ci2 starts bisection 2024-08-08 10:03:53.346523407 +0000 UTC m=+32393.023778822
bisecting fixing commit since 274e3e96961da98fd615b0bac6b08c8cd06ad615
building syzkaller on 94b087b1f1dce14942bc35bb35a8f58e57b1fc63
ensuring issue is reproducible on original commit 274e3e96961da98fd615b0bac6b08c8cd06ad615

testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 96fa4f9df0017159f5ab41167cd56e0c3639c688288512971e9fcd223ecf4da7
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in futex_wait_queue
run #4: crashed: BUG: scheduling while atomic in kernfs_iop_permission
run #5: crashed: BUG: scheduling while atomic in usbhid_close
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in do_epoll_wait
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #13: crashed: BUG: scheduling while atomic in wait_for_common
run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #15: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #16: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
check whether we can drop unnecessary instrumentation
disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed
testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ac0d6bbe0f648fcb18565acf3764e1032dbdc0b9ef9bc5770c4c44df7fe566a6
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in kernfs_remove_by_name_ns
run #2: crashed: BUG: scheduling while atomic in kernfs_find_and_get_ns
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in __skb_wait_for_more_packets
run #9: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
kconfig minimization: base=5179 full=6494 leaves diff=257
split chunks (needed=false): <257>
split chunk #0 of len 257 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: caa9208ea7a9dc338cbb36f5688653f911cdd319c176a4e2f4054d925b73d121
run #0: crashed: BUG: scheduling while atomic in wait_for_common
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: BUG: scheduling while atomic in wait_for_common, types: [ATOMIC_SLEEP]
testing without sub-chunk 2/5
disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d22c1118086930c0194caf8483a4c231941d4229e925c7a48ff30d69592de725
run #0: crashed: BUG: scheduling while atomic in wait_for_common
run #1: crashed: BUG: scheduling while atomic in wait_for_common
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: workqueue leaked lock or atomic in hub_event
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in wait_for_common, types: [ATOMIC_SLEEP]
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0a3b5a77a59652877e4b504d6e8b079650de8f497779d0ab70456f5d0a24058e
run #0: crashed: BUG: scheduling while atomic in wait_for_common
run #1: crashed: BUG: scheduling while atomic in input_register_device
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in do_epoll_wait
run #7: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #8: crashed: BUG: scheduling while atomic in wait_for_common
run #9: crashed: BUG: scheduling while atomic in wait_for_common
run #10: crashed: BUG: scheduling while atomic in wait_for_common
run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #12: crashed: BUG: using __this_cpu_read() in preemptible code in blk_cgroup_bio_start
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in wait_for_common, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4292277c39a91cdbab7a891dbf2fee9dfb4e28c26d1e2440c515a851ca20de27
