ci2 starts bisection 2024-08-12 20:20:20.260424624 +0000 UTC m=+36786.690065503
bisecting fixing commit since dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d
building syzkaller on 34889ee3b09e7b4d381828377aa6173bfcc36cc7
ensuring issue is reproducible on original commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d

testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 090ee43e22407b27e5c4544b3b1c231db8eb5c3ccdb5f0c6640aeaa340e83276
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in do_nanosleep
run #3: crashed: BUG: scheduling while atomic in do_nanosleep
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in do_nanosleep
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #11: crashed: BUG: scheduling while atomic in do_nanosleep
run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #13: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #15: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #16: crashed: BUG: scheduling while atomic in do_nanosleep
run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #18: crashed: BUG: scheduling while atomic in do_nanosleep
run #19: crashed: BUG: scheduling while atomic in do_nanosleep
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
check whether we can drop unnecessary instrumentation
disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed
testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c041c4dd1cd85141cd53337d852d47ba3344f243430d4d37c73eb428dbd9ce21
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in do_nanosleep
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the bug reproduces without the instrumentation
disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed
kconfig minimization: base=5179 full=6494 leaves diff=257
split chunks (needed=false): <257>
split chunk #0 of len 257 into 5 parts
testing without sub-chunk 1/5
disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed
testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d33839a78c16aa3bc4f27236285afbef983fd651bc0b1beaf1ec72b62fce21f0
run #0: crashed: BUG: scheduling while atomic in do_nanosleep
run #1: crashed: BUG: scheduling while atomic in do_nanosleep
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in do_nanosleep
run #6: crashed: BUG: scheduling while atomic in do_nanosleep
run #7: crashed: BUG: scheduling while atomic in do_nanosleep
run #8: crashed: BUG: scheduling while atomic in do_nanosleep
run #9: crashed: BUG: scheduling while atomic in do_nanosleep
representative crash: BUG: scheduling while atomic in do_nanosleep, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3d4d9f5a2d98bbddb0f67545870c6bccc6407c4c6641186e02ef11f9374ab523
run #0: crashed: BUG: scheduling while atomic in do_nanosleep
run #1: crashed: BUG: scheduling while atomic in do_nanosleep
run #2: crashed: BUG: scheduling while atomic in do_nanosleep
run #3: crashed: BUG: scheduling while atomic in do_nanosleep
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in do_nanosleep
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in do_nanosleep
run #9: crashed: BUG: scheduling while atomic in do_nanosleep
representative crash: BUG: scheduling while atomic in do_nanosleep, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed
testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4ea2ba1140464a9897d8b247993bb5bd9f47f04bdc13ea4ecfd25b15d2c5092d
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in do_nanosleep
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in do_nanosleep
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in do_nanosleep
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: efd891f792f39d676b970d4b2d4c10a09cc71e912715386bbd4d503be065e766
run #0: crashed: BUG: scheduling while atomic in do_nanosleep
run #1: crashed: BUG: scheduling while atomic in do_nanosleep
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in do_nanosleep
run #6: crashed: BUG: scheduling while atomic in do_nanosleep
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in do_nanosleep
representative crash: BUG: scheduling while atomic in do_nanosleep, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
failed building dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d: net/socket.c:1245: undefined reference to `wext_handle_ioctl'
net/socket.c:3442: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:329: undefined reference to `wext_proc_init'
net/core/net-procfs.c:345: undefined reference to `wext_proc_exit'
minimized to 49 configs; suspects: [HID_ZEROPLUS USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF]
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing current HEAD 79436849ef1d9468c94af4c5b45478217aa9030d
testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5372fadaf08acb93d9968078bcfe5584b3ac6fb0aba3590f341093300fb2681a
all runs: OK
false negative chance: 0.000
# git bisect start 79436849ef1d9468c94af4c5b45478217aa9030d dd875b63669a9a0b7b3fbbcd66d9456aa3f73a2d
Bisecting: 1321 revisions left to test after this (roughly 10 steps)
[28b43ec7e4c00645efec8f7d239d649dfd6f71e7] ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address

determine whether the revision contains the guilty commit
checking the merge base 883d1a9562083922c6d293e9adad8cca4626adf3
no existing result, test the revision
testing commit 883d1a9562083922c6d293e9adad8cca4626adf3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 39c66a2d53f3572a3912ae33a26b41b6d6dcfa0bc3fb632a623fa6ff032d3c05
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in do_nanosleep
run #6: crashed: BUG: scheduling while atomic in do_nanosleep
run #7: crashed: BUG: scheduling while atomic in do_nanosleep
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
testing commit 28b43ec7e4c00645efec8f7d239d649dfd6f71e7 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bde2c0abe5d485f2065e7f23c41cf1cd8391d5fd40048e87bb33600070294b65
all runs: OK
false negative chance: 0.000
# git bisect bad 28b43ec7e4c00645efec8f7d239d649dfd6f71e7
Bisecting: 660 revisions left to test after this (roughly 9 steps)
[e4cf8941664cae2f89f0189c29fe2ce8c6be0d03] nfsd: fix RELEASE_LOCKOWNER

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7de33803950eeb64cdeba93701e55275a27f8bece76bc63a8de18357b3f5faf6
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in futex_wait
run #5: crashed: BUG: scheduling while atomic in do_nanosleep
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
# git bisect good e4cf8941664cae2f89f0189c29fe2ce8c6be0d03
Bisecting: 330 revisions left to test after this (roughly 8 steps)
[d8950e8e20e006c8cbc4cc1ff81c35921053a8a2] x86/boot/compressed: Move bootargs parsing out of 32-bit startup code

determine whether the revision contains the guilty commit
revision e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 crashed and is reachable
testing commit d8950e8e20e006c8cbc4cc1ff81c35921053a8a2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1f36f3e6ab7bd20f3bb93d39e02ea60e92736d75050a28489cad42bbd17bd835
all runs: OK
false negative chance: 0.000
# git bisect bad d8950e8e20e006c8cbc4cc1ff81c35921053a8a2
Bisecting: 164 revisions left to test after this (roughly 7 steps)
[a9409d33af61c8c7f58540aaca8abf12c0c99589] RDMA/srpt: fix function pointer cast warnings

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit a9409d33af61c8c7f58540aaca8abf12c0c99589 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 746624f1d1ac830772d4373b0aa2fc6a95216d68c9712d609e3929c4bcb0e4a7
all runs: OK
false negative chance: 0.000
# git bisect bad a9409d33af61c8c7f58540aaca8abf12c0c99589
Bisecting: 82 revisions left to test after this (roughly 6 steps)
[50545eb6cd5f7ff852a01fa29b7372524ef948cc] fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 50545eb6cd5f7ff852a01fa29b7372524ef948cc gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fef531443acfd327a023f90250ab673b3de8dd11f5670f77ff9616352f282b7a
all runs: OK
false negative chance: 0.000
# git bisect bad 50545eb6cd5f7ff852a01fa29b7372524ef948cc
Bisecting: 40 revisions left to test after this (roughly 5 steps)
[8fc80874103a5c20aebdc2401361aa01c817f75b] block: Fix WARNING in _copy_from_iter

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 8fc80874103a5c20aebdc2401361aa01c817f75b gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d55ef08cf831715c88cddc7a8aebfdcfea9a8d16a33b4e120724069efe635004
all runs: OK
false negative chance: 0.000
# git bisect bad 8fc80874103a5c20aebdc2401361aa01c817f75b
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[d028cc6d235fb0fe919bf20d785c4c7dd4eab7a9] arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata

determine whether the revision contains the guilty commit
revision e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 crashed and is reachable
testing commit d028cc6d235fb0fe919bf20d785c4c7dd4eab7a9 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 87c4eb576fc96f42be87480294073847008f89ce414048b32db8b9ba38f7fc3e
all runs: OK
false negative chance: 0.000
# git bisect bad d028cc6d235fb0fe919bf20d785c4c7dd4eab7a9
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[a160c3293a1cce15d5bb1e5886480d7d416b7353] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit a160c3293a1cce15d5bb1e5886480d7d416b7353 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e3f4a274b4086bb31fb9515ce127628d3374a40248a1c68d767f040bea211f07
all runs: OK
false negative chance: 0.000
# git bisect bad a160c3293a1cce15d5bb1e5886480d7d416b7353
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[380aeff204b903502582019ff067caccbd3399b3] smb: client: fix parsing of SMB3.1.1 POSIX create context

