ci2 starts bisection 2024-07-23 01:59:41.973685321 +0000 UTC m=+6150.762186452 bisecting fixing commit since b75112544779f8fe6d0ed9c5e1ebd5854d987566 building syzkaller on 7a239ce75709b01083336e0f2f44aa8a01734543 ensuring issue is reproducible on original commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 33af3780e044ef26175756df63881d290e521f679e5987c54bba8c4f88ed9027 run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #13: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #15: crashed: BUG: workqueue leaked lock or atomic in fsnotify_mark_destroy_workfn run #16: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #18: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #19: crashed: no output from test machine representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ec6540512d62d667e410f26519165829d589b97004ee8a6b7892c2def1ed8875 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: scheduling while atomic in do_task_dead run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #8: crashed: BUG: scheduling while atomic in do_task_dead run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP UNKNOWN] the bug reproduces without the instrumentation disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=5179 full=6492 leaves diff=255 split chunks (needed=false): <255> split chunk #0 of len 255 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP HANG], they are not needed testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d4ff3f71be506ee0ec30e3b89c436ed7c86856fea8d13d4565898f1b88944c6a run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: de498fdbbedbbc2c8272e63157dbe3310333501d7807493393414402d6625fa2 run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #1: crashed: BUG: workqueue leaked lock or atomic in fsnotify_mark_destroy_workfn run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: workqueue leaked lock or atomic in free_work run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP HANG], they are not needed testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3dd7cdd3a84b6cfcaf4c14b972f22948ec1945caec9b18857743772d6a4c1641 run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #9: crashed: BUG: workqueue leaked lock or atomic in free_work representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6d026dc2b8b0bdcdbae16399787f9f139794414e2fca6fc62c1ae9755e2914fc run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: workqueue leaked lock or atomic in free_work run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop representative crash: BUG: workqueue leaked lock or atomic in free_work, types: [UNKNOWN ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed testing commit b75112544779f8fe6d0ed9c5e1ebd5854d987566 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building b75112544779f8fe6d0ed9c5e1ebd5854d987566: net/socket.c:1242: undefined reference to `wext_handle_ioctl' net/socket.c:3437: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 51 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing current HEAD 4a9ef0dc4ba5d4410a988c77ba5f0042e4fb9f35 testing commit 4a9ef0dc4ba5d4410a988c77ba5f0042e4fb9f35 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb24ededdf34c7b1fd081946e377ffbfd86db41f88675b49f00b5c84767379b4 all runs: OK false negative chance: 0.000 # git bisect start 4a9ef0dc4ba5d4410a988c77ba5f0042e4fb9f35 b75112544779f8fe6d0ed9c5e1ebd5854d987566 Bisecting: 1386 revisions left to test after this (roughly 11 steps) [f3f407ccbe84a34de9be3195d22cdd5969f3fd9f] drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() determine whether the revision contains the guilty commit checking the merge base 883d1a9562083922c6d293e9adad8cca4626adf3 no existing result, test the revision testing commit 883d1a9562083922c6d293e9adad8cca4626adf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e889bf4b17db79e3a4c24d2f1012b30a50ecc6d7a438af9a571f636eda37f0c8 run #0: crashed: BUG: scheduling while atomic in bit_wait_io run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: no output from test machine run #9: OK representative crash: BUG: scheduling while atomic in bit_wait_io, types: [ATOMIC_SLEEP] testing commit f3f407ccbe84a34de9be3195d22cdd5969f3fd9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 009e75f57423fce17366cb1d89b48ad7e0ea2622ede1b439e0cb10ebdc14e949 all runs: OK false negative chance: 0.000 # git bisect bad f3f407ccbe84a34de9be3195d22cdd5969f3fd9f Bisecting: 693 revisions left to test after this (roughly 10 steps) [e717bd412001495f17400bfc09f606f1b594ef5a] scsi: target: core: Add TMF to tmr_list handling determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit e717bd412001495f17400bfc09f606f1b594ef5a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b914f9b5ea94cad3c371ecad799a19fb5428b55e5919319f106932c557590d26 all runs: OK false negative chance: 0.000 # git bisect bad e717bd412001495f17400bfc09f606f1b594ef5a Bisecting: 346 revisions left to test after this (roughly 9 steps) [9cdf5ddb06eef9381b0c4c6e5002a0b1f3ebebae] usb: hub: Replace hardcoded quirk value with BIT() macro determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 9cdf5ddb06eef9381b0c4c6e5002a0b1f3ebebae gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bba0b0c3b5f28c4ef68123f18f88d2cb74f138c442577d8f6e1a90ddea986b28 run #0: crashed: BUG: scheduling while atomic in pipe_read run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in bit_wait_io