c6ee2: 00 00
ffffffff812c6ee4: b8 00 00 00 00 mov $0x0,%eax
ffffffff812c6ee9: 4d 8d ac 24 bc 04 00 lea 0x4bc(%r12),%r13
ffffffff812c6ef0: 00
ffffffff812c6ef1: 4c 8d bb d0 01 00 00 lea 0x1d0(%rbx),%r15
ffffffff812c6ef8: 4c 0f 44 e8 cmove %rax,%r13
ffffffff812c6efc: 45 31 f6 xor %r14d,%r14d
ffffffff812c6eff: 48 8d 83 d0 1e 00 00 lea 0x1ed0(%rbx),%rax
ffffffff812c6f06: 48 89 85 60 ff ff ff mov %rax,-0xa0(%rbp)
ffffffff812c6f0d: 49 f7 07 00 00 01 00 testq $0x10000,(%r15)
ffffffff812c6f14: 74 2d je ffffffff812c6f43 <ata_eh_report+0xc4>
ffffffff812c6f16: 49 8b 7f b8 mov -0x48(%r15),%rdi
ffffffff812c6f1a: e8 65 5c ff ff callq ffffffff812bcb84 <ata_dev_phys_link>
ffffffff812c6f1f: 4c 39 e0 cmp %r12,%rax
ffffffff812c6f22: 75 1f jne ffffffff812c6f43 <ata_eh_report+0xc4>
ffffffff812c6f24: 49 8b 07 mov (%r15),%rax
ffffffff812c6f27: a8 40 test $0x40,%al
ffffffff812c6f29: 74 07 je ffffffff812c6f32 <ata_eh_report+0xb3>
ffffffff812c6f2b: 41 83 7f 5c 01 cmpl $0x1,0x5c(%r15)
ffffffff812c6f30: 74 11 je ffffffff812c6f43 <ata_eh_report+0xc4>
ffffffff812c6f32: a9 00 00 02 00 test $0x20000,%eax
ffffffff812c6f37: 74 07 je ffffffff812c6f40 <ata_eh_report+0xc1>
ffffffff812c6f39: 41 83 7f 5c 00 cmpl $0x0,0x5c(%r15)
ffffffff812c6f3e: 74 03 je ffffffff812c6f43 <ata_eh_report+0xc4>
ffffffff812c6f40: 41 ff c6 inc %r14d
ffffffff812c6f43: 49 81 c7 e8 00 00 00 add $0xe8,%r15
ffffffff812c6f4a: 4c 3b bd 60 ff ff ff cmp -0xa0(%rbp),%r15
ffffffff812c6f51: 75 ba jne ffffffff812c6f0d <ata_eh_report+0x8e>
ffffffff812c6f53: 45 85 f6 test %r14d,%r14d
ffffffff812c6f56: 75 0f jne ffffffff812c6f67 <ata_eh_report+0xe8>
ffffffff812c6f58: 41 83 bc 24 a4 04 00 cmpl $0x0,0x4a4(%r12)
ffffffff812c6f5f: 00 00
ffffffff812c6f61: 0f 84 42 06 00 00 je ffffffff812c75a9 <ata_eh_report+0x72a>
ffffffff812c6f67: f6 43 20 04 testb $0x4,0x20(%rbx)
ffffffff812c6f6b: 48 c7 c0 d4 a6 5a 81 mov $0xffffffff815aa6d4,%rax
ffffffff812c6f72: 49 c7 c6 6d 0e 58 81 mov $0xffffffff81580e6d,%r14
ffffffff812c6f79: 8b 8b 68 3b 00 00 mov 0x3b68(%rbx),%ecx
ffffffff812c6f7f: 4c 0f 45 f0 cmovne %rax,%r14
ffffffff812c6f83: 83 f9 04 cmp $0x4,%ecx
ffffffff812c6f86: 7f 1a jg ffffffff812c6fa2 <ata_eh_report+0x123>
ffffffff812c6f88: 48 c7 c2 24 28 5b 81 mov $0xffffffff815b2824,%rdx
ffffffff812c6f8f: be 06 00 00 00 mov $0x6,%esi
ffffffff812c6f94: 31 c0 xor %eax,%eax
ffffffff812c6f96: 48 8d bd 70 ff ff ff lea -0x90(%rbp),%rdi
ffffffff812c6f9d: e8 6d dd f3 ff callq ffffffff81204d0f <snprintf>
ffffffff812c6fa2: 49 8b bc 24 98 04 00 mov 0x498(%r12),%rdi
ffffffff812c6fa9: 00
ffffffff812c6faa: 45 8b 8c 24 a0 04 00 mov 0x4a0(%r12),%r9d
ffffffff812c6fb1: 00
ffffffff812c6fb2: 45 8b 84 24 04 04 00 mov 0x404(%r12),%r8d
ffffffff812c6fb9: 00
ffffffff812c6fba: 41 8b 8c 24 a4 04 00 mov 0x4a4(%r12),%ecx
ffffffff812c6fc1: 00
ffffffff812c6fc2: 48 85 ff test %rdi,%rdi
ffffffff812c6fc5: 41 8b 84 24 a8 04 00 mov 0x4a8(%r12),%eax
ffffffff812c6fcc: 00
ffffffff812c6fcd: 74 4d je ffffffff812c701c <ata_eh_report+0x19d>
ffffffff812c6fcf: 48 8d b5 70 ff ff ff lea -0x90(%rbp),%rsi
ffffffff812c6fd6: 48 c7 c2 29 28 5b 81 mov $0xffffffff815b2829,%rdx
ffffffff812c6fdd: 41 52 push %r10
ffffffff812c6fdf: 56 push %rsi
ffffffff812c6fe0: 48 c7 c6 cb da 56 81 mov $0xffffffff8156dacb,%rsi
ffffffff812c6fe7: 41 56 push %r14
ffffffff812c6fe9: 50 push %rax
ffffffff812c6fea: 31 c0 xor %eax,%eax
ffffffff812c6fec: e8 4f 55 ff ff callq ffffffff812bc540 <ata_dev_printk>
ffffffff812c6ff1: 48 83 c4 20 add $0x20,%rsp
ffffffff812c6ff5: 4d 85 ed test %r13,%r13
ffffffff812c6ff8: 74 6a je ffffffff812c7064 <ata_eh_report+0x1e5>
ffffffff812c6ffa: 49 8b bc 24 98 04 00 mov 0x498(%r12),%rdi
ffffffff812c7001: 00
ffffffff812c7002: 4c 89 e9 mov %r13,%rcx
ffffffff812c7005: 48 c7 c2 63 fc 56 81 mov $0xffffffff8156fc63,%rdx
ffffffff812c700c: 31 c0 xor %eax,%eax
ffffffff812c700e: 48 c7 c6 cb da 56 81 mov $0xffffffff8156dacb,%rsi
ffffffff812c7015: e8 26 55 ff ff callq ffffffff812bc540 <ata_dev_printk>
ffffffff812c701a: eb 48 jmp ffffffff812c7064 <ata_eh_report+0x1e5>
ffffffff812c701c: 56 push %rsi
ffffffff812c701d: 48 8d b5 70 ff ff ff lea -0x90(%rbp),%rsi
ffffffff812c7024: 48 c7 c2 29 28 5b 81 mov $0xffffffff815b2829,%rdx
ffffffff812c702b: 4c 89 e7 mov %r12,%rdi
ffffffff812c702e: 56 push %rsi
ffffffff812c702f: 48 c7 c6 cb da 56 81 mov $0xffffffff8156dacb,%rsi
ffffffff812c7036: 41 56 push %r14
ffffffff812c7038: 50 push %rax
ffffffff812c7039: 31 c0 xor %eax,%eax
ffffffff812c703b: e8 6b 53 ff ff callq ffffffff812bc3ab <ata_link_printk>
ffffffff812c7040: 48 83 c4 20 add $0x20,%rsp
ffffffff812c7044: 4d 85 ed test %r13,%r13
ffffffff812c7047: 74 1b je ffffffff812c7064 <ata_eh_report+0x1e5>
ffffffff812c7049: 4c 89 e9 mov %r13,%rcx
ffffffff812c704c: 48 c7 c2 63 fc 56 81 mov $0xffffffff8156fc63,%rdx
ffffffff812c7053: 48 c7 c6 cb da 56 81 mov $0xffffffff8156dacb,%rsi
ffffffff812c705a: 4c 89 e7 mov %r12,%rdi
ffffffff812c705d: 31 c0 xor %eax,%eax
ffffffff812c705f: e8 47 53 ff ff callq ffffffff812bc3ab <ata_link_printk>
ffffffff812c7064: 41 8b 84 24 a0 04 00 mov 0x4a0(%r12),%eax
ffffffff812c706b: 00
ffffffff812c706c: 85 c0 test %eax,%eax
ffffffff812c706e: 0f 84 80 01 00 00 je ffffffff812c71f4 <ata_eh_report+0x375>
ffffffff812c7074: 48 c7 c1 6d 0e 58 81 mov $0xffffffff81580e6d,%rcx
ffffffff812c707b: a9 00 00 00 04 test $0x4000000,%eax
ffffffff812c7080: 49 c7 c7 e4 26 5b 81 mov $0xffffffff815b26e4,%r15
ffffffff812c7087: 4c 0f 44 f9 cmove %rcx,%r15
ffffffff812c708b: 48 c7 c2 ed 26 5b 81 mov $0xffffffff815b26ed,%rdx
ffffffff812c7092: a9 00 00 00 02 test $0x2000000,%eax
ffffffff812c7097: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c709b: a9 00 00 00 01 test $0x1000000,%eax
ffffffff812c70a0: 49 c7 c6 1c 27 5b 81 mov $0xffffffff815b271c,%r14
ffffffff812c70a7: 49 c7 c5 23 27 5b 81 mov $0xffffffff815b2723,%r13
ffffffff812c70ae: 41 57 push %r15
ffffffff812c70b0: 48 89 95 38 ff ff ff mov %rdx,-0xc8(%rbp)
ffffffff812c70b7: 48 c7 c2 f7 26 5b 81 mov $0xffffffff815b26f7,%rdx
ffffffff812c70be: 49 c7 c3 2d 27 5b 81 mov $0xffffffff815b272d,%r11
ffffffff812c70c5: 49 c7 c2 35 27 5b 81 mov $0xffffffff815b2735,%r10
ffffffff812c70cc: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c70d0: a9 00 00 80 00 test $0x800000,%eax
ffffffff812c70d5: 48 c7 c7 40 27 5b 81 mov $0xffffffff815b2740,%rdi
ffffffff812c70dc: 48 c7 c6 49 27 5b 81 mov $0xffffffff815b2749,%rsi
ffffffff812c70e3: 49 c7 c1 59 27 5b 81 mov $0xffffffff815b2759,%r9
ffffffff812c70ea: 48 89 95 40 ff ff ff mov %rdx,-0xc0(%rbp)
ffffffff812c70f1: 48 c7 c2 02 27 5b 81 mov $0xffffffff815b2702,%rdx
ffffffff812c70f8: 49 c7 c0 66 27 5b 81 mov $0xffffffff815b2766,%r8
ffffffff812c70ff: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c7103: a9 00 00 40 00 test $0x400000,%eax
ffffffff812c7108: ff b5 38 ff ff ff pushq -0xc8(%rbp)
ffffffff812c710e: ff b5 40 ff ff ff pushq -0xc0(%rbp)
ffffffff812c7114: 48 89 95 48 ff ff ff mov %rdx,-0xb8(%rbp)
ffffffff812c711b: 48 c7 c2 0b 27 5b 81 mov $0xffffffff815b270b,%rdx
ffffffff812c7122: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c7126: a9 00 00 20 00 test $0x200000,%eax
ffffffff812c712b: ff b5 48 ff ff ff pushq -0xb8(%rbp)
ffffffff812c7131: 48 89 95 50 ff ff ff mov %rdx,-0xb0(%rbp)
ffffffff812c7138: 48 c7 c2 93 24 5b 81 mov $0xffffffff815b2493,%rdx
ffffffff812c713f: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c7143: a9 00 00 10 00 test $0x100000,%eax
