* [syzbot] [rdma?] WARNING in gid_table_release_one (3)
@ 2025-05-13 11:35 syzbot
2025-05-14 8:54 ` Leon Romanovsky
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: syzbot @ 2025-05-13 11:35 UTC (permalink / raw)
To: jgg, leon, linux-kernel, linux-rdma, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000
kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a
dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com
--
------------[ cut here ]------------
GID entry ref leak for dev syz1 index 2 ref=573
WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]
WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
Modules linked in:
CPU: 1 UID: 0 PID: 655 Comm: kworker/u8:10 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ib-unreg-wq ib_unregister_work
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline]
lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886
sp : ffff80009c927860
x29: ffff80009c9278b0 x28: ffff0000d2b52f00 x27: ffff0000d77ee8d8
x26: ffff0000d77ee800 x25: 0000000000000010 x24: 0000000000000001
x23: ffff800092818000 x22: dfff800000000000 x21: 0000000000000003
x20: 1fffe0001aefdd1b x19: 1fffe0001aefdd00 x18: 00000000ffffffff
x17: 0000000000000000 x16: ffff80008adb410c x15: 0000000000000001
x14: 1fffe000338716e2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000338716e3 x10: 0000000000ff0100 x9 : 1b90c18326689500
x8 : 1b90c18326689500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009c9271b8 x4 : ffff80008f405b40 x3 : ffff8000807b1330
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
release_gid_table drivers/infiniband/core/cache.c:806 [inline] (P)
gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 (P)
ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1636
ib_device_release+0xc4/0x194 drivers/infiniband/core/device.c:482
device_release+0x8c/0x1ac drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2b0/0x438 lib/kobject.c:737
put_device+0x28/0x40 drivers/base/core.c:3800
ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1629
process_one_work+0x7e8/0x156c kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3400
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
irq event stamp: 1499918
hardirqs last enabled at (1499917): [<ffff80008054cc08>] __up_console_sem kernel/printk/printk.c:344 [inline]
hardirqs last enabled at (1499917): [<ffff80008054cc08>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885
hardirqs last disabled at (1499918): [<ffff80008adaf5e0>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last enabled at (1496318): [<ffff8000803cbf1c>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last enabled at (1496318): [<ffff8000803cbf1c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607
softirqs last disabled at (1496303): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613
---[ end trace 0000000000000000 ]---
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-05-13 11:35 [syzbot] [rdma?] WARNING in gid_table_release_one (3) syzbot @ 2025-05-14 8:54 ` Leon Romanovsky 2025-09-17 12:45 ` Jason Gunthorpe 2025-09-11 15:34 ` syzbot 2025-09-12 4:42 ` syzbot 2 siblings, 1 reply; 10+ messages in thread From: Leon Romanovsky @ 2025-05-14 8:54 UTC (permalink / raw) To: jgg; +Cc: syzbot, linux-kernel, linux-rdma, syzkaller-bugs On Tue, May 13, 2025 at 04:35:23AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: c32f8dc5aaf9 Merge branch 'for-next/core' into for-kernelci > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci > console output: https://syzkaller.appspot.com/x/log.txt?x=10789768580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=ea4635ffd6ad5b4a > dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4 > compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2 > userspace arch: arm64 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/b921498959d4/disk-c32f8dc5.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/04e6ad946c4b/vmlinux-c32f8dc5.xz > kernel image: https://storage.googleapis.com/syzbot-assets/d4f0d8db50ee/Image-c32f8dc5.gz.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com > > -- > ------------[ cut here ]------------ > GID entry ref leak for dev syz1 index 2 ref=573 Jason, According to repro https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000, we joined multicast group, but never left it. This is how we can get "ref=573". write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r2}}, 0x30) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000900)={0x16, 0x98, 0xfa00, {0x0, 0x5, r2, 0x10, 0x1, @in={0x2, 0x4e23, @loopback}}}, 0xa0) Thanks > WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline] > WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 > Modules linked in: > CPU: 1 UID: 0 PID: 655 Comm: kworker/u8:10 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 > Workqueue: ib-unreg-wq ib_unregister_work > pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : release_gid_table drivers/infiniband/core/cache.c:806 [inline] > pc : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 > lr : release_gid_table drivers/infiniband/core/cache.c:806 [inline] > lr : gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 > sp : ffff80009c927860 > x29: ffff80009c9278b0 x28: ffff0000d2b52f00 x27: ffff0000d77ee8d8 > x26: ffff0000d77ee800 x25: 0000000000000010 x24: 0000000000000001 > x23: ffff800092818000 x22: dfff800000000000 x21: 0000000000000003 > x20: 1fffe0001aefdd1b x19: 1fffe0001aefdd00 x18: 00000000ffffffff > x17: 0000000000000000 x16: ffff80008adb410c x15: 0000000000000001 > x14: 1fffe000338716e2 x13: 0000000000000000 x12: 0000000000000000 > x11: ffff6000338716e3 x10: 0000000000ff0100 x9 : 1b90c18326689500 > x8 : 1b90c18326689500 x7 : 0000000000000001 x6 : 0000000000000001 > x5 : ffff80009c9271b8 x4 : ffff80008f405b40 x3 : ffff8000807b1330 > x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 > Call trace: > release_gid_table drivers/infiniband/core/cache.c:806 [inline] (P) > gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886 (P) > ib_cache_release_one+0x144/0x174 drivers/infiniband/core/cache.c:1636 > ib_device_release+0xc4/0x194 drivers/infiniband/core/device.c:482 > device_release+0x8c/0x1ac drivers/base/core.c:-1 > kobject_cleanup lib/kobject.c:689 [inline] > kobject_release lib/kobject.c:720 [inline] > kref_put include/linux/kref.h:65 [inline] > kobject_put+0x2b0/0x438 lib/kobject.c:737 > put_device+0x28/0x40 drivers/base/core.c:3800 > ib_unregister_work+0x28/0x38 drivers/infiniband/core/device.c:1629 > process_one_work+0x7e8/0x156c kernel/workqueue.c:3238 > process_scheduled_works kernel/workqueue.c:3319 [inline] > worker_thread+0x958/0xed8 kernel/workqueue.c:3400 > kthread+0x5fc/0x75c kernel/kthread.c:464 > ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847 > irq event stamp: 1499918 > hardirqs last enabled at (1499917): [<ffff80008054cc08>] __up_console_sem kernel/printk/printk.c:344 [inline] > hardirqs last enabled at (1499917): [<ffff80008054cc08>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885 > hardirqs last disabled at (1499918): [<ffff80008adaf5e0>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511 > softirqs last enabled at (1496318): [<ffff8000803cbf1c>] softirq_handle_end kernel/softirq.c:425 [inline] > softirqs last enabled at (1496318): [<ffff8000803cbf1c>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 > softirqs last disabled at (1496303): [<ffff800080020efc>] __do_softirq+0x14/0x20 kernel/softirq.c:613 > ---[ end trace 