From: Leon Romanovsky <leon@kernel.org>
To: jgg@ziepe.ca
Cc: syzbot <syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com>,
linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3)
Date: Wed, 14 May 2025 11:54:21 +0300 [thread overview]
Message-ID: <20250514085421.GO22843@unreal> (raw)
In-Reply-To: <68232e7b.050a0220.f2294.09f6.GAE@google.com>
On Tue, May 13, 2025 at 04:35:23AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a
> dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
> compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com
>
> --
> ------------[ cut here ]------------
> GID entry ref leak for dev syz1 index 2 ref=573
Jason,
According to repro https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000, we joined multicast group,
but never left it. This is how we can get "ref=573".
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r2}}, 0x30)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000900)={0x16, 0x98, 0xfa00, {0x0, 0x5, r2, 0x10, 0x1, @in={0x2, 0x4e23, @loopback}}}, 0xa0)
Thanks
> WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
> WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
> Modules linked in:
> CPU: 1 UID: 0 PID: 655 Comm: kworker/u8:10 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
> Workqueue: ib-unreg-wq ib_unregister_work
> pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
> pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
> lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
> lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
> sp : ffff80009c927860
> x29: ffff80009c9278b0 x28: ffff0000d2b52f00 x27: ffff0000d77ee8d8
> x26: ffff0000d77ee800 x25: 0000000000000010 x24: 0000000000000001
> x23: ffff800092818000 x22: dfff800000000000 x21: 0000000000000003
> x20: 1fffe0001aefdd1b x19: 1fffe0001aefdd00 x18: 00000000ffffffff
> x17: 0000000000000000 x16: ffff80008adb410c x15: 0000000000000001
> x14: 1fffe000338716e2 x13: 0000000000000000 x12: 0000000000000000
> x11: ffff6000338716e3 x10: 0000000000ff0100 x9 : 1b90c18326689500
> x8 : 1b90c18326689500 x7 : 0000000000000001 x6 : 0000000000000001
> x5 : ffff80009c9271b8 x4 : ffff80008f405b40 x3 : ffff8000807b1330
> x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
> Call trace:
> release_gid_table drivers/infiniband/core/cache.c:806 [inline] (P)
> gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 (P)
> ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1636
> ib_device_release+0xc4/0x194 drivers/infiniband/core/device.c:482
> device_release+0x8c/0x1ac drivers/base/core.c:-1
> kobject_cleanup lib/kobject.c:689 [inline]
> kobject_release lib/kobject.c:720 [inline]
> kref_put include/linux/kref.h:65 [inline]
> kobject_put+0x2b0/0x438 lib/kobject.c:737
> put_device+0x28/0x40 drivers/base/core.c:3800
> ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1629
> process_one_work+0x7e8/0x156c kernel/workqueue.c:3238
> process_scheduled_works kernel/workqueue.c:3319 [inline]
> worker_thread+0x958/0xed8 kernel/workqueue.c:3400
> kthread+0x5fc/0x75c kernel/kthread.c:464
> ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
> irq event stamp: 1499918
> hardirqs last enabled at (1499917): [<ffff80008054cc08>] __up_console_sem kernel/printk/printk.c:344 [inline]
> hardirqs last enabled at (1499917): [<ffff80008054cc08>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885
> hardirqs last disabled at (1499918): [<ffff80008adaf5e0>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
> softirqs last enabled at (1496318): [<ffff8000803cbf1c>] softirq_handle_end kernel/softirq.c:425 [inline]
> softirqs last enabled at (1496318): [<ffff8000803cbf1c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
> softirqs last disabled at (1496303): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
> ---[ end trace 0000000000000000 ]---
> wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
next prev parent reply other threads:[~2025-05-14 8:54 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-13 11:35 [syzbot] [rdma?] WARNING in gid_table_release_one (3) syzbot
2025-05-14 8:54 ` Leon Romanovsky [this message]
2025-09-17 12:45 ` Jason Gunthorpe
2025-06-25 21:01 ` [syzbot] " syzbot
2025-09-11 15:34 ` syzbot
2025-09-12 3:39 ` Hillf Danton
2025-09-12 4:05 ` syzbot
2025-09-12 8:33 ` Hillf Danton
2025-09-12 8:36 ` syzbot
2025-09-12 9:42 ` Hillf Danton
2025-09-12 13:23 ` syzbot
2025-09-13 1:25 ` Hillf Danton
2025-09-13 2:48 ` syzbot
2025-09-13 7:25 ` Hillf Danton
2025-09-13 8:06 ` syzbot
2025-09-16 16:15 ` yanjun.zhu
2025-09-12 4:42 ` syzbot
2025-09-12 19:38 ` yanjun.zhu
2025-09-12 20:01 ` Yanjun.Zhu
2025-09-12 22:33 ` Yanjun.Zhu
2025-09-12 22:55 ` Yanjun.Zhu
2025-09-12 20:50 ` Forwarded: " syzbot
2025-09-12 21:44 ` syzbot
2025-09-15 21:34 ` syzbot
2025-09-15 22:49 ` syzbot
2025-09-16 1:02 ` syzbot
2025-09-16 5:02 ` syzbot
2025-09-16 15:21 ` syzbot
2025-09-16 21:16 ` syzbot
2025-09-16 21:47 ` syzbot
2025-09-18 4:27 ` syzbot
2025-11-04 18:47 ` syzbot
2025-11-04 21:03 ` syzbot
2025-11-05 16:44 ` syzbot
2025-11-05 17:24 ` syzbot
2025-11-05 18:33 ` syzbot
2025-11-06 0:33 ` syzbot
2025-11-06 1:45 ` syzbot
2025-11-06 18:57 ` syzbot
2025-12-07 13:18 ` syzbot
2025-12-07 13:20 ` Forwarded: Fwd: " syzbot
2025-12-07 15:13 ` Forwarded: " syzbot
[not found] <c9778714-2966-4b61-b371-9d831bd2492e@linux.dev>
2025-09-12 21:20 ` syzbot
[not found] <19d2990f-ba92-4fef-891d-26baf03afe18@linux.dev>
2025-09-12 21:43 ` syzbot
[not found] <b678b916-ad9f-4845-91b5-2e5d1f79fe24@linux.dev>
2025-09-12 22:04 ` syzbot
[not found] <5fb34b0f-435e-4584-abe0-bbf7839b44df@linux.dev>
2025-09-15 19:07 ` syzbot
[not found] <b06c5a01-839f-47bf-9530-705ec838fcbe@linux.dev>
2025-09-15 19:16 ` syzbot
[not found] <1ea1efd9-4c9d-4432-82b7-f8998bd4e421@linux.dev>
2025-09-15 19:39 ` syzbot
[not found] <dfb7c3c3-dba2-4c99-9347-50715e652c59@linux.dev>
2025-09-15 20:55 ` syzbot
[not found] <7d02a204-fcf6-42c5-b9ad-b7238b9c703b@linux.dev>
2025-09-15 21:14 ` syzbot
[not found] <e50a6a79-6c0c-4313-a09e-a69d8456b202@linux.dev>
2025-09-15 22:14 ` syzbot
[not found] <d61c07c8-c5c1-4cfe-ad23-d972eaff8b9b@linux.dev>
2025-09-16 1:12 ` syzbot
[not found] <6aed82d8-8e65-402d-909e-b8cfbfbb41e4@linux.dev>
2025-09-16 2:10 ` syzbot
[not found] <a3dcd664-b39c-47ff-a61c-f834ba130a16@linux.dev>
2025-09-16 5:59 ` syzbot
[not found] <bc6d2cd1-39a3-4b95-b8b1-92fecf28679d@linux.dev>
2025-09-16 15:48 ` syzbot
2025-09-16 16:12 ` Yanjun.Zhu
[not found] <295acd4d-1f40-455a-9d2f-27393cd047bd@linux.dev>
2025-09-16 21:39 ` syzbot
[not found] <689cd5e4-1ebe-4b81-8036-68393d61f4ce@linux.dev>
2025-09-16 22:21 ` syzbot
[not found] <b0988506-dbc6-4d28-8f19-9c50bdc44f84@linux.dev>
2025-09-18 6:13 ` syzbot
[not found] <f5a387d4-eae3-4932-b170-37ff38ebe78d@linux.dev>
2025-11-04 23:22 ` syzbot
[not found] <198ed0eb-2451-4651-b723-a506e3cf853b@linux.dev>
2025-11-04 23:50 ` syzbot
[not found] <185e135e-0e17-4ef8-91a2-15e69897cd01@linux.dev>
2025-11-05 17:06 ` syzbot
2025-11-05 17:14 ` Jason Gunthorpe
2025-11-05 17:24 ` Yanjun.Zhu
2025-11-05 18:50 ` Leon Romanovsky
2025-11-05 20:10 ` Yanjun.Zhu
2025-11-06 0:44 ` Yanjun.Zhu
[not found] <c2d8fc24-08a7-47fe-8f68-cc9bbe6c55a4@linux.dev>
2025-11-05 18:45 ` syzbot
[not found] <d8cba3c4-117b-4e7c-a442-d38d5289680f@linux.dev>
2025-11-05 19:36 ` syzbot
[not found] <38f2a630-7edc-4e9b-b5aa-3e983d67d024@linux.dev>
2025-11-06 1:11 ` syzbot
[not found] <81fedfc2-8e6e-44f3-94d4-2c694c759ded@linux.dev>
2025-11-06 4:02 ` syzbot
[not found] <ffdab397-0096-4946-a7d5-073300cc34a3@linux.dev>
2025-11-06 21:02 ` syzbot
2025-11-06 21:08 ` Yanjun.Zhu
[not found] <dcc6491f-5f67-468b-a21a-90071719fa4b@nvidia.com>
2025-12-07 13:54 ` syzbot
[not found] <b40caa64-c06d-4b9d-bb0b-351d2858ee63@nvidia.com>
2025-12-07 14:22 ` syzbot
[not found] <1d5af932-89da-4492-b2b3-623783f0629f@nvidia.com>
2025-12-07 16:50 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250514085421.GO22843@unreal \
--to=leon@kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.