ffffffff812c7148: ff b5 50 ff ff ff pushq -0xb0(%rbp)
ffffffff812c714e: 48 89 95 58 ff ff ff mov %rdx,-0xa8(%rbp)
ffffffff812c7155: 48 c7 c2 14 27 5b 81 mov $0xffffffff815b2714,%rdx
ffffffff812c715c: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c7160: a9 00 00 08 00 test $0x80000,%eax
ffffffff812c7165: 4c 0f 44 f1 cmove %rcx,%r14
ffffffff812c7169: a9 00 00 04 00 test $0x40000,%eax
ffffffff812c716e: 4c 0f 44 e9 cmove %rcx,%r13
ffffffff812c7172: a9 00 00 02 00 test $0x20000,%eax
ffffffff812c7177: 48 89 95 60 ff ff ff mov %rdx,-0xa0(%rbp)
ffffffff812c717e: 4c 0f 44 d9 cmove %rcx,%r11
ffffffff812c7182: a9 00 00 01 00 test $0x10000,%eax
ffffffff812c7187: 4c 0f 44 d1 cmove %rcx,%r10
ffffffff812c718b: f6 c4 08 test $0x8,%ah
ffffffff812c718e: 48 0f 44 f9 cmove %rcx,%rdi
ffffffff812c7192: f6 c4 04 test $0x4,%ah
ffffffff812c7195: 48 0f 44 f1 cmove %rcx,%rsi
ffffffff812c7199: 48 c7 c2 50 27 5b 81 mov $0xffffffff815b2750,%rdx
ffffffff812c71a0: ff b5 58 ff ff ff pushq -0xa8(%rbp)
ffffffff812c71a6: f6 c4 02 test $0x2,%ah
ffffffff812c71a9: 48 0f 44 d1 cmove %rcx,%rdx
ffffffff812c71ad: f6 c4 01 test $0x1,%ah
ffffffff812c71b0: 4c 0f 44 c9 cmove %rcx,%r9
ffffffff812c71b4: a8 02 test $0x2,%al
ffffffff812c71b6: 4c 0f 44 c1 cmove %rcx,%r8
ffffffff812c71ba: a8 01 test $0x1,%al
ffffffff812c71bc: ff b5 60 ff ff ff pushq -0xa0(%rbp)
ffffffff812c71c2: 48 c7 c0 71 27 5b 81 mov $0xffffffff815b2771,%rax
ffffffff812c71c9: 41 56 push %r14
ffffffff812c71cb: 48 0f 45 c8 cmovne %rax,%rcx
ffffffff812c71cf: 31 c0 xor %eax,%eax
ffffffff812c71d1: 41 55 push %r13
ffffffff812c71d3: 41 53 push %r11
ffffffff812c71d5: 41 52 push %r10
ffffffff812c71d7: 57 push %rdi
ffffffff812c71d8: 4c 89 e7 mov %r12,%rdi
ffffffff812c71db: 56 push %rsi
ffffffff812c71dc: 48 c7 c6 cb da 56 81 mov $0xffffffff8156dacb,%rsi
ffffffff812c71e3: 52 push %rdx
ffffffff812c71e4: 48 c7 c2 63 28 5b 81 mov $0xffffffff815b2863,%rdx
ffffffff812c71eb: e8 bb 51 ff ff callq ffffffff812bc3ab <ata_link_printk>
ffffffff812c71f0: 48 83 c4 70 add $0x70,%rsp
ffffffff812c71f4: 4c 8d 7d 8a lea -0x76(%rbp),%r15
ffffffff812c71f8: 41 be 20 00 00 00 mov $0x20,%r14d
ffffffff812c71fe: 31 c0 xor %eax,%eax
ffffffff812c7200: b9 03 00 00 00 mov $0x3,%ecx
ffffffff812c7205: 48 8b 93 88 01 00 00 mov 0x188(%rbx),%rdx
ffffffff812c720c: 48 c7 85 76 ff ff ff movq $0x0,-0x8a(%rbp)
ffffffff812c7213: 00 00 00 00
ffffffff812c7217: 48 8d bd 7e ff ff ff lea -0x82(%rbp),%rdi
ffffffff812c721e: 48 c7 45 8a 00 00 00 movq $0x0,-0x76(%rbp)
ffffffff812c7225: 00
ffffffff812c7226: f3 ab rep stos %eax,%es:(%rdi)
ffffffff812c7228: 48 8d 7d 92 lea -0x6e(%rbp),%rdi
ffffffff812c71d3: 41 53 push %r11
ffffffff812c71d5: 41 52 push %r10
ffffffff812c71d7: 57 push %rdi
ffffffff812c71d8: 4c 89 e7 mov %r12,%rdi
ffffffff812c71db: 56 push %rsi
ffffffff812c71dc: 48 c7 c6 cb da 56 81 mov $0xffffffff8156dacb,%rsi
ffffffff812c71e3: 52 push %rdx
ffffffff812c71e4: 48 c7 c2 63 28 5b 81 mov $0xffffffff815b2863,%rdx
ffffffff812c71eb: e8 bb 51 ff ff callq ffffffff812bc3ab <ata_link_printk>
ffffffff812c71f0: 48 83 c4 70 add $0x70,%rsp
ffffffff812c71f4: 4c 8d 7d 8a lea -0x76(%rbp),%r15
ffffffff812c71f8: 41 be 20 00 00 00 mov $0x20,%r14d
ffffffff812c71fe: 31 c0 xor %eax,%eax
ffffffff812c7200: b9 03 00 00 00 mov $0x3,%ecx
ffffffff812c7205: 48 8b 93 88 01 00 00 mov 0x188(%rbx),%rdx
ffffffff812c720c: 48 c7 85 76 ff ff ff movq $0x0,-0x8a(%rbp)
ffffffff812c7213: 00 00 00 00
ffffffff812c7217: 48 8d bd 7e ff ff ff lea -0x82(%rbp),%rdi
ffffffff812c721e: 48 c7 45 8a 00 00 00 movq $0x0,-0x76(%rbp)
ffffffff812c7225: 00
ffffffff812c7226: f3 ab rep stos %eax,%es:(%rdi)
ffffffff812c7228: 48 8d 7d 92 lea -0x6e(%rbp),%rdi
ffffffff812c722c: 44 8b aa 60 04 00 00 mov 0x460(%rdx),%r13d
ffffffff812c7233: b1 3e mov $0x3e,%cl
ffffffff812c7235: f3 aa rep stos %al,%es:(%rdi)
ffffffff812c7237: f6 83 d2 01 00 00 01 testb $0x1,0x1d2(%rbx)
ffffffff812c723e: 0f 84 55 03 00 00 je ffffffff812c7599 <ata_eh_report+0x71a>
ffffffff812c7244: 48 89 d7 mov %rdx,%rdi
ffffffff812c7247: e8 38 59 ff ff callq ffffffff812bcb84 <ata_dev_phys_link>
ffffffff812c724c: 4c 39 e0 cmp %r12,%rax
ffffffff812c724f: 0f 85 44 03 00 00 jne ffffffff812c7599 <ata_eh_report+0x71a>
ffffffff812c7255: 83 bb 2c 02 00 00 00 cmpl $0x0,0x22c(%rbx)
ffffffff812c725c: 0f 84 37 03 00 00 je ffffffff812c7599 <ata_eh_report+0x71a>
ffffffff812c7262: 48 63 83 e4 01 00 00 movslq 0x1e4(%rbx),%rax
ffffffff812c7269: 83 f8 03 cmp $0x3,%eax
ffffffff812c726c: 74 38 je ffffffff812c72a6 <ata_eh_report+0x427>
ffffffff812c726e: 0f b6 93 a8 01 00 00 movzbl 0x1a8(%rbx),%edx
-ss
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ata_eh_report() unable to handle kernel NULL pointer dereference
2015-01-14 14:30 ` Sergey Senozhatsky
@ 2015-01-14 14:47 ` Tejun Heo
0 siblings, 0 replies; 4+ messages in thread
From: Tejun Heo @ 2015-01-14 14:47 UTC (permalink / raw)
