ci2 starts bisection 2024-06-12 00:32:20.573898798 +0000 UTC m=+23956.638201552
bisecting fixing commit since 993bed180178156a70afdafe8aaf23a117107352
building syzkaller on cf82cde132b42c09ac539191ca2dfdab5d810c93
ensuring issue is reproducible on original commit 993bed180178156a70afdafe8aaf23a117107352

testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b05429424f59a96f8bb50131e528a4e6bb1c07a1ed0ef397cefaa7a9e1525640
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in bit_wait_io
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #11: crashed: BUG: scheduling while atomic in futex_wait_queue_me
run #12: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #13: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #14: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #15: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #16: crashed: BUG: scheduling while atomic in do_task_dead
run #17: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #18: crashed: BUG: scheduling while atomic in do_task_dead
run #19: crashed: BUG: scheduling while atomic in do_task_dead
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
check whether we can drop unnecessary instrumentation
disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed
testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9161d991fa36263e238e37ef698eafe4722c819c05643fa74f102f46062ebdbc
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in do_task_dead
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in do_epoll_wait
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
kconfig minimization: base=4920 full=6159 leaves diff=242
split chunks (needed=false): <242>
split chunk #0 of len 242 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 69049a289c993913aa2c38b879422be3ffa999a6cd714096681cd1c039067ddc
run #0: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in do_epoll_wait
run #4: crashed: BUG: scheduling while atomic in do_task_dead
run #5: crashed: BUG: scheduling while atomic in do_task_dead
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed
testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 11d7bdfdc51936e9c2844b91915ee42426dbe52e05c101c7b0b93ed5760a7dd1
run #0: crashed: BUG: scheduling while atomic in do_epoll_wait
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in bit_wait_io
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: BUG: scheduling while atomic in do_epoll_wait, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 47b08b3da2347769474123e129517513f3d8943cddf397afd1e78a11b9ea81d3
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in bit_wait_io
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: OK
run #8: OK
run #9: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e6c36b2fcef0bc5b8ea3fa78a0d751b1897e0716f76d95cd3a949390dd5e4ea4
run #0: crashed: BUG: scheduling while atomic in pipe_read
run #1: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #4: crashed: BUG: workqueue leaked lock or atomic in bpf_prog_free_deferred
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: BUG: scheduling while atomic in pipe_read, types: [ATOMIC_SLEEP UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [UBSAN BUG KASAN LOCKDEP HANG LEAK], they are not needed
testing commit 993bed180178156a70afdafe8aaf23a117107352 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 993bed180178156a70afdafe8aaf23a117107352: net/socket.c:1191: undefined reference to `wext_handle_ioctl'
net/socket.c:3385: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD 79bd336c7a94039e3d325195b978a04f3b89d2f3
testing commit 79bd336c7a94039e3d325195b978a04f3b89d2f3 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1ffcc2d04008b42341420be939686a15526da75f2b67b04638f691791a4c00b5
all runs: OK
false negative chance: 0.000
# git bisect start 79bd336c7a94039e3d325195b978a04f3b89d2f3 993bed180178156a70afdafe8aaf23a117107352
Bisecting: 330 revisions left to test after this (roughly 8 steps)
[e2aaab6fcb16cfe62c2cc65f24344d13bac9400b] usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK

determine whether the revision contains the guilty commit
checking the merge base 6139f2a02fe0ac7a08389b4eb786e0c659039ddd
no existing result, test the revision
testing commit 6139f2a02fe0ac7a08389b4eb786e0c659039ddd gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 849ce64ea29d265f9abbcb8b4755d5c028fbfa0492a629286a26916f318ad451
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in do_nanosleep
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
testing commit e2aaab6fcb16cfe62c2cc65f24344d13bac9400b gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bc8905140a9a8020842d9eb58b7fe614a06535adbc7ade1a565e9296bf36dcd8
run #0: crashed: BUG: scheduling while atomic in do_task_dead
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in bit_wait_io
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: BUG: scheduling while atomic in do_task_dead, types: [ATOMIC_SLEEP]
# git bisect good e2aaab6fcb16cfