Re: [PATCH 0/3] Fix a race with fput during eventq abort

On Wed, Sep 17, 2025 at 05:01:46PM -0300, Jason Gunthorpe wrote:

Syzkaller found this, fput runs the release from a work queue so the refcount remains elevated during abort. This is tricky so move more handling of files into the core code.

Add a WARN_ON to catch things like this more reliably without relying on kasn.

Update the fail_nth test to succeed on 6.17 kernels.

Jason Gunthorpe (3): iommufd: Fix race during abort for file descriptors iommufd: WARN if an object is aborted with an elevated refcount iommufd/selftest: Update the fail_nth limit

Sanity runs without a problem.

Tested-by: Nicolin Chen nicolinc@nvidia.com