ci2 starts bisection 2024-07-09 07:44:15.077925852 +0000 UTC m=+26520.954974025
bisecting fixing commit since 609541ba1afdca9e914cbef5ba00d3f5a32fd22a
building syzkaller on 4b6cdce677860b3e8fff642ac55b1da447119930
ensuring issue is reproducible on original commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a

testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: db98a727bd34cda146247a77c4ddcd0ff9b093c3561a9310b2d263a476e74bc1
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in futex_wait_queue
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in futex_wait_queue
run #7: crashed: BUG: scheduling while atomic in futex_wait_queue
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #10: crashed: BUG: scheduling while atomic in futex_wait_queue
run #11: crashed: UBSAN: array-index-out-of-bounds in bpf_bprintf_prepare
run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #13: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #15: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #16: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #18: crashed: BUG: scheduling while atomic in futex_wait_queue
run #19: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
check whether we can drop unnecessary instrumentation
disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed
testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ae85829ec357152b87a42377320a9e2589bcaf2e9b4ab19878e8bece35da8be4
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in futex_wait_queue
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in futex_wait_queue
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in futex_wait_queue
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
kconfig minimization: base=5179 full=6492 leaves diff=255
split chunks (needed=false): <255>
split chunk #0 of len 255 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7d7113f93a35959c84c789fc8c2f416eb7e1e958188929dcbb51abd9887f678f
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in futex_wait_queue
run #3: crashed: BUG: scheduling while atomic in futex_wait_queue
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in futex_wait_queue
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 69ec50903ccdb2a9c074af1682ea8b62de0009daed6ff75e1015e3a8a8d09451
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in futex_wait_queue
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed
testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a8ba43c32eb4e2011e366447129c4b7d083c56860701b3bde16c18ce24074d1e
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in futex_wait_queue
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 00c6017a63d8378622de27e7c8a168e9d0379235b46ce5e2921076ff8a83d064
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in futex_wait_queue
run #2: crashed: BUG: using smp_processor_id() in preemptible code in migrate_enable
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in futex_wait_queue
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in futex_wait_queue
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed
testing commit 609541ba1afdca9e914cbef5ba00d3f5a32fd22a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
failed building 609541ba1afdca9e914cbef5ba00d3f5a32fd22a: net/socket.c:1242: undefined reference to `wext_handle_ioctl'
net/socket.c:3437: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:329: undefined reference to `wext_proc_init'
net/core/net-procfs.c:345: undefined reference to `wext_proc_exit'
minimized to 51 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF]
disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing current HEAD f6b99539f84bb4c327e041fcd12d78544ef09bf5
testing commit f6b99539f84bb4c327e041fcd12d78544ef09bf5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d380722fe128c8442f7c674d4ec756a8ce30d2069e3a0d6a3244bc11ce07d30e
all runs: OK
false negative chance: 0.000
# git bisect start f6b99539f84bb4c327e041fcd12d78544ef09bf5 609541ba1afdca9e914cbef5ba00d3f5a32fd22a
Bisecting: 1097 revisions left to test after this (roughly 10 steps)
[6632e19acbdcf16603fdd632fcf20f3126d390a9] ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able

determine whether the revision contains the guilty commit
checking the merge base 883d1a9562083922c6d293e9adad8cca4626adf3
no existing result, test the revision
testing commit 883d1a9562083922c6d293e9adad8cca4626adf3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f706bb96aa51dd58bcbafc4547c8b2e6fb867787e23ca999b25eebb795b51b69
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in futex_wait
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in futex_wait
run #7: crashed: BUG: scheduling while atomic in futex_wait
run #8: crashed: BUG: scheduling while atomic in futex_wait
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
testing commit 6632e19acbdcf16603fdd632fcf20f3126d390a9 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 02c8c10f51a9876776b1e695c91cac2de9278c17bc6a526e91f6e70cc2ef543a
all runs: OK
false negative chance: 0.000
# git bisect bad 6632e19acbdcf16603fdd632fcf20f3126d390a9
Bisecting: 548 revisions left to test after this (roughly 9 steps)
[6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0] scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f4a60ffff6ad170bcdffec162a6c8f1587c771cee2fdc8d2d1280baf5a5b6fc1
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in futex_wait
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
# git bisect good 6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0
Bisecting: 274 revisions left to test after this (roughly 8 steps)
[47e93d2f286eb062175ee1d89128887f0a2e8dc5] iommufd/iova_bitmap: Consider page offset for the pages to be pinned

determine whether the revision contains the guilty commit
revision 6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0 crashed and is reachable
testing commit 47e93d2f286eb062175ee1d89128887f0a2e8dc5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 743ec687ba6fa3df6234e2c92423d479f38ab64b959fab2f2120425b630dbb51
all runs: basic kernel testing failed: lost connection to test machine
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
# git bisect skip 47e93d2f286eb062175ee1d89128887f0a2e8dc5
Bisecting: 274 revisions left to test after this (roughly 8 steps)
[8f626221e5fa89134515d358e7d614609b612a5c] of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 8f626221e5fa89134515d358e7d614609b612a5c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2b109fdd56d3f9da1169c8fd05ff73b620320105811f1055b46e6e873dd7ed99
all runs: basic kernel testing failed: lost connection to test machine
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
# git bisect skip 8f626221e5fa89134515d358e7d614609b612a5c
Bisecting: 274 revisions left to test after this (roughly 8 steps)
[429999729d4a85126cec4a1305db67d9a7774545] RDMA/irdma: Validate max_send_wr and max_recv_wr

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 429999729d4a85126cec4a1305db67d9a7774545 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2af40ae38999a7dce4f9c840791dabfc85c6b7ca59fb92d6aaf876ee83d1d772
all runs: OK
false negative chance: 0.000
# git bisect bad 429999729d4a85126cec4a1305db67d9a7774545
Bisecting: 133 revisions left to test after this (roughly 7 steps)
[6fd24675188d354b1cad47462969afa2ab09d819] mlxsw: spectrum_acl_tcam: Fix stack corruption

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 6fd24675188d354b1cad47462969afa2ab09d819 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 459031cb32f97f232cff0557a0e95ba429ad35d5f8720e58047502ddf9554902
all runs: OK
false negative chance: 0.000
# git bisect bad 6fd24675188d354b1cad47462969afa2ab09d819
Bisecting: 66 revisions left to test after this (roughly 6 steps)
[659311f593188a3d6c6adcb7d9316993f9431a91] irqchip/irq-brcmstb-l2: Add write memory barrier before exit

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 659311f593188a3d6c6adcb7d9316993f9431a91 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7888cb0f39c6662d9a4bded66ab64bd1188dbc64bdf26a8a4d8a5a9da16b8f41
run #0: crashed: BUG: scheduling while atomic in futex_wait
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in futex_wait, types: [ATOMIC_SLEEP]
# git bisect good 659311f593188a3d6c6adcb7d9316993f9431a91
Bisecting: 33 revisions left to test after this (roughly 5 steps)
[1b7b597a69bba6b0dec27845e5935e090b7c084c] wifi: mwifiex: add extra delay for firmware ready

determine whether the revision contains the guilty commit
revision 659311f593188a3d6c6adcb7d9316993f9431a91 crashed and is reachable
testing commit 1b7b597a69bba6b0dec27845e5935e090b7c084c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ca107599a95b7a022fe987a63dd51d3e6681f1eb727cd97645c203de3542bda1
all runs: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
# git bisect good 1b7b597a69bba6b0dec27845e5935e090b7c084c
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[380aeff204b903502582019ff067caccbd3399b3] smb: client: fix parsing of SMB3.1.1 POSIX create context

