ci2 starts bisection 2024-07-15 14:23:25.547114283 +0000 UTC m=+27145.816734293
bisecting fixing commit since 5d96939590c0122be2138255c921e57e3f78b7bd
building syzkaller on 4d098039e09f95a4767fe001c5fd244e6eaeef28
ensuring issue is reproducible on original commit 5d96939590c0122be2138255c921e57e3f78b7bd

testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 96896802e4eb580a68905d268da05939009dc9a9622362921d79df1ba5ec9f2f
run #0: crashed: BUG: scheduling while atomic in synchronize_rcu_expedited
run #1: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #11: crashed: BUG: scheduling while atomic in syslog_print
run #12: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #13: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #15: crashed: BUG: scheduling while atomic in do_epoll_wait
run #16: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #18: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #19: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: scheduling while atomic in synchronize_rcu_expedited, types: [ATOMIC_SLEEP UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c4b1bdda0221cc1644b943c95a4501288e4de96aea828cf4870a2d277fee27e2
run #0: crashed: BUG: scheduling while atomic in synchronize_rcu_expedited
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN ATOMIC_SLEEP]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
kconfig minimization: base=4920 full=6158 leaves diff=242
split chunks (needed=false): <242>
split chunk #0 of len 242 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bf6eb57cdfa4902fc30f7d91f373516b86209281a844b1affce72e97e9ab8380
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: workqueue leaked lock or atomic in fqdir_free_fn
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in synchronize_rcu_expedited
run #9: crashed: BUG: scheduling while atomic in do_epoll_wait
representative crash: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred, types: [UNKNOWN ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ef1dcdc966c8f7e987423a424e3895d01386407c7cad2dd0453c677f0be9d8f1
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6b79c77908aa26ba2c279475452975b389a2ddfeceaacade5ac066638a9c1b12
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c62952329acd043893190319ad9030173552f51c29fdd6d6dd07908877c1afd5
run #0: crashed: BUG: scheduling while atomic in rcu_barrier
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 5d96939590c0122be2138255c921e57e3f78b7bd: net/socket.c:1191: undefined reference to `wext_handle_ioctl'
net/socket.c:3385: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD db06c48ab67eb5db1ac64a0210d77742e335537a
testing commit db06c48ab67eb5db1ac64a0210d77742e335537a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ec36867876a3d5eb9bfecaff3b07e26fdd2f2692d50addf54b116fa4dab38153
all runs: OK
false negative chance: 0.000
# git bisect start db06c48ab67eb5db1ac64a0210d77742e335537a 5d96939590c0122be2138255c921e57e3f78b7bd
Bisecting: 207 revisions left to test after this (roughly 8 steps)
[989af2f29342a9a7c7515523d879b698ac8465f4] RDMA/srpt: Support specifying the srpt_service_guid parameter

determine whether the revision contains the guilty commit
checking the merge base 458ce51d0356ee60c93f9f807d9827cf2a41643d
no existing result, test the revision
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1a4bb08b93458603bef313de8cfea53d927e02bdfb6c9cb201328613d8d0f1fe
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
testing commit 989af2f29342a9a7c7515523d879b698ac8465f4 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 24d8644776d532fa407bccf76cf6be8a69d9a78ae9e1342833edcd0a68830f75
all runs: OK
false negative chance: 0.000
# git bisect bad 989af2f29342a9a7c7515523d879b698ac8465f4
Bisecting: 103 revisions left to test after this (roughly 7 steps)
[256c3e6192ed80f7f67c55c531942f880788c9ed] usb: roles: don't get/set_role() when usb_role_switch is unregistered

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 256c3e6192ed80f7f67c55c531942f880788c9ed gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 32a09033739add2bde4684492caca9cf1bbc12e8972352fbf5cac4f77be4dfe3
all runs: OK
false negative chance: 0.000
# git bisect bad 256c3e6192ed80f7f67c55c531942f880788c9ed
Bisecting: 51 revisions left to test after this (roughly 6 steps)
[b4663b406aeef31604a9495a2db0898987224b95] Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit b4663b406aeef31604a9495a2db0898987224b95 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e053e9f7a51bd541839ee8f06b262e5bc88c4d2f4d7d0a8b7651ea768922333b
all runs: OK
false negative chance: 0.000
# git bisect bad b4663b406aeef31604a9495a2db0898987224b95
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[0399d7eba41d9b28f5bdd7757ec21a5b7046858d] spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 0399d7eba41d9b28f5bdd7757ec21a5b7046858d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ba939fb451bf768d960cff7e2c31fec3732fd8106961c5246d8fa41998a3eb0e
all runs: OK
false negative chance: 0.000
# git bisect bad 0399d7eba41d9b28f5bdd7757ec21a5b7046858d
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[4bbb93ad84b32e6f2a80567e9d461fa5287770c0] bpf: Remove trace_printk_lock

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 4bbb93ad84b32e6f2a80567e9d461fa5287770c0 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 12103be3d25249af227861a2d0290fc274ee34895d25aadec0b172725e698617
all runs: OK
false negative chance: 0.000
# git bisect bad 4bbb93ad84b32e6f2a80567e9d461fa5287770c0
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb] smb: client: fix parsing of SMB3.1.1 POSIX create context

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c06eed0f6371ccb285bcec305852fcc6ede2c51f1cde78ec0c6f43a0dc1d1609
run #0: crashed: BUG: scheduling while atomic in rcu_barrier
run #1: crashed: BUG: scheduling while atomic in synchronize_rcu_expedited
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
representative crash: BUG: scheduling while atomic in rcu_barrier, types: [ATOMIC_SLEEP]
# git bisect good ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[8495c34dff0dfbbab18b1c2eb54673372fb366b0] bpf: Merge printk and seq_printf VARARG max macros

determine whether the revision contains the guilty commit
revision ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb crashed and is reachable
testing commit 8495c34dff0dfbbab18b1c2eb54673372fb366b0 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b50239673da7ea96264c237e69850c39218d1f53bb73aa826ff943366dad57bb
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #5: crashed: BUG: scheduling while atomic in do_epoll_wait
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in do_task_dead
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
# git bisect good 8495c34dff0dfbbab18b1c2eb54673372fb366b0
Bisecting: 0 revisions left to test after this (roughly 1 step)
[4b349c55bbd33c8918dbac13876d6842af571505] bpf: Do cleanup in bpf_bprintf_cleanup only when needed

determine whether the revision contains the guilty commit
revision ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb crashed and is reachable
testing commit 4b349c55bbd33c8918dbac13876d6842af571505 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d70a9f277d5dcedc54f8012588f6db389e86cb0d1cf0cf2f6c9442aa8981546a
all runs: OK
false negative chance: 0.000
# git bisect bad 4b349c55bbd33c8918dbac13876d6842af571505
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[bcbaeb081ad846ae7f824ecf2df3d21de17608ea] bpf: Add struct for bin_args arg in bpf_bprintf_prepare

determine whether the revision contains the guilty commit
revision ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb crashed and is reachable
testing commit bcbaeb081ad846ae7f824ecf2df3d21de17608ea gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5614279337524a673c402f9187e737dc61372162f7ed240fb28bc93cbe26ed98
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in do_task_dead
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
# git bisect good bcbaeb081ad846ae7f824ecf2df3d21de17608ea
4b349c55bbd33c8918dbac13876d6842af571505 is the first bad commit
commit 4b349c55bbd33c8918dbac13876d6842af571505
Author: Jiri Olsa <jolsa@kernel.org>
Date:   Sat Feb 17 09:13:20 2024 -0300

    bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    
    commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
    
    Currently we always cleanup/decrement bpf_bprintf_nest_level variable
    in bpf_bprintf_cleanup if it's > 0.
    
    There's possible scenario where this could cause a problem, when
    bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
    and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
    variable, like:
    
      in task context:
        bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
        -> first irq :
           bpf_bprintf_prepare(num_args == 0)
           bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
        -> second irq:
           bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
           gets same buffer as task context above
    
    Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
    got bin_args data in the first place.
    
    Signed-off-by: Jiri Olsa <jolsa@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
    [cascardo: there is no bpf_trace_vprintk in 5.15]
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/bpf.h      |  2 +-
 kernel/bpf/helpers.c     | 16 +++++++++-------
 kernel/trace/bpf_trace.c |  4 ++--
 3 files changed, 12 insertions(+), 10 deletions(-)

accumulated error probability: 0.00
culprit signature: d70a9f277d5dcedc54f8012588f6db389e86cb0d1cf0cf2f6c9442aa8981546a
parent  signature: 5614279337524a673c402f9187e737dc61372162f7ed240fb28bc93cbe26ed98
revisions tested: 17, total time: 4h52m3.510636511s (build: 2h21m41.743150242s, test: 2h22m14.857597872s)
first good commit: 4b349c55bbd33c8918dbac13876d6842af571505 bpf: Do cleanup in bpf_bprintf_cleanup only when needed
recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"]
recipients (cc): []