ci2 starts bisection 2024-07-07 15:00:30.51607723 +0000 UTC m=+194177.176566175 bisecting fixing commit since 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 building syzkaller on 34889ee3b09e7b4d381828377aa6173bfcc36cc7 ensuring issue is reproducible on original commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5b239eefc9cc3e58b08b2437f3526dc3f82821aff86db38be41aae1323d715d0 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #13: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #15: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #16: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #18: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #19: crashed: BUG: scheduling while atomic in _vm_unmap_aliases representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 139c0a5ce1c395b804317dc4cb2270fdb390f0f94afdc99a4493a99bb8cd2ea3 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #3: crashed: BUG: scheduling while atomic in synchronize_rcu_expedited run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #7: crashed: BUG: scheduling while atomic in do_task_dead run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP HANG], they are not needed kconfig minimization: base=4920 full=6160 leaves diff=242 split chunks (needed=false): <242> split chunk #0 of len 242 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 82f613a81aec4f5673299779868b92e1694fc9943ce156a3f579a53799d618c6 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #7: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1b52e1fe685415aa40a9bbd2fae36186ee306c74557f7db6422d5eb714eb72d run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #8: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0f930f55891433b9fcdccb9c7952869c4cf3d5ab7eabb9ba7ed2556deb8f4d39 run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #7: crashed: BUG: workqueue leaked lock or atomic in free_work run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #9: crashed: BUG: scheduling while atomic in _vm_unmap_aliases representative crash: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred, types: [UNKNOWN ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 501956513420dc5fad30e5ceb0be32329feeb458a5ff0364735c95ff76308755 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #6: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed testing commit 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4: net/socket.c:1191: undefined reference to `wext_handle_ioctl' net/socket.c:3385: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed testing current HEAD 9044d25b8ff5cb55bf57542a8457cd1e4e37646d testing commit 9044d25b8ff5cb55bf57542a8457cd1e4e37646d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fa937b3becb8683d3c34b8bf98b09b4e194082d34a122b171fe66a0354e095e1 all runs: OK false negative chance: 0.000 # git bisect start 9044d25b8ff5cb55bf57542a8457cd1e4e37646d 424f92bcbe8fa613ada7aec5ebe4ef434d5e50e4 Bisecting: 137 revisions left to test after this (roughly 7 steps) [47b6345ddb6cc83f2913ad5abe6ad12e4459ebf0] tools headers UAPI: Sync linux/fscrypt.h with the kernel sources determine whether the revision contains the guilty commit checking the merge base 458ce51d0356ee60c93f9f807d9827cf2a41643d no existing result, test the revision testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1415855d9bef229c125045fed83bd16b553e02d9fbaeb4f2178da1bb9531f1d0 run #0: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #4: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #5: crashed: BUG: scheduling while atomic in do_task_dead run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #7: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #8: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #9: crashed: BUG: scheduling while atomic in do_task_dead representative crash: BUG: scheduling while atomic in _vm_unmap_aliases, types: [ATOMIC_SLEEP] testing commit 47b6345ddb6cc83f2913ad5abe6ad12e4459ebf0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 178003611f81c4ae80c1c3f7c99a1db4fa0b02f23f5fb7a4fd440c55521ce649 all runs: OK false negative chance: 0.000 # git bisect bad 47b6345ddb6cc83f2913ad5abe6ad12e4459ebf0 Bisecting: 68 revisions left to test after this (roughly 6 steps) [a74270a1b7841e1a36795d1a044fda815d56c3ef] scsi: lpfc: Use unsigned type for num_sge determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit a74270a1b7841e1a36795d1a044fda815d56c3ef gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b46cb96d6c0c51455c1801bca1f71c3858556c5c1382efc8a7f8c9a0368955f5 all runs: OK false negative chance: 0.000 # git bisect bad a74270a1b7841e1a36795d1a044fda815d56c3ef Bisecting: 33 revisions left to test after this (roughly 5 steps) [f8dee8e4893c132019a0b5e804e081712dfa91e5] regulator: pwm-regulator: Add validity checks in continuous .get_voltage determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit f8dee8e4893c132019a0b5e804e081712dfa91e5 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9b51390df30cadb6d24d77ad71ecfdd33354ca3eb07d90f48cb252c0ccd6449b all runs: OK false negative chance: 0.000 # git bisect bad