[syzbot] [rdma?] WARNING in gid_table_release_one (3)
5 views
Skip to first unread message
syzbot
May 13, 2025, 7:35:36 AMMay 13
to j...@ziepe.ca, le...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000
kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
--
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=573
WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 UID: 0 PID: 655 Comm: kworker/u8:10 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ib-unreg-wq ib_unregister_work
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
sp : ffff80009c927860
x29: ffff80009c9278b0 x28: ffff0000d2b52f00 x27: ffff0000d77ee8d8
x26: ffff0000d77ee800 x25: 0000000000000010 x24: 0000000000000001
x23: ffff800092818000 x22: dfff800000000000 x21: 0000000000000003
x20: 1fffe0001aefdd1b x19: 1fffe0001aefdd00 x18: 00000000ffffffff
x17: 0000000000000000 x16: ffff80008adb410c x15: 0000000000000001
x14: 1fffe000338716e2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000338716e3 x10: 0000000000ff0100 x9 : 1b90c18326689500
x8 : 1b90c18326689500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009c9271b8 x4 : ffff80008f405b40 x3 : ffff8000807b1330
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
release_gid_table drivers/infiniband/core/cache.c:806 [inline] (P)
gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 (P)
ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1636
ib_device_release+0xc4/0x194 drivers/infiniband/core/device.c:482
device_release+0x8c/0x1ac drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2b0/0x438 lib/kobject.c:737
put_device+0x28/0x40 drivers/base/core.c:3800
ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1629
process_one_work+0x7e8/0x156c kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3400
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
irq event stamp: 1499918
hardirqs last enabled at (1499917): [<ffff80008054cc08>] __up_console_sem kernel/printk/printk.c:344 [inline]
hardirqs last enabled at (1499917): [<ffff80008054cc08>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885
hardirqs last disabled at (1499918): [<ffff80008adaf5e0>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last enabled at (1496318): [<ffff8000803cbf1c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last enabled at (1496318): [<ffff8000803cbf1c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (1496303): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000
kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
--
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=573
WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 UID: 0 PID: 655 Comm: kworker/u8:10 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ib-unreg-wq ib_unregister_work
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
sp : ffff80009c927860
x29: ffff80009c9278b0 x28: ffff0000d2b52f00 x27: ffff0000d77ee8d8
x26: ffff0000d77ee800 x25: 0000000000000010 x24: 0000000000000001
x23: ffff800092818000 x22: dfff800000000000 x21: 0000000000000003
x20: 1fffe0001aefdd1b x19: 1fffe0001aefdd00 x18: 00000000ffffffff
x17: 0000000000000000 x16: ffff80008adb410c x15: 0000000000000001
x14: 1fffe000338716e2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000338716e3 x10: 0000000000ff0100 x9 : 1b90c18326689500
x8 : 1b90c18326689500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009c9271b8 x4 : ffff80008f405b40 x3 : ffff8000807b1330
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
release_gid_table drivers/infiniband/core/cache.c:806 [inline] (P)
gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 (P)
ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1636
ib_device_release+0xc4/0x194 drivers/infiniband/core/device.c:482
device_release+0x8c/0x1ac drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2b0/0x438 lib/kobject.c:737
put_device+0x28/0x40 drivers/base/core.c:3800
ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1629
process_one_work+0x7e8/0x156c kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3400
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
irq event stamp: 1499918
hardirqs last enabled at (1499917): [<ffff80008054cc08>] __up_console_sem kernel/printk/printk.c:344 [inline]
hardirqs last enabled at (1499917): [<ffff80008054cc08>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885
hardirqs last disabled at (1499918): [<ffff80008adaf5e0>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last enabled at (1496318): [<ffff8000803cbf1c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last enabled at (1496318): [<ffff8000803cbf1c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (1496303): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Leon Romanovsky
May 14, 2025, 4:54:30 AMMay 14
to j...@ziepe.ca, syzbot, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
On Tue, May 13, 2025 at 04:35:23AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
>
> --
> ------------[ cut here ]------------
> GID entry ref leak for dev syz1 index 2 ref=573
Jason,
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
>
> --
> ------------[ cut here ]------------
> GID entry ref leak for dev syz1 index 2 ref=573
According to repro https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000, we joined multicast group,
but never left it. This is how we can get "ref=573".
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r2}}, 0x30)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000900)={0x16, 0x98, 0xfa00, {0x0, 0x5, r2, 0x10, 0x1, @in={0x2, 0x4e23, @loopback}}}, 0xa0)
Thanks
syzbot
Jun 25, 2025, 5:01:29 PMJun 25
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: RE: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Author: edw...@nvidia.com
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: RE: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Author: edw...@nvidia.com
syzbot
Sep 11, 2025, 11:34:28 AM (4 days ago) Sep 11
to edw...@nvidia.com, j...@ziepe.ca, le...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df0dfb072f52/disk-5f540c4a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20649042ae30/vmlinux-5f540c4a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4c16358268b8/bzImage-5f540c4a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=615
WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:2/36
WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:2/36
Modules linked in:
CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 43 91 8c 4c 89 e6 44 89 fa e8 fb 67 f5 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc90000ac7908 EFLAGS: 00010246
RAX: 621d731dcb27e200 RBX: ffff88806241b8d8 RCX: ffff888141289e40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100c48371b R08: ffff8880b8724253 R09: 1ffff110170e484a
R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888027503e00
R13: ffff88806241b800 R14: ffff8880289a2400 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8881259f0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555569847588 CR3: 00000000338c8000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x99/0x1c0 drivers/base/core.c:-1
process_one_work kernel/workqueue.c:3263 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x47c/0x820 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
---
HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df0dfb072f52/disk-5f540c4a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20649042ae30/vmlinux-5f540c4a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4c16358268b8/bzImage-5f540c4a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
GID entry ref leak for dev syz1 index 2 ref=615
WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:2/36
WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:2/36
Modules linked in:
CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 43 91 8c 4c 89 e6 44 89 fa e8 fb 67 f5 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc90000ac7908 EFLAGS: 00010246
RAX: 621d731dcb27e200 RBX: ffff88806241b8d8 RCX: ffff888141289e40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100c48371b R08: ffff8880b8724253 R09: 1ffff110170e484a
R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888027503e00
R13: ffff88806241b800 R14: ffff8880289a2400 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8881259f0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555569847588 CR3: 00000000338c8000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x99/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x480 lib/kobject.c:737
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
process_one_work kernel/workqueue.c:3263 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x47c/0x820 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
---
Hillf Danton
Sep 11, 2025, 11:39:30 PM (4 days ago) Sep 11
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Thu, 11 Sep 2025 08:34:25 -0700 [thread overview]
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
--
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
#syz test
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
--
syzbot
Sep 12, 2025, 12:05:04 AM (4 days ago) Sep 12
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
mm/slub.c:3960:27: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
Tested on:
commit: 8f21d9da Add linux-next specific files for 20250911
git tree: linux-next
syzbot tried to test the proposed patch but the build/boot failed:
mm/slub.c:3960:27: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
Tested on:
commit: 8f21d9da Add linux-next specific files for 20250911
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=168ba362580000
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Sep 12, 2025, 12:42:04 AM (4 days ago) Sep 12
to edw...@nvidia.com, hda...@sina.com, j...@ziepe.ca, le...@kernel.org, leo...@nvidia.com, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
syzbot has bisected this issue to:
commit a92fbeac7e94a420b55570c10fe1b90e64da4025
Author: Leon Romanovsky <leo...@nvidia.com>
Date: Tue May 28 12:52:51 2024 +0000
RDMA/cache: Release GID table even if leak is detected
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13fc9642580000
start commit: 5f540c4aade9 Add linux-next specific files for 20250910
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=10029642580000
console output: https://syzkaller.appspot.com/x/log.txt?x=17fc9642580000
Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is detected")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit a92fbeac7e94a420b55570c10fe1b90e64da4025
Author: Leon Romanovsky <leo...@nvidia.com>
Date: Tue May 28 12:52:51 2024 +0000
RDMA/cache: Release GID table even if leak is detected
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13fc9642580000
start commit: 5f540c4aade9 Add linux-next specific files for 20250910
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=10029642580000
console output: https://syzkaller.appspot.com/x/log.txt?x=17fc9642580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is detected")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Hillf Danton
Sep 12, 2025, 4:34:17 AM (4 days ago) Sep 12
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Thu, 11 Sep 2025 08:34:25 -0700 [thread overview]
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
#syz test
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
--- x/mm/slub.c
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
+++ y/mm/slub.c
@@ -3957,7 +3957,7 @@ static void flush_rcu_sheaf(struct work_
/* needed for kvfree_rcu_barrier() */
-void flush_all_rcu_sheaves()
+void flush_all_rcu_sheaves(void)
{
struct slub_percpu_sheaves *pcs;
struct slub_flush_work *sfw;
--
syzbot
Sep 12, 2025, 4:36:06 AM (4 days ago) Sep 12
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
syzbot tried to test the proposed patch but the build/boot failed:
checking file drivers/infiniband/core/device.c
checking file mm/slub.c
Hunk #1 FAILED at 3957.