To: Sergey Senozhatsky, Hannes Reinecke; +Cc: linux-ide, linux-kernel
On Wed, Jan 14, 2015 at 11:30:33PM +0900, Sergey Senozhatsky wrote:
> On (01/13/15 10:27), Tejun Heo wrote:
> > On Tue, Jan 13, 2015 at 11:25:09PM +0900, Sergey Senozhatsky wrote:
> > > Hi,
> > >
> > > linux-next 20150112
> > >
> > > [ 934.572323] ata2: exception Emask 0x50 SAct 0x0 SErr 0x4090800 action 0xe frozen
> > > [ 934.572329] ata2: irq_stat 0x00400040, connection status changed
> > > [ 934.572332] ata2: SError: { HostInt PHYRdyChg 10B8B DevExch }
> > > [ 934.572341] BUG: unable to handle kernel NULL pointer dereference at 0000000000000460
> > > [ 934.572346] IP: [<ffffffff812c722c>] ata_eh_report+0x3ad/0x74d
> >
> > Any chance you can run addr2line on it and map it to the source line?
> >
>
> Hello,
>
> sorry for the delay, emails from my android gmail app are blocked as "outlook
> spam".
>
> here it is in reverse order, RIP is the last one.
>
> ~/_next$ addr2line -e vmlinux -i ffffffff812c97a3
> _next/drivers/ata/libata-eh.c:4020
> ~/_next$ addr2line -e vmlinux -i ffffffff812cfb7e
> _next/drivers/ata/libahci.c:1438
> ~/_next$ addr2line -e vmlinux -i ffffffff812cf943
> _next/drivers/ata/libahci.c:1470
> ~/_next$ addr2line -e vmlinux -i ffffffff812cfb7e
> _next/drivers/ata/libahci.c:1438
> ~/_next$ addr2line -e vmlinux -i ffffffff812d0bab
> _next/drivers/ata/libahci.c:1383
> ~/_next$ addr2line -e vmlinux -i ffffffff812c05c0
> _next/include/linux/libata.h:1085
> _next/drivers/ata/libata-core.c:3715
> ~/_next$ addr2line -e vmlinux -i ffffffff812c96e5
> _next/drivers/ata/libata-eh.c:3991
> ~/_next$ addr2line -e vmlinux -i ffffffff812c722c
> _next/drivers/ata/libata-eh.c:2485
> _next/drivers/ata/libata-eh.c:2583
Ah, the culprit is cbba5b0ee4c6 ("libata: use
__scsi_format_command()") which moved qc->dev->cdb_len deref to before
the loop verifies the qc is valid.
Hannes, I think the right thing to do is moving that variable
declaration inside the if (ata_is_atapi()) block. Can you please take
care of it?
Thanks a lot.
--
tejun
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-01-14 14:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-13 14:25 ata_eh_report() unable to handle kernel NULL pointer dereference Sergey Senozhatsky
2015-01-13 15:27 ` Tejun Heo
2015-01-14 14:30 ` Sergey Senozhatsky
2015-01-14 14:47 ` Tejun Heo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).