Re: WARNING: CPU: 1 PID: 67 at drivers/ata/libata-core.c:1688 ata_read_log_page+0x173/0x1f0
From: Niklas Cassel
Date: Mon Jul 24 2023 - 07:51:34 EST
On Sat, Jul 22, 2023 at 05:56:21PM +0200, Borislav Petkov wrote:
> Hi,
>
> this is with Linus' tree from Thursday, top commit:
>
> commit f7e3a1bafdea735050dfde00523cf505dc7fd309 (refs/remotes/origin/master, refs/remotes/origin/HEAD, refs/heads/master)
> Merge: 12a5088eb138 28801cc85906
> Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Date: Thu Jul 20 20:35:38 2023 -0700
>
> Merge tag 'drm-fixes-2023-07-21' of git://anongit.freedesktop.org/drm/drm
>
> and tip/master merged ontop:
>
> ...
> [ 3.435419] AVX version of gcm_enc/dec engaged.
> [ 3.436188] AES CTR mode by8 optimization enabled
> [ 4.181733] EXT4-fs (sdb2): mounted filesystem 1f347a17-b4a7-4d1c-bb60-5391961e8945 ro with ordered data mode. Quota mode: disabled.
> [ 4.311786] ------------[ cut here ]------------
> [ 4.312952] WARNING: CPU: 1 PID: 67 at drivers/ata/libata-core.c:1688 ata_read_log_page+0x173/0x1f0
> [ 4.314124] Modules linked in: aesni_intel crypto_simd cryptd serio_raw thermal
> [ 4.315296] CPU: 1 PID: 67 Comm: scsi_eh_2 Not tainted 6.5.0-rc2+ #1
> [ 4.316483] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET86WW (2.06 ) 11/13/2012
> [ 4.317653] RIP: 0010:ata_read_log_page+0x173/0x1f0
> [ 4.318783] Code: ed 48 85 db 88 54 24 18 88 44 24 25 44 88 64 24 22 66 89 6c 24 20 44 88 74 24 1b 48 c7 44 24 10 07 00 00 00 0f 85 ee fe ff ff <0f> 0b e9 e7 fe ff ff 41 8b 4f 0c 81 e1 00 00 80 00 89 c8 f7 d8 18
> [ 4.321370] RSP: 0018:ffffc90000cbbbc0 EFLAGS: 00010246
> [ 4.322714] RAX: 0000000000000047 RBX: 0000000000000000 RCX: 0000000000000000
> [ 4.324069] RDX: 0000000000000002 RSI: 000000000000000f RDI: 0000000000000400
> [ 4.325401] RBP: 0000000000000f02 R08: 0000000000000002 R09: 0000000000000001
> [ 4.326700] R10: 0000000000000000 R11: ffff888103cca290 R12: 0000000000000000
> [ 4.328012] R13: 0000000000000001 R14: 0000000000000000 R15: ffff888104c02680
> [ 4.329333] FS: 0000000000000000(0000) GS:ffff888211e80000(0000) knlGS:0000000000000000
> [ 4.330652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 4.331979] CR2: 00007f66683d99f0 CR3: 0000000002434005 CR4: 00000000001706e0
> [ 4.333134] Call Trace:
> [ 4.334239] <TASK>
> [ 4.335323] ? ata_read_log_page+0x173/0x1f0
> [ 4.336434] ? __warn+0x81/0x170
> [ 4.337364] ? ata_read_log_page+0x173/0x1f0
> [ 4.338270] ? report_bug+0x18d/0x1c0
> [ 4.339170] ? handle_bug+0x3c/0x70
> [ 4.340083] ? exc_invalid_op+0x13/0x60
> [ 4.340917] ? asm_exc_invalid_op+0x16/0x20
> [ 4.341732] ? ata_read_log_page+0x173/0x1f0
> [ 4.342538] ? find_held_lock+0x2b/0x80
> [ 4.343343] ata_eh_read_sense_success_ncq_log+0x3f/0x1c0
Hello Boris,
this is a null pointer dereference,
because ap->ncq_sense_buf buffer is only allocated when CDL is enabled.
We are not supposed to fetch sense data for successful NCQ commands when
CDL is not enabled.
This is my bad.
Could you please test and see if this patch solves your problem:
https://lore.kernel.org/linux-ide/20230723130315.427513-1-nks@xxxxxxxxxxx/
Kind regards,
Niklas