1 out of 1 hunk FAILED
Tested on:
commit: 590b221e Add linux-next specific files for 20250912
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=17bfe934580000
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler:
Hillf Danton
Sep 12, 2025, 5:42:43 AM (4 days ago) Sep 12
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Thu, 11 Sep 2025 08:34:25 -0700 [thread overview]
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
syzbot
Sep 12, 2025, 9:23:07 AM (4 days ago) Sep 12
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=580
WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:1/13
WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:1/13
Modules linked in:
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full)
RSP: 0018:ffffc90000127908 EFLAGS: 00010246
RAX: a8b5d3ea91c5d400 RBX: ffff888026a6b6d8 RCX: ffff88801d298000
R10: dffffc0000000000 R11: fffffbfff1c3a6c8 R12: ffff88802f551b00
R13: ffff888026a6b600 R14: ffff88802899a700 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8881259e8000(0000) knlGS:0000000000000000
Call Trace:
<TASK>
ib_device_release+0xda/0x1d0 drivers/infiniband/core/device.c:510
device_release+0x9c/0x1c0 drivers/base/core.c:-1
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 590b221e Add linux-next specific files for 20250912
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=151eeb12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12a1d1f3a8199632
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=580
WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:1/13
WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:1/13
Modules linked in:
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 56 91 8c 4c 89 e6 44 89 fa e8 1b a8 f4 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
RSP: 0018:ffffc90000127908 EFLAGS: 00010246
RAX: a8b5d3ea91c5d400 RBX: ffff888026a6b6d8 RCX: ffff88801d298000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff11004d4d6db R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3a6c8 R12: ffff88802f551b00
R13: ffff888026a6b600 R14: ffff88802899a700 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8881259e8000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555f9ed808 CR3: 0000000033a60000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xda/0x1d0 drivers/infiniband/core/device.c:510
device_release+0x9c/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
process_one_work kernel/workqueue.c:3263 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 590b221e Add linux-next specific files for 20250912
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=151eeb12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12a1d1f3a8199632
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=15381934580000
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
yanjun.zhu
Sep 12, 2025, 3:38:12 PM (3 days ago) Sep 12
to syzbot, edw...@nvidia.com, hda...@sina.com, j...@ziepe.ca, le...@kernel.org, leo...@nvidia.com, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
On 9/11/25 9:42 PM, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit a92fbeac7e94a420b55570c10fe1b90e64da4025
> Author: Leon Romanovsky <leo...@nvidia.com>
> Date: Tue May 28 12:52:51 2024 +0000
>
> RDMA/cache: Release GID table even if leak is detected
Maybe this commit just detects ref leaks and reports ref leak.
> syzbot has bisected this issue to:
>
> commit a92fbeac7e94a420b55570c10fe1b90e64da4025
> Author: Leon Romanovsky <leo...@nvidia.com>
> Date: Tue May 28 12:52:51 2024 +0000
>
> RDMA/cache: Release GID table even if leak is detected
Even though this commit is reverted, this ref leak still occurs.
The root cause is not in this commit.
"
GID entry ref leak for dev syz1 index 2 ref=615
"
Ref leaks in dev syz1.
Zhu Yanjun
Yanjun.Zhu
Sep 12, 2025, 4:01:25 PM (3 days ago) Sep 12
to syzbot, edw...@nvidia.com, hda...@sina.com, j...@ziepe.ca, le...@kernel.org, leo...@nvidia.com, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
On 9/12/25 12:38 PM, yanjun.zhu wrote:
> On 9/11/25 9:42 PM, syzbot wrote:
>> syzbot has bisected this issue to:
>>
>> commit a92fbeac7e94a420b55570c10fe1b90e64da4025
>> Author: Leon Romanovsky <leo...@nvidia.com>
>> Date: Tue May 28 12:52:51 2024 +0000
>>
>> RDMA/cache: Release GID table even if leak is detected
>
> Maybe this commit just detects ref leaks and reports ref leak.
> Even though this commit is reverted, this ref leak still occurs.
>
> The root cause is not in this commit.
>
> "
> GID entry ref leak for dev syz1 index 2 ref=615
> "
>
> Ref leaks in dev syz1.
"
[ 184.209420][ T6164] infiniband syz1: set active
[ 184.215960][ T6164] infiniband syz1: added syz_tun
[ 184.222514][ T6001] veth0_macvtap: entered promiscuous mode
[ 184.231935][ T42] wlan0: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 184.239777][ T42] wlan0: Creating new IBSS network, BSSID
50:50:50:50:50:50
[ 184.256962][ T6001] veth1_macvtap: entered promiscuous mode
[ 184.276479][ T6164] syz1: rxe_create_cq: returned err = -12 < --
rxe_create_cq failed, the test should not continue.
[ 184.288430][ T6008] veth0_vlan: entered promiscuous mode
"
err = -12, is -ENOMEM.