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in usbhid_close
run #10: crashed: BUG: scheduling while atomic in wait_for_common
run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #12: crashed: BUG: scheduling while atomic in do_epoll_wait
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 274e3e96961da98fd615b0bac6b08c8cd06ad615 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e9e92cf22af092e5c3b4dd61f0f22a40adfc9bbb50ef1a132d72384933a4c962
run #0: crashed: BUG: scheduling while atomic in __skb_wait_for_more_packets
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #13: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #15: OK
run #16: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in __skb_wait_for_more_packets, types: [ATOMIC_SLEEP]
the chunk can be dropped
minimized to 104 configs; suspects: [ARCH_HAS_CPU_FINALIZE_INIT CFG80211 CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS COMMON_CLK DEBUG_INFO_BTF_MODULES DRAGONRISE_FF DRM DRM_BRIDGE DRM_GEM_SHMEM_HELPER DRM_KMS_HELPER DRM_NOMODESET DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_ORIENTATION_QUIRKS DRM_TTM DRM_VIRTIO_GPU DUMMY_CONSOLE DVB_CORE FB FB_CMDLINE FB_DEFERRED_IO FB_NOTIFY FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_FOPS FB_SYS_IMAGEBLIT GPIOLIB_IRQCHIP GREENASIA_FF HAVE_CLK_PREPARE HDMI HIBERNATION_COMP_LZO HID_A4TECH HID_ACRUX HID_ACRUX_FF HID_APPLEIR HID_AUREAL HID_BELKIN HID_BETOP_FF HID_CHERRY HID_CHICONY HID_CP2112 HID_CYPRESS HID_DRAGONRISE HID_ELO HID_EMS_FF HID_EZKEY HID_GREENASIA HID_GT683R HID_GYRATION HID_HOLTEK HID_ICADE HID_ITE HID_KENSINGTON HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_MONTEREY HID_NTI HID_NTRIG HID_ORTEK HID_PANTHERLORD HID_PENMOUNT HID_PETALYNX HID_PICOLCD_FB HID_PICOLCD_LEDS HID_PID HID_PRIMAX HID_PRODIKEYS HID_RMI HID_SAITEK HID_SAMSUNG HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_HUB HID_SPEEDLINK HID_STEELSERIES HID_SUNPLUS HID_THINGM HID_TIVO HID_TOPSEED HID_TWINHAN HID_WALTOP HID_XINMO HID_ZYDACRON HOLTEK_FF HOTPLUG_PCI HWMON HW_CONSOLE I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_MUX INPUT_JOYSTICK INPUT_LEDS INPUT_MOUSE INPUT_TOUCHSCREEN INTEGRITY INTEGRITY_AUDIT JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL LCD_CLASS_DEVICE LOCK_MM_AND_FIND_VMA LOGIG940_FF LOGIRUMBLEPAD2_FF LOGITECH_FF LOGIWHEELS_FF MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_TUNER MFD_CORE NETFILTER_FAMILY_BRIDGE NET_DEVLINK NOP_USB_XCEIV PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PANTHERLORD_FF RFKILL SND SOUND VT WIRELESS]
disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing current HEAD 99d09135c4ef79052226a4d6dd2a714cca3bec0e
testing commit 99d09135c4ef79052226a4d6dd2a714cca3bec0e gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3251e0836a8c650143b0cc62a55f707b2d612a246cbb043ad9e0118d4cdd46c4
all runs: OK
false negative chance: 0.000
# git bisect start 99d09135c4ef79052226a4d6dd2a714cca3bec0e 274e3e96961da98fd615b0bac6b08c8cd06ad615
Bisecting: 1332 revisions left to test after this (roughly 10 steps)
[216712c69846f197cba22e8359825033c283abd2] mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function

determine whether the revision contains the guilty commit
checking the merge base 883d1a9562083922c6d293e9adad8cca4626adf3
no existing result, test the revision
testing commit 883d1a9562083922c6d293e9adad8cca4626adf3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f17a72e5425e7db1715e126ae8642a765cd9cd256c5737cc5d91f48dbbea7203
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in do_epoll_wait
run #2: crashed: BUG: scheduling while atomic in devtmpfs_work_loop
run #3: crashed: BUG: scheduling while atomic in wait_for_common
run #4: crashed: BUG: scheduling while atomic in wait_for_common
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #6: crashed: BUG: scheduling while atomic in wait_for_common
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #8: crashed: BUG: scheduling while atomic in wait_for_common
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
testing commit 216712c69846f197cba22e8359825033c283abd2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9aef9130ddecaa7fec6f204fb6156b56840b71bc90aba6b3873786c3fbe37b24
all runs: OK
false negative chance: 0.000
# git bisect bad 216712c69846f197cba22e8359825033c283abd2
Bisecting: 665 revisions left to test after this (roughly 9 steps)
[380aeff204b903502582019ff067caccbd3399b3] smb: client: fix parsing of SMB3.1.1 POSIX create context

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 380aeff204b903502582019ff067caccbd3399b3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0d2970b93df781ff0206eb72def635aa8dd07ced18e14c1583b5dd2e769ea666
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #2: crashed: BUG: workqueue leaked lock or atomic in bpf_map_free_deferred
run #3: crashed: BUG: scheduling while atomic in do_epoll_wait
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in kernfs_activate
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #7: crashed: BUG: scheduling while atomic in usbhid_stop
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_loop, types: [ATOMIC_SLEEP]
# git bisect good 380aeff204b903502582019ff067caccbd3399b3
Bisecting: 332 revisions left to test after this (roughly 8 steps)
[2e47116315a08bd5fa451bbeb66cb14ffc3f0de1] x86/boot/compressed: Move startup32_load_idt() into .text section

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 2e47116315a08bd5fa451bbeb66cb14ffc3f0de1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c5dc0724920a8449e905796a9a0611ebf2d525cfacf43ba4366fcb430bf8815a
all runs: OK
false negative chance: 0.000
# git bisect bad 2e47116315a08bd5fa451bbeb66cb14ffc3f0de1
Bisecting: 166 revisions left to test after this (roughly 7 steps)
[729bc77af438a6e67914c97f6f3d3af8f72c0131] dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().

determine whether the revision contains the guilty commit
revision 380aeff204b903502582019ff067caccbd3399b3 crashed and is reachable
testing commit 729bc77af438a6e67914c97f6f3d3af8f72c0131 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2bf004c3cb9787eab5d2f608d30d00babd7bea5a2a816b0d626cc63a7d3b6695
all runs: OK
false negative chance: 0.000
# git bisect bad 729bc77af438a6e67914c97f6f3d3af8f72c0131
Bisecting: 82 revisions left to test after this (roughly 6 steps)
[6ed6cdbe88334ca3430c5aee7754dc4597498dfb] fs/ntfs3: Fix oob in ntfs_listxattr

determine whether the revision contains the guilty commit
revision 380aeff204b903502582019ff067caccbd3399b3 crashed and is reachable
testing commit 6ed6cdbe88334ca3430c5aee7754dc4597498dfb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: de9629ad63ee8c510ce72e136c0b4e44f8b9188518b4825922e97b643e80e8e0
all runs: OK
false negative chance: 0.000
# git bisect bad 6ed6cdbe88334ca3430c5aee7754dc4597498dfb
Bisecting: 41 revisions left to test after this (roughly 5 steps)
[f48a6eb2e5e88c7548a8f20f6ad8131b06427655] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers

determine whether the revision contains the guilty commit
revision 380aeff204b903502582019ff067caccbd3399b3 crashed and is reachable
testing commit f48a6eb2e5e88c7548a8f20f6ad8131b06427655 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 07245f3699761255343b86bb446e8ea58036ea3deae843281684361a9b1516a1
all runs: OK
false negative chance: 0.000
# git bisect bad f48a6eb2e5e88c7548a8f20f6ad8131b06427655
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[09038f47e45cd5dbb02315db2134403a6b160ceb] net/sched: Retire ATM qdisc

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 09038f47e45cd5dbb02315db2134403a6b160ceb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b88b6c9df5b9b7da3853ee7ec75f1c31aa2b377670aa7854d1d10e5c8cf95fd3
all runs: OK
false negative chance: 0.000
# git bisect bad 09038f47e45cd5dbb02315db2134403a6b160ceb
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[24ec7504a08a67247fbe798d1de995208a8c128a] sched/membarrier: reduce the ability to hammer on sys_membarrier

determine whether the revision contains the guilty commit
revision 380aeff204b903502582019ff067caccbd3399b3 crashed and is reachable
testing commit 24ec7504a08a67247fbe798d1de995208a8c128a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f1098f64161379655590822acf410e1ff2d0e130ffa9a2fdf6645d63c2db78b5
all runs: OK
false negative chance: 0.000
# git bisect bad 24ec7504a08a67247fbe798d1de995208a8c128a
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[a160c3293a1cce15d5bb1e5886480d7d416b7353] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit a160c3293a1cce15d5bb1e5886480d7d416b7353 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0ec7c49d8c9fdebc228b8b93e3e9712e29a546a268a1524c2d8be21073262de0
all runs: OK
false negative chance: 0.000
# git bisect bad a160c3293a1cce15d5bb1e5886480d7d416b7353
Bisecting: 2 revisions left to test after this (roughly 1 step)
[f7bbad9561f32dda2c13f6c4d0ca77d301f1c123] bpf: Add struct for bin_args arg in bpf_bprintf_prepare

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit f7bbad9561f32dda2c13f6c4d0ca77d301f1c123 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9fc920f4631b89d4fd0d7821949768fa6cc3ba99ec9843074bbd020f9c216a95
run #0: crashed: BUG: scheduling while atomic in wait_for_common
run #1: crashed: BUG: scheduling while atomic in wait_for_common
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
run #5: crashed: BUG: scheduling while atomic in wait_for_common
run #6: crashed: BUG: scheduling while atomic in wait_for_common
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in wait_for_common, types: [ATOMIC_SLEEP]
# git bisect good f7bbad9561f32dda2c13f6c4d0ca77d301f1c123
Bisecting: 0 revisions left to test after this (roughly 1 step)
[f3e975828636794a9d4cc27adb14a2f66592d414] bpf: Remove trace_printk_lock

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit f3e975828636794a9d4cc27adb14a2f66592d414 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2bb4b9e366d83407ede0bd336a36686cf7fde18ccd82d0e7af3584a90b2f56fe
all runs: OK
false negative chance: 0.000
# git bisect bad f3e975828636794a9d4cc27adb14a2f66592d414
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[95b7476f6f68d725c474e3348e89436b0abde62a] bpf: Do cleanup in bpf_bprintf_cleanup only when needed

determine whether the revision contains the guilty commit
revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable
testing commit 95b7476f6f68d725c474e3348e89436b0abde62a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: dda0f0ec8b7c8b6697570bae738015e0991e8a7019dd1d798399104abea2820d
all runs: OK
false negative chance: 0.000
# git bisect bad 95b7476f6f68d725c474e3348e89436b0abde62a
95b7476f6f68d725c474e3348e89436b0abde62a is the first bad commit
commit 95b7476f6f68d725c474e3348e89436b0abde62a
Author: Jiri Olsa <jolsa@kernel.org>
Date:   Thu Dec 15 22:44:29 2022 +0100

    bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    
    commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
    
    Currently we always cleanup/decrement bpf_bprintf_nest_level variable
    in bpf_bprintf_cleanup if it's > 0.
    
    There's possible scenario where this could cause a problem, when
    bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
    and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
    variable, like:
    
      in task context:
        bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
        -> first irq :
           bpf_bprintf_prepare(num_args == 0)
           bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
        -> second irq:
           bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
           gets same buffer as task context above
    
    Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
    got bin_args data in the first place.
    
    Signed-off-by: Jiri Olsa <jolsa@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/bpf.h      |  2 +-
 kernel/bpf/helpers.c     | 16 +++++++++-------
 kernel/trace/bpf_trace.c |  6 +++---
 3 files changed, 13 insertions(+), 11 deletions(-)

accumulated error probability: 0.00
culprit signature: dda0f0ec8b7c8b6697570bae738015e0991e8a7019dd1d798399104abea2820d
parent  signature: 9fc920f4631b89d4fd0d7821949768fa6cc3ba99ec9843074bbd020f9c216a95
reproducer is flaky (0.50 repro chance estimate)
revisions tested: 21, total time: 5h10m33.761188052s (build: 50m30.281690142s, test: 4h13m44.154079489s)
first good commit: 95b7476f6f68d725c474e3348e89436b0abde62a bpf: Do cleanup in bpf_bprintf_cleanup only when needed
recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"]
recipients (cc): []