ci2 starts bisection 2024-06-27 05:10:49.516866437 +0000 UTC m=+68823.620103333
bisecting fixing commit since 5d96939590c0122be2138255c921e57e3f78b7bd
building syzkaller on 4c0d3ee3f6ea306acf4d7ce817ef4e279ce73b65
ensuring issue is reproducible on original commit 5d96939590c0122be2138255c921e57e3f78b7bd

testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: af6b321a0f376b72b1be31cdb45c69f5375a9cd46aef7dc961ffa1f3086da38e
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in do_epoll_wait
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #12: crashed: BUG: workqueue leaked lock or atomic in destroy_list_workfn
run #13: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #14: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #15: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #16: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #18: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #19: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
check whether we can drop unnecessary instrumentation
disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6aef948f2e7b1a6a0a5d7912d0585bd69ef71488024912f241378e9da1a3089f
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: scheduling while atomic in futex_wait_queue_me
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: scheduling while atomic in do_epoll_wait
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP HANG], they are not needed
kconfig minimization: base=4920 full=6158 leaves diff=242
split chunks (needed=false): <242>
split chunk #0 of len 242 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8a6c6970b99324d37a7448fcd6273af41accdd6e73caafd6660a4dfa2bfaa2d1
run #0: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: scheduling while atomic in _vm_unmap_aliases, types: [ATOMIC_SLEEP UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ed03999917948bf44dea3d2a3cb0dfc736433ea1bcf70c613ca22dd6167020b6
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #9: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP HANG], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7f320d079e8df43a95bb53cd1681186eb6fc6b17a054677f127e46c2faeb4383
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #7: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #8: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #9: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cbe883267174bbe9df8d4cdcd27b683bd547c9addff020ae5879ce0e30575682
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
representative crash: BUG: scheduling while atomic in _vm_unmap_aliases, types: [ATOMIC_SLEEP UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed
testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 5d96939590c0122be2138255c921e57e3f78b7bd: net/socket.c:1191: undefined reference to `wext_handle_ioctl'
net/socket.c:3385: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed
testing current HEAD 9044d25b8ff5cb55bf57542a8457cd1e4e37646d
testing commit 9044d25b8ff5cb55bf57542a8457cd1e4e37646d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5e762b01ad03a55e579621e4356b7990f21fec49130da0901e02f018b0c895ab
all runs: OK
false negative chance: 0.000
# git bisect start 9044d25b8ff5cb55bf57542a8457cd1e4e37646d 5d96939590c0122be2138255c921e57e3f78b7bd
Bisecting: 164 revisions left to test after this (roughly 7 steps)
[85445b5a21071481c8caf4a0e443d28cee1c8388] Merge f4fab74cb83c ("serial: amba-pl011: Fix DMA transmission in RS485 mode") into android-mainline

determine whether the revision contains the guilty commit
revision 5d96939590c0122be2138255c921e57e3f78b7bd crashed and is reachable
testing commit 85445b5a21071481c8caf4a0e443d28cee1c8388 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b4ff787e083ea25db8f3e1d97557c7bd665701fa5541acbb3fd851ffbb4d05ef
all runs: OK
false negative chance: 0.000
# git bisect bad 85445b5a21071481c8caf4a0e443d28cee1c8388
Bisecting: 82 revisions left to test after this (roughly 6 steps)
[4deb8413eccb74e23c67d14cd62495c41acf68b4] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler

determine whether the revision contains the guilty commit
checking the merge base 458ce51d0356ee60c93f9f807d9827cf2a41643d
no existing result, test the revision
testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5b2667e68a03f1559d3622d75b9ee55e807222977e84801d23b3aba66ce9e724
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #7: crashed: BUG: scheduling while atomic in trace_set_clr_event
run #8: crashed: BUG: scheduling while atomic in trace_set_clr_event
run #9: crashed: BUG: scheduling while atomic in do_task_dead
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
testing commit 4deb8413eccb74e23c67d14cd62495c41acf68b4 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 526063097590d9d39d14b0c1f3541375998200262b84f43b48a9971d4b2f1aaa
all runs: OK
false negative chance: 0.000
# git bisect bad 4deb8413eccb74e23c67d14cd62495c41acf68b4
Bisecting: 40 revisions left to test after this (roughly 5 steps)
[75e34de642a3c42fd414782a0e53f8274562b56f] ALSA: usb-audio: Ignore clock selector errors for single connection

