syzbot


WARNING: kobject bug in ib_register_device

Status: fixed on 2020/05/10 10:42
Reported-by: syzbot+da615ac67d4dbea32cbc@syzkaller.appspotmail.com
Fix commit: 7aefa6237cfe RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
First crash: 1010d, last: 969d

Cause bisection: the cause commit could be any of (bisect log):
  20cf4e026730 rdma: Enable ib_alloc_cq to spread work over a device's comp_vectors
  31d0e6c149b8 mlx5: Fix formats with line continuation whitespace
  7a63b31efbb2 RDMA/hns: Remove not used UAR assignment
  05bb411ada95 RDMA/core: Introduce ratelimited ibdev printk functions
  b2567ebb78bd RDMA/hns: remove set but not used variable 'irq_num'
  cfa1f5f27c79 RDMA/efa: Rate limit admin queue error prints
  d129e3f42266 RDMA/mlx5: Remove DEBUG ODP code
  1dc558923c5c RDMA/core: fix spelling mistake "Nelink" -> "Netlink"
  72a7720fca37 RDMA: Introduce ib_port_phys_state enum
  691f380df242 RDMA/cxgb3: Use ib_device_set_netdev()
  cb560f5fd951 infiniband: Remove dev_err() usage after platform_get_irq()
  16e9111e9ee3 RDMA/efa: Expose device statistics
  4929116bdf72 RDMA/core: Add common iWARP query port
  bda9045a200c IB/bnxt_re: Do not notifify GID change event
  d8d5cfac45db RDMA/{cxgb3, cxgb4, i40iw}: Remove common code
  525a2c651cdd Merge branch 'wip/dl-for-rc' into wip/dl-for-next
  a3e2d4c7e766 RDMA/hns: remove obsolete Kconfig comment
  3e1f000ff746 IB/mlx5: Support per device q counters in switchdev mode
  cc95b23c2500 RDMA/hns: Encapsulate some lines for setting sq size in user mode
  5dcecbc96755 IB/mlx5: Refactor code for counters allocation
  8ea417ffc2db RDMA/hns: Optimize hns_roce_modify_qp function
  0058eb589881 qed*: Change dpi_addr to be denoted with __iomem
  ece9c205f707 RDMA/hns: Update the prompt message for creating and destroy qp
  2288b3b3b187 RDMA/hns: Remove unnessary init for cmq reg
  8b38c538d460 IB/mlx5: Add CREATE_PSV/DESTROY_PSV for devx interface
  1d2fedd8561d RDMA/core: Support netlink commands in non init_net net namespaces
  b5c229dc1585 RDMA/hns: Clean up unnecessary initial assignment
  6def7de6d450 RDMA/hns: Update some comments style
  913df8c35322 RDMA/mlx4: Annotate boolean arguments as bool and not int
  089b645d19b2 RDMA/mlx4: Separate creation of RWQ and QP
  0e20ebf8d48e RDMA/hns: Handling the error return value of hem function
  4f96061b92da IB/usnic: Use dev_get_drvdata
  e7f40440afb8 RDMA/hns: Split bool statement and assign statement
  39289bfc2214 RDMA: Make most headers compile stand alone
  bebdb83f97ee RDMA/hns: Refactor irq request code
  4b42d05d0b2c RDMA/hns: Remove unnecessary kzalloc
  cf167e5eb92c RDMA/qedr: Remove Unneeded variable rc
  260c3b349919 RDMA/hns: Refactor hns_roce_v2_set_hem for hip08
  4cc315c53f95 RDMA/qib: Unneeded variable ret
  249f2f921f24 RDMA/hns: Remove redundant print in hns_roce_v2_ceq_int()
  33db6f94847c RDMA/hns: Refactor eq table init for hip08
  d7019c0f47ae RDMA/hns: Refactor hem table mhop check and calculation
  d967e2625faa RDMA/hns: Disable alw_lcl_lpbk of SSU
  3ee0e170d72c RDMA/hns: Package for hns_roce_rereg_user_mr function
  db50077b9530 RDMA/hns: Use the new APIs for printing log
  749b9eef502d Merge remote-tracking branch 'mlx5-next/mlx5-next' into wip/dl-for-next
  89b4b70b974c RDMA/hns: Optimize hns_roce_mhop_alloc function.
  972d7560ee37 IB/mlx5: Add legacy events to DEVX list
  99441ab552f1 RDMA/hns: optimize the duplicated code for qpc setting flow
  8293a598feec IB/mlx5: Expose XRQ legacy commands over the DEVX interface
  947441eadb90 RDMA/hns: Use a separated function for setting extend sge paramters
  606bf89e98ef RDMA/hns: Refactor for hns_roce_v2_modify_qp function
  9dc4cfff115f RDMA/mlx5: Annotate lock dependency in bind/unbind slave port
  0e1aa6f0959e RDMA/hns: Logic optimization of wc_flags
  2a2f1887e089 RDMA/hns: Refactor the code of creating srq
  4f8f0d5e33dd RDMA/hns: Package the flow of creating cq
  76827087bb3f RDMA/hns: Bugfix for creating qp attached to srq
  a5c9c299d1e1 IB/mlx5: Avoid unnecessary typecast
  d7e5ca88d60c RDMA/hns: Modify pi vlaue when cq overflows
  56594ae1d250 RDMA/core: Annotate destroy of mutex to ensure that it is released as unlocked
  9bba3f0cbfc8 RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver
  a511f82218fb RDMA/hns: Fix comparison of unsigned long variable 'end' with less than zero
  bf8c02f961c8 RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver
  77905379e9b2 RDMA/hns: Remove unuseful member
  ecc53f8a3c09 RDMA/mlx4: Untag user pointers in mlx4_get_umem_mr
  795130b31986 IB/hfi1: Remove unused define
  a7325af725e8 RDMA/hns: Fix some white space check_mtu_validate()
  b2299e83815c RDMA: Delete DEBUG code
  b2590bdd0b1d IB/hfi1: Do not update hcrc for a KDETH packet during fault injection
  868df536f5e8 Merge branch 'odp_fixes' into rdma.git for-next
Patch testing requests:
Created Duration User Patch Repo Result
2020/03/09 19:16 18m jgg@mellanox.com patch git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-next OK

