[syzbot] [rdma?] WARNING in rdma_restrack_clean (2)
0 views
Skip to first unread message
syzbot
1:29 AM (2 hours ago) 1:29 AM
to j...@ziepe.ca, le...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4b4362973b6f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1463617a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f52fb4a6d220c448
dashboard link: https://syzkaller.appspot.com/bug?extid=47c9ad191991e1bb459b
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cdc9dd8cab69/disk-4b436297.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bb74747f86d/vmlinux-4b436297.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a20d7153214f/Image-4b436297.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+47c9ad...@syzkaller.appspotmail.com
siw: device registration error -23
smc: removing ib device syz2
------------[ cut here ]------------
WARNING: drivers/infiniband/core/restrack.c:52 at rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52, CPU#0: syz.6.395/6673
Modules linked in:
CPU: 0 UID: 0 PID: 6673 Comm: syz.6.395 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52
lr : rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52
sp : ffff800097046ed0
x29: ffff800097046ed0 x28: ffff800097047500 x27: ffff800087543780
x26: 0000000000000005 x25: ffff0000f6f8a000 x24: 0000000000000048
x23: 1fffe0001a7d49da x22: dfff800000000000 x21: ffff0000f6f8a048
x20: ffff0000f6f8a000 x19: ffff0000d3ea4ed0 x18: 00000000ffffffff
x17: ffff80008a186c80 x16: ffff80008a56f938 x15: ffff800084b03e18
x14: 000000008679e8e0 x13: 0000000000000001 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000080000 x9 : 0000000000080000
x8 : ffff80009b59b000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000008 x3 : ffff80008433288c
x2 : 0000000000000000 x1 : ffff0000c8ee8000 x0 : 0000000000000001
Call trace:
rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52 (P)
ib_dealloc_device+0x14c/0x1e0 drivers/infiniband/core/device.c:686
__ib_unregister_device+0x2b4/0x334 drivers/infiniband/core/device.c:1546
ib_unregister_device_and_put+0x5c/0x80 drivers/infiniband/core/device.c:1593
nldev_dellink+0x2e4/0x328 drivers/infiniband/core/nldev.c:1854
rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
rdma_nl_rcv+0x568/0x828 drivers/infiniband/core/netlink.c:259
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x610/0x800 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x63c/0x920 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg+0xc8/0x138 net/socket.c:802
____sys_sendmsg+0x418/0x70c net/socket.c:2698
___sys_sendmsg+0x198/0x224 net/socket.c:2752
__sys_sendmsg+0x160/0x214 net/socket.c:2784
__do_sys_sendmsg net/socket.c:2789 [inline]
__se_sys_sendmsg net/socket.c:2787 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2787
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
irq event stamp: 227244
hardirqs last enabled at (227243): [<ffff8000867c300c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
hardirqs last enabled at (227243): [<ffff8000867c300c>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198
hardirqs last disabled at (227244): [<ffff80008679e6f8>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:429
softirqs last enabled at (227122): [<ffff800084b2768c>] __alloc_skb+0x1c0/0x5f8 net/core/skbuff.c:696
softirqs last disabled at (227118): [<ffff800084b27674>] local_bh_disable include/linux/bottom_half.h:20 [inline]
softirqs last disabled at (227118): [<ffff800084b27674>] __alloc_skb+0x1a8/0x5f8 net/core/skbuff.c:695
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4b4362973b6f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1463617a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f52fb4a6d220c448
dashboard link: https://syzkaller.appspot.com/bug?extid=47c9ad191991e1bb459b
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cdc9dd8cab69/disk-4b436297.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bb74747f86d/vmlinux-4b436297.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a20d7153214f/Image-4b436297.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+47c9ad...@syzkaller.appspotmail.com
siw: device registration error -23
smc: removing ib device syz2
------------[ cut here ]------------
WARNING: drivers/infiniband/core/restrack.c:52 at rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52, CPU#0: syz.6.395/6673
Modules linked in:
CPU: 0 UID: 0 PID: 6673 Comm: syz.6.395 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52
lr : rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52
sp : ffff800097046ed0
x29: ffff800097046ed0 x28: ffff800097047500 x27: ffff800087543780
x26: 0000000000000005 x25: ffff0000f6f8a000 x24: 0000000000000048
x23: 1fffe0001a7d49da x22: dfff800000000000 x21: ffff0000f6f8a048
x20: ffff0000f6f8a000 x19: ffff0000d3ea4ed0 x18: 00000000ffffffff
x17: ffff80008a186c80 x16: ffff80008a56f938 x15: ffff800084b03e18
x14: 000000008679e8e0 x13: 0000000000000001 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000080000 x9 : 0000000000080000
x8 : ffff80009b59b000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000008 x3 : ffff80008433288c
x2 : 0000000000000000 x1 : ffff0000c8ee8000 x0 : 0000000000000001
Call trace:
rdma_restrack_clean+0xa4/0xd4 drivers/infiniband/core/restrack.c:52 (P)
ib_dealloc_device+0x14c/0x1e0 drivers/infiniband/core/device.c:686
__ib_unregister_device+0x2b4/0x334 drivers/infiniband/core/device.c:1546
ib_unregister_device_and_put+0x5c/0x80 drivers/infiniband/core/device.c:1593
nldev_dellink+0x2e4/0x328 drivers/infiniband/core/nldev.c:1854
rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
rdma_nl_rcv+0x568/0x828 drivers/infiniband/core/netlink.c:259
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x610/0x800 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x63c/0x920 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg+0xc8/0x138 net/socket.c:802
____sys_sendmsg+0x418/0x70c net/socket.c:2698
___sys_sendmsg+0x198/0x224 net/socket.c:2752
__sys_sendmsg+0x160/0x214 net/socket.c:2784
__do_sys_sendmsg net/socket.c:2789 [inline]
__se_sys_sendmsg net/socket.c:2787 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2787
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
irq event stamp: 227244
hardirqs last enabled at (227243): [<ffff8000867c300c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
hardirqs last enabled at (227243): [<ffff8000867c300c>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198
hardirqs last disabled at (227244): [<ffff80008679e6f8>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:429
softirqs last enabled at (227122): [<ffff800084b2768c>] __alloc_skb+0x1c0/0x5f8 net/core/skbuff.c:696
softirqs last disabled at (227118): [<ffff800084b27674>] local_bh_disable include/linux/bottom_half.h:20 [inline]
softirqs last disabled at (227118): [<ffff800084b27674>] __alloc_skb+0x1a8/0x5f8 net/core/skbuff.c:695
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages