Hi Dear Herbert, Sorry to bother you , but we’ve met a problem in crypto module, would you please kindly help us look into it ? Thank you very much. In the below function chain, scatterwalk_start() doesn't check the result of sg_next(), so the kernel will crash if sg_next() returns a null pointer, which is our case. (The full stack is at the end of letter) blkcipher_walk_done()->scatterwalk_done()->scatterwalk_pagedone()->scatterwalk_start(walk, sg_next(walk->sg)); Should we add a null-pointer-check in scatterwalk_start()? Or is there any process can ensure that there should be a valid sg pointer if the condition (walk->offset >= walk->sg->offset + walk->sg->length) is true? We are really looking forward to your reply, any information will be appreciated , thanks again. Best regards Chen Gong 2018.11.20 ------------------------------------------------------------------------------------------------------------------- Full Stack: <1>[395491.178009s][pid:29501,cpu4,Binder:708_A]Unable to handle kernel NULL pointer dereference at virtual address 00000008 <1>[395491.178039s][pid:29501,cpu4,Binder:708_A]pgd = ffffffc112c27000 <1>[395491.178039s][pid:29501,cpu4,Binder:708_A][00000008] *pgd=0000000000000000, *pud=0000000000000000 <0>[395491.178070s][pid:29501,cpu4,Binder:708_A]Internal error: Oops: 96000005 [#1] PREEMPT SMP <4>[395491.178070s][pid:29501,cpu4,Binder:708_A]Modules linked in: hisi_dummy_ko <4>[395491.178100s][pid:29501,cpu4,Binder:708_A]CPU: 4 PID: 29501 Comm: Binder:708_A VIP: 00 Tainted: G W 4.9.111 #1 <4>[395491.178100s][pid:29501,cpu4,Binder:708_A]TGID: 708 Comm: Binder:708_2 <4>[395491.178100s][pid:29501,cpu4,Binder:708_A]Hardware name: hi3660 (DT) <4>[395491.178100s][pid:29501,cpu4,Binder:708_A]task: ffffffc1d43ec880 task.stack: ffffffc3007e0000 <4>[395491.178100s][pid:29501,cpu4,Binder:708_A]PC is at blkcipher_walk_done+0x210/0x354 <4>[395491.178131s][pid:29501,cpu4,Binder:708_A]LR is at blkcipher_walk_done+0x20c/0x354 <4>[395491.178131s][pid:29501,cpu4,Binder:708_A]pc : [<ffffff9c1b23abfc>] lr : [<ffffff9c1b23abf8>] pstate: 60000145 <4>[395491.178131s][pid:29501,cpu4,Binder:708_A]sp : ffffffc3007e3950 <4>[395491.178131s][pid:29501,cpu4,Binder:708_A]x29: ffffffc3007e3950 x28: 0000000000000000 <4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x27: ffffffc1c6ef501e x26: 0000000000000100 <4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x25: ffffffc3007e3b40 x24: ffffffc3007e3be8 <4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x23: 0000000000000001 x22: 0000000000000500 <4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x21: ffffffc3007e3a90 x20: ffffffc3007e3a10 <4>[395491.178192s][pid:29501,cpu4,Binder:708_A]x19: ffffffc3007e39d8 x18: 0000000000000001 <4>[395491.178192s][pid:29501,cpu4,Binder:708_A]x17: 00000075aca06934 x16: ffffff9c1b032d10 <4>[395491.178192s][pid:29501,cpu4,Binder:708_A]x15: 00000075aaffe5b8 x14: 0000000000000000 <4>[395491.178222s][pid:29501,cpu4,Binder:708_A]x13: 00000075ac08642d x12: 0000000000000001 <4>[395491.178222s][pid:29501,cpu4,Binder:708_A]x11: 0000000000000000 x10: ffffffc3175e1680 <4>[395491.178222s][pid:29501,cpu4,Binder:708_A]x9 : ffffff9c1d408000 x8 : 0000000000000000 <4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x7 : ffffff9c1c280000 x6 : 0000000000000001 <4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x5 : ffffffc3007e3be8 x4 : 0000000000000000 <4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x3 : 0000000000000100 x2 : 0000000000000500 <4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x1 : ffffffc31aa934c2 x0 : 0000000000000000 <4>[395491.180725s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b23abfc>] blkcipher_walk_done+0x210/0x354 <4>[395491.180755s][pid:29501,cpu4,Binder:708_A][<ffffff9c1ae9fcb0>] cbc_decrypt+0xa0/0xe8 <4>[395491.180755s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b263a60>] ablk_decrypt+0x78/0xf4 <4>[395491.180755s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b23b5e0>] skcipher_decrypt_ablkcipher+0x70/0x80 <4>[395491.180786s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b24a698>] crypto_cts_decrypt+0xf0/0x184 <4>[395491.180786s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b0740f0>] fname_decrypt.isra.1+0x110/0x1d8 <4>[395491.180786s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b074428>] fscrypt_fname_disk_to_usr+0x1d8/0x264 <4>[395491.180816s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b198f24>] f2fs_fill_dentries+0x13c/0x1d4 <4>[395491.180816s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b199190>] f2fs_readdir+0x1d4/0x684 <4>[395491.180816s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b0327c8>] iterate_dir+0x84/0x1c4 <4>[395491.180816s][pid:29501,cpu4,Binder:708_A][<ffffff9c1b032d94>] SyS_getdents64+0x84/0x120 <4>[395491.180847s][pid:29501,cpu4,Binder:708_A][<ffffff9c1ae83900>] el0_svc_naked+0x34/0x38 <0>[395491.180847s][pid:29501,cpu4,Binder:708_A]Code: 6b01005f 54fffce3 9402004b f9001e60 (b9400800)