On Mon, Jun 19, 2023 at 11:47:57AM -0500, Bob Pearson wrote: > There is a fairly obvious error in create_qp error path code. The > seg fault occurs in flush_send_queue() in rxe_comp.c. However, the > cleanup routine which got here was called after rxe_create_qp() > failed the call to rxe_qp_from_init(). That routine attempts to > cleanup qp resources if it fails so the send queue will be either > not yet be created or cleaned up before it returns. Then referencing > the send queue in flush_send_queue() will seg fault. The top level > qp cleanup code needs to handle this case correctly. I will give it > a try. Not sure what they were doing to cause create_qp to fail but > it's a bug. Is there a way to get them to re-run it or will it > happen as a matter of course? Without a syzkaller reproducer you have to fix it by inspection, make a patch that is really logically sound, then push it as a fixes/reported-by. If it doesn't fix it then we will still get pings on it. Jason
