Showing error 1835

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: drivers/scsi/aic7xxx/aic7xxx_core.c
Line in file: 1832
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-11 08:47:26 UTC

Source: 

1802                 * bus transactions occur prior to clearing the SCSIINT
1803                 * latch.  It can take a bit for the clearing to take effect.
1804                 */
1805                ahc_outb(ahc, SIMODE1, ahc_inb(ahc, SIMODE1) & ~ENBUSFREE);
1806                ahc_outb(ahc, CLRSINT1, CLRBUSFREE|CLRSCSIPERR);
1807
1808                /*
1809                 * Look at what phase we were last in.
1810                 * If its message out, chances are pretty good
1811                 * that the busfree was in response to one of
1812                 * our abort requests.
1813                 */
1814                lastphase = ahc_inb(ahc, LASTPHASE);
1815                saved_scsiid = ahc_inb(ahc, SAVED_SCSIID);
1816                saved_lun = ahc_inb(ahc, SAVED_LUN);
1817                target = SCSIID_TARGET(ahc, saved_scsiid);
1818                initiator_role_id = SCSIID_OUR_ID(saved_scsiid);
1819                channel = SCSIID_CHANNEL(ahc, saved_scsiid);
1820                ahc_compile_devinfo(&devinfo, initiator_role_id,
1821                                    target, saved_lun, channel, ROLE_INITIATOR);
1822                printerror = 1;
1823
1824                if (lastphase == P_MESGOUT) {
1825                        u_int tag;
1826
1827                        tag = SCB_LIST_NULL;
1828                        if (ahc_sent_msg(ahc, AHCMSG_1B, MSG_ABORT_TAG, TRUE)
1829                         || ahc_sent_msg(ahc, AHCMSG_1B, MSG_ABORT, TRUE)) {
1830                                if (ahc->msgout_buf[ahc->msgout_index - 1]
1831                                 == MSG_ABORT_TAG)
1832                                        tag = scb->hscb->tag;
1833                                ahc_print_path(ahc, scb);
1834                                printf("SCB %d - Abort%s Completed.\n",
1835                                       scb->hscb->tag, tag == SCB_LIST_NULL ?
1836                                       "" : " Tag");
1837                                ahc_abort_scbs(ahc, target, channel,
1838                                               saved_lun, tag,
1839                                               ROLE_INITIATOR,
1840                                               CAM_REQ_ABORTED);
1841                                printerror = 0;
1842                        } else if (ahc_sent_msg(ahc, AHCMSG_1B,
Show full sources