On 09/30, Linus Torvalds wrote:
On Thu, Sep 21, 2017 at 12:02 AM, NeilBrown <neilb(a)suse.com>
> I think it is crashing in
> static inline bool ata_is_host_link(const struct ata_link *link)
> return link == &link->ap->link || link ==
Yes. The code is
1a: 8b 3a mov (%edx),%edi
1c: 8d 8f 40 16 00 00 lea 0x1640(%edi),%ecx
22: 39 ca cmp %ecx,%edx
24: 74 49 je 0x6f
26: b9 01 00 00 00 mov $0x1,%ecx
2b:* 39 97 80 24 00 00 cmp %edx,0x2480(%edi) <-- trapping instruction
31: 74 3c je 0x6f
and that first "je" is the test for "link ==
only takes the address relative to "link->ap" - thus the "lea"),
that cmp that oopses is indeed loading that actual slave_link value.
So I agree. "link->ap" is NULL for some odd reason.
Hmm. Absolutely nothing has changed in libata-core.c recently,
certainly not that async_port_probe() thing.
So I suspect either it's just a timing difference, or it's some
unrelated memory corruption.
Xiaolong, I see that you have SLUB_DEBUG and SLUB_DEBUG_ON enabled,
but wonder if you can recreate this with DEBUG_PAGEALLOC and/or
DEBUG_OBJECTS enabled too?
Sorry for the late, just come back from vacation.
I retested with with DEBUG_PAGEALLOC and DEBUG_OBJECTS enabled for both
commit 47e0fb461f and commit 011067b056, and both showed the ata_dev_next
crash issue, so commit 47e0fb461f should be irrelevant, sorry for the noise.
Tejun, any ideas? The original report is at
in case you don't see it in your inbox from lkml.