f8dee8e4893c132019a0b5e804e081712dfa91e5 Bisecting: 16 revisions left to test after this (roughly 4 steps) [0766e7317aab461889ae7fbb0da83fc70840f5ca] sched/rt: Disallow writing invalid values to sched_rt_period_us determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit 0766e7317aab461889ae7fbb0da83fc70840f5ca gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 64c6be4462c80e83a5c01898baa5345573636a3dd26ef67f77c63c0aaf9dde11 all runs: OK false negative chance: 0.000 # git bisect bad 0766e7317aab461889ae7fbb0da83fc70840f5ca Bisecting: 8 revisions left to test after this (roughly 3 steps) [ab2e127896a2432e2b0d02ea48e1c7e57278a5aa] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit ab2e127896a2432e2b0d02ea48e1c7e57278a5aa gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e2da13b74757c92da44bdb3d3272ce832a6454c1c4d83b409c671f69ed368af3 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #6: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #7: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #8: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #9: crashed: BUG: scheduling while atomic in do_task_dead representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP] # git bisect good ab2e127896a2432e2b0d02ea48e1c7e57278a5aa Bisecting: 4 revisions left to test after this (roughly 2 steps) [4bbb93ad84b32e6f2a80567e9d461fa5287770c0] bpf: Remove trace_printk_lock determine whether the revision contains the guilty commit revision ab2e127896a2432e2b0d02ea48e1c7e57278a5aa crashed and is reachable testing commit 4bbb93ad84b32e6f2a80567e9d461fa5287770c0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5f9daad214902a5d859d10720193106aff0c6a17f5787267562947c144057485 all runs: OK false negative chance: 0.000 # git bisect bad 4bbb93ad84b32e6f2a80567e9d461fa5287770c0 Bisecting: 1 revision left to test after this (roughly 1 step) [bcbaeb081ad846ae7f824ecf2df3d21de17608ea] bpf: Add struct for bin_args arg in bpf_bprintf_prepare determine whether the revision contains the guilty commit revision ab2e127896a2432e2b0d02ea48e1c7e57278a5aa crashed and is reachable testing commit bcbaeb081ad846ae7f824ecf2df3d21de17608ea gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8d44f777c8cca5b8955cefa3d7791e58d909afaecd04488f665fc38ea4a86fa1 run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare run #7: crashed: BUG: workqueue leaked lock or atomic in free_work run #8: crashed: BUG: scheduling while atomic in _vm_unmap_aliases run #9: crashed: BUG: scheduling while atomic in _vm_unmap_aliases representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP] # git bisect good bcbaeb081ad846ae7f824ecf2df3d21de17608ea Bisecting: 0 revisions left to test after this (roughly 0 steps) [4b349c55bbd33c8918dbac13876d6842af571505] bpf: Do cleanup in bpf_bprintf_cleanup only when needed determine whether the revision contains the guilty commit revision ab2e127896a2432e2b0d02ea48e1c7e57278a5aa crashed and is reachable testing commit 4b349c55bbd33c8918dbac13876d6842af571505 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 50912a7b37dc8e1f0f96275a747051bffaf29697b5ba06936647e8f5aedd29fc all runs: OK false negative chance: 0.000 # git bisect bad 4b349c55bbd33c8918dbac13876d6842af571505 4b349c55bbd33c8918dbac13876d6842af571505 is the first bad commit commit 4b349c55bbd33c8918dbac13876d6842af571505 Author: Jiri Olsa Date: Sat Feb 17 09:13:20 2024 -0300 bpf: Do cleanup in bpf_bprintf_cleanup only when needed commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream. Currently we always cleanup/decrement bpf_bprintf_nest_level variable in bpf_bprintf_cleanup if it's > 0. There's possible scenario where this could cause a problem, when bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0) and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level variable, like: in task context: bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1' -> first irq : bpf_bprintf_prepare(num_args == 0) bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0' -> second irq: bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1 gets same buffer as task context above Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we got bin_args data in the first place. Signed-off-by: Jiri Olsa Signed-off-by: Daniel Borkmann Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org [cascardo: there is no bpf_trace_vprintk in 5.15] Signed-off-by: Thadeu Lima de Souza Cascardo Signed-off-by: Greg Kroah-Hartman include/linux/bpf.h | 2 +- kernel/bpf/helpers.c | 16 +++++++++------- kernel/trace/bpf_trace.c | 4 ++-- 3 files changed, 12 insertions(+), 10 deletions(-) accumulated error probability: 0.00 culprit signature: 50912a7b37dc8e1f0f96275a747051bffaf29697b5ba06936647e8f5aedd29fc parent signature: 8d44f777c8cca5b8955cefa3d7791e58d909afaecd04488f665fc38ea4a86fa1 revisions tested: 16, total time: 4h21m12.818776742s (build: 1h14m36.021173318s, test: 3h2m56.822740491s) first good commit: 4b349c55bbd33c8918dbac13876d6842af571505 bpf: Do cleanup in bpf_bprintf_cleanup only when needed recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"] recipients (cc): []