[rds-devel] BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit
Santosh Shilimkar
santosh.shilimkar at oracle.com
Mon Dec 18 09:16:01 PST 2017
On 12/18/2017 9:12 AM, David Miller wrote:
> From: Santosh Shilimkar <santosh.shilimkar at oracle.com>
> Date: Mon, 18 Dec 2017 08:28:05 -0800
>
>> On 12/18/2017 12:43 AM, syzbot wrote:
>>> Hello,
>>> syzkaller hit the following crash on
>>> 6084b576dca2e898f5c101baef151f7bfdbb606d
>>> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
>>> compiler: gcc (GCC) 7.1.1 20170620
>>> .config is attached
>>> Raw console output is attached.
>>> Unfortunately, I don't have any reproducer for this bug yet.
>>> BUG: unable to handle kernel NULL pointer dereference at
>>> 0000000000000028
>>> program syz-executor6 is using a deprecated SCSI ioctl, please convert
>>> it to SG_IO
>>> IP: rds_send_xmit+0x80/0x930 net/rds/send.c:186
>>
>> Looks like another one tripping on empty transport. Mostly below
>> should
>> address it but we will test it if it does.
>>
>> diff --git a/net/rds/send.c b/net/rds/send.c
>> index 7244d2e..e2d0eaa 100644
>> --- a/net/rds/send.c
>> +++ b/net/rds/send.c
>> @@ -183,7 +183,7 @@ int rds_send_xmit(struct rds_conn_path *cp)
>> goto out;
>> }
>>
>> - if (conn->c_trans->xmit_path_prepare)
>> + if (conn->c_trans && conn->c_trans->xmit_path_prepare)
>> conn->c_trans->xmit_path_prepare(cp);
>
> We're seeming to accumulate a lot of checks like this, maybe there
> is a more general way to deal with this problem?
>
Agree. Some of these additional transports hooks got added later
to specific transports which needs them. Will review this overall
and see if it can be addressed generically.
Regards,
Santosh
More information about the rds-devel
mailing list