[v5.15] WARNING in gid_table_release_one
2 views
Skip to first unread message
syzbot
May 12, 2025, 4:58:25 PM5/12/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3b8db0e4f263 Linux 5.15.182
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=169962f4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f93aaf95aed43225
dashboard link: https://syzkaller.appspot.com/bug?extid=8b474f5d9a002f13359f
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b5fc99635e8/disk-3b8db0e4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5351a5e4c264/vmlinux-3b8db0e4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e022b133e1a6/bzImage-3b8db0e4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b474f...@syzkaller.appspotmail.com
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=1
WARNING: CPU: 1 PID: 144 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 144 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x30f/0x490 drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 0 PID: 144 Comm: kworker/u4:1 Not tainted 5.15.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Workqueue: events_unbound ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x30f/0x490 drivers/infiniband/core/cache.c:886
Code: 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3c 41 8b 0e 48 c7 c7 e0 a0 e2 8a 48 8b 74 24 20 44 89 fa e8 a1 55 7a 02 <0f> 0b e9 14 ff ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 1a ff
RSP: 0018:ffffc9000168fae8 EFLAGS: 00010246
RAX: cc49aa84bbba4000 RBX: ffff888078c462d8 RCX: ffff88801b960000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 1ffff1100f188c40 R08: dffffc0000000000 R09: ffffed1017224f24
R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: 1ffff1100f188c5b
R13: ffff888078c46200 R14: ffff88802b2a2400 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557013a15078 CR3: 000000001f093000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 00000000000000d8 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ib_device_release+0xce/0x1b0 drivers/infiniband/core/device.c:497
device_release+0x92/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:713 [inline]
kobject_release lib/kobject.c:744 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x21d/0x460 lib/kobject.c:761
process_one_work+0x863/0x1000 kernel/workqueue.c:2310
worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
kthread+0x436/0x520 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3b8db0e4f263 Linux 5.15.182
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=169962f4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f93aaf95aed43225
dashboard link: https://syzkaller.appspot.com/bug?extid=8b474f5d9a002f13359f
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b5fc99635e8/disk-3b8db0e4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5351a5e4c264/vmlinux-3b8db0e4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e022b133e1a6/bzImage-3b8db0e4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b474f...@syzkaller.appspotmail.com
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=1
WARNING: CPU: 1 PID: 144 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 144 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x30f/0x490 drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 0 PID: 144 Comm: kworker/u4:1 Not tainted 5.15.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Workqueue: events_unbound ib_unregister_work
RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline]
RIP: 0010:gid_table_release_one+0x30f/0x490 drivers/infiniband/core/cache.c:886
Code: 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3c 41 8b 0e 48 c7 c7 e0 a0 e2 8a 48 8b 74 24 20 44 89 fa e8 a1 55 7a 02 <0f> 0b e9 14 ff ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 1a ff
RSP: 0018:ffffc9000168fae8 EFLAGS: 00010246
RAX: cc49aa84bbba4000 RBX: ffff888078c462d8 RCX: ffff88801b960000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 1ffff1100f188c40 R08: dffffc0000000000 R09: ffffed1017224f24
R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: 1ffff1100f188c5b
R13: ffff888078c46200 R14: ffff88802b2a2400 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557013a15078 CR3: 000000001f093000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 00000000000000d8 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ib_device_release+0xce/0x1b0 drivers/infiniband/core/device.c:497
device_release+0x92/0x1c0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:713 [inline]
kobject_release lib/kobject.c:744 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x21d/0x460 lib/kobject.c:761
process_one_work+0x863/0x1000 kernel/workqueue.c:2310
worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
kthread+0x436/0x520 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 1, 2025, 7:56:34 AM6/1/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 98f47d0e9b8c Linux 5.15.184
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1788fed4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9eb2b5a65dfc4761
dashboard link: https://syzkaller.appspot.com/bug?extid=8b474f5d9a002f13359f
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17c5a00c580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d2845fb3af6c/disk-98f47d0e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1f12b743be24/vmlinux-98f47d0e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8f178b57ea38/Image-98f47d0e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b474f...@syzkaller.appspotmail.com
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=72
WARNING: CPU: 1 PID: 148 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 148 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 PID: 148 Comm: kworker/u4:2 Not tainted 5.15.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound ib_unregister_work
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
sp : ffff80001be27900
x29: ffff80001be27950 x28: ffff0000d2687600 x27: ffff0000d26882d8
x26: ffff0000d2688200 x25: 0000000000000010 x24: 0000000000000001
x23: ffff80001658e000 x22: dfff800000000000 x21: 0000000000000003
x20: 1fffe0001a4d105b x19: 1fffe0001a4d1040 x18: 0000000000000001
x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : 1082cbb731948700
x8 : 1082cbb731948700 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001be271f8 x4 : ffff80001422f280 x3 : ffff80000a732644
x2 : ffff0001a111cd10 x1 : 0000000100000000 x0 : 000000000000002e
Call trace:
release_gid_table drivers/infiniband/core/cache.c:806 [inline]
gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1648
ib_device_release+0xc4/0x18c drivers/infiniband/core/device.c:497
device_release+0x8c/0x1ac drivers/base/core.c:-1
put_device+0x28/0x40 drivers/base/core.c:3520
ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1595
process_one_work+0x79c/0x1140 kernel/workqueue.c:2310
worker_thread+0x8f4/0x101c kernel/workqueue.c:2457
kthread+0x374/0x454 kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 525608
hardirqs last enabled at (525607): [<ffff8000082f7654>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (525608): [<ffff8000111a0f18>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (525604): [<ffff80000819d0d8>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (525604): [<ffff80000819d0d8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:586
softirqs last disabled at (525459): [<ffff80000819d6dc>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (525459): [<ffff80000819d6dc>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (525459): [<ffff80000819d6dc>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (525459): [<ffff80000819d6dc>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:641
---[ end trace a0dbd26999cb8cdb ]---
netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 98f47d0e9b8c Linux 5.15.184
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1788fed4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9eb2b5a65dfc4761
dashboard link: https://syzkaller.appspot.com/bug?extid=8b474f5d9a002f13359f
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17c5a00c580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d2845fb3af6c/disk-98f47d0e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1f12b743be24/vmlinux-98f47d0e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8f178b57ea38/Image-98f47d0e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b474f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 148 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 148 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 PID: 148 Comm: kworker/u4:2 Not tainted 5.15.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound ib_unregister_work
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
sp : ffff80001be27900
x29: ffff80001be27950 x28: ffff0000d2687600 x27: ffff0000d26882d8
x26: ffff0000d2688200 x25: 0000000000000010 x24: 0000000000000001
x23: ffff80001658e000 x22: dfff800000000000 x21: 0000000000000003
x20: 1fffe0001a4d105b x19: 1fffe0001a4d1040 x18: 0000000000000001
x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff
x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100
x11: 0000000000000000 x10: 0000000000000000 x9 : 1082cbb731948700
x8 : 1082cbb731948700 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001be271f8 x4 : ffff80001422f280 x3 : ffff80000a732644
x2 : ffff0001a111cd10 x1 : 0000000100000000 x0 : 000000000000002e
Call trace:
release_gid_table drivers/infiniband/core/cache.c:806 [inline]
gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1648
ib_device_release+0xc4/0x18c drivers/infiniband/core/device.c:497
device_release+0x8c/0x1ac drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:713 [inline]
kobject_release lib/kobject.c:744 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2cc/0x454 lib/kobject.c:761
kobject_release lib/kobject.c:744 [inline]
kref_put include/linux/kref.h:65 [inline]
put_device+0x28/0x40 drivers/base/core.c:3520
ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1595
process_one_work+0x79c/0x1140 kernel/workqueue.c:2310
worker_thread+0x8f4/0x101c kernel/workqueue.c:2457
kthread+0x374/0x454 kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 525608
hardirqs last enabled at (525607): [<ffff8000082f7654>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (525608): [<ffff8000111a0f18>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (525604): [<ffff80000819d0d8>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (525604): [<ffff80000819d0d8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:586
softirqs last disabled at (525459): [<ffff80000819d6dc>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (525459): [<ffff80000819d6dc>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (525459): [<ffff80000819d6dc>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (525459): [<ffff80000819d6dc>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:641
---[ end trace a0dbd26999cb8cdb ]---
netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages