Re: BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit
From: Santosh Shilimkar
Date: Mon Dec 18 2017 - 12:16:23 EST
On 12/18/2017 9:12 AM, David Miller wrote:
From: Santosh Shilimkar <santosh.shilimkar@xxxxxxxxxx>
Date: Mon, 18 Dec 2017 08:28:05 -0800
On 12/18/2017 12:43 AM, syzbot wrote:
Hello,
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
BUG: unable to handle kernel NULL pointer dereference at
0000000000000028
program syz-executor6 is using a deprecated SCSI ioctl, please convert
it to SG_IO
IP: rds_send_xmit+0x80/0x930 net/rds/send.c:186
Looks like another one tripping on empty transport. Mostly below
should
address it but we will test it if it does.
diff --git a/net/rds/send.c b/net/rds/send.c
index 7244d2e..e2d0eaa 100644
--- a/net/rds/send.c
+++ b/net/rds/send.c
@@ -183,7 +183,7 @@ int rds_send_xmit(struct rds_conn_path *cp)
goto out;
}
- if (conn->c_trans->xmit_path_prepare)
+ if (conn->c_trans && conn->c_trans->xmit_path_prepare)
conn->c_trans->xmit_path_prepare(cp);
We're seeming to accumulate a lot of checks like this, maybe there
is a more general way to deal with this problem?
Agree. Some of these additional transports hooks got added later
to specific transports which needs them. Will review this overall
and see if it can be addressed generically.
Regards,
Santosh