It means that memory allocation fails.
Zhu Yanjun
syzbot
Sep 12, 2025, 4:50:06 PM (3 days ago) Sep 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: yanju...@linux.dev
#syz test: https://github.com/zhuyj/linux.git
v6.17_fix_gid_table_release_one
On 9/11/25 8:34 AM, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
>
> Downloadable assets:
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
>
> disk image: https://storage.googleapis.com/syzbot-assets/df0dfb072f52/disk-5f540c4a.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/20649042ae30/vmlinux-5f540c4a.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/4c16358268b8/bzImage-5f540c4a.xz
>
> vmlinux: https://storage.googleapis.com/syzbot-assets/20649042ae30/vmlinux-5f540c4a.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/4c16358268b8/bzImage-5f540c4a.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
>
> ------------[ cut here ]------------
> Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
>
> GID entry ref leak for dev syz1 index 2 ref=615
> WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:2/36
> WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:2/36
> Modules linked in:
> CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
> Workqueue: ib-unreg-wq ib_unregister_work
> RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
> RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
> Workqueue: ib-unreg-wq ib_unregister_work
> RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
> RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
> Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 43 91 8c 4c 89 e6 44 89 fa e8 fb 67 f5 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
> RSP: 0018:ffffc90000ac7908 EFLAGS: 00010246
> RAX: 621d731dcb27e200 RBX: ffff88806241b8d8 RCX: ffff888141289e40
> RSP: 0018:ffffc90000ac7908 EFLAGS: 00010246
> RAX: 621d731dcb27e200 RBX: ffff88806241b8d8 RCX: ffff888141289e40
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
> RBP: 1ffff1100c48371b R08: ffff8880b8724253 R09: 1ffff110170e484a
> R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888027503e00
> R13: ffff88806241b800 R14: ffff8880289a2400 R15: 0000000000000002
> R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888027503e00
> FS: 0000000000000000(0000) GS:ffff8881259f0000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000555569847588 CR3: 00000000338c8000 CR4: 00000000003526f0
> Call Trace:
> <TASK>
> ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
> device_release+0x99/0x1c0 drivers/base/core.c:-1
> kobject_cleanup lib/kobject.c:689 [inline]
> kobject_release lib/kobject.c:720 [inline]
> kref_put include/linux/kref.h:65 [inline]
> kobject_put+0x228/0x480 lib/kobject.c:737
> kobject_release lib/kobject.c:720 [inline]
> kref_put include/linux/kref.h:65 [inline]
> process_one_work kernel/workqueue.c:3263 [inline]
> process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
> worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
> kthread+0x711/0x8a0 kernel/kthread.c:463
> ret_from_fork+0x47c/0x820 arch/x86/kernel/process.c:158
> process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
> worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
> kthread+0x711/0x8a0 kernel/kthread.c:463
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
> </TASK>
>
>
> ---
syzbot
Sep 12, 2025, 5:20:05 PM (3 days ago) Sep 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yanju...@linux.dev
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
WARNING: CPU: 1 PID: 1342 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
WARNING: CPU: 1 PID: 1342 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 UID: 0 PID: 1342 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 46 71 8c 4c 89 e6 44 89 fa e8 3b a5 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
RSP: 0018:ffffc90004bff908 EFLAGS: 00010246
RAX: 6115427e6ab01100 RBX: ffff88807855c2d8 RCX: ffff888027abbc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100f0ab85b R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bfa24c R12: ffff8880206a4b40
R13: ffff88807855c200 R14: ffff88801ffd5a00 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000240 CR3: 000000005e54a000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x99/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x99/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: e5320428 RDMA/rxe: Add logs to find out the root cause
</TASK>
Tested on:
git tree: https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
console output: https://syzkaller.appspot.com/x/log.txt?x=12829934580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4239c29711f936f
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: no patches were applied.
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syzbot
Sep 12, 2025, 5:43:37 PM (3 days ago) Sep 12
to yanju...@linux.dev, j...@ziepe.ca, le...@kernel.org, yanju...@linux.dev, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
Sep 12, 2025, 5:44:34 PM (3 days ago) Sep 12
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Author: yanju...@linux.dev
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Author: yanju...@linux.dev
On 9/12/25 2:43 PM, syzbot wrote:
>> #syz test:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
> unknown command "test:https://github.com/zhuyj/linux.git"
>
>> On 9/12/25 2:20 PM, syzbot wrote:
>>> Hello,
>>>
>>> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
>>> WARNING in gid_table_release_one
>>>
>>> WARNING: CPU: 1 PID: 1342 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>>> WARNING: CPU: 1 PID: 1342 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>> #syz test:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
> unknown command "test:https://github.com/zhuyj/linux.git"
>
>> On 9/12/25 2:20 PM, syzbot wrote:
>>> Hello,
>>>
>>> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
>>> WARNING in gid_table_release_one
>>>
>>> WARNING: CPU: 1 PID: 1342 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>>> Modules linked in:
>>> CPU: 1 UID: 0 PID: 1342 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full)
>>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
>>> Workqueue: ib-unreg-wq ib_unregister_work
>>> RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>>> RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>>> Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 46 71 8c 4c 89 e6 44 89 fa e8 3b a5 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
>>> RSP: 0018:ffffc90004bff908 EFLAGS: 00010246
>>> RAX: 6115427e6ab01100 RBX: ffff88807855c2d8 RCX: ffff888027abbc00
>>> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
>>> RBP: 1ffff1100f0ab85b R08: 0000000000000003 R09: 0000000000000004
>>> R10: dffffc0000000000 R11: fffffbfff1bfa24c R12: ffff8880206a4b40
>>> R13: ffff88807855c200 R14: ffff88801ffd5a00 R15: 0000000000000002
>>> FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
>>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> CR2: 0000200000000240 CR3: 000000005e54a000 CR4: 00000000003526f0
>>> Call Trace:
>>> <TASK>
>>> ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
>>> device_release+0x99/0x1c0 drivers/base/core.c:-1
>>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
>>> Workqueue: ib-unreg-wq ib_unregister_work
>>> RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>>> RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>>> Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 46 71 8c 4c 89 e6 44 89 fa e8 3b a5 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
>>> RSP: 0018:ffffc90004bff908 EFLAGS: 00010246
>>> RAX: 6115427e6ab01100 RBX: ffff88807855c2d8 RCX: ffff888027abbc00
>>> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
>>> RBP: 1ffff1100f0ab85b R08: 0000000000000003 R09: 0000000000000004
>>> R10: dffffc0000000000 R11: fffffbfff1bfa24c R12: ffff8880206a4b40
>>> R13: ffff88807855c200 R14: ffff88801ffd5a00 R15: 0000000000000002
>>> FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
>>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> CR2: 0000200000000240 CR3: 000000005e54a000 CR4: 00000000003526f0
>>> Call Trace:
>>> <TASK>
>>> ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
>>> kobject_cleanup lib/kobject.c:689 [inline]
>>> kobject_release lib/kobject.c:720 [inline]
>>> kref_put include/linux/kref.h:65 [inline]
>>> kobject_release lib/kobject.c:720 [inline]
>>> kref_put include/linux/kref.h:65 [inline]
>>> kobject_put+0x22b/0x480 lib/kobject.c:737
>>> process_one_work kernel/workqueue.c:3236 [inline]
>>> process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
>>> worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
>>> kthread+0x70e/0x8a0 kernel/kthread.c:463
>>> ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
>>> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
>>> </TASK>
>>>
>>>
>>> Tested on:
>>>
>>> commit: e5320428 RDMA/rxe: Add logs to find out the root cause
>>> git tree:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
>>> console output:https://syzkaller.appspot.com/x/log.txt?x=12829934580000
>>> kernel config:https://syzkaller.appspot.com/x/.config?x=4239c29711f936f
>>> dashboard link:https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
>>> process_one_work kernel/workqueue.c:3236 [inline]
>>> process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
>>> worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
>>> kthread+0x70e/0x8a0 kernel/kthread.c:463
>>> ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
>>> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
>>> </TASK>
>>>
>>>
>>> Tested on:
>>>
>>> commit: e5320428 RDMA/rxe: Add logs to find out the root cause
>>> git tree:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
>>> console output:https://syzkaller.appspot.com/x/log.txt?x=12829934580000
>>> kernel config:https://syzkaller.appspot.com/x/.config?x=4239c29711f936f
syzbot
Sep 12, 2025, 6:04:07 PM (3 days ago) Sep 12
to j...@ziepe.ca, le...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, yanju...@linux.dev
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
GID entry ref leak for dev syz1 index 2 ref=445
WARNING: CPU: 1 PID: 1088 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 1088 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 UID: 0 PID: 1088 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 46 71 8c 4c 89 e6 44 89 fa e8 3b a5 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc90003d0f908 EFLAGS: 00010246
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 46 71 8c 4c 89 e6 44 89 fa e8 3b a5 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RAX: 11007f8b953ea200 RBX: ffff88802d562cd8 RCX: ffff888026adda00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff11005aac59b R08: ffff8880b8724253 R09: 1ffff110170e484a
R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888028265480
R13: ffff88802d562c00 R14: ffff8880779b1800 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000240 CR3: 000000007612e000 CR4: 00000000003526f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x99/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: dd87fd3f RDMA/rxe: Add logs to find out the root cause
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x99/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
git tree: https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
console output: https://syzkaller.appspot.com/x/log.txt?x=144a9934580000
Yanjun.Zhu
Sep 12, 2025, 6:33:42 PM (3 days ago) Sep 12
to syzbot, edw...@nvidia.com, hda...@sina.com, j...@ziepe.ca, le...@kernel.org, leo...@nvidia.com, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
[ 139.015974][ T6730] rdma_rxe: vmalloc_user failed, buf_size: 131456,
num_slots: 1024, elem_size: 128
[ 139.016142][ T6730] syz1: rxe_cq_from_init: unable to create cq
"
From the above logs, vmalloc_user() fails when trying to allocate
131,456 bytes of memory.
Is there a specific limit on vmalloc allocations in this test case?
Also, what is the size of memory available on this machine? (Hardware
name: Google Google Compute Engine/Google Compute Engine, BIOS Google
08/18/2025)
Thanks,
Zhu Yanjun
Yanjun.Zhu
Sep 12, 2025, 6:55:23 PM (3 days ago) Sep 12
to syzbot, edw...@nvidia.com, hda...@sina.com, j...@ziepe.ca, le...@kernel.org, leo...@nvidia.com, linux-...@vger.kernel.org, linux...@vger.kernel.org, syzkall...@googlegroups.com
https://syzkaller.appspot.com/x/log.txt?x=144a9934580000
Please check it.
Zhu Yanjun
Hillf Danton
Sep 12, 2025, 9:25:30 PM (3 days ago) Sep 12
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Thu, 11 Sep 2025 08:34:25 -0700 [thread overview]
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
#syz test
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
--- x/drivers/infiniband/core/cache.c
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
+++ y/drivers/infiniband/core/cache.c
@@ -824,7 +824,7 @@ static void cleanup_gid_table_port(struc
mutex_lock(&table->lock);
for (i = 0; i < table->sz; ++i) {
- if (is_gid_entry_valid(table->data_vec[i]))
+ if (table->data_vec[i])
del_gid(ib_dev, port, table, i);
}
mutex_unlock(&table->lock);
--
syzbot
Sep 12, 2025, 10:48:06 PM (3 days ago) Sep 12
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=452
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#1: kworker/u8:6/2125
WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#1: kworker/u8:6/2125
Modules linked in:
CPU: 1 UID: 0 PID: 2125 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 56 91 8c 4c 89 e6 44 89 fa e8 7b a8 f4 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
RSP: 0018:ffffc900050a7908 EFLAGS: 00010246
RAX: aa4d2ac68a741700 RBX: ffff888075471cd8 RCX: ffff888029ac9e40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100ea8e39b R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3a6c8 R12: ffff888028a5fe20
R13: ffff888075471c00 R14: ffff8880291e4000 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff888125ae8000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555556a47588 CR3: 000000007a4a8000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xda/0x1d0 drivers/infiniband/core/device.c:510
device_release+0x9c/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3263 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 590b221e Add linux-next specific files for 20250912
</TASK>
Tested on:
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=16939934580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12a1d1f3a8199632
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=12a76b62580000
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Hillf Danton
Sep 13, 2025, 3:25:59 AM (3 days ago) Sep 13
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Thu, 11 Sep 2025 08:34:25 -0700 [thread overview]
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
>
> HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000
#syz test
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
--- x/drivers/infiniband/core/cache.c
+++ y/drivers/infiniband/core/cache.c
@@ -393,11 +393,7 @@ static void del_gid(struct ib_device *ib
--- x/drivers/infiniband/core/device.c
+++ y/drivers/infiniband/core/device.c
@@ -506,6 +506,7 @@ static void ib_device_release(struct dev
if (dev->hw_stats_data)
ib_device_release_hw_stats(dev->hw_stats_data);
if (dev->port_data) {
+ ib_cache_cleanup_one(dev);
ib_cache_release_one(dev);
ib_security_release_port_pkey_list(dev);
rdma_counter_release(dev);
--- x/drivers/infiniband/core/cache.c
+++ y/drivers/infiniband/core/cache.c
write_lock_irq(&table->rwlock);
entry = table->data_vec[ix];
entry->state = GID_TABLE_ENTRY_PENDING_DEL;
- /*
- * For non RoCE protocol, GID entry slot is ready to use.
- */
- if (!rdma_protocol_roce(ib_dev, port))
- table->data_vec[ix] = NULL;
+ table->data_vec[ix] = NULL;
write_unlock_irq(&table->rwlock);
if (rdma_cap_roce_gid_table(ib_dev, port))
@@ -824,7 +820,7 @@ static void cleanup_gid_table_port(struc
syzbot
Sep 13, 2025, 4:06:05 AM (3 days ago) Sep 13
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
Tested-by: syzbot+b0da83...@syzkaller.appspotmail.com
Tested on:
commit: 590b221e Add linux-next specific files for 20250912
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14009b12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12a1d1f3a8199632
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+b0da83...@syzkaller.appspotmail.com
Tested-by: syzbot+b0da83...@syzkaller.appspotmail.com
Tested on:
commit: 590b221e Add linux-next specific files for 20250912
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14009b12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12a1d1f3a8199632
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=1135d642580000
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: testing is done by a robot and is best-effort only.
syzbot
3:07 PM (8 hours ago) 3:07 PM
to yanju...@linux.dev, j...@ziepe.ca, le...@kernel.org, yanju...@linux.dev, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> #syz test:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
unknown command "test:https://github.com/zhuyj/linux.git"
>
unknown command "test:https://github.com/zhuyj/linux.git"
>
> On 9/12/25 3:04 PM, syzbot wrote:
>> Hello,
>>
>> Hello,
>>
>> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
>> WARNING in gid_table_release_one
>>
>> ------------[ cut here ]------------
>> WARNING in gid_table_release_one
>>
>> ------------[ cut here ]------------
>> GID entry ref leak for dev syz1 index 2 ref=445
>> WARNING: CPU: 1 PID: 1088 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>> WARNING: CPU: 1 PID: 1088 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>> Modules linked in:
>> WARNING: CPU: 1 PID: 1088 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>> WARNING: CPU: 1 PID: 1088 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>> CPU: 1 UID: 0 PID: 1088 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full)
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
>> Workqueue: ib-unreg-wq ib_unregister_work
>> RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>> RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>> Workqueue: ib-unreg-wq ib_unregister_work
>> RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
>> RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886
>> Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 46 71 8c 4c 89 e6 44 89 fa e8 3b a5 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
>> RSP: 0018:ffffc90003d0f908 EFLAGS: 00010246
>> RAX: 11007f8b953ea200 RBX: ffff88802d562cd8 RCX: ffff888026adda00
>> RSP: 0018:ffffc90003d0f908 EFLAGS: 00010246
>> RAX: 11007f8b953ea200 RBX: ffff88802d562cd8 RCX: ffff888026adda00
>> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
>> RBP: 1ffff11005aac59b R08: ffff8880b8724253 R09: 1ffff110170e484a
>> R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888028265480
>> R13: ffff88802d562c00 R14: ffff8880779b1800 R15: 0000000000000002
>> R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888028265480
>> FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000200000000240 CR3: 000000007612e000 CR4: 00000000003526f0
>> Call Trace:
>> <TASK>
>> ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
>> device_release+0x99/0x1c0 drivers/base/core.c:-1
>> kobject_cleanup lib/kobject.c:689 [inline]
>> kobject_release lib/kobject.c:720 [inline]
>> kref_put include/linux/kref.h:65 [inline]
>> kobject_put+0x22b/0x480 lib/kobject.c:737
>> kobject_release lib/kobject.c:720 [inline]
>> kref_put include/linux/kref.h:65 [inline]
>> kobject_put+0x22b/0x480 lib/kobject.c:737
>> process_one_work kernel/workqueue.c:3236 [inline]
>> process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
>> worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
>> kthread+0x70e/0x8a0 kernel/kthread.c:463
>> ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
>> process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
>> worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
>> kthread+0x70e/0x8a0 kernel/kthread.c:463
>> ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
>> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
>> </TASK>
>>
>>
>> Tested on:
>>
>> </TASK>
>>
>>
>> Tested on:
>>
>> commit: dd87fd3f RDMA/rxe: Add logs to find out the root cause
>> git tree:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
>> console output:https://syzkaller.appspot.com/x/log.txt?x=144a9934580000
>> kernel config:https://syzkaller.appspot.com/x/.config?x=4239c29711f936f
>> git tree:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
>> console output:https://syzkaller.appspot.com/x/log.txt?x=144a9934580000
>> kernel config:https://syzkaller.appspot.com/x/.config?x=4239c29711f936f
>> dashboard link:https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
>> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
>>
>> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
>>
syzbot
3:16 PM (8 hours ago) 3:16 PM
to yanju...@linux.dev, j...@ziepe.ca, le...@kernel.org, yanju...@linux.dev, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
3:39 PM (8 hours ago) 3:39 PM
to yanju...@linux.dev, j...@ziepe.ca, le...@kernel.org, yanju...@linux.dev, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
4:55 PM (6 hours ago) 4:55 PM
to yanju...@linux.dev, j...@ziepe.ca, le...@kernel.org, yanju...@linux.dev, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> #syz test:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
unknown command "test:https://github.com/zhuyj/linux.git"
>
unknown command "test:https://github.com/zhuyj/linux.git"
>
> On 9/15/25 12:07 PM, Yanjun.Zhu wrote:
>> #syz test:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
>> #syz test:https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
syzbot
5:14 PM (6 hours ago) 5:14 PM
to yanju...@linux.dev, j...@ziepe.ca, le...@kernel.org, yanju...@linux.dev, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
5:34 PM (6 hours ago) 5:34 PM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Author: yanju...@linux.dev
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Author: yanju...@linux.dev
syzbot
6:14 PM (5 hours ago) 6:14 PM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, yanju...@linux.dev
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=468
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1038 at drivers/infiniband/core/cache.c:811 release_gid_table drivers/infiniband/core/cache.c:808 [inline]
WARNING: CPU: 0 PID: 1038 at drivers/infiniband/core/cache.c:811 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:888
Modules linked in:
CPU: 0 UID: 0 PID: 1038 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:808 [inline]
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:888
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 00 4b 71 8c 4c 89 e6 44 89 fa e8 2b 82 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc90003aaf908 EFLAGS: 00010246
RAX: d857da1c4d948b00 RBX: ffff88807e2b14d8 RCX: ffff8880265b5a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100fc5629b R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bfa24c R12: ffff888027d6d8e0
R13: ffff88807e2b1400 R14: ffff888025ba0100 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff888125c16000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe16e9d7dac CR3: 000000000df36000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x9c/0x1c0 drivers/base/core.c:-1
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 3a2493fa RDMA/rxe: Add logs to find out the root cause
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
git tree: https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
console output: https://syzkaller.appspot.com/x/log.txt?x=1662547c580000
syzbot
6:49 PM (4 hours ago) 6:49 PM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
9:02 PM (2 hours ago) 9:02 PM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
9:12 PM (2 hours ago) 9:12 PM
to j...@ziepe.ca, le...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, yanju...@linux.dev
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=414
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
WARNING: CPU: 1 PID: 61 at drivers/infiniband/core/cache.c:813 release_gid_table drivers/infiniband/core/cache.c:810 [inline]
WARNING: CPU: 1 PID: 61 at drivers/infiniband/core/cache.c:813 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:890
Modules linked in:
CPU: 1 UID: 0 PID: 61 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:810 [inline]
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:890
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 60 4b 71 8c 4c 89 e6 44 89 fa e8 1b 81 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc9000212f908 EFLAGS: 00010246
RAX: 083e9d4088da4900 RBX: ffff888077e080d8 RCX: ffff88801cb65a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100efc101b R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bfa24c R12: ffff8880335d2fa0
R13: ffff888077e08000 R14: ffff8880305cae00 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c003586000 CR3: 0000000031e18000 CR4: 00000000003526f0
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x9c/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 77403d3f RDMA/rxe: Add logs to find out the root cause
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x9c/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
git tree: https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
console output: https://syzkaller.appspot.com/x/log.txt?x=1399547c580000
syzbot
10:10 PM (1 hour ago) 10:10 PM
to j...@ziepe.ca, le...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, yanju...@linux.dev
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=450
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in gid_table_release_one
------------[ cut here ]------------
WARNING: CPU: 1 PID: 59 at drivers/infiniband/core/cache.c:813 release_gid_table drivers/infiniband/core/cache.c:810 [inline]
WARNING: CPU: 1 PID: 59 at drivers/infiniband/core/cache.c:813 gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:890
Modules linked in:
CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:810 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:890
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 60 4b 71 8c 4c 89 e6 44 89 fa e8 1b 81 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc9000210f908 EFLAGS: 00010246
Workqueue: ib-unreg-wq ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:810 [inline]
RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:890
Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 60 4b 71 8c 4c 89 e6 44 89 fa e8 1b 81 fa f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
RAX: 1a406f1d516b1b00 RBX: ffff88807d4a44d8 RCX: ffff88801bbf9e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 1ffff1100fa9489b R08: ffff8880b8724253 R09: 1ffff110170e484a
R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff8880202c6e80
R13: ffff88807d4a4400 R14: ffff88802566aa00 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000240 CR3: 0000000024970000 CR4: 00000000003526f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Call Trace:
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x9c/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 10a39576 RDMA/rxe: Add logs to find out the root cause
<TASK>
ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509
device_release+0x9c/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x22b/0x480 lib/kobject.c:737
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
git tree: https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one
console output: https://syzkaller.appspot.com/x/log.txt?x=114d8e42580000
Reply all
Reply to author
Forward
0 new messages