[rds-devel] BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit
Sowmini Varadhan
sowmini.varadhan at oracle.com
Mon Dec 18 05:55:24 PST 2017
On (12/18/17 00:43), syzbot wrote:
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
> program syz-executor6 is using a deprecated SCSI ioctl, please convert it to
> SG_IO
> IP: rds_send_xmit+0x80/0x930 net/rds/send.c:186
conn->c_trans is at offset 0x28.
Both this and https://marc.info/?l=linux-netdev&m=151360062922798&w=2
are manifestations of the same bug: somehow the cp_send_w is still
getting queued incorrectly after the conn destroy is initiated (commit
681648e67d fixes one such window, maybe there are others).
Let me look at how this slipped through the cracks.
--Sowmini
More information about the rds-devel
mailing list