From nobody Mon Jun 8 05:26:08 2026 Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35B87377543 for ; Fri, 5 Jun 2026 17:04:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780679065; cv=none; b=evxjXl4vOHb6IDYHdMlTovHsvoYcS1hAKEhIn3GxBf0jM/+brkqW6jGHsrglMg9gIbO4zaGrt3pJhv8aq5V0Ia9qnlOOzLRIf+rLzRro9T0enybfMSZp2Xj3W+0/GUGghB/nayOyenxt2ZZ2+2Ah2Q6z7ehvvSJdkNmtIM8iQ14= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780679065; c=relaxed/simple; bh=qlOqJCumkmHJfJLiXXOXhCO/dxGSCrwCfvho3e9vArQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IDu9zBn/QjDIeuMc9iPDyIl/NDv/dGjAQYyaRQVWAyQ4S4/3ukqEac8UymkJLy4QIW3N/vZOGH2YL2R/0rVQrTTl3vBaHGroE7EZGE1sf24Sf7LuYObHkCZsTo3cF3BHtX1bUXAWd0Qdv3hry9w+z3dcvnEfd2/ghJ90dWpPA1Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K+c8TiKF; arc=none smtp.client-ip=209.85.208.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K+c8TiKF" Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-39666ac91a2so32709771fa.1 for ; Fri, 05 Jun 2026 10:04:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780679062; x=1781283862; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EB08X2I3fy3wrkRM6VsdXZolE8SRqefSruMLGUvZ7UY=; b=K+c8TiKFsFhtazVJVRNzywEeWp31xZHpogsefp63IVsiZNG0J3VMXaj5HLrErarTpK melF8isolHsoW2o7ypPKwXLnVbfSbnuSWnwLOdeWc6p9ZY7MZK+pbfLm3maUTHG4zyl5 geyZjjPNhZdmbNDDXsnkSFDg5aTBbpiI+dm2S9UtFj8QNkQA00bd08+4S257XstnlFCj RxbP4IdFiNJnU9T0SKkrt9SC+yXfCnUS7E7FDdvU4miqCzQai0qXN9nKqRp5zsJUjQ45 sDoZKGc4xMMBLLxtDZFv1HKtpnUaYCKa3iyUPdNz3I9LgvE1W/Ai9lZHh6232m9jklWb 4MGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780679062; x=1781283862; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=EB08X2I3fy3wrkRM6VsdXZolE8SRqefSruMLGUvZ7UY=; b=Afocy0FPtmvCNDqM9ioPXAHaiffDR1PmSiAZQobJ5R3n8P2a0hOB0WLej9mIoRL1WK hxfuVMTeLPdAuCwQZQJrzDsP4tOf69VnKNQW9BqSZCv8UI7RFXvZlAn4kaMGmmBps33S UPhVWCLtYjar2/uNEzyeHIqBwfdjKAQB18qQc9xgnuSzP6+uSuw++TnR36GyKY/LH4wC dNpf04LDj/21u2Tn/tvv892106NRQEZFlHg7kscznArMDdt9NqhiPXhwMA37w5IiJ2Wb fF1f1GEhjxT6KK9Bj3rybPvLG2oynhCw92pJ3QzUd+u7e37vxTp2S9JrZZ8Fhf6yN/Sj 7jpQ== X-Forwarded-Encrypted: i=1; AFNElJ/LZhPHY3LTrPSdlsw3rxiIDgemlatFSqWEztB67+Xoya153Okz3i9Br8vXAGb4xXUOURAZ1zPrbVWzEgo=@vger.kernel.org X-Gm-Message-State: AOJu0YwtAQydMj/Vtq2QPIReLy9DhGRz3uYiBcROgmlhYePHvFI/M2ku zpxIhrEJsEysjMEuFZg5OhL/PWro2g5hJ8KKaGrVRUc9ekUxyVNYUQae X-Gm-Gg: Acq92OGju+7jT7kqDx35xs3dxb/nt8VsKtyuNpAnmhPWCvRcGTltlAghaqMXaKRxFxH KQKSVcrnIxRvsVD+fBFRxtAX2sV1WbMDHOe11RumFnCZw06ibTedbn6/H9heHvqWmdwij2dowzv LGYjidVuIu3MprwW4hmrAzaOjleOPYXfKbgVSwEId/ev2G4l6PB676J0uf8iEXfYerTHHslas4u KjYG3JKplF2xEneurq4odt2sIuokQLHzQK7fA6acBlasAnjAZXmk6DZLlzf4d63yJXwvhunm6uc hCNk71RGqy9IXAKvzVXPso4MMsUnYhuEPkuak34BJlL+grBxxnonz9gChpVQauLFALS++AiAjFu kCPazkDky7wGjKSBOa2SIcGdr58f5rnNda3jS9UfU96eXm9Cg5CisRyRfOe4dLzp8+TlKmA8cDR shbEXrHaEX+Ku4D+rAWRKtKXBZSoy982ZZiei2+HWGhW2Y0VLIntHLSEAZL1NZhnECpDTWOAudU WAcMvc= X-Received: by 2002:a2e:a58a:0:b0:394:8fc:8c3d with SMTP id 38308e7fff4ca-396d2892d2fmr10213551fa.4.1780679062303; Fri, 05 Jun 2026 10:04:22 -0700 (PDT) Received: from c0624c666cc5.devsec.astralinux.ru ([93.188.205.42]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-396ac07b66asm26931161fa.11.2026.06.05.10.04.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 10:04:20 -0700 (PDT) From: Vladislav Nikolaev To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Vladislav Nikolaev , Zhu Yanjun , Doug Ledford , Jason Gunthorpe , Haggai Eran , Kamal Heib , Amir Vadai , Moni Shoua , Yonatan Cohen , Leon Romanovsky , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, Zhu Yanjun , lvc-project@linuxtesting.org Subject: [PATCH 6.1 1/3] Revert "RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task"" Date: Fri, 5 Jun 2026 20:03:27 +0300 Message-ID: <20260605170349.1524-2-vlad102nikolaev@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260605170349.1524-1-vlad102nikolaev@gmail.com> References: <20260605170349.1524-1-vlad102nikolaev@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This reverts commit 3236221bb8e4de8e3d0c8385f634064fb26b8e38. The reverted commit is an incomplete backport of upstream commit b2b1ddc45745. It added guards for req.task and comp.task cleanup, but missed resp.task cleanup and left it before the RC timer cleanup, unlike the upstream fix. Revert it first so the correct backport can be applied cleanly in the following patch. Signed-off-by: Vladislav Nikolaev --- drivers/infiniband/sw/rxe/rxe_qp.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe= /rxe_qp.c index 709c63e9773c..05e4a270084f 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -788,11 +788,8 @@ static void rxe_qp_do_cleanup(struct work_struct *work) del_timer_sync(&qp->rnr_nak_timer); } =20 - if (qp->req.task.func) - rxe_cleanup_task(&qp->req.task); - - if (qp->comp.task.func) - rxe_cleanup_task(&qp->comp.task); + rxe_cleanup_task(&qp->req.task); + rxe_cleanup_task(&qp->comp.task); =20 /* flush out any receive wr's or pending requests */ if (qp->req.task.func) --=20 2.43.0 From nobody Mon Jun 8 05:26:08 2026 Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A66BA3451BA for ; Fri, 5 Jun 2026 17:04:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780679075; cv=none; b=gvx+kb1/KM2mtezhuKnjI0wyw3TpJ/mw4tR2+PycZBpYVFnL57wYPOkFwDMvnxIMpaL37P/PIx6O7IcBWmUwL7WzYovvIRwjyugTGmVgRZbsw8K9+EC5jcFsWAj6qJpOfLM9s25Yggd1LRHpYJ19rT/475s6qv+Tex9or+vSo0g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780679075; c=relaxed/simple; bh=D/nO13dQ1LzEazrrsrSdTSHRT/e4G5tqDnpjhZe/h5I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=l0x5H5KcQEsSYQsNHIOia9wVWcdV9G+RK1EWR0mbLbeqZmvOW+KGoOJlrv+7mqVL5C4nD2JHp6Jfh6qvsm3jMBALvzWNd95P3GfEMV8WbK6iXacNVCQzMIJTdBZOM2jyley7KC/IltHbgznxKky5qKg1r8YMFWXzr2NgHs6oYYI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gSr5j7DV; arc=none smtp.client-ip=209.85.208.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gSr5j7DV" Received: by mail-lj1-f182.google.com with SMTP id 38308e7fff4ca-3965d76090bso19629451fa.2 for ; Fri, 05 Jun 2026 10:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780679072; x=1781283872; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jD9HMBs1n8FhaIiEX38r99JB83FOqKTDd6pKw32kq/Y=; b=gSr5j7DVpMIROAQqBlGzLeicC/1TzuYwZMKxbd+3cM8J/UNPqRDWeb/fR4YDOSVJtB jibPUMY1kwpHi/KHeJH1fdD+NKg5OyMIen9CVYX8cPHcqltP8eBavubFNAFKUM9hR4ic 9iiuSMF8Mpu1//c8yhqf8SActmjy0oeEXmXYjFGH1WZhgBuceY4HvGvIfdd7GVxpfeTy YHDgidohafn6x5JVWG0227kz25FYRe8CcOGhpHgLB1Jf/Apbj0AphacMClbrbYrvPZZ3 sgnJnI2FrM2kl0znnJYpLg7B/AuAFsaPGoLBmOSM0s8/4J17kx/88sCUKkuaU9Uxu+Zz l9Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780679072; x=1781283872; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=jD9HMBs1n8FhaIiEX38r99JB83FOqKTDd6pKw32kq/Y=; b=R100TJvT8pA4/zrKD5J0xTeXKBjqEyz3ZJ7fDqg3oDepsaQDnRdvdVjPmYNqfbiRlP OkDFZIc1TW/17hLrTzXvOHjnwWuEZE0dL2A8ABtUIjaIVua/60bw/Ju+JI1HWcpi/Ol8 pPwb0VwJMiRvW1AiF7DNc3dhnrssVd5Jl2j9PSEjT7LVQH8LnZ4GKUMhbtURN6phcSgT jhmexViOIpSZpzKZ1yAiyHXc37Sr+WQbjk2SYqMk4HeE/nGeX2D1qSY7378K0aJHNM4u 3BLBrLoAn3k7z5T9EakUO0+HfD099hgxr6epe1Z9aR+HDut4y7wYijngTy6uLKsrZS9o uZQQ== X-Forwarded-Encrypted: i=1; AFNElJ/CUmW87bdXKjwS6tycH+4iFDtAgXwQkFs70iRhFT5WbPfDF+8dzV090KvMF4Kex7rNCQAf400ckf5RoZs=@vger.kernel.org X-Gm-Message-State: AOJu0YzqvpmkfzLBBGR2gsp6JdeKt6lsVviKgoxK+Aolu9BW03UM8qGi DOpZNlrdP2seOnAiVjEtPeipGk9hPV3iAoph8iqZil3rD8uUqmbGdqG5 X-Gm-Gg: Acq92OFD2o7VIGT34jhr1RmEUN0z40Wz9TQiszHuB3WCwe5/gzp5KaO2MHwBfpvM7B1 CqI09FWWloEoE2GyrCr65mld8cQmofWHK8XbesqYeYwwdgDo+pVHHzQSmEDBVBma8h0onKd6PXc 43qOA235dyeMM10N2VE3myyfiDb/ePUhuBDX28TSCOffQ/YNbN702LwTs8qsY805jsZQ2WyWKOA PFhLqYQCZ1pw78G4ipD6hF7dnTaUfp8PpV891aYWxXOjCp0G7h3mn/inauTML87ha+oULMfYuma hhaZF+cx5ZuaNP2XEs24r7BedDhb/9JC7ixOPyCAmHNPNjYvcPf1hK+7MddlmLQKYpzRQlFUzIj BnamIo6sMqb/GsNDdhBlfVg9GhoKJucMJYQYhu+QuHOjPQm8GQeComeKGupJpvWfY13sYRQRH+p f/W+eVTJhajK5G9U49uuxbfquo50QttMnDkri9UuC/gMA/NuCu9qvp/hBsy5VBhRzz23U/fRrIT K0xVOw= X-Received: by 2002:a2e:bd10:0:b0:396:74ed:a7b1 with SMTP id 38308e7fff4ca-396d08e4001mr13247801fa.15.1780679071635; Fri, 05 Jun 2026 10:04:31 -0700 (PDT) Received: from c0624c666cc5.devsec.astralinux.ru ([93.188.205.42]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-396ac07b66asm26931161fa.11.2026.06.05.10.04.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 10:04:29 -0700 (PDT) From: Vladislav Nikolaev To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Vladislav Nikolaev , Zhu Yanjun , Doug Ledford , Jason Gunthorpe , Haggai Eran , Kamal Heib , Amir Vadai , Moni Shoua , Yonatan Cohen , Leon Romanovsky , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, Zhu Yanjun , lvc-project@linuxtesting.org, syzbot+cfcc1a3c85be15a40cba@syzkaller.appspotmail.com, Zhu Yanjun Subject: [PATCH 6.1 2/3] RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" Date: Fri, 5 Jun 2026 20:03:28 +0300 Message-ID: <20260605170349.1524-3-vlad102nikolaev@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260605170349.1524-1-vlad102nikolaev@gmail.com> References: <20260605170349.1524-1-vlad102nikolaev@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zhu Yanjun commit b2b1ddc457458fecd1c6f385baa9fbda5f0c63ad upstream. In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like rxe_init_task are not setup until rxe_qp_init_req(). If an error occurred before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. If rxe_init_task is not executed, rxe_cleanup_task will not be called. Reported-by: syzbot+cfcc1a3c85be15a40cba@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=3Dfd85757b74b3eb59f904138486f755= f71e090df8 Fixes: 8700e3e7c485 ("Soft RoCE driver") Fixes: 2d4b21e0a291 ("IB/rxe: Prevent from completer to operate on non vali= d QP") Signed-off-by: Zhu Yanjun Link: https://lore.kernel.org/r/20230413101115.1366068-1-yanjun.zhu@intel.c= om Signed-off-by: Leon Romanovsky [ Vladislav: match upstream cleanup order and add the missing resp.task.func check. ] Signed-off-by: Vladislav Nikolaev --- drivers/infiniband/sw/rxe/rxe_qp.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe= /rxe_qp.c index 05e4a270084f..171c0f4dcbec 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -781,15 +781,20 @@ static void rxe_qp_do_cleanup(struct work_struct *wor= k) =20 qp->valid =3D 0; qp->qp_timeout_jiffies =3D 0; - rxe_cleanup_task(&qp->resp.task); =20 if (qp_type(qp) =3D=3D IB_QPT_RC) { del_timer_sync(&qp->retrans_timer); del_timer_sync(&qp->rnr_nak_timer); } =20 - rxe_cleanup_task(&qp->req.task); - rxe_cleanup_task(&qp->comp.task); + if (qp->resp.task.func) + rxe_cleanup_task(&qp->resp.task); + + if (qp->req.task.func) + rxe_cleanup_task(&qp->req.task); + + if (qp->comp.task.func) + rxe_cleanup_task(&qp->comp.task); =20 /* flush out any receive wr's or pending requests */ if (qp->req.task.func) --=20 2.43.0 From nobody Mon Jun 8 05:26:08 2026 Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F355D340403 for ; Fri, 5 Jun 2026 17:04:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780679083; cv=none; b=AEJIqJRU21541+I0TDmHIbBywUxnmprYEstpILMmMRtyvzZ0WgxCA9oZ+feCSBeHMUb+aFCpTBQb0gDUrGc6k2LkAUn7kg+VJuHj5eHIUz3k3GJPNJnw90iomn9aJ8T9fz0TSbvZoZjUK2sn0T5tjzV9fM3rg2Ijc8qHofNDGnE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780679083; c=relaxed/simple; bh=S7SzpnqAm+mTqvd5IQ/Epq+Wa3ov0P4LXqBXb7TQeL4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tvOTLQ+hc4nLU49zRKgHbnmNWMeyWde1LlJ+QziPM4oMm4p8YrtdeXIfEO0d1E03uBg7guIVMyzBsIGAN8CCoHSLvsehYz05Zhlc2dM04vNLVbpwnbrcovRNv3ZLqlYHO0Y7X4jLWWnW0ViYwEGbvXChFzkStOlLvcxj5Y4UneI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OclVuCmS; arc=none smtp.client-ip=209.85.208.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OclVuCmS" Received: by mail-lj1-f170.google.com with SMTP id 38308e7fff4ca-395f24a5f2cso20661271fa.2 for ; Fri, 05 Jun 2026 10:04:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780679080; x=1781283880; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=31VTJLcsi1UWnRchazyAHO/664C8JXW9dEs1B2pTJB8=; b=OclVuCmS1paE5dDRqf9JHTYtF1xPDZrcN/P3IFXiaOl8UbEx9bYH5WzJaev5eA46eG G4FRKKC+YlXZtXvFUkBMphFJ0NN6L0AwhHjZTDSQ996qsyZxbPAdVXvJITxQT649x9gl Csx0nCo8wxVCPyt8RZMLv7ChKUY90xR5vvW4C+UxfgCajYWg2CU2CmEHzAen59veEkDi ibs0BalpewIkKYG/Rlvma/C9nUsTGsv9231AlcqO61s1BLgHOa1dw2QxSB8f/CqbwB6z iEe9n4N+xxiYp0MkmSkH6yuvfh8Js1T0OyF+emFCDvw2uJZ6AXw3dLEitx8sIhVPFP5n EOgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780679080; x=1781283880; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=31VTJLcsi1UWnRchazyAHO/664C8JXW9dEs1B2pTJB8=; b=OxLAtJe4XsHnpfAXIChqgCSiF7/iV0I3tTxOIvMYlmbRaOS1UQd3ac8/plEUAJG7Zg 9rnrCCPAvMXEOoborNtkj/f/kc06p0S0lFM359S8y10v3qaJ7LMU+Td9DbuSmhQ+QJS9 ToNbygcxvhaKu0ijZw2YY4GQujOSgZGqm8Cxxp6QI0ri7+OplaqFlIqJo4tOTF7Nromp trAXpMXDbXZmPjHxHCwWqFi42XjlAmYd1fQOj+AO3FnNCRAGa9S4m1vQrCPQvSp/5/Ct TTEB7TomBpBOJdWyTbZ5V5RgxaF4RFvPUnhpGaYHWL0JIX8OE2ddkHDfBkIRs8JhnZVN mKRQ== X-Forwarded-Encrypted: i=1; AFNElJ+0pD3A19Y0Z0cgIlVAKCSwIoU507A04pSyYLR8h1Z8iCGU6nJsbFsKpM4A6VHZeKsfUYV2+oAg27qOOK4=@vger.kernel.org X-Gm-Message-State: AOJu0YwbCMv4yjp2k2VQweE0OzPMmcJyluVQXXaRcLdfHW1e8B9/nFnx LWI8Yh+GBLXfNxNl/cezjLWvqV82cRV9OCWHfiMyFn29EQGPlPctXmqA X-Gm-Gg: Acq92OHI1NDYve5PowZUCCK7eo+PaxsnsLO+8yaJrfPRz1KxQubZpKxmL+BeMMib51W P9L4wP9EmjeTp1U36WvHQxCPP3KvDA/uSpVh+AWftcy+2eVyxVu4TpKo50Y+Y0HXMqGbK2aon8c gba86IjaVs57VS6+TNkQPU12iDvHEUM7G1gTk3o2aptbYiCjjCcnGOPywQc8COHVaPabMFLYQ3N 7JPDPwKdmO5MBoLyB2ah54taZOKxdokkKfV5HwhnhtliVizSVyC9+bDsBUUjsJnXAYgt+ed97ll JDHikzPc+ry0xfpv+3V58FPfNVURxjZp1gPvJ0vNgPjUFdpF52qCtPog1tZDmORnA7CZpzHLeR2 TGw2D9RVop3BKekIlTBuGjB8WiCxILuGz0WZAz22SIAFd0PaoE6kzW85gVKZ8TcQTCjH4Rq13sp AuKgqm9vjZmSHcaNIq3I01FbQVAESKj9TvoRM/Iw7c+UE5hN13KM5CLR2RDbrdBJzpqoAEg5e2S xOG9D8= X-Received: by 2002:a2e:be0a:0:b0:396:8c15:a4c5 with SMTP id 38308e7fff4ca-396d07f0a57mr12861801fa.1.1780679080033; Fri, 05 Jun 2026 10:04:40 -0700 (PDT) Received: from c0624c666cc5.devsec.astralinux.ru ([93.188.205.42]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-396ac07b66asm26931161fa.11.2026.06.05.10.04.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 10:04:38 -0700 (PDT) From: Vladislav Nikolaev To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: Vladislav Nikolaev , Zhu Yanjun , Doug Ledford , Jason Gunthorpe , Haggai Eran , Kamal Heib , Amir Vadai , Moni Shoua , Yonatan Cohen , Leon Romanovsky , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, Zhu Yanjun , lvc-project@linuxtesting.org, syzbot+4edb496c3cad6e953a31@syzkaller.appspotmail.com, Zhu Yanjun Subject: [PATCH 6.1 3/3] RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Date: Fri, 5 Jun 2026 20:03:29 +0300 Message-ID: <20260605170349.1524-4-vlad102nikolaev@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260605170349.1524-1-vlad102nikolaev@gmail.com> References: <20260605170349.1524-1-vlad102nikolaev@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zhu Yanjun commit 1c7eec4d5f3b39cdea2153abaebf1b7229a47072 upstream. Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 assign_lock_key kernel/locking/lockdep.c:986 [inline] register_lock_class+0x4a3/0x4c0 kernel/locking/lockdep.c:1300 __lock_acquire+0x99/0x1ba0 kernel/locking/lockdep.c:5110 lock_acquire kernel/locking/lockdep.c:5866 [inline] lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5823 __timer_delete_sync+0x152/0x1b0 kernel/time/timer.c:1644 rxe_qp_do_cleanup+0x5c3/0x7e0 drivers/infiniband/sw/rxe/rxe_qp.c:815 execute_in_process_context+0x3a/0x160 kernel/workqueue.c:4596 __rxe_cleanup+0x267/0x3c0 drivers/infiniband/sw/rxe/rxe_pool.c:232 rxe_create_qp+0x3f7/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:604 create_qp+0x62d/0xa80 drivers/infiniband/core/verbs.c:1250 ib_create_qp_kernel+0x9f/0x310 drivers/infiniband/core/verbs.c:1361 ib_create_qp include/rdma/ib_verbs.h:3803 [inline] rdma_create_qp+0x10c/0x340 drivers/infiniband/core/cma.c:1144 rds_ib_setup_qp+0xc86/0x19a0 net/rds/ib_cm.c:600 rds_ib_cm_initiate_connect+0x1e8/0x3d0 net/rds/ib_cm.c:944 rds_rdma_cm_event_handler_cmn+0x61f/0x8c0 net/rds/rdma_transport.c:109 cma_cm_event_handler+0x94/0x300 drivers/infiniband/core/cma.c:2184 cma_work_handler+0x15b/0x230 drivers/infiniband/core/cma.c:3042 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The root cause is as below: In the function rxe_create_qp, the function rxe_qp_from_init is called to create qp, if this function rxe_qp_from_init fails, rxe_cleanup will be called to handle all the allocated resources, including the timers: retrans_timer and rnr_nak_timer. The function rxe_qp_from_init calls the function rxe_qp_init_req to initialize the timers: retrans_timer and rnr_nak_timer. But these timers are initialized in the end of rxe_qp_init_req. If some errors occur before the initialization of these timers, this problem will occur. The solution is to check whether these timers are initialized or not. If these timers are not initialized, ignore these timers. Fixes: 8700e3e7c485 ("Soft RoCE driver") Reported-by: syzbot+4edb496c3cad6e953a31@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D4edb496c3cad6e953a31 Signed-off-by: Zhu Yanjun Link: https://patch.msgid.link/20250419080741.1515231-1-yanjun.zhu@linux.dev Signed-off-by: Leon Romanovsky [ Vladislav: keep del_timer_sync() because linux-6.1.y has not renamed it to timer_delete_sync() yet. ] Signed-off-by: Vladislav Nikolaev --- drivers/infiniband/sw/rxe/rxe_qp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe= /rxe_qp.c index 171c0f4dcbec..899fee5f145a 100644 --- a/drivers/infiniband/sw/rxe/rxe_qp.c +++ b/drivers/infiniband/sw/rxe/rxe_qp.c @@ -782,7 +782,12 @@ static void rxe_qp_do_cleanup(struct work_struct *work) qp->valid =3D 0; qp->qp_timeout_jiffies =3D 0; =20 - if (qp_type(qp) =3D=3D IB_QPT_RC) { + /* In the function timer_setup, .function is initialized. If .function + * is NULL, it indicates the function timer_setup is not called, the + * timer is not initialized. Or else, the timer is initialized. + */ + if (qp_type(qp) =3D=3D IB_QPT_RC && qp->retrans_timer.function && + qp->rnr_nak_timer.function) { del_timer_sync(&qp->retrans_timer); del_timer_sync(&qp->rnr_nak_timer); } --=20 2.43.0