0000000000000000 ]--- > wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 > wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-05-14 8:54 ` Leon Romanovsky @ 2025-09-17 12:45 ` Jason Gunthorpe 0 siblings, 0 replies; 10+ messages in thread From: Jason Gunthorpe @ 2025-09-17 12:45 UTC (permalink / raw) To: Leon Romanovsky; +Cc: syzbot, linux-kernel, linux-rdma, syzkaller-bugs On Wed, May 14, 2025 at 11:54:21AM +0300, Leon Romanovsky wrote: > According to repro https://syzkaller.appspot.com/x/repro.syz?x=15a08cf4580000, we joined multicast group, > but never left it. This is how we can get "ref=573". > > write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) > write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r2}}, 0x30) > write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000900)={0x16, 0x98, 0xfa00, {0x0, 0x5, r2, 0x10, 0x1, @in={0x2, 0x4e23, @loopback}}}, 0xa0) This should be fine, it is supposed to get cleaned up. I think it is more likely there is a refcount leak on an error path.. Jason ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-05-13 11:35 [syzbot] [rdma?] WARNING in gid_table_release_one (3) syzbot 2025-05-14 8:54 ` Leon Romanovsky @ 2025-09-11 15:34 ` syzbot 2025-09-16 16:15 ` yanjun.zhu 2025-09-12 4:42 ` syzbot 2 siblings, 1 reply; 10+ messages in thread From: syzbot @ 2025-09-11 15:34 UTC (permalink / raw) To: edwards, jgg, leon, linux-kernel, linux-rdma, syzkaller-bugs syzbot has found a reproducer for the following issue on: HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000 kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/df0dfb072f52/disk-5f540c4a.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/20649042ae30/vmlinux-5f540c4a.xz kernel image: https://storage.googleapis.com/syzbot-assets/4c16358268b8/bzImage-5f540c4a.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com ------------[ cut here ]------------ GID entry ref leak for dev syz1 index 2 ref=615 WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:2/36 WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:2/36 Modules linked in: CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Workqueue: ib-unreg-wq ib_unregister_work RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline] RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886 Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 43 91 8c 4c 89 e6 44 89 fa e8 fb 67 f5 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c RSP: 0018:ffffc90000ac7908 EFLAGS: 00010246 RAX: 621d731dcb27e200 RBX: ffff88806241b8d8 RCX: ffff888141289e40 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 RBP: 1ffff1100c48371b R08: ffff8880b8724253 R09: 1ffff110170e484a R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888027503e00 R13: ffff88806241b800 R14: ffff8880289a2400 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff8881259f0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555569847588 CR3: 00000000338c8000 CR4: 00000000003526f0 Call Trace: <TASK> ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509 device_release+0x99/0x1c0 drivers/base/core.c:-1 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x228/0x480 lib/kobject.c:737 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x47c/0x820 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-09-11 15:34 ` syzbot @ 2025-09-16 16:15 ` yanjun.zhu 0 siblings, 0 replies; 10+ messages in thread From: yanjun.zhu @ 2025-09-16 16:15 UTC (permalink / raw) To: syzbot, edwards, jgg, leon, linux-kernel, linux-rdma, syzkaller-bugs On 9/11/25 8:34 AM, syzbot wrote: > syzbot has found a reproducer for the following issue on: > > HEAD commit: 5f540c4aade9 Add linux-next specific files for 20250910 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d > dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4 > compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/df0dfb072f52/disk-5f540c4a.