Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp3889614rwd; Mon, 22 May 2023 23:16:08 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5/8+ugoYxy61XGcdDJqMuszSjWC/gYpD0uwsOY6DDZrXezTqJFQV4k1YdX7z6ZgzGhqYpS X-Received: by 2002:a17:90a:fa91:b0:253:e0cc:50b2 with SMTP id cu17-20020a17090afa9100b00253e0cc50b2mr10838705pjb.5.1684822567738; Mon, 22 May 2023 23:16:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684822567; cv=none; d=google.com; s=arc-20160816; b=mSsBnlsWaT7efcuHlNuGOKUWntu0w+2vlAZKmxAlUsRzw+xUc6IZmnkeWuyjYvO349 xsxgbKlocYvZXWIiFroZpR33xDbJ+SNnMvjTV0Zp1Mx2pxnhu8KVKVYQ47Cy32A6jKX4 YOOrIcN4UFLpQ1G3emm2MtUMvKrllcS+n6I7V93lR+f3es2h0BggQo1EDjSdcnvK4Kt6 k8AsbFJTkb0KGYb2FBU8vMWX6lEiKpEnbhoBDqi7jsNr7h0gb51boOiD4TqJRUzWv068 vDyuURSUK0kFq6Cx3/ct2JFFz53U6rG+FvRXib74PgyIPAGNgeEJfmBuWScT0IhLuGDW Cayg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:mime-version:date :dkim-signature:message-id; bh=m07o5exswnKt8yK6ZsQ/L7uRf4eL52Y1KwKINSNdTZ0=; b=e/WcEpoZyBGO3lrQLOsfGg84hJnR9xjT8AXoc9wiz8+WoXy8bYybAN8nLu9a+CNSgC YFcvGN8gbmwvyA6i3rQuzyAPDv1vN//xpdC8YWUFT+XS8aNlxjOowPGRK8rVDSXPPWjL vPYpjZWEFH4yYRpnA8AMY0XajhnRKN5z68ymiyVuBI9SykT4ywyjSxmal0iQzc0UHak3 FzQcbWQLdcf0CNi3R6GuW9rpDETPCcmVYTtKfs6pNweGFEnv8OOGKcllLWhl4NrepMNt Gxjq98aLp3fAjs5yHURjqlPQFKoYkzOBxnDVfxhOJgbpUX1WCENlipoHmVnEulIcCOCX +/Uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=i36xmLc4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m15-20020a17090a3f8f00b00244a45cb5c0si4433390pjc.42.2023.05.22.23.15.53; Mon, 22 May 2023 23:16:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=i36xmLc4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232392AbjEWF5A (ORCPT + 99 others); Tue, 23 May 2023 01:57:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231280AbjEWF46 (ORCPT ); Tue, 23 May 2023 01:56:58 -0400 Received: from out-17.mta1.migadu.com (out-17.mta1.migadu.com [IPv6:2001:41d0:203:375::11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53E8B11A for ; Mon, 22 May 2023 22:56:56 -0700 (PDT) Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1684821414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m07o5exswnKt8yK6ZsQ/L7uRf4eL52Y1KwKINSNdTZ0=; b=i36xmLc4j5aax91r2DKNDfB//n/KSwCav6OEvS8EKfaP874Un9M5dgmWfNHOQmWeCdcMND P/4w7yrxHVuBzGvq0SJAiEk802KFLYnP3eNGX/YhPMQJwDQw1k9Wv5GYWtgGrbzZRkwghz fi1P8D7SUQHFIDl5y8kgk5mf3sLzU5k= Date: Tue, 23 May 2023 13:56:51 +0800 MIME-Version: 1.0 Subject: Re: [syzbot] [rdma?] INFO: trying to register non-static key in skb_dequeue (2) Content-Language: en-US To: Zhu Yanjun Cc: syzbot , jgg@ziepe.ca, leon@kernel.org, linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <000000000000a589d005fc52ee2d@google.com> <13528f21-0f36-4fa2-d34f-eecee6720bc1@linux.dev> <0d515e17-5386-61ba-8278-500620969497@linux.dev> <5b6b8431-92c7-62df-299b-28f3a5f61d5f@linux.dev> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Guoqing Jiang In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/23/23 13:52, Zhu Yanjun wrote: > On Tue, May 23, 2023 at 1:44 PM Guoqing Jiang wrote: >> >> >> On 5/23/23 13:18, Zhu Yanjun wrote: >>> On Tue, May 23, 2023 at 1:08 PM Zhu Yanjun wrote: >>>> On Tue, May 23, 2023 at 12:29 PM Zhu Yanjun wrote: >>>>> On Tue, May 23, 2023 at 12:10 PM Guoqing Jiang wrote: >>>>>> >>>>>> On 5/23/23 12:02, Zhu Yanjun wrote: >>>>>>> On Tue, May 23, 2023 at 11:47 AM Zhu Yanjun wrote: >>>>>>>> On Tue, May 23, 2023 at 10:26 AM Guoqing Jiang wrote: >>>>>>>>> On 5/23/23 10:13, syzbot wrote: >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> syzbot tried to test the proposed patch but the build/boot failed: >>>>>>>>>> >>>>>>>>>> failed to apply patch: >>>>>>>>>> checking file drivers/infiniband/sw/rxe/rxe_qp.c >>>>>>>>>> patch: **** unexpected end of file in patch >>>>>>>> This is not the root cause. The fix is not good. >>>>>>> This problem is about "INFO: trying to register non-static key. The >>>>>>> code is fine but needs lockdep annotation, or maybe" >>>>> This warning is from "lock is not initialized". This is a >>>>> use-before-initialized problem. >>>>> The correct fix is to initialize the lock that is complained before it is used. >>>>> >>>>> Zhu Yanjun >>>> Based on the call trace, the followings are the order of this call trace. >>>> >>>> 291 /* called by the create qp verb */ >>>> 292 int rxe_qp_from_init(struct rxe_dev *rxe, struct rxe_qp *qp, >>>> struct rxe_pd *pd, >>>> 297 { >>>> ... >>>> 317 rxe_qp_init_misc(rxe, qp, init); >>>> ... >>>> 322 >>>> 323 err = rxe_qp_init_resp(rxe, qp, init, udata, uresp); >>>> 324 if (err) >>>> 325 goto err2; <--- error >>>> >>>> ... >>>> >>>> 334 err2: >>>> 335 rxe_queue_cleanup(qp->sq.queue); <--- Goto here >>>> 336 qp->sq.queue = NULL; >>>> >>>> In rxe_qp_init_resp, the error occurs before skb_queue_head_init. >>>> So this call trace appeared. >>> 250 static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp, >>> 254 { >>> ... >>> 264 >>> 265 type = QUEUE_TYPE_FROM_CLIENT; >>> 266 qp->rq.queue = rxe_queue_init(rxe, &qp->rq.max_wr, >>> 267 wqe_size, type); >>> 268 if (!qp->rq.queue) >>> 269 return -ENOMEM; <---Error here >>> 270 >>> >>> ... >>> >>> 282 skb_queue_head_init(&qp->resp_pkts); <-this is not called. >>> ... >>> This will make spin_lock of resp_pkts is used before initialized. >> IMHO, the above is same as >> >>> Which is caused by "skb_queue_head_init(&qp->resp_pkts)" is not called >>> given rxe_qp_init_resp returns error, but the cleanup still trigger the >>> chain. >>> >>> rxe_qp_do_cleanup -> rxe_completer -> drain_resp_pkts -> >>> skb_dequeue(&qp->resp_pkts) >> my previous analysis. If not, could you provide another better way to >> fix it? > Move the initialization to the beginning. This can fix this problem. > See below: > > " > diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c > b/drivers/infiniband/sw/rxe/rxe_qp.c > index c5451a4488ca..22ef6188d7b1 100644 > --- a/drivers/infiniband/sw/rxe/rxe_qp.c > +++ b/drivers/infiniband/sw/rxe/rxe_qp.c > @@ -176,6 +176,9 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, > struct rxe_qp *qp, > spin_lock_init(&qp->rq.producer_lock); > spin_lock_init(&qp->rq.consumer_lock); > > + skb_queue_head_init(&qp->req_pkts); > + skb_queue_head_init(&qp->resp_pkts); > + > atomic_set(&qp->ssn, 0); > atomic_set(&qp->skb_out, 0); > } > @@ -234,8 +237,6 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, > struct rxe_qp *qp, > qp->req.opcode = -1; > qp->comp.opcode = -1; > > - skb_queue_head_init(&qp->req_pkts); > - > rxe_init_task(&qp->req.task, qp, rxe_requester); > rxe_init_task(&qp->comp.task, qp, rxe_completer); > > @@ -279,8 +280,6 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, > struct rxe_qp *qp, > } > } > > - skb_queue_head_init(&qp->resp_pkts); > - > rxe_init_task(&qp->resp.task, qp, rxe_responder); > > qp->resp.opcode = OPCODE_NONE; > " It is weird to me that init them in init_misc instead of init_req/resp, given they are dedicated/used for the different purpose. But just my 0.02$. Guoqing