Sample crash report:
------------[ cut here ]------------
kobject: (00000000f9de3792): attempted to be registered with empty name!
WARNING: CPU: 1 PID: 10856 at lib/kobject.c:234 kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 10856 Comm: syz-executor459 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x3e kernel/panic.c:582
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 fixup_bug arch/x86/kernel/traps.c:169 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
Code: 7a ca ca f9 e9 f0 f8 ff ff 4c 89 f7 e8 cd ca ca f9 e9 95 f9 ff ff e8 13 25 8c f9 4c 89 e6 48 c7 c7 a0 08 1a 89 e8 a3 76 5c f9 <0f> 0b 41 bd ea ff ff ff e9 52 ff ff ff e8 f2 24 8c f9 0f 0b e8 eb
RSP: 0018:ffffc90002006eb0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815eae46 RDI: fffff52000400dc8
RBP: ffffc90002006f08 R08: ffff8880972ac500 R09: ffffed1015d26659
R10: ffffed1015d26658 R11: ffff8880ae9332c7 R12: ffff888093034668
R13: 0000000000000000 R14: ffff8880a69d7600 R15: 0000000000000001
 kobject_add_varg lib/kobject.c:390 [inline]
 kobject_add+0x150/0x1c0 lib/kobject.c:442
 device_add+0x3be/0x1d00 drivers/base/core.c:2412
 ib_register_device drivers/infiniband/core/device.c:1371 [inline]
 ib_register_device+0x93e/0xe40 drivers/infiniband/core/device.c:1343
 rxe_register_device+0x52e/0x655 drivers/infiniband/sw/rxe/rxe_verbs.c:1231
 rxe_add+0x122b/0x1661 drivers/infiniband/sw/rxe/rxe.c:302
 rxe_net_add+0x91/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:539
 rxe_newlink+0x39/0x90 drivers/infiniband/sw/rxe/rxe.c:318
 nldev_newlink+0x28a/0x430 drivers/infiniband/core/nldev.c:1538
 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 rdma_nl_rcv+0x5d9/0x980 drivers/infiniband/core/netlink.c:259
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:672
 ____sys_sendmsg+0x753/0x880 net/socket.c:2343
 ___sys_sendmsg+0x100/0x170 net/socket.c:2397
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg net/socket.c:2437 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x443409
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdacc07918 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443409
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ffdacc07930 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000004049a0 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (14):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2020/02/27 17:08 upstream f8788d86ab28 59b57593 .config log report syz C
ci-upstream-kasan-gce-root 2020/02/26 20:50 upstream f8788d86ab28 59b57593 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/02/24 08:13 upstream d2eee25858f2 d801cb02 .config log report syz C
ci-upstream-net-this-kasan-gce 2020/02/22 15:30 net 0c0ddd6ae47c 2c36e7a7 .config log report syz C
ci-upstream-net-kasan-gce 2020/02/22 15:19 net-next 732a0dee501f 2c36e7a7 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/03/09 14:18 linux-next 770fbb32d34e 2e9971bb .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/03/06 14:33 upstream 63623fd44972 c88c7b75 .config log report
ci-upstream-kasan-gce-smack-root 2020/03/05 10:41 upstream 63623fd44972 c88c7b75 .config log report
ci-upstream-kasan-gce-selinux-root 2020/03/04 17:40 upstream 63623fd44972 c88c7b75 .config log report
ci-upstream-net-kasan-gce 2020/03/29 14:48 net-next 1a147b74c2fd 05736b29 .config log report
ci-upstream-net-kasan-gce 2020/03/28 07:22 net-next 8a8f8281e7e7 831e9a81 .config log report
ci-upstream-net-kasan-gce 2020/03/15 01:50 net-next 94229d45239b 749688d2 .config log report
ci-upstream-net-kasan-gce 2020/02/26 22:02 net-next c3e042f54107 59b57593 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/04/02 18:06 linux-next 770fbb32d34e a34e2c33 .config log report
* Struck through repros no longer work on HEAD.