* [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) @ 2023-05-03 8:37 syzbot 2023-05-18 9:20 ` syzbot 0 siblings, 1 reply; 24+ messages in thread From: syzbot @ 2023-05-03 8:37 UTC (permalink / raw) To: jgg, leon, linux-kernel, linux-rdma, syzkaller-bugs, zyjzyj2000 Hello, syzbot found the following issue on: HEAD commit: 348551ddaf31 Merge tag 'pinctrl-v6.4-1' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1375fdf8280000 kernel config: https://syzkaller.appspot.com/x/.config?x=35e09b26aabb80e5 dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/adddf809a67d/disk-348551dd.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/266c56354fa2/vmlinux-348551dd.xz kernel image: https://storage.googleapis.com/syzbot-assets/e0fc2088acd1/bzImage-348551dd.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com infiniband syz2: set active infiniband syz2: added bond_slave_1 INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 assign_lock_key kernel/locking/lockdep.c:982 [inline] register_lock_class+0xdb6/0x1120 kernel/locking/lockdep.c:1295 __lock_acquire+0x10a/0x5df0 kernel/locking/lockdep.c:4951 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 skb_dequeue+0x20/0x180 net/core/skbuff.c:3631 drain_resp_pkts drivers/infiniband/sw/rxe/rxe_comp.c:555 [inline] rxe_completer+0x250d/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:652 rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 ib_create_qp include/rdma/ib_verbs.h:3743 [inline] create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 ib_register_device drivers/infiniband/core/device.c:1420 [inline] ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7feddf48c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fede029f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007feddf5abf80 RCX: 00007feddf48c169 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 RBP: 00007feddf4e7ca1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1bb3e01f R14: 00007fede029f300 R15: 0000000000022000 </TASK> general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b RSP: 0018:ffffc90003526938 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffffed100e3fe800 RCX: ffffc9000b403000 RDX: 0000000000000006 RSI: ffffffff877e467a RDI: ffff888071ff4388 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: fffffbfff1cf3682 R11: fffffffffffda5b0 R12: ffff888071ff41a0 R13: 0000000000000000 R14: 0000000000000000 R15: ffff888071ff4000 FS: 00007fede029f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d822000 CR3: 000000002c7e6000 CR4: 00000000003506e0 Call Trace: <TASK> rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 ib_create_qp include/rdma/ib_verbs.h:3743 [inline] create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 ib_register_device drivers/infiniband/core/device.c:1420 [inline] ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7feddf48c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fede029f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007feddf5abf80 RCX: 00007feddf48c169 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 RBP: 00007feddf4e7ca1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1bb3e01f R14: 00007fede029f300 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b RSP: 0018:ffffc90003526938 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffffed100e3fe800 RCX: ffffc9000b403000 RDX: 0000000000000006 RSI: ffffffff877e467a RDI: ffff888071ff4388 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: fffffbfff1cf3682 R11: fffffffffffda5b0 R12: ffff888071ff41a0 R13: 0000000000000000 R14: 0000000000000000 R15: ffff888071ff4000 FS: 00007fede029f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d822000 CR3: 000000002c7e6000 CR4: 00000000003506e0 ---------------- Code disassembly (best guess): 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 81 10 00 00 jne 0x108b a: 49 8b af 88 03 00 00 mov 0x388(%r15),%rbp 11: 48 8d 45 30 lea 0x30(%rbp),%rax 15: 48 89 c2 mov %rax,%rdx 18: 48 89 04 24 mov %rax,(%rsp) 1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 23: fc ff df 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 74 08 je 0x3a 32: 3c 03 cmp $0x3,%al 34: 0f 8e 83 11 00 00 jle 0x11bd 3a: 48 8d 45 2c lea 0x2c(%rbp),%rax 3e: 44 rex.R 3f: 8b .byte 0x8b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-03 8:37 [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) syzbot @ 2023-05-18 9:20 ` syzbot 2023-05-23 2:07 ` Guoqing Jiang 0 siblings, 1 reply; 24+ messages in thread From: syzbot @ 2023-05-18 9:20 UTC (permalink / raw) To: jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs, zyjzyj2000 syzbot has found a reproducer for the following issue on: HEAD commit: ab87603b2511 net: wwan: t7xx: Ensure init is completed bef.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=1157266a280000 kernel config: https://syzkaller.appspot.com/x/.config?x=eb92acf166a5d2cd dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124d5da6280000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ac3ed2228400/disk-ab87603b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c51b74034116/vmlinux-ab87603b.xz kernel image: https://storage.googleapis.com/syzbot-assets/98ab9d7ee1ee/bzImage-ab87603b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com infiniband syz2: set active infiniband syz2: added team0 INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 5133 Comm: syz-executor.3 Not tainted 6.4.0-rc1-syzkaller-00136-gab87603b2511 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 assign_lock_key kernel/locking/lockdep.c:982 [inline] register_lock_class+0xdb6/0x1120 kernel/locking/lockdep.c:1295 __lock_acquire+0x10a/0x5df0 kernel/locking/lockdep.c:4951 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 skb_dequeue+0x20/0x180 net/core/skbuff.c:3639 drain_resp_pkts drivers/infiniband/sw/rxe/rxe_comp.c:555 [inline] rxe_completer+0x250d/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:652 rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 ib_create_qp include/rdma/ib_verbs.h:3743 [inline] create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 ib_register_device drivers/infiniband/core/device.c:1420 [inline] ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f7a1ee8c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7a1fc76168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f7a1efabf80 RCX: 00007f7a1ee8c169 RDX: 0000000000000040 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007f7a1eee7ca1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffc46ccb6f R14: 00007f7a1fc76300 R15: 0000000000022000 </TASK> general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 0 PID: 5133 Comm: syz-executor.3 Not tainted 6.4.0-rc1-syzkaller-00136-gab87603b2511 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b RSP: 0018:ffffc9000419e938 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffffed100f5fb800 RCX: 0000000000000000 RDX: 0000000000000006 RSI: ffffffff877f3bea RDI: ffff88807afdc388 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: fffffbfff1cf4e42 R11: 205d313330355420 R12: ffff88807afdc1a0 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88807afdc000 FS: 00007f7a1fc76700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c001136000 CR3: 00000000206d3000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 ib_create_qp include/rdma/ib_verbs.h:3743 [inline] create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 ib_register_device drivers/infiniband/core/device.c:1420 [inline] ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f7a1ee8c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7a1fc76168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f7a1efabf80 RCX: 00007f7a1ee8c169 RDX: 0000000000000040 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007f7a1eee7ca1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffc46ccb6f R14: 00007f7a1fc76300 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b RSP: 0018:ffffc9000419e938 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffffed100f5fb800 RCX: 0000000000000000 RDX: 0000000000000006 RSI: ffffffff877f3bea RDI: ffff88807afdc388 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: fffffbfff1cf4e42 R11: 205d313330355420 R12: ffff88807afdc1a0 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88807afdc000 FS: 00007f7a1fc76700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c001136000 CR3: 00000000206d3000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 81 10 00 00 jne 0x108b a: 49 8b af 88 03 00 00 mov 0x388(%r15),%rbp 11: 48 8d 45 30 lea 0x30(%rbp),%rax 15: 48 89 c2 mov %rax,%rdx 18: 48 89 04 24 mov %rax,(%rsp) 1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 23: fc ff df 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 74 08 je 0x3a 32: 3c 03 cmp $0x3,%al 34: 0f 8e 83 11 00 00 jle 0x11bd 3a: 48 8d 45 2c lea 0x2c(%rbp),%rax 3e: 44 rex.R 3f: 8b .byte 0x8b --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-18 9:20 ` syzbot @ 2023-05-23 2:07 ` Guoqing Jiang 2023-05-23 2:13 ` syzbot 0 siblings, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 2:07 UTC (permalink / raw) To: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs, zyjzyj2000 On 5/18/23 17:20, syzbot wrote: > syzbot has found a reproducer for the following issue on: > > HEAD commit: ab87603b2511 net: wwan: t7xx: Ensure init is completed bef.. > git tree: net > console output: https://syzkaller.appspot.com/x/log.txt?x=1157266a280000 > kernel config: https://syzkaller.appspot.com/x/.config?x=eb92acf166a5d2cd > dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124d5da6280000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/ac3ed2228400/disk-ab87603b.