run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop representative crash: BUG: scheduling while atomic in pipe_read, types: [ATOMIC_SLEEP] # git bisect good 9cdf5ddb06eef9381b0c4c6e5002a0b1f3ebebae Bisecting: 173 revisions left to test after this (roughly 8 steps) [d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c] HID: i2c-hid-of: fix NULL-deref on failed power up determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d3322121d11c065a3ee2dc190393a7508a1a41e0eedb3cc7285a1be539a78622 run #0: crashed: BUG: scheduling while atomic in bit_wait_io run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in do_task_dead run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #9: OK representative crash: BUG: scheduling while atomic in bit_wait_io, types: [ATOMIC_SLEEP] # git bisect good d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c Bisecting: 86 revisions left to test after this (roughly 7 steps) [a943c7fbdfebb35a0f58fff94c018ee0e7b3482c] mmc: slot-gpio: Allow non-sleeping GPIO ro determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit a943c7fbdfebb35a0f58fff94c018ee0e7b3482c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 135703166803aacc31bd8fe9951bf27413ba348adbe4b8c9203a2ce8fec3ae4c run #0: crashed: BUG: scheduling while atomic in bit_wait_io run #1: crashed: BUG: scheduling while atomic in bit_wait_io run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in bit_wait_io run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in bit_wait_io run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: OK run #9: OK representative crash: BUG: scheduling while atomic in bit_wait_io, types: [ATOMIC_SLEEP] # git bisect good a943c7fbdfebb35a0f58fff94c018ee0e7b3482c Bisecting: 43 revisions left to test after this (roughly 6 steps) [1b7b597a69bba6b0dec27845e5935e090b7c084c] wifi: mwifiex: add extra delay for firmware ready determine whether the revision contains the guilty commit revision 9cdf5ddb06eef9381b0c4c6e5002a0b1f3ebebae crashed and is reachable testing commit 1b7b597a69bba6b0dec27845e5935e090b7c084c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1298a1a6312a10bd8ef5a1c7574cd3e774d315baa09fb3cd7adb7c03a3f685ee run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in do_epoll_wait run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in bit_wait_io run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in do_task_dead run #8: basic kernel testing failed: failed to copy binary to VM: timedout after 1m0s ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor244343413" "root@10.128.10.18:./syz-executor244343413"] Executing: program /usr/bin/ssh host 10.128.10.18, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.18 [10.128.10.18] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.1 debug1: compat_banner: match: OpenSSH_9.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 10.128.10.18:22 as 'root' debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:88IuL3orPAmVsyjIy2DvkKzVRHqGoDXxazNYOfOHasg debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory Warning: Permanently added '10.128.10.18' (ED25519) to the list of known hosts. debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: /root/.ssh/id_rsa debug1: Will attempt key: /root/.ssh/id_ecdsa debug1: Will attempt key: /root/.ssh/id_ecdsa_sk debug1: Will attempt key: /root/.ssh/id_ed25519 debug1: Will attempt key: /root/.ssh/id_ed25519_sk debug1: Will attempt key: /root/.ssh/id_xmss debug1: Will attempt key: /root/.ssh/id_dsa debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0> debug1: SSH2_MSG_SERVICE_ACCEPT received Authenticated to 10.128.10.18 ([10.128.10.18]:22) using "none". debug1: channel 0: new session [client-session] (inactive timeout: 0) debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Sending subsystem: sftp debug1: pledge: fork scp: debug1: stat remote: No such file or directory run #9: OK representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP] # git bisect good 1b7b597a69bba6b0dec27845e5935e090b7c084c Bisecting: 21 revisions left to test after this (roughly 5 steps) [a160c3293a1cce15d5bb1e5886480d7d416b7353] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb determine whether the revision contains the guilty commit revision d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c crashed and is reachable testing commit a160c3293a1cce15d5bb1e5886480d7d416b7353 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5cd21228bbaacd5a39b86e246921758ec885bf7b0af60839394a0ea571312bf9 run #0: crashed: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: lost connection to test machine, types: [UNKNOWN] unable to determine the verdict: 9 good runs (wanted 5), for bad wanted 5 in total, got 10 # git bisect skip a160c3293a1cce15d5bb1e5886480d7d416b7353 Bisecting: 21 revisions left to test after this (roughly 5 steps) [f3e975828636794a9d4cc27adb14a2f66592d414] bpf: Remove trace_printk_lock determine whether the revision contains the guilty commit revision d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c crashed and is reachable testing commit f3e975828636794a9d4cc27adb14a2f66592d414 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d260713ab8de45d398269619ba2843f58eb702c77e6f66a27ca1b22b91cd7bc1 all runs: OK false negative chance: 0.000 # git bisect bad f3e975828636794a9d4cc27adb14a2f66592d414 Bisecting: 9 revisions left to test after this (roughly 3 steps) [23027309b099ffc4efca5477009a11dccbdae592] parisc: Fix random data corruption from exception handler determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 23027309b099ffc4efca5477009a11dccbdae592 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c8091c5e61f10103e8f0d94fce29af8e1dca191ce96bf6c1ee2fe3cc5422759b run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in bit_wait_io run #7: crashed: BUG: scheduling while atomic in bit_wait_io run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #9: OK representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP] # git bisect good 23027309b099ffc4efca5477009a11dccbdae592 Bisecting: 4 revisions left to test after this (roughly 2 steps) [1ae3c59355dc9882e09c020afe8ffbd895ad0f29] smb: client: fix potential OOBs in smb2_parse_contexts() determine whether the revision contains the guilty commit revision d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c crashed and is reachable testing commit 1ae3c59355dc9882e09c020afe8ffbd895ad0f29 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3fdcaf3a2f8395973ca908760b924cd52b8512f685369a2803554b65a9a10905 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: scheduling while atomic in bit_wait_io run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in bit_wait_io run #8: OK run #9: OK representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP] # git bisect good 1ae3c59355dc9882e09c020afe8ffbd895ad0f29 Bisecting: 2 revisions left to test after this (roughly 1 step) [989b0ff35fe5fc9652ee5bafbe8483db6f27b137] net: prevent mss overflow in skb_segment() determine whether the revision contains the guilty commit revision 1b7b597a69bba6b0dec27845e5935e090b7c084c crashed and is reachable testing commit 989b0ff35fe5fc9652ee5bafbe8483db6f27b137 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7868d81f6c7915ae56dafdba307240f2ee92dc2897a2dd940751975143c2e2b0 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: BUG: scheduling while atomic in bit_wait_io run #9: OK representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP] # git bisect good 989b0ff35fe5fc9652ee5bafbe8483db6f27b137 Bisecting: 0 revisions left to test after this (roughly 1 step) [95b7476f6f68d725c474e3348e89436b0abde62a] bpf: Do cleanup in bpf_bprintf_cleanup only when needed determine whether the revision contains the guilty commit revision d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c crashed and is reachable testing commit 95b7476f6f68d725c474e3348e89436b0abde62a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0824d160d82f6584e3c4803a61faa3a51d58140654cbade72cd116ba527439ae all runs: OK false negative chance: 0.000 # git bisect bad 95b7476f6f68d725c474e3348e89436b0abde62a Bisecting: 0 revisions left to test after this (roughly 0 steps) [f7bbad9561f32dda2c13f6c4d0ca77d301f1c123] bpf: Add struct for bin_args arg in bpf_bprintf_prepare determine whether the revision contains the guilty commit revision a943c7fbdfebb35a0f58fff94c018ee0e7b3482c crashed and is reachable testing commit f7bbad9561f32dda2c13f6c4d0ca77d301f1c123 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a8676645063e09bf8276d5659c4afc8b0f3d47e595e50874fca7b34d93955b1c run #0: crashed: BUG: scheduling while atomic in bit_wait_io run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #2: crashed: BUG: scheduling while atomic in do_task_dead run #3: crashed: BUG: scheduling while atomic in do_task_dead run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop run #8: crashed: BUG: scheduling while atomic in bit_wait_io run #9: OK representative crash: BUG: scheduling while atomic in bit_wait_io, types: [ATOMIC_SLEEP] # git bisect good f7bbad9561f32dda2c13f6c4d0ca77d301f1c123 95b7476f6f68d725c474e3348e89436b0abde62a is the first bad commit commit 95b7476f6f68d725c474e3348e89436b0abde62a Author: Jiri Olsa Date: Thu Dec 15 22:44:29 2022 +0100 bpf: Do cleanup in bpf_bprintf_cleanup only when needed commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream. Currently we always cleanup/decrement bpf_bprintf_nest_level variable in bpf_bprintf_cleanup if it's > 0. There's possible scenario where this could cause a problem, when bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0) and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level variable, like: in task context: bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1' -> first irq : bpf_bprintf_prepare(num_args == 0) bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0' -> second irq: bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1 gets same buffer as task context above Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we got bin_args data in the first place. Signed-off-by: Jiri Olsa Signed-off-by: Daniel Borkmann Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo Signed-off-by: Greg Kroah-Hartman include/linux/bpf.h | 2 +- kernel/bpf/helpers.c | 16 +++++++++------- kernel/trace/bpf_trace.c | 6 +++--- 3 files changed, 13 insertions(+), 11 deletions(-) accumulated error probability: 0.00 culprit signature: 0824d160d82f6584e3c4803a61faa3a51d58140654cbade72cd116ba527439ae parent signature: a8676645063e09bf8276d5659c4afc8b0f3d47e595e50874fca7b34d93955b1c revisions tested: 21, total time: 5h24m11.323638352s (build: 1h25m43.018646276s, test: 3h51m22.849992328s) first good commit: 95b7476f6f68d725c474e3348e89436b0abde62a bpf: Do cleanup in bpf_bprintf_cleanup only when needed recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"] recipients (cc): []