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 75e34de642a3c42fd414782a0e53f8274562b56f gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1efdd3882a3520b3694e87b0f2001021d00d7b695a2e4104ce1f704b179a2206
all runs: OK
false negative chance: 0.000
# git bisect bad 75e34de642a3c42fd414782a0e53f8274562b56f
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[37d82e6ac9b2c9ec2c41dc8bb1ab607f6601c54d] dmaengine: fsl-qdma: increase size of 'irq_name'

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 37d82e6ac9b2c9ec2c41dc8bb1ab607f6601c54d gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d5693da41690c7ad88fd341a7666278cc0ed0353d07768ccb5455074dca72871
all runs: OK
false negative chance: 0.000
# git bisect bad 37d82e6ac9b2c9ec2c41dc8bb1ab607f6601c54d
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[bcbaeb081ad846ae7f824ecf2df3d21de17608ea] bpf: Add struct for bin_args arg in bpf_bprintf_prepare

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit bcbaeb081ad846ae7f824ecf2df3d21de17608ea gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 299d915376246ce9cc842471064933668850e42e5f3951b768892d82f63b7f1b
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #4: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #8: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
run #9: crashed: BUG: scheduling while atomic in _vm_unmap_aliases
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
# git bisect good bcbaeb081ad846ae7f824ecf2df3d21de17608ea
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[8bd3eee7720c14b59a206bd05b98d7586bccf99a] x86/fpu: Stop relying on userspace for info to fault in xsave buffer

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 8bd3eee7720c14b59a206bd05b98d7586bccf99a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 348b2714a9c030a5d3bda6acf8c7e73ac0755ca75486e75f7b663de33d748f27
all runs: OK
false negative chance: 0.000
# git bisect bad 8bd3eee7720c14b59a206bd05b98d7586bccf99a
Bisecting: 2 revisions left to test after this (roughly 1 step)
[4bbb93ad84b32e6f2a80567e9d461fa5287770c0] bpf: Remove trace_printk_lock

determine whether the revision contains the guilty commit
revision bcbaeb081ad846ae7f824ecf2df3d21de17608ea crashed and is reachable
testing commit 4bbb93ad84b32e6f2a80567e9d461fa5287770c0 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 11e639f31787b41dd1ae6f27f786b9301d849084c7fb50535e3b6fd51601db08
all runs: OK
false negative chance: 0.000
# git bisect bad 4bbb93ad84b32e6f2a80567e9d461fa5287770c0
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[4b349c55bbd33c8918dbac13876d6842af571505] bpf: Do cleanup in bpf_bprintf_cleanup only when needed

determine whether the revision contains the guilty commit
revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable
testing commit 4b349c55bbd33c8918dbac13876d6842af571505 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 37f57ff16c1db70970cef337aee835deddf8f6401637aa62791d76ae78848944
all runs: OK
false negative chance: 0.000
# git bisect bad 4b349c55bbd33c8918dbac13876d6842af571505
4b349c55bbd33c8918dbac13876d6842af571505 is the first bad commit
commit 4b349c55bbd33c8918dbac13876d6842af571505
Author: Jiri Olsa <jolsa@kernel.org>
Date:   Sat Feb 17 09:13:20 2024 -0300

    bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    
    commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
    
    Currently we always cleanup/decrement bpf_bprintf_nest_level variable
    in bpf_bprintf_cleanup if it's > 0.
    
    There's possible scenario where this could cause a problem, when
    bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
    and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
    variable, like:
    
      in task context:
        bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
        -> first irq :
           bpf_bprintf_prepare(num_args == 0)
           bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
        -> second irq:
           bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
           gets same buffer as task context above
    
    Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
    got bin_args data in the first place.
    
    Signed-off-by: Jiri Olsa <jolsa@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
    [cascardo: there is no bpf_trace_vprintk in 5.15]
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/bpf.h      |  2 +-
 kernel/bpf/helpers.c     | 16 +++++++++-------
 kernel/trace/bpf_trace.c |  4 ++--
 3 files changed, 12 insertions(+), 10 deletions(-)

accumulated error probability: 0.00
culprit signature: 37f57ff16c1db70970cef337aee835deddf8f6401637aa62791d76ae78848944
parent  signature: 299d915376246ce9cc842471064933668850e42e5f3951b768892d82f63b7f1b
revisions tested: 16, total time: 3h8m37.384020354s (build: 30m28.783921236s, test: 2h34m58.830297525s)
first good commit: 4b349c55bbd33c8918dbac13876d6842af571505 bpf: Do cleanup in bpf_bprintf_cleanup only when needed
recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"]
recipients (cc): []