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 380aeff204b903502582019ff067caccbd3399b3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d16c7dbcff5bda7dbc581d9d6ec49c0ecf538a92e80b83031a718b95801c0ab5
run #0: crashed: BUG: scheduling while atomic in futex_wait
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in futex_wait, types: [ATOMIC_SLEEP]
# git bisect good 380aeff204b903502582019ff067caccbd3399b3
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[3c6cc62ce1265aa5623e2e1b29c0fe258bf6e232] locking: Introduce __cleanup() based infrastructure

determine whether the revision contains the guilty commit
revision 659311f593188a3d6c6adcb7d9316993f9431a91 crashed and is reachable
testing commit 3c6cc62ce1265aa5623e2e1b29c0fe258bf6e232 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5f3d2991ff7a351eb357bca5357256059a23a6e93e4159629c713a6382093aaf
all runs: OK
false negative chance: 0.000
# git bisect bad 3c6cc62ce1265aa5623e2e1b29c0fe258bf6e232
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[f3e975828636794a9d4cc27adb14a2f66592d414] bpf: Remove trace_printk_lock

determine whether the revision contains the guilty commit
revision 659311f593188a3d6c6adcb7d9316993f9431a91 crashed and is reachable
testing commit f3e975828636794a9d4cc27adb14a2f66592d414 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 237d8c2add76ddd7b17191c732017c5737a50c57da92a107f69c27eef27ff0af
all runs: OK
false negative chance: 0.000
# git bisect bad f3e975828636794a9d4cc27adb14a2f66592d414
Bisecting: 1 revision left to test after this (roughly 1 step)
[f7bbad9561f32dda2c13f6c4d0ca77d301f1c123] bpf: Add struct for bin_args arg in bpf_bprintf_prepare

determine whether the revision contains the guilty commit
revision 380aeff204b903502582019ff067caccbd3399b3 crashed and is reachable
testing commit f7bbad9561f32dda2c13f6c4d0ca77d301f1c123 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b9fb8e977f21a7b5025f4193c6e7024c34555f3a9cde36796a424444128a0de0
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in futex_wait
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
# git bisect good f7bbad9561f32dda2c13f6c4d0ca77d301f1c123
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[95b7476f6f68d725c474e3348e89436b0abde62a] bpf: Do cleanup in bpf_bprintf_cleanup only when needed

determine whether the revision contains the guilty commit
revision 6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0 crashed and is reachable
testing commit 95b7476f6f68d725c474e3348e89436b0abde62a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e9a4c33653c0d7a5813f02838f6f3af54d88380fc00599f42a65956fa3b8bb8a
all runs: OK
false negative chance: 0.000
# git bisect bad 95b7476f6f68d725c474e3348e89436b0abde62a
95b7476f6f68d725c474e3348e89436b0abde62a is the first bad commit
commit 95b7476f6f68d725c474e3348e89436b0abde62a
Author: Jiri Olsa <jolsa@kernel.org>
Date:   Thu Dec 15 22:44:29 2022 +0100

    bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    
    commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
    
    Currently we always cleanup/decrement bpf_bprintf_nest_level variable
    in bpf_bprintf_cleanup if it's > 0.
    
    There's possible scenario where this could cause a problem, when
    bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
    and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
    variable, like:
    
      in task context:
        bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
        -> first irq :
           bpf_bprintf_prepare(num_args == 0)
           bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
        -> second irq:
           bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
           gets same buffer as task context above
    
    Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
    got bin_args data in the first place.
    
    Signed-off-by: Jiri Olsa <jolsa@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/bpf.h      |  2 +-
 kernel/bpf/helpers.c     | 16 +++++++++-------
 kernel/trace/bpf_trace.c |  6 +++---
 3 files changed, 13 insertions(+), 11 deletions(-)

accumulated error probability: 0.00
culprit signature: e9a4c33653c0d7a5813f02838f6f3af54d88380fc00599f42a65956fa3b8bb8a
parent  signature: b9fb8e977f21a7b5025f4193c6e7024c34555f3a9cde36796a424444128a0de0
revisions tested: 21, total time: 4h36m53.069080431s (build: 54m57.545289806s, test: 3h34m43.266588432s)
first good commit: 95b7476f6f68d725c474e3348e89436b0abde62a bpf: Do cleanup in bpf_bprintf_cleanup only when needed
recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"]
recipients (cc): []