determine whether the revision contains the guilty commit
revision e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 crashed and is reachable
testing commit 380aeff204b903502582019ff067caccbd3399b3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 349a6ba5e348ef1b152eaa4e516d3ca96b935b0afc67451a34a3400638be41b8
run #0: crashed: BUG: scheduling while atomic in do_nanosleep
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in do_nanosleep
run #3: crashed: BUG: scheduling while atomic in do_nanosleep
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in do_nanosleep
representative crash: BUG: scheduling while atomic in do_nanosleep, types: [ATOMIC_SLEEP]
# git bisect good 380aeff204b903502582019ff067caccbd3399b3
Bisecting: 2 revisions left to test after this (roughly 1 step)
[f7bbad9561f32dda2c13f6c4d0ca77d301f1c123] bpf: Add struct for bin_args arg in bpf_bprintf_prepare

determine whether the revision contains the guilty commit
revision e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 crashed and is reachable
testing commit f7bbad9561f32dda2c13f6c4d0ca77d301f1c123 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7cd77539e7d528c44d672f8ba94f5346c149630ded2798f34aa16f49dde960b1
run #0: crashed: BUG: scheduling while atomic in do_nanosleep
run #1: crashed: BUG: scheduling while atomic in do_nanosleep
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in do_nanosleep
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in do_nanosleep, types: [ATOMIC_SLEEP]
# git bisect good f7bbad9561f32dda2c13f6c4d0ca77d301f1c123
Bisecting: 0 revisions left to test after this (roughly 1 step)
[f3e975828636794a9d4cc27adb14a2f66592d414] bpf: Remove trace_printk_lock

determine whether the revision contains the guilty commit
revision 380aeff204b903502582019ff067caccbd3399b3 crashed and is reachable
testing commit f3e975828636794a9d4cc27adb14a2f66592d414 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 76a754da7fb447a72aac032ad5d0beab9cb805c563914729629d6458c25b590a
all runs: OK
false negative chance: 0.000
# git bisect bad f3e975828636794a9d4cc27adb14a2f66592d414
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[95b7476f6f68d725c474e3348e89436b0abde62a] bpf: Do cleanup in bpf_bprintf_cleanup only when needed

determine whether the revision contains the guilty commit
revision f7bbad9561f32dda2c13f6c4d0ca77d301f1c123 crashed and is reachable
testing commit 95b7476f6f68d725c474e3348e89436b0abde62a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ff694000cbd1c5abbd66c92a3dd90094fda2ebe9baab01c5420890949835e06e
all runs: OK
false negative chance: 0.000
# git bisect bad 95b7476f6f68d725c474e3348e89436b0abde62a
95b7476f6f68d725c474e3348e89436b0abde62a is the first bad commit
commit 95b7476f6f68d725c474e3348e89436b0abde62a
Author: Jiri Olsa <jolsa@kernel.org>
Date:   Thu Dec 15 22:44:29 2022 +0100

    bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    
    commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
    
    Currently we always cleanup/decrement bpf_bprintf_nest_level variable
    in bpf_bprintf_cleanup if it's > 0.
    
    There's possible scenario where this could cause a problem, when
    bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
    and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
    variable, like:
    
      in task context:
        bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
        -> first irq :
           bpf_bprintf_prepare(num_args == 0)
           bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
        -> second irq:
           bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
           gets same buffer as task context above
    
    Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
    got bin_args data in the first place.
    
    Signed-off-by: Jiri Olsa <jolsa@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/bpf.h      |  2 +-
 kernel/bpf/helpers.c     | 16 +++++++++-------
 kernel/trace/bpf_trace.c |  6 +++---
 3 files changed, 13 insertions(+), 11 deletions(-)

accumulated error probability: 0.00
culprit signature: ff694000cbd1c5abbd66c92a3dd90094fda2ebe9baab01c5420890949835e06e
parent  signature: 7cd77539e7d528c44d672f8ba94f5346c149630ded2798f34aa16f49dde960b1
revisions tested: 20, total time: 4h5m31.164369347s (build: 1h37m37.967969222s, test: 2h21m1.621143543s)
first good commit: 95b7476f6f68d725c474e3348e89436b0abde62a bpf: Do cleanup in bpf_bprintf_cleanup only when needed
recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"]
recipients (cc): []