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/20649042ae30/vmlinux-5f540c4a.xz > kernel image: https://storage.googleapis.com/syzbot-assets/4c16358268b8/bzImage-5f540c4a.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com This problem is fixed by a fix in https://github.com/zhuyj/linux.git v6.17_fix_gid_table_release_one I will make an official patch and send it out very soon. Zhu Yanjun > > ------------[ cut here ]------------ > GID entry ref leak for dev syz1 index 2 ref=615 > WARNING: drivers/infiniband/core/cache.c:809 at release_gid_table drivers/infiniband/core/cache.c:806 [inline], CPU#0: kworker/u8:2/36 > WARNING: drivers/infiniband/core/cache.c:809 at gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886, CPU#0: kworker/u8:2/36 > Modules linked in: > CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 > Workqueue: ib-unreg-wq ib_unregister_work > RIP: 0010:release_gid_table drivers/infiniband/core/cache.c:806 [inline] > RIP: 0010:gid_table_release_one+0x346/0x4d0 drivers/infiniband/core/cache.c:886 > Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 3d 41 8b 0e 48 c7 c7 a0 43 91 8c 4c 89 e6 44 89 fa e8 fb 67 f5 f8 90 <0f> 0b 90 90 e9 e3 fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c > RSP: 0018:ffffc90000ac7908 EFLAGS: 00010246 > RAX: 621d731dcb27e200 RBX: ffff88806241b8d8 RCX: ffff888141289e40 > RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 > RBP: 1ffff1100c48371b R08: ffff8880b8724253 R09: 1ffff110170e484a > R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff888027503e00 > R13: ffff88806241b800 R14: ffff8880289a2400 R15: 0000000000000002 > FS: 0000000000000000(0000) GS:ffff8881259f0000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000555569847588 CR3: 00000000338c8000 CR4: 00000000003526f0 > Call Trace: > <TASK> > ib_device_release+0xd2/0x1c0 drivers/infiniband/core/device.c:509 > device_release+0x99/0x1c0 drivers/base/core.c:-1 > kobject_cleanup lib/kobject.c:689 [inline] > kobject_release lib/kobject.c:720 [inline] > kref_put include/linux/kref.h:65 [inline] > kobject_put+0x228/0x480 lib/kobject.c:737 > process_one_work kernel/workqueue.c:3263 [inline] > process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 > worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 > kthread+0x711/0x8a0 kernel/kthread.c:463 > ret_from_fork+0x47c/0x820 arch/x86/kernel/process.c:158 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 > </TASK> > > > --- > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-05-13 11:35 [syzbot] [rdma?] WARNING in gid_table_release_one (3) syzbot 2025-05-14 8:54 ` Leon Romanovsky 2025-09-11 15:34 ` syzbot @ 2025-09-12 4:42 ` syzbot 2025-09-12 19:38 ` yanjun.zhu 2 siblings, 1 reply; 10+ messages in thread From: syzbot @ 2025-09-12 4:42 UTC (permalink / raw) To: edwards, hdanton, jgg, leon, leonro, linux-kernel, linux-rdma, syzkaller-bugs syzbot has bisected this issue to: commit a92fbeac7e94a420b55570c10fe1b90e64da4025 Author: Leon Romanovsky <leonro@nvidia.com> Date: Tue May 28 12:52:51 2024 +0000 RDMA/cache: Release GID table even if leak is detected bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13fc9642580000 start commit: 5f540c4aade9 Add linux-next specific files for 20250910 git tree: linux-next final oops: https://syzkaller.appspot.com/x/report.txt?x=10029642580000 console output: https://syzkaller.appspot.com/x/log.txt?x=17fc9642580000 kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000 Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is detected") For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-09-12 