Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965492AbdLRRQV (ORCPT ); Mon, 18 Dec 2017 12:16:21 -0500 Received: from userp2120.oracle.com ([156.151.31.85]:52884 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965467AbdLRRQO (ORCPT ); Mon, 18 Dec 2017 12:16:14 -0500 Subject: Re: BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit To: David Miller Cc: bot+aaf54a8c644d559d34dedcf3126aac68a20c9e63@syzkaller.appspotmail.com, linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org, netdev@vger.kernel.org, rds-devel@oss.oracle.com, syzkaller-bugs@googlegroups.com References: <001a1145ac5480242305609956b3@google.com> <5ba83a68-0103-d514-1b22-900f755f5aa4@oracle.com> <20171218.121213.289437104214632276.davem@davemloft.net> From: Santosh Shilimkar Organization: Oracle Corporation Message-ID: Date: Mon, 18 Dec 2017 09:16:01 -0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20171218.121213.289437104214632276.davem@davemloft.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8749 signatures=668649 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1712180228 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1612 Lines: 44 On 12/18/2017 9:12 AM, David Miller wrote: > From: Santosh Shilimkar > Date: Mon, 18 Dec 2017 08:28:05 -0800 > >> On 12/18/2017 12:43 AM, syzbot wrote: >>> Hello, >>> syzkaller hit the following crash on >>> 6084b576dca2e898f5c101baef151f7bfdbb606d >>> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master >>> compiler: gcc (GCC) 7.1.1 20170620 >>> .config is attached >>> Raw console output is attached. >>> Unfortunately, I don't have any reproducer for this bug yet. >>> BUG: unable to handle kernel NULL pointer dereference at >>> 0000000000000028 >>> program syz-executor6 is using a deprecated SCSI ioctl, please convert >>> it to SG_IO >>> IP: rds_send_xmit+0x80/0x930 net/rds/send.c:186 >> >> Looks like another one tripping on empty transport. Mostly below >> should >> address it but we will test it if it does. >> >> diff --git a/net/rds/send.c b/net/rds/send.c >> index 7244d2e..e2d0eaa 100644 >> --- a/net/rds/send.c >> +++ b/net/rds/send.c >> @@ -183,7 +183,7 @@ int rds_send_xmit(struct rds_conn_path *cp) >> goto out; >> } >> >> - if (conn->c_trans->xmit_path_prepare) >> + if (conn->c_trans && conn->c_trans->xmit_path_prepare) >> conn->c_trans->xmit_path_prepare(cp); > > We're seeming to accumulate a lot of checks like this, maybe there > is a more general way to deal with this problem? > Agree. Some of these additional transports hooks got added later to specific transports which needs them. Will review this overall and see if it can be addressed generically. Regards, Santosh