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/c51b74034116/vmlinux-ab87603b.xz > kernel image: https://storage.googleapis.com/syzbot-assets/98ab9d7ee1ee/bzImage-ab87603b.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com > > infiniband syz2: set active > infiniband syz2: added team0 > INFO: trying to register non-static key. > The code is fine but needs lockdep annotation, or maybe > you didn't initialize this object before use? > turning off the locking correctness validator. > CPU: 0 PID: 5133 Comm: syz-executor.3 Not tainted 6.4.0-rc1-syzkaller-00136-gab87603b2511 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 > Call Trace: > <TASK> > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 > assign_lock_key kernel/locking/lockdep.c:982 [inline] > register_lock_class+0xdb6/0x1120 kernel/locking/lockdep.c:1295 > __lock_acquire+0x10a/0x5df0 kernel/locking/lockdep.c:4951 > lock_acquire kernel/locking/lockdep.c:5691 [inline] > lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656 > __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] > _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 > skb_dequeue+0x20/0x180 net/core/skbuff.c:3639 > drain_resp_pkts drivers/infiniband/sw/rxe/rxe_comp.c:555 [inline] > rxe_completer+0x250d/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:652 > rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 > execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 > __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 > rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 > create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 > ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 > ib_create_qp include/rdma/ib_verbs.h:3743 [inline] > create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 > ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] > ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 > add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 > enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 > ib_register_device drivers/infiniband/core/device.c:1420 [inline] > ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 > rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 > rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 > rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 > nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 > rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 > rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 > netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 > netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 > sock_sendmsg_nosec net/socket.c:724 [inline] > sock_sendmsg+0xde/0x190 net/socket.c:747 > ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 > ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 > __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > RIP: 0033:0x7f7a1ee8c169 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007f7a1fc76168 EFLAGS: 00000246 > ORIG_RAX: 000000000000002e > RAX: ffffffffffffffda RBX: 00007f7a1efabf80 RCX: 00007f7a1ee8c169 > RDX: 0000000000000040 RSI: 0000000020000200 RDI: 0000000000000003 > RBP: 00007f7a1eee7ca1 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > R13: 00007fffc46ccb6f R14: 00007f7a1fc76300 R15: 0000000000022000 > </TASK> > general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN > KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] > CPU: 0 PID: 5133 Comm: syz-executor.3 Not tainted 6.4.0-rc1-syzkaller-00136-gab87603b2511 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 > RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] > RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 > Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b > RSP: 0018:ffffc9000419e938 EFLAGS: 00010206 > RAX: dffffc0000000000 RBX: ffffed100f5fb800 RCX: 0000000000000000 > RDX: 0000000000000006 RSI: ffffffff877f3bea RDI: ffff88807afdc388 > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > R10: fffffbfff1cf4e42 R11: 205d313330355420 R12: ffff88807afdc1a0 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88807afdc000 > FS: 00007f7a1fc76700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000c001136000 CR3: 00000000206d3000 CR4: 00000000003506f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > <TASK> > rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 > execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 > __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 > rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 > create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 > ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 > ib_create_qp include/rdma/ib_verbs.h:3743 [inline] > create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 > ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] > ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 > add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 > enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 > ib_register_device drivers/infiniband/core/device.c:1420 [inline] > ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 > rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 > rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 > rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 > nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 > rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 > rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 > netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 > netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 > sock_sendmsg_nosec net/socket.c:724 [inline] > sock_sendmsg+0xde/0x190 net/socket.c:747 > ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 > ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 > __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > RIP: 0033:0x7f7a1ee8c169 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007f7a1fc76168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e > RAX: ffffffffffffffda RBX: 00007f7a1efabf80 RCX: 00007f7a1ee8c169 > RDX: 0000000000000040 RSI: 0000000020000200 RDI: 0000000000000003 > RBP: 00007f7a1eee7ca1 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > R13: 00007fffc46ccb6f R14: 00007f7a1fc76300 R15: 0000000000022000 > </TASK> > Modules linked in: > ---[ end trace 0000000000000000 ]--- > RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] > RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 Looks if rxe_qp_from_init returns failure, qp->sq.queue is NULL but rxe still de-reference it during cleanup. And it is the same for sk_buff_head. #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c index 61a2eb77d999..17ed41309756 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -758,19 +758,21 @@ static void rxe_qp_do_cleanup(struct work_struct *work) del_timer_sync(&qp->rnr_nak_timer); } - if (qp->resp.task.func) + /* flush out any receive wr's or pending requests */ + if (qp->resp.task.func) { rxe_cleanup_task(&qp->resp.task); + rxe_responder(qp); + } - if (qp->req.task.func) + if (qp->req.task.func) { rxe_cleanup_task(&qp->req.task); + rxe_requester(qp); + } - if (qp->comp.task.func) + if (qp->comp.task.func) { rxe_cleanup_task(&qp->comp.task); - - /* flush out any receive wr's or pending requests */ - rxe_requester(qp); - rxe_completer(qp); - rxe_responder(qp); + rxe_completer(qp); + } if (qp->sq.queue) rxe_queue_cleanup(qp->sq.queue); ^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 2:07 ` Guoqing Jiang @ 2023-05-23 2:13 ` syzbot 2023-05-23 2:25 ` Guoqing Jiang 0 siblings, 1 reply; 24+ messages in thread From: syzbot @ 2023-05-23 2:13 UTC (permalink / raw) To: guoqing.jiang, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs, zyjzyj2000 Hello, syzbot tried to test the proposed patch but the build/boot failed: failed to apply patch: checking file drivers/infiniband/sw/rxe/rxe_qp.c patch: **** unexpected end of file in patch Tested on: commit: 56518a60 RDMA/hns: Modify the value of long message lo.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da compiler: patch: https://syzkaller.appspot.com/x/patch.diff?x=132bea5a280000 ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 2:13 ` syzbot @ 2023-05-23 2:25 ` Guoqing Jiang 2023-05-23 2:55 ` syzbot 2023-05-23 3:47 ` Zhu Yanjun 0 siblings, 2 replies; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 2:25 UTC (permalink / raw) To: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs, zyjzyj2000 [-- Attachment #1: Type: text/plain, Size: 707 bytes --] On 5/23/23 10:13, syzbot wrote: > Hello, > > syzbot tried to test the proposed patch but the build/boot failed: > > failed to apply patch: > checking file drivers/infiniband/sw/rxe/rxe_qp.c > patch: **** unexpected end of file in patch > > > > Tested on: > > commit: 56518a60 RDMA/hns: Modify the value of long message lo.. > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc > dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da > compiler: > patch: https://syzkaller.appspot.com/x/patch.diff?x=132bea5a280000 > Sorry, let me attach the temp patch. #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc [-- Attachment #2: temp-rxe.patch --] [-- Type: text/x-patch, Size: 915 bytes --] diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c index 61a2eb77d999..17ed41309756 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -758,19 +758,21 @@ static void rxe_qp_do_cleanup(struct work_struct *work) del_timer_sync(&qp->rnr_nak_timer); } - if (qp->resp.task.func) + /* flush out any receive wr's or pending requests */ + if (qp->resp.task.func) { rxe_cleanup_task(&qp->resp.task); + rxe_responder(qp); + } - if (qp->req.task.func) + if (qp->req.task.func) { rxe_cleanup_task(&qp->req.task); + rxe_requester(qp); + } - if (qp->comp.task.func) + if (qp->comp.task.func) { rxe_cleanup_task(&qp->comp.task); - - /* flush out any receive wr's or pending requests */ - rxe_requester(qp); - rxe_completer(qp); - rxe_responder(qp); + rxe_completer(qp); + } if (qp->sq.queue) rxe_queue_cleanup(qp->sq.queue); ^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 2:25 ` Guoqing Jiang @ 2023-05-23 2:55 ` syzbot 2023-05-23 3:47 ` Zhu Yanjun 1 sibling, 0 replies; 24+ messages in thread From: syzbot @ 2023-05-23 2:55 UTC (permalink / raw) To: guoqing.jiang, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs, zyjzyj2000 Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com Tested on: commit: 56518a60 RDMA/hns: Modify the value of long message lo.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc console output: https://syzkaller.appspot.com/x/log.txt?x=1100bb5e280000 kernel config: https://syzkaller.appspot.com/x/.config?x=8bc832f563d8bf38 dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=10847e2e280000 Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 2:25 ` Guoqing Jiang 2023-05-23 2:55 ` syzbot @ 2023-05-23 3:47 ` Zhu Yanjun 2023-05-23 3:58 ` Guoqing Jiang 2023-05-23 4:02 ` Zhu Yanjun 1 sibling, 2 replies; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 3:47 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 10:13, syzbot wrote: > > Hello, > > > > syzbot tried to test the proposed patch but the build/boot failed: > > > > failed to apply patch: > > checking file drivers/infiniband/sw/rxe/rxe_qp.c > > patch: **** unexpected end of file in patch This is not the root cause. The fix is not good. Zhu Yanjun > > > > > > > > Tested on: > > > > commit: 56518a60 RDMA/hns: Modify the value of long message lo.. > > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc > > dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da > > compiler: > > patch: https://syzkaller.appspot.com/x/patch.diff?x=132bea5a280000 > > > > Sorry, let me attach the temp patch. > > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git > for-rc ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 3:47 ` Zhu Yanjun @ 2023-05-23 3:58 ` Guoqing Jiang 2023-05-23 4:02 ` Zhu Yanjun 1 sibling, 0 replies; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 3:58 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 11:47, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >> >> >> On 5/23/23 10:13, syzbot wrote: >>> Hello, >>> >>> syzbot tried to test the proposed patch but the build/boot failed: >>> >>> failed to apply patch: >>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>> patch: **** unexpected end of file in patch > This is not the root cause. The fix is not good. Could you explain about the root cause? Thanks, Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 3:47 ` Zhu Yanjun 2023-05-23 3:58 ` Guoqing Jiang @ 2023-05-23 4:02 ` Zhu Yanjun 2023-05-23 4:10 ` Guoqing Jiang 1 sibling, 1 reply; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 4:02 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > > On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > > > > > On 5/23/23 10:13, syzbot wrote: > > > Hello, > > > > > > syzbot tried to test the proposed patch but the build/boot failed: > > > > > > failed to apply patch: > > > checking file drivers/infiniband/sw/rxe/rxe_qp.c > > > patch: **** unexpected end of file in patch > > This is not the root cause. The fix is not good. This problem is about "INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe" Zhu Yanjun > > Zhu Yanjun > > > > > > > > > > > > > Tested on: > > > > > > commit: 56518a60 RDMA/hns: Modify the value of long message lo.. > > > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-rc > > > dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da > > > compiler: > > > patch: https://syzkaller.appspot.com/x/patch.diff?x=132bea5a280000 > > > > > > > Sorry, let me attach the temp patch. > > > > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git > > for-rc ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 4:02 ` Zhu Yanjun @ 2023-05-23 4:10 ` Guoqing Jiang 2023-05-23 4:29 ` Zhu Yanjun 0 siblings, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 4:10 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 12:02, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>> >>> >>> On 5/23/23 10:13, syzbot wrote: >>>> Hello, >>>> >>>> syzbot tried to test the proposed patch but the build/boot failed: >>>> >>>> failed to apply patch: >>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>>> patch: **** unexpected end of file in patch >> This is not the root cause. The fix is not good. > This problem is about "INFO: trying to register non-static key. The > code is fine but needs lockdep annotation, or maybe" Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called given rxe_qp_init_resp returns error, but the cleanup still trigger the chain. rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> skb_dequeue(&qp->resp_pkts) But I might misunderstood it ... Thanks, Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 4:10 ` Guoqing Jiang @ 2023-05-23 4:29 ` Zhu Yanjun 2023-05-23 5:08 ` Zhu Yanjun 2023-05-23 5:50 ` Guoqing Jiang 0 siblings, 2 replies; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 4:29 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 12:02, Zhu Yanjun wrote: > > On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>> > >>> > >>> On 5/23/23 10:13, syzbot wrote: > >>>> Hello, > >>>> > >>>> syzbot tried to test the proposed patch but the build/boot failed: > >>>> > >>>> failed to apply patch: > >>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > >>>> patch: **** unexpected end of file in patch > >> This is not the root cause. The fix is not good. > > This problem is about "INFO: trying to register non-static key. The > > code is fine but needs lockdep annotation, or maybe" This warning is from "lock is not initialized". This is a use-before-initialized problem. The correct fix is to initialize the lock that is complained before it is used. Zhu Yanjun > > Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called > given rxe_qp_init_resp returns error, but the cleanup still trigger the > chain. > > rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> > skb_dequeue(&qp->resp_pkts) > > But I might misunderstood it ... > > Thanks, > Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 4:29 ` Zhu Yanjun @ 2023-05-23 5:08 ` Zhu Yanjun 2023-05-23 5:18 ` Zhu Yanjun 2023-05-23 5:50 ` Guoqing Jiang 1 sibling, 1 reply; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 5:08 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > > On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > > > > > On 5/23/23 12:02, Zhu Yanjun wrote: > > > On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > > >> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > >>> > > >>> > > >>> On 5/23/23 10:13, syzbot wrote: > > >>>> Hello, > > >>>> > > >>>> syzbot tried to test the proposed patch but the build/boot failed: > > >>>> > > >>>> failed to apply patch: > > >>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > > >>>> patch: **** unexpected end of file in patch > > >> This is not the root cause. The fix is not good. > > > This problem is about "INFO: trying to register non-static key. The > > > code is fine but needs lockdep annotation, or maybe" > > This warning is from "lock is not initialized". This is a > use-before-initialized problem. > The correct fix is to initialize the lock that is complained before it is used. > > Zhu Yanjun Based on the call trace, the followings are the order of this call trace. 291 /* called by the create qp verb */ 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, struct rxe_pd *pd, 297 { ... 317 rxe_qp_init_misc(rxe, qp, init); ... 322 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); 324 if (err) 325 goto err2; <--- error ... 334 err2: 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here 336 qp->sq.queue = NULL; In rxe_qp_init_resp, the error occurs before skb_queue_head_init. So this call trace appeared. Zhu Yanjun > > > > Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called > > given rxe_qp_init_resp returns error, but the cleanup still trigger the > > chain. > > > > rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> > > skb_dequeue(&qp->resp_pkts) > > > > But I might misunderstood it ... > > > > Thanks, > > Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:08 ` Zhu Yanjun @ 2023-05-23 5:18 ` Zhu Yanjun 2023-05-23 5:44 ` Guoqing Jiang 0 siblings, 1 reply; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 5:18 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 1:08 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > > On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > > > > On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > > > > > > > > > On 5/23/23 12:02, Zhu Yanjun wrote: > > > > On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > > > >> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > >>> > > > >>> > > > >>> On 5/23/23 10:13, syzbot wrote: > > > >>>> Hello, > > > >>>> > > > >>>> syzbot tried to test the proposed patch but the build/boot failed: > > > >>>> > > > >>>> failed to apply patch: > > > >>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > > > >>>> patch: **** unexpected end of file in patch > > > >> This is not the root cause. The fix is not good. > > > > This problem is about "INFO: trying to register non-static key. The > > > > code is fine but needs lockdep annotation, or maybe" > > > > This warning is from "lock is not initialized". This is a > > use-before-initialized problem. > > The correct fix is to initialize the lock that is complained before it is used. > > > > Zhu Yanjun > > Based on the call trace, the followings are the order of this call trace. > > 291 /* called by the create qp verb */ > 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, > struct rxe_pd *pd, > 297 { > ... > 317 rxe_qp_init_misc(rxe, qp, init); > ... > 322 > 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); > 324 if (err) > 325 goto err2; <--- error > > ... > > 334 err2: > 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here > 336 qp->sq.queue = NULL; > > In rxe_qp_init_resp, the error occurs before skb_queue_head_init. > So this call trace appeared. 250 static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, 254 { ... 264 265 type = QUEUE_TYPE_FROM_CLIENT; 266 qp->rq.queue = rxe_queue_init(rxe, &qp->rq.max_wr, 267 wqe_size, type); 268 if (!qp->rq.queue) 269 return -ENOMEM; <---Error here 270 ... 282 skb_queue_head_init(&qp->resp_pkts); <-this is not called. ... This will make spin_lock of resp_pkts is used before initialized. Zhu Yanjun > > Zhu Yanjun > > > > > > > Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called > > > given rxe_qp_init_resp returns error, but the cleanup still trigger the > > > chain. > > > > > > rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> > > > skb_dequeue(&qp->resp_pkts) > > > > > > But I might misunderstood it ... > > > > > > Thanks, > > > Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:18 ` Zhu Yanjun @ 2023-05-23 5:44 ` Guoqing Jiang 2023-05-23 5:52 ` Zhu Yanjun 0 siblings, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 5:44 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 13:18, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 1:08 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >> On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>> >>>> >>>> On 5/23/23 12:02, Zhu Yanjun wrote: >>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>>>>> >>>>>>> On 5/23/23 10:13, syzbot wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: >>>>>>>> >>>>>>>> failed to apply patch: >>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>>>>>>> patch: **** unexpected end of file in patch >>>>>> This is not the root cause. The fix is not good. >>>>> This problem is about "INFO: trying to register non-static key. The >>>>> code is fine but needs lockdep annotation, or maybe" >>> This warning is from "lock is not initialized". This is a >>> use-before-initialized problem. >>> The correct fix is to initialize the lock that is complained before it is used. >>> >>> Zhu Yanjun >> Based on the call trace, the followings are the order of this call trace. >> >> 291 /* called by the create qp verb */ >> 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, >> struct rxe_pd *pd, >> 297 { >> ... >> 317 rxe_qp_init_misc(rxe, qp, init); >> ... >> 322 >> 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); >> 324 if (err) >> 325 goto err2; <--- error >> >> ... >> >> 334 err2: >> 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here >> 336 qp->sq.queue = NULL; >> >> In rxe_qp_init_resp, the error occurs before skb_queue_head_init. >> So this call trace appeared. > 250 static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, > 254 { > ... > 264 > 265 type = QUEUE_TYPE_FROM_CLIENT; > 266 qp->rq.queue = rxe_queue_init(rxe, &qp->rq.max_wr, > 267 wqe_size, type); > 268 if (!qp->rq.queue) > 269 return -ENOMEM; <---Error here > 270 > > ... > > 282 skb_queue_head_init(&qp->resp_pkts); <-this is not called. > ... > This will make spin_lock of resp_pkts is used before initialized. IMHO, the above is same as > Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called > given rxe_qp_init_resp returns error, but the cleanup still trigger the > chain. > > rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> > skb_dequeue(&qp->resp_pkts) my previous analysis. If not, could you provide another better way to fix it? Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:44 ` Guoqing Jiang @ 2023-05-23 5:52 ` Zhu Yanjun 2023-05-23 5:56 ` Guoqing Jiang 0 siblings, 1 reply; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 5:52 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 1:44 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 13:18, Zhu Yanjun wrote: > > On Tue, May 23, 2023 at 1:08 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >> On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>> > >>>> > >>>> On 5/23/23 12:02, Zhu Yanjun wrote: > >>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>>>>> > >>>>>>> On 5/23/23 10:13, syzbot wrote: > >>>>>>>> Hello, > >>>>>>>> > >>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: > >>>>>>>> > >>>>>>>> failed to apply patch: > >>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > >>>>>>>> patch: **** unexpected end of file in patch > >>>>>> This is not the root cause. The fix is not good. > >>>>> This problem is about "INFO: trying to register non-static key. The > >>>>> code is fine but needs lockdep annotation, or maybe" > >>> This warning is from "lock is not initialized". This is a > >>> use-before-initialized problem. > >>> The correct fix is to initialize the lock that is complained before it is used. > >>> > >>> Zhu Yanjun > >> Based on the call trace, the followings are the order of this call trace. > >> > >> 291 /* called by the create qp verb */ > >> 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, > >> struct rxe_pd *pd, > >> 297 { > >> ... > >> 317 rxe_qp_init_misc(rxe, qp, init); > >> ... > >> 322 > >> 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); > >> 324 if (err) > >> 325 goto err2; <--- error > >> > >> ... > >> > >> 334 err2: > >> 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here > >> 336 qp->sq.queue = NULL; > >> > >> In rxe_qp_init_resp, the error occurs before skb_queue_head_init. > >> So this call trace appeared. > > 250 static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, > > 254 { > > ... > > 264 > > 265 type = QUEUE_TYPE_FROM_CLIENT; > > 266 qp->rq.queue = rxe_queue_init(rxe, &qp->rq.max_wr, > > 267 wqe_size, type); > > 268 if (!qp->rq.queue) > > 269 return -ENOMEM; <---Error here > > 270 > > > > ... > > > > 282 skb_queue_head_init(&qp->resp_pkts); <-this is not called. > > ... > > This will make spin_lock of resp_pkts is used before initialized. > > IMHO, the above is same as > > > Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called > > given rxe_qp_init_resp returns error, but the cleanup still trigger the > > chain. > > > > rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> > > skb_dequeue(&qp->resp_pkts) > > my previous analysis. If not, could you provide another better way to > fix it? Move the initialization to the beginning. This can fix this problem. See below: " diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c index c5451a4488ca..22ef6188d7b1 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -176,6 +176,9 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, struct rxe_qp *qp, spin_lock_init(&qp->rq.producer_lock); spin_lock_init(&qp->rq.consumer_lock); + skb_queue_head_init(&qp->req_pkts); + skb_queue_head_init(&qp->resp_pkts); + atomic_set(&qp->ssn, 0); atomic_set(&qp->skb_out, 0); } @@ -234,8 +237,6 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, struct rxe_qp *qp, qp->req.opcode = -1; qp->comp.opcode = -1; - skb_queue_head_init(&qp->req_pkts); - rxe_init_task(&qp->req.task, qp, rxe_requester); rxe_init_task(&qp->comp.task, qp, rxe_completer); @@ -279,8 +280,6 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, } } - skb_queue_head_init(&qp->resp_pkts); - rxe_init_task(&qp->resp.task, qp, rxe_responder); qp->resp.opcode = OPCODE_NONE; " > > Guoqing ^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:52 ` Zhu Yanjun @ 2023-05-23 5:56 ` Guoqing Jiang 2023-05-23 6:04 ` Zhu Yanjun 0 siblings, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 5:56 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 13:52, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 1:44 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >> >> >> On 5/23/23 13:18, Zhu Yanjun wrote: >>> On Tue, May 23, 2023 at 1:08 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>>> On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>>>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>>>> >>>>>> On 5/23/23 12:02, Zhu Yanjun wrote: >>>>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>>>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>>>>>>> On 5/23/23 10:13, syzbot wrote: >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: >>>>>>>>>> >>>>>>>>>> failed to apply patch: >>>>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>>>>>>>>> patch: **** unexpected end of file in patch >>>>>>>> This is not the root cause. The fix is not good. >>>>>>> This problem is about "INFO: trying to register non-static key. The >>>>>>> code is fine but needs lockdep annotation, or maybe" >>>>> This warning is from "lock is not initialized". This is a >>>>> use-before-initialized problem. >>>>> The correct fix is to initialize the lock that is complained before it is used. >>>>> >>>>> Zhu Yanjun >>>> Based on the call trace, the followings are the order of this call trace. >>>> >>>> 291 /* called by the create qp verb */ >>>> 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, >>>> struct rxe_pd *pd, >>>> 297 { >>>> ... >>>> 317 rxe_qp_init_misc(rxe, qp, init); >>>> ... >>>> 322 >>>> 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); >>>> 324 if (err) >>>> 325 goto err2; <--- error >>>> >>>> ... >>>> >>>> 334 err2: >>>> 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here >>>> 336 qp->sq.queue = NULL; >>>> >>>> In rxe_qp_init_resp, the error occurs before skb_queue_head_init. >>>> So this call trace appeared. >>> 250 static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, >>> 254 { >>> ... >>> 264 >>> 265 type = QUEUE_TYPE_FROM_CLIENT; >>> 266 qp->rq.queue = rxe_queue_init(rxe, &qp->rq.max_wr, >>> 267 wqe_size, type); >>> 268 if (!qp->rq.queue) >>> 269 return -ENOMEM; <---Error here >>> 270 >>> >>> ... >>> >>> 282 skb_queue_head_init(&qp->resp_pkts); <-this is not called. >>> ... >>> This will make spin_lock of resp_pkts is used before initialized. >> IMHO, the above is same as >> >>> Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called >>> given rxe_qp_init_resp returns error, but the cleanup still trigger the >>> chain. >>> >>> rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> >>> skb_dequeue(&qp->resp_pkts) >> my previous analysis. If not, could you provide another better way to >> fix it? > Move the initialization to the beginning. This can fix this problem. > See below: > > " > diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c > b/drivers/infiniband/sw/rxe/rxe_qp.c > index c5451a4488ca..22ef6188d7b1 100644 > --- a/drivers/infiniband/sw/rxe/rxe_qp.c > +++ b/drivers/infiniband/sw/rxe/rxe_qp.c > @@ -176,6 +176,9 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, > struct rxe_qp *qp, > spin_lock_init(&qp->rq.producer_lock); > spin_lock_init(&qp->rq.consumer_lock); > > + skb_queue_head_init(&qp->req_pkts); > + skb_queue_head_init(&qp->resp_pkts); > + > atomic_set(&qp->ssn, 0); > atomic_set(&qp->skb_out, 0); > } > @@ -234,8 +237,6 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, > struct rxe_qp *qp, > qp->req.opcode = -1; > qp->comp.opcode = -1; > > - skb_queue_head_init(&qp->req_pkts); > - > rxe_init_task(&qp->req.task, qp, rxe_requester); > rxe_init_task(&qp->comp.task, qp, rxe_completer); > > @@ -279,8 +280,6 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, > struct rxe_qp *qp, > } > } > > - skb_queue_head_init(&qp->resp_pkts); > - > rxe_init_task(&qp->resp.task, qp, rxe_responder); > > qp->resp.opcode = OPCODE_NONE; > " It is weird to me that init them in init_misc instead of init_req/resp, given they are dedicated/used for the different purpose. But just my 0.02$. Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:56 ` Guoqing Jiang @ 2023-05-23 6:04 ` Zhu Yanjun 0 siblings, 0 replies; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 6:04 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 1:56 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 13:52, Zhu Yanjun wrote: > > On Tue, May 23, 2023 at 1:44 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >> > >> > >> On 5/23/23 13:18, Zhu Yanjun wrote: > >>> On Tue, May 23, 2023 at 1:08 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>>> On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>>>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>>>> > >>>>>> On 5/23/23 12:02, Zhu Yanjun wrote: > >>>>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>>>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>>>>>>> On 5/23/23 10:13, syzbot wrote: > >>>>>>>>>> Hello, > >>>>>>>>>> > >>>>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: > >>>>>>>>>> > >>>>>>>>>> failed to apply patch: > >>>>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > >>>>>>>>>> patch: **** unexpected end of file in patch > >>>>>>>> This is not the root cause. The fix is not good. > >>>>>>> This problem is about "INFO: trying to register non-static key. The > >>>>>>> code is fine but needs lockdep annotation, or maybe" > >>>>> This warning is from "lock is not initialized". This is a > >>>>> use-before-initialized problem. > >>>>> The correct fix is to initialize the lock that is complained before it is used. > >>>>> > >>>>> Zhu Yanjun > >>>> Based on the call trace, the followings are the order of this call trace. > >>>> > >>>> 291 /* called by the create qp verb */ > >>>> 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, > >>>> struct rxe_pd *pd, > >>>> 297 { > >>>> ... > >>>> 317 rxe_qp_init_misc(rxe, qp, init); > >>>> ... > >>>> 322 > >>>> 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); > >>>> 324 if (err) > >>>> 325 goto err2; <--- error > >>>> > >>>> ... > >>>> > >>>> 334 err2: > >>>> 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here > >>>> 336 qp->sq.queue = NULL; > >>>> > >>>> In rxe_qp_init_resp, the error occurs before skb_queue_head_init. > >>>> So this call trace appeared. > >>> 250 static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, > >>> 254 { > >>> ... > >>> 264 > >>> 265 type = QUEUE_TYPE_FROM_CLIENT; > >>> 266 qp->rq.queue = rxe_queue_init(rxe, &qp->rq.max_wr, > >>> 267 wqe_size, type); > >>> 268 if (!qp->rq.queue) > >>> 269 return -ENOMEM; <---Error here > >>> 270 > >>> > >>> ... > >>> > >>> 282 skb_queue_head_init(&qp->resp_pkts); <-this is not called. > >>> ... > >>> This will make spin_lock of resp_pkts is used before initialized. > >> IMHO, the above is same as > >> > >>> Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called > >>> given rxe_qp_init_resp returns error, but the cleanup still trigger the > >>> chain. > >>> > >>> rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> > >>> skb_dequeue(&qp->resp_pkts) > >> my previous analysis. If not, could you provide another better way to > >> fix it? > > Move the initialization to the beginning. This can fix this problem. > > See below: > > > > " > > diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c > > b/drivers/infiniband/sw/rxe/rxe_qp.c > > index c5451a4488ca..22ef6188d7b1 100644 > > --- a/drivers/infiniband/sw/rxe/rxe_qp.c > > +++ b/drivers/infiniband/sw/rxe/rxe_qp.c > > @@ -176,6 +176,9 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, > > struct rxe_qp *qp, > > spin_lock_init(&qp->rq.producer_lock); > > spin_lock_init(&qp->rq.consumer_lock); > > > > + skb_queue_head_init(&qp->req_pkts); > > + skb_queue_head_init(&qp->resp_pkts); > > + > > atomic_set(&qp->ssn, 0); > > atomic_set(&qp->skb_out, 0); > > } > > @@ -234,8 +237,6 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, > > struct rxe_qp *qp, > > qp->req.opcode = -1; > > qp->comp.opcode = -1; > > > > - skb_queue_head_init(&qp->req_pkts); > > - > > rxe_init_task(&qp->req.task, qp, rxe_requester); > > rxe_init_task(&qp->comp.task, qp, rxe_completer); > > > > @@ -279,8 +280,6 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, > > struct rxe_qp *qp, > > } > > } > > > > - skb_queue_head_init(&qp->resp_pkts); > > - > > rxe_init_task(&qp->resp.task, qp, rxe_responder); > > > > qp->resp.opcode = OPCODE_NONE; > > " > > It is weird to me that init them in init_misc instead of init_req/resp, > given they > are dedicated/used for the different purpose. But just my 0.02$. There are some initialization problems in qp init. This needs refactoring the related functions to fix all the problems. Currently I am working on this. You know, this is not an easy task. It will take me a lot of time and effort. Now I use init_misc to initialize the related variables just as I did in the past. This is because init_misc is designed to initialize some variables. And it will not cause the similar use-before-initialization problems. Zhu Yanjun > > Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 4:29 ` Zhu Yanjun 2023-05-23 5:08 ` Zhu Yanjun @ 2023-05-23 5:50 ` Guoqing Jiang 2023-05-23 5:55 ` Zhu Yanjun 1 sibling, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 5:50 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 12:29, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >> >> >> On 5/23/23 12:02, Zhu Yanjun wrote: >>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>>> >>>>> On 5/23/23 10:13, syzbot wrote: >>>>>> Hello, >>>>>> >>>>>> syzbot tried to test the proposed patch but the build/boot failed: >>>>>> >>>>>> failed to apply patch: >>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>>>>> patch: **** unexpected end of file in patch >>>> This is not the root cause. The fix is not good. >>> This problem is about "INFO: trying to register non-static key. The >>> code is fine but needs lockdep annotation, or maybe" > This warning is from "lock is not initialized". This is a > use-before-initialized problem. Right, and it also applies to qp->sq.queue which is set to NULL while do cleanup still de-reference it. > The correct fix is to initialize the lock that is complained before it is used. The thing is it can't be initialized due to error, so I guess you want to always init them even for error cases. Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:50 ` Guoqing Jiang @ 2023-05-23 5:55 ` Zhu Yanjun 2023-05-23 6:00 ` Guoqing Jiang 0 siblings, 1 reply; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 5:55 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 1:50 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 12:29, Zhu Yanjun wrote: > > On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >> > >> > >> On 5/23/23 12:02, Zhu Yanjun wrote: > >>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>>> > >>>>> On 5/23/23 10:13, syzbot wrote: > >>>>>> Hello, > >>>>>> > >>>>>> syzbot tried to test the proposed patch but the build/boot failed: > >>>>>> > >>>>>> failed to apply patch: > >>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > >>>>>> patch: **** unexpected end of file in patch > >>>> This is not the root cause. The fix is not good. > >>> This problem is about "INFO: trying to register non-static key. The > >>> code is fine but needs lockdep annotation, or maybe" > > This warning is from "lock is not initialized". This is a > > use-before-initialized problem. > > Right, and it also applies to qp->sq.queue which is set to NULL while do > cleanup > still de-reference it. > > > The correct fix is to initialize the lock that is complained before it is used. > > The thing is it can't be initialized due to error, so I guess you want > to always init them > even for error cases. The complaining is about "spinlock is not initialized". Zhu Yanjun > > Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 5:55 ` Zhu Yanjun @ 2023-05-23 6:00 ` Guoqing Jiang 2023-05-23 6:07 ` Zhu Yanjun 0 siblings, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 6:00 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 13:55, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 1:50 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >> >> >> On 5/23/23 12:29, Zhu Yanjun wrote: >>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>> >>>> On 5/23/23 12:02, Zhu Yanjun wrote: >>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: >>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: >>>>>>> On 5/23/23 10:13, syzbot wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: >>>>>>>> >>>>>>>> failed to apply patch: >>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>>>>>>> patch: **** unexpected end of file in patch >>>>>> This is not the root cause. The fix is not good. >>>>> This problem is about "INFO: trying to register non-static key. The >>>>> code is fine but needs lockdep annotation, or maybe" >>> This warning is from "lock is not initialized". This is a >>> use-before-initialized problem. >> Right, and it also applies to qp->sq.queue which is set to NULL while do >> cleanup >> still de-reference it. >> >>> The correct fix is to initialize the lock that is complained before it is used. >> The thing is it can't be initialized due to error, so I guess you want >> to always init them >> even for error cases. > The complaining is about "spinlock is not initialized". There was another null-ptr-deref, no? general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b RSP: 0018:ffffc90003526938 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffffed100e3fe800 RCX: ffffc9000b403000 RDX: 0000000000000006 RSI: ffffffff877e467a RDI: ffff888071ff4388 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: fffffbfff1cf3682 R11: fffffffffffda5b0 R12: ffff888071ff41a0 R13: 0000000000000000 R14: 0000000000000000 R15: ffff888071ff4000 FS: 00007fede029f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d822000 CR3: 000000002c7e6000 CR4: 00000000003506e0 Call Trace: <TASK> rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 ib_create_qp include/rdma/ib_verbs.h:3743 [inline] create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 ib_register_device drivers/infiniband/core/device.c:1420 [inline] ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7feddf48c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fede029f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007feddf5abf80 RCX: 00007feddf48c169 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 RBP: 00007feddf4e7ca1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1bb3e01f R14: 00007fede029f300 R15: 0000000000022000 </TASK> Modules linked in: Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 6:00 ` Guoqing Jiang @ 2023-05-23 6:07 ` Zhu Yanjun 2023-05-23 6:11 ` Guoqing Jiang 0 siblings, 1 reply; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 6:07 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 2:00 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 13:55, Zhu Yanjun wrote: > > On Tue, May 23, 2023 at 1:50 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >> > >> > >> On 5/23/23 12:29, Zhu Yanjun wrote: > >>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>> > >>>> On 5/23/23 12:02, Zhu Yanjun wrote: > >>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun <zyjzyj2000@gmail.com> wrote: > >>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > >>>>>>> On 5/23/23 10:13, syzbot wrote: > >>>>>>>> Hello, > >>>>>>>> > >>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: > >>>>>>>> > >>>>>>>> failed to apply patch: > >>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c > >>>>>>>> patch: **** unexpected end of file in patch > >>>>>> This is not the root cause. The fix is not good. > >>>>> This problem is about "INFO: trying to register non-static key. The > >>>>> code is fine but needs lockdep annotation, or maybe" > >>> This warning is from "lock is not initialized". This is a > >>> use-before-initialized problem. > >> Right, and it also applies to qp->sq.queue which is set to NULL while do > >> cleanup > >> still de-reference it. > >> > >>> The correct fix is to initialize the lock that is complained before it is used. > >> The thing is it can't be initialized due to error, so I guess you want > >> to always init them > >> even for error cases. > > The complaining is about "spinlock is not initialized". > > There was another null-ptr-deref, no? Please show me the link. So I can delve into it. Zhu Yanjun > > general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN > KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] > CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 > RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] > RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 > Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b > RSP: 0018:ffffc90003526938 EFLAGS: 00010206 > RAX: dffffc0000000000 RBX: ffffed100e3fe800 RCX: ffffc9000b403000 > RDX: 0000000000000006 RSI: ffffffff877e467a RDI: ffff888071ff4388 > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > R10: fffffbfff1cf3682 R11: fffffffffffda5b0 R12: ffff888071ff41a0 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff888071ff4000 > FS: 00007fede029f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000001b2d822000 CR3: 000000002c7e6000 CR4: 00000000003506e0 > Call Trace: > <TASK> > rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 > execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 > __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 > rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 > create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 > ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 > ib_create_qp include/rdma/ib_verbs.h:3743 [inline] > create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 > ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] > ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 > add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 > enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 > ib_register_device drivers/infiniband/core/device.c:1420 [inline] > ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 > rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 > rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 > rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 > nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 > rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 > rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 > netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 > netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 > sock_sendmsg_nosec net/socket.c:724 [inline] > sock_sendmsg+0xde/0x190 net/socket.c:747 > ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 > ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 > __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > RIP: 0033:0x7feddf48c169 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007fede029f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e > RAX: ffffffffffffffda RBX: 00007feddf5abf80 RCX: 00007feddf48c169 > RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 > RBP: 00007feddf4e7ca1 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > R13: 00007ffe1bb3e01f R14: 00007fede029f300 R15: 0000000000022000 > </TASK> > Modules linked in: > > > Guoqing > ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 6:07 ` Zhu Yanjun @ 2023-05-23 6:11 ` Guoqing Jiang 2023-05-23 6:40 ` Zhu Yanjun 0 siblings, 1 reply; 24+ messages in thread From: Guoqing Jiang @ 2023-05-23 6:11 UTC (permalink / raw) To: Zhu Yanjun Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On 5/23/23 14:07, Zhu Yanjun wrote: >> There was another null-ptr-deref, no? > Please show me the link. So I can delve into it. Just the first mail of the thread ... >> general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN >> KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] >> CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 >> RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] >> RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 >> Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b >> RSP: 0018:ffffc90003526938 EFLAGS: 00010206 >> RAX: dffffc0000000000 RBX: ffffed100e3fe800 RCX: ffffc9000b403000 >> RDX: 0000000000000006 RSI: ffffffff877e467a RDI: ffff888071ff4388 >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 >> R10: fffffbfff1cf3682 R11: fffffffffffda5b0 R12: ffff888071ff41a0 >> R13: 0000000000000000 R14: 0000000000000000 R15: ffff888071ff4000 >> FS: 00007fede029f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 0000001b2d822000 CR3: 000000002c7e6000 CR4: 00000000003506e0 >> Call Trace: >> <TASK> >> rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 >> execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 >> __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 >> rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 >> create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 >> ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 >> ib_create_qp include/rdma/ib_verbs.h:3743 [inline] >> create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 >> ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] >> ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 >> add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 >> enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 >> ib_register_device drivers/infiniband/core/device.c:1420 [inline] >> ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 >> rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 >> rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 >> rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 >> nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 >> rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 >> rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 >> netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] >> netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 >> netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 >> sock_sendmsg_nosec net/socket.c:724 [inline] >> sock_sendmsg+0xde/0x190 net/socket.c:747 >> ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 >> ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 >> __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 >> do_syscall_x64 arch/x86/entry/common.c:50 [inline] >> do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 >> entry_SYSCALL_64_after_hwframe+0x63/0xcd >> RIP: 0033:0x7feddf48c169 >> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 >> RSP: 002b:00007fede029f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e >> RAX: ffffffffffffffda RBX: 00007feddf5abf80 RCX: 00007feddf48c169 >> RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 >> RBP: 00007feddf4e7ca1 R08: 0000000000000000 R09: 0000000000000000 >> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 >> R13: 00007ffe1bb3e01f R14: 00007fede029f300 R15: 0000000000022000 >> </TASK> >> Modules linked in: >> Anyway, pls check above in the link. https://lore.kernel.org/linux-rdma/3cc9f12a-d680-e05c-72c6-d4cb559fe5ee@linux.dev/T/#m2d374949d62b017074545c2f2a1df9251e0bde32 Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) 2023-05-23 6:11 ` Guoqing Jiang @ 2023-05-23 6:40 ` Zhu Yanjun 0 siblings, 0 replies; 24+ messages in thread From: Zhu Yanjun @ 2023-05-23 6:40 UTC (permalink / raw) To: Guoqing Jiang Cc: syzbot, jgg, leon, linux-kernel, linux-rdma, netdev, syzkaller-bugs On Tue, May 23, 2023 at 2:11 PM Guoqing Jiang <guoqing.jiang@linux.dev> wrote: > > > > On 5/23/23 14:07, Zhu Yanjun wrote: > > >> There was another null-ptr-deref, no? > > Please show me the link. So I can delve into it. > > Just the first mail of the thread ... > > >> general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN > >> KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] > >> CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 > >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 > >> RIP: 0010:flush_send_queue drivers/infiniband/sw/rxe/rxe_comp.c:597 [inline] > >> RIP: 0010:rxe_completer+0x255c/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:653 > >> Code: 80 3c 02 00 0f 85 81 10 00 00 49 8b af 88 03 00 00 48 8d 45 30 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 11 00 00 48 8d 45 2c 44 8b > >> RSP: 0018:ffffc90003526938 EFLAGS: 00010206 > >> RAX: dffffc0000000000 RBX: ffffed100e3fe800 RCX: ffffc9000b403000 > >> RDX: 0000000000000006 RSI: ffffffff877e467a RDI: ffff888071ff4388 > >> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > >> R10: fffffbfff1cf3682 R11: fffffffffffda5b0 R12: ffff888071ff41a0 > >> R13: 0000000000000000 R14: 0000000000000000 R15: ffff888071ff4000 > >> FS: 00007fede029f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 > >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > >> CR2: 0000001b2d822000 CR3: 000000002c7e6000 CR4: 00000000003506e0 > >> Call Trace: > >> <TASK> > >> rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 > >> execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 > >> __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 > >> rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 > >> create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 > >> ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 > >> ib_create_qp include/rdma/ib_verbs.h:3743 [inline] > >> create_mad_qp+0x177/0x380 drivers/infiniband/core/mad.c:2905 > >> ib_mad_port_open drivers/infiniband/core/mad.c:2986 [inline] > >> ib_mad_init_device+0xf40/0x1a90 drivers/infiniband/core/mad.c:3077 > >> add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:721 > >> enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1332 > >> ib_register_device drivers/infiniband/core/device.c:1420 [inline] > >> ib_register_device+0x8b1/0xbc0 drivers/infiniband/core/device.c:1366 > >> rxe_register_device+0x302/0x3e0 drivers/infiniband/sw/rxe/rxe_verbs.c:1485 > >> rxe_net_add+0x90/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:527 > >> rxe_newlink+0xf0/0x1b0 drivers/infiniband/sw/rxe/rxe.c:197 > >> nldev_newlink+0x332/0x5e0 drivers/infiniband/core/nldev.c:1731 > >> rdma_nl_rcv_msg+0x371/0x6a0 drivers/infiniband/core/netlink.c:195 > >> rdma_nl_rcv_skb.constprop.0.isra.0+0x2fc/0x440 drivers/infiniband/core/netlink.c:239 > >> netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > >> netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 > >> netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913 > >> sock_sendmsg_nosec net/socket.c:724 [inline] > >> sock_sendmsg+0xde/0x190 net/socket.c:747 > >> ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 > >> ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 > >> __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 > >> do_syscall_x64 arch/x86/entry/common.c:50 [inline] > >> do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > >> entry_SYSCALL_64_after_hwframe+0x63/0xcd > >> RIP: 0033:0x7feddf48c169 > >> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > >> RSP: 002b:00007fede029f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e > >> RAX: ffffffffffffffda RBX: 00007feddf5abf80 RCX: 00007feddf48c169 > >> RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 > >> RBP: 00007feddf4e7ca1 R08: 0000000000000000 R09: 0000000000000000 > >> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > >> R13: 00007ffe1bb3e01f R14: 00007fede029f300 R15: 0000000000022000 > >> </TASK> > >> Modules linked in: > >> > > Anyway, pls check above in the link. > > https://lore.kernel.org/linux-rdma/3cc9f12a-d680-e05c-72c6-d4cb559fe5ee@linux.dev/T/#m2d374949d62b017074545c2f2a1df9251e0bde32 > Based on the following analysis, the problem in the link is the same with this problem. infiniband syz2: set active infiniband syz2: added bond_slave_1 INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? <----This means that this is a use-before-initialization problem turning off the locking correctness validator. CPU: 1 PID: 31038 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller-12728-g348551ddaf31 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 assign_lock_key kernel/locking/lockdep.c:982 [inline] register_lock_class+0xdb6/0x1120 kernel/locking/lockdep.c:1295 __lock_acquire+0x10a/0x5df0 kernel/locking/lockdep.c:4951 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 skb_dequeue+0x20/0x180 net/core/skbuff.c:3631 drain_resp_pkts drivers/infiniband/sw/rxe/rxe_comp.c:555 [inline] <----- when skb_dequeue is called, spin lock of resp_pkts is not initialized. rxe_completer+0x250d/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:652 rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761 execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473 __rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233 rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583 <---- Here. " 573 err = rxe_qp_from_init(rxe, qp, pd, init, uresp, ibqp->pd, udata); 574 if (err) { 575 rxe_dbg_qp(qp, "create qp failed, err = %d", err); 576 goto err_cleanup; 577 } 578 579 rxe_finalize(qp); 580 return 0; 581 582 err_cleanup: 583 cleanup_err = rxe_cleanup(qp); <--- this is error handler. " create_qp+0x5ac/0x970 drivers/infiniband/core/verbs.c:1235 ib_create_qp_kernel+0xa1/0x310 drivers/infiniband/core/verbs.c:1346 Zhu Yanjun > Guoqing ^ permalink raw reply [flat|nested] 24+ messages in thread
[parent not found: <20230518112255.4516-1-hdanton@sina.com>]
* Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) [not found] <20230518112255.4516-1-hdanton@sina.com> @ 2023-05-18 11:44 ` syzbot 0 siblings, 0 replies; 24+ messages in thread From: syzbot @ 2023-05-18 11:44 UTC (permalink / raw) To: hdanton, linux-kernel, syzkaller-bugs Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com Tested on: commit: ab87603b net: wwan: t7xx: Ensure init is completed bef.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git console output: https://syzkaller.appspot.com/x/log.txt?x=11bbc7d6280000 kernel config: https://syzkaller.appspot.com/x/.config?x=eb92acf166a5d2cd dashboard link: https://syzkaller.appspot.com/bug?extid=eba589d8f49c73d356da compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=1146610e280000 Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2023-05-23 6:40 UTC | newest] Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-05-03 8:37 [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) syzbot 2023-05-18 9:20 ` syzbot 2023-05-23 2:07 ` Guoqing Jiang 2023-05-23 2:13 ` syzbot 2023-05-23 2:25 ` Guoqing Jiang 2023-05-23 2:55 ` syzbot 2023-05-23 3:47 ` Zhu Yanjun 2023-05-23 3:58 ` Guoqing Jiang 2023-05-23 4:02 ` Zhu Yanjun 2023-05-23 4:10 ` Guoqing Jiang 2023-05-23 4:29 ` Zhu Yanjun 2023-05-23 5:08 ` Zhu Yanjun 2023-05-23 5:18 ` Zhu Yanjun 2023-05-23 5:44 ` Guoqing Jiang 2023-05-23 5:52 ` Zhu Yanjun 2023-05-23 5:56 ` Guoqing Jiang 2023-05-23 6:04 ` Zhu Yanjun 2023-05-23 5:50 ` Guoqing Jiang 2023-05-23 5:55 ` Zhu Yanjun 2023-05-23 6:00 ` Guoqing Jiang 2023-05-23 6:07 ` Zhu Yanjun 2023-05-23 6:11 ` Guoqing Jiang 2023-05-23 6:40 ` Zhu Yanjun [not found] <20230518112255.4516-1-hdanton@sina.com> 2023-05-18 11:44 ` syzbot
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.