4:42 ` syzbot @ 2025-09-12 19:38 ` yanjun.zhu 2025-09-12 20:01 ` Yanjun.Zhu 0 siblings, 1 reply; 10+ messages in thread From: yanjun.zhu @ 2025-09-12 19:38 UTC (permalink / raw) To: syzbot, edwards, hdanton, jgg, leon, leonro, linux-kernel, linux-rdma, syzkaller-bugs On 9/11/25 9:42 PM, syzbot wrote: > syzbot has bisected this issue to: > > commit a92fbeac7e94a420b55570c10fe1b90e64da4025 > Author: Leon Romanovsky <leonro@nvidia.com> > Date: Tue May 28 12:52:51 2024 +0000 > > RDMA/cache: Release GID table even if leak is detected Maybe this commit just detects ref leaks and reports ref leak. Even though this commit is reverted, this ref leak still occurs. The root cause is not in this commit. " GID entry ref leak for dev syz1 index 2 ref=615 " Ref leaks in dev syz1. Zhu Yanjun > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13fc9642580000 > start commit: 5f540c4aade9 Add linux-next specific files for 20250910 > git tree: linux-next > final oops: https://syzkaller.appspot.com/x/report.txt?x=10029642580000 > console output: https://syzkaller.appspot.com/x/log.txt?x=17fc9642580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=5ed48faa2cb8510d > dashboard link: https://syzkaller.appspot.com/bug?extid=b0da83a6c0e2e2bddbd4 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b52362580000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000 > > Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com > Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is detected") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-09-12 19:38 ` yanjun.zhu @ 2025-09-12 20:01 ` Yanjun.Zhu 2025-09-12 22:33 ` Yanjun.Zhu 0 siblings, 1 reply; 10+ messages in thread From: Yanjun.Zhu @ 2025-09-12 20:01 UTC (permalink / raw) To: syzbot, edwards, hdanton, jgg, leon, leonro, linux-kernel, linux-rdma, syzkaller-bugs On 9/12/25 12:38 PM, yanjun.zhu wrote: > On 9/11/25 9:42 PM, syzbot wrote: >> syzbot has bisected this issue to: >> >> commit a92fbeac7e94a420b55570c10fe1b90e64da4025 >> Author: Leon Romanovsky <leonro@nvidia.com> >> Date: Tue May 28 12:52:51 2024 +0000 >> >> RDMA/cache: Release GID table even if leak is detected > > Maybe this commit just detects ref leaks and reports ref leak. > Even though this commit is reverted, this ref leak still occurs. > > The root cause is not in this commit. > > " > GID entry ref leak for dev syz1 index 2 ref=615 > " > > Ref leaks in dev syz1. In this link: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000 " [ 184.209420][ T6164] infiniband syz1: set active [ 184.215960][ T6164] infiniband syz1: added syz_tun [ 184.222514][ T6001] veth0_macvtap: entered promiscuous mode [ 184.231935][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.239777][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.256962][ T6001] veth1_macvtap: entered promiscuous mode [ 184.276479][ T6164] syz1: rxe_create_cq: returned err = -12 < -- rxe_create_cq failed, the test should not continue. [ 184.288430][ T6008] veth0_vlan: entered promiscuous mode " err = -12, is -ENOMEM. It means that memory allocation fails. Zhu Yanjun > > Zhu Yanjun > >> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt? >> x=13fc9642580000 >> start commit: 5f540c4aade9 Add linux-next specific files for 20250910 >> git tree: linux-next >> final oops: https://syzkaller.appspot.com/x/report.txt? >> x=10029642580000 >> console output: https://syzkaller.appspot.com/x/log.txt?x=17fc9642580000 >> kernel config: https://syzkaller.appspot.com/x/.config? >> x=5ed48faa2cb8510d >> dashboard link: https://syzkaller.appspot.com/bug? >> extid=b0da83a6c0e2e2bddbd4 >> syz repro: https://syzkaller.appspot.com/x/repro.syz? >> x=15b52362580000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000 >> >> Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com >> Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is >> detected") >> >> For information about bisection process see: https://goo.gl/ >> tpsmEJ#bisection > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-09-12 20:01 ` Yanjun.Zhu @ 2025-09-12 22:33 ` Yanjun.Zhu 2025-09-12 22:55 ` Yanjun.Zhu 0 siblings, 1 reply; 10+ messages in thread From: Yanjun.Zhu @ 2025-09-12 22:33 UTC (permalink / raw) To: syzbot, edwards, hdanton, jgg, leon, leonro, linux-kernel, linux-rdma, syzkaller-bugs On 9/12/25 1:01 PM, Yanjun.Zhu wrote: > > > On 9/12/25 12:38 PM, yanjun.zhu wrote: >> On 9/11/25 9:42 PM, syzbot wrote: >>> syzbot has bisected this issue to: >>> >>> commit a92fbeac7e94a420b55570c10fe1b90e64da4025 >>> Author: Leon Romanovsky <leonro@nvidia.com> >>> Date: Tue May 28 12:52:51 2024 +0000 >>> >>> RDMA/cache: Release GID table even if leak is detected >> >> Maybe this commit just detects ref leaks and reports ref leak. >> Even though this commit is reverted, this ref leak still occurs. >> >> The root cause is not in this commit. >> >> " >> GID entry ref leak for dev syz1 index 2 ref=615 >> " >> >> Ref leaks in dev syz1. > In this link: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000 > > " > [ 184.209420][ T6164] infiniband syz1: set active > [ 184.215960][ T6164] infiniband syz1: added syz_tun > [ 184.222514][ T6001] veth0_macvtap: entered promiscuous mode > [ 184.231935][ T42] wlan0: Created IBSS using preconfigured BSSID > 50:50:50:50:50:50 > [ 184.239777][ T42] wlan0: Creating new IBSS network, BSSID > 50:50:50:50:50:50 > [ 184.256962][ T6001] veth1_macvtap: entered promiscuous mode > [ 184.276479][ T6164] syz1: rxe_create_cq: returned err = -12 < -- > rxe_create_cq failed, the test should not continue. > > [ 184.288430][ T6008] veth0_vlan: entered promiscuous mode > " > > err = -12, is -ENOMEM. " [ 139.009314][ T6730] infiniband syz1: added syz_tun [ 139.015974][ T6730] rdma_rxe: vmalloc_user failed, buf_size: 131456, num_slots: 1024, elem_size: 128 [ 139.016142][ T6730] syz1: rxe_cq_from_init: unable to create cq " From the above logs, vmalloc_user() fails when trying to allocate 131,456 bytes of memory. Is there a specific limit on vmalloc allocations in this test case? Also, what is the size of memory available on this machine? (Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025) Thanks, Zhu Yanjun > > It means that memory allocation fails. > > Zhu Yanjun > >> >> Zhu Yanjun >> >>> >>> bisection log: https://syzkaller.appspot.com/x/bisect.txt? >>> x=13fc9642580000 >>> start commit: 5f540c4aade9 Add linux-next specific files for 20250910 >>> git tree: linux-next >>> final oops: https://syzkaller.appspot.com/x/report.txt? >>> x=10029642580000 >>> console output: https://syzkaller.appspot.com/x/log.txt?x=17fc9642580000 >>> kernel config: https://syzkaller.appspot.com/x/.config? >>> x=5ed48faa2cb8510d >>> dashboard link: https://syzkaller.appspot.com/bug? >>> extid=b0da83a6c0e2e2bddbd4 >>> syz repro: https://syzkaller.appspot.com/x/repro.syz? >>> x=15b52362580000 >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b41642580000 >>> >>> Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com >>> Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is >>> detected") >>> >>> For information about bisection process see: https://goo.gl/ >>> tpsmEJ#bisection >> > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [syzbot] [rdma?] WARNING in gid_table_release_one (3) 2025-09-12 22:33 ` Yanjun.Zhu @ 2025-09-12 22:55 ` Yanjun.Zhu 0 siblings, 0 replies; 10+ messages in thread From: Yanjun.Zhu @ 2025-09-12 22:55 UTC (permalink / raw) To: syzbot, edwards, hdanton, jgg, leon, leonro, linux-kernel, linux-rdma, syzkaller-bugs