[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b0a4bd8a-3b53-e187-b9e9-aa96baadd11d@oracle.com>
Date: Mon, 18 Dec 2017 09:16:01 -0800
From: Santosh Shilimkar <santosh.shilimkar@...cle.com>
To: David Miller <davem@...emloft.net>
Cc: bot+aaf54a8c644d559d34dedcf3126aac68a20c9e63@...kaller.appspotmail.com,
linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org,
netdev@...r.kernel.org, rds-devel@....oracle.com,
syzkaller-bugs@...glegroups.com
Subject: Re: BUG: unable to handle kernel NULL pointer dereference in
rds_send_xmit
On 12/18/2017 9:12 AM, David Miller wrote:
> From: Santosh Shilimkar <santosh.shilimkar@...cle.com>
> Date: Mon, 18 Dec 2017 08:28:05 -0800
>
>> On 12/18/2017 12:43 AM, syzbot wrote:
>>> Hello,
>>> syzkaller hit the following crash on
>>> 6084b576dca2e898f5c101baef151f7bfdbb606d
>>> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
>>> compiler: gcc (GCC) 7.1.1 20170620
>>> .config is attached
>>> Raw console output is attached.
>>> Unfortunately, I don't have any reproducer for this bug yet.
>>> BUG: unable to handle kernel NULL pointer dereference at
>>> 0000000000000028
>>> program syz-executor6 is using a deprecated SCSI ioctl, please convert
>>> it to SG_IO
>>> IP: rds_send_xmit+0x80/0x930 net/rds/send.c:186
>>
>> Looks like another one tripping on empty transport. Mostly below
>> should
>> address it but we will test it if it does.
>>
>> diff --git a/net/rds/send.c b/net/rds/send.c
>> index 7244d2e..e2d0eaa 100644
>> --- a/net/rds/send.c
>> +++ b/net/rds/send.c
>> @@ -183,7 +183,7 @@ int rds_send_xmit(struct rds_conn_path *cp)
>> goto out;
>> }
>>
>> - if (conn->c_trans->xmit_path_prepare)
>> + if (conn->c_trans && conn->c_trans->xmit_path_prepare)
>> conn->c_trans->xmit_path_prepare(cp);
>
> We're seeming to accumulate a lot of checks like this, maybe there
> is a more general way to deal with this problem?
>
Agree. Some of these additional transports hooks got added later
to specific transports which needs them. Will review this overall
and see if it can be addressed generically.
Regards,
Santosh
Powered by blists - more mailing lists