On 9/12/25 3:33 PM, Yanjun.Zhu wrote: > > > On 9/12/25 1:01 PM, Yanjun.Zhu wrote: >> >> >> On 9/12/25 12:38 PM, yanjun.zhu wrote: >>> On 9/11/25 9:42 PM, syzbot wrote: >>>> syzbot has bisected this issue to: >>>> >>>> commit a92fbeac7e94a420b55570c10fe1b90e64da4025 >>>> Author: Leon Romanovsky <leonro@nvidia.com> >>>> Date: Tue May 28 12:52:51 2024 +0000 >>>> >>>> RDMA/cache: Release GID table even if leak is detected >>> >>> Maybe this commit just detects ref leaks and reports ref leak. >>> Even though this commit is reverted, this ref leak still occurs. >>> >>> The root cause is not in this commit. >>> >>> " >>> GID entry ref leak for dev syz1 index 2 ref=615 >>> " >>> >>> Ref leaks in dev syz1. >> In this link: https://syzkaller.appspot.com/x/log.txt?x=157dab12580000 >> >> " >> [ 184.209420][ T6164] infiniband syz1: set active >> [ 184.215960][ T6164] infiniband syz1: added syz_tun >> [ 184.222514][ T6001] veth0_macvtap: entered promiscuous mode >> [ 184.231935][ T42] wlan0: Created IBSS using preconfigured BSSID >> 50:50:50:50:50:50 >> [ 184.239777][ T42] wlan0: Creating new IBSS network, BSSID >> 50:50:50:50:50:50 >> [ 184.256962][ T6001] veth1_macvtap: entered promiscuous mode >> [ 184.276479][ T6164] syz1: rxe_create_cq: returned err = -12 < -- >> rxe_create_cq failed, the test should not continue. >> >> [ 184.288430][ T6008] veth0_vlan: entered promiscuous mode >> " >> >> err = -12, is -ENOMEM. > > " > [ 139.009314][ T6730] infiniband syz1: added syz_tun > [ 139.015974][ T6730] rdma_rxe: vmalloc_user failed, buf_size: 131456, > num_slots: 1024, elem_size: 128 > [ 139.016142][ T6730] syz1: rxe_cq_from_init: unable to create cq > " The above logs are in the link: https://syzkaller.appspot.com/x/log.txt?x=144a9934580000 Please check it. Zhu Yanjun > > From the above logs, vmalloc_user() fails when trying to allocate > 131,456 bytes of memory. > > Is there a specific limit on vmalloc allocations in this test case? > > Also, what is the size of memory available on this machine? (Hardware > name: Google Google Compute Engine/Google Compute Engine, BIOS Google > 08/18/2025) > > Thanks, > Zhu Yanjun > >> >> It means that memory allocation fails. >> >> Zhu Yanjun >> >>> >>> Zhu Yanjun >>> >>>> >>>> bisection log: https://syzkaller.appspot.com/x/bisect.txt? >>>> x=13fc9642580000 >>>> start commit: 5f540c4aade9 Add linux-next specific files for 20250910 >>>> git tree: linux-next >>>> final oops: https://syzkaller.appspot.com/x/report.txt? >>>> x=10029642580000 >>>> console output: https://syzkaller.appspot.com/x/log.txt? >>>> x=17fc9642580000 >>>> kernel config: https://syzkaller.appspot.com/x/.config? >>>> x=5ed48faa2cb8510d >>>> dashboard link: https://syzkaller.appspot.com/bug? >>>> extid=b0da83a6c0e2e2bddbd4 >>>> syz repro: https://syzkaller.appspot.com/x/repro.syz? >>>> x=15b52362580000 >>>> C reproducer: https://syzkaller.appspot.com/x/repro.c? >>>> x=16b41642580000 >>>> >>>> Reported-by: syzbot+b0da83a6c0e2e2bddbd4@syzkaller.appspotmail.com >>>> Fixes: a92fbeac7e94 ("RDMA/cache: Release GID table even if leak is >>>> detected") >>>> >>>> For information about bisection process see: https://goo.gl/ >>>> tpsmEJ#bisection >>> >> > ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-09-17 12:45 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-05-13 11:35 [syzbot] [rdma?] WARNING in gid_table_release_one (3) syzbot 2025-05-14 8:54 ` Leon Romanovsky 2025-09-17 12:45 ` Jason Gunthorpe 2025-09-11 15:34 ` syzbot 2025-09-16 16:15 ` yanjun.zhu 2025-09-12 4:42 ` syzbot 2025-09-12 19:38 ` yanjun.zhu 2025-09-12 20:01 ` Yanjun.Zhu 2025-09-12 22:33 ` Yanjun.Zhu 2025-09-12 22:55 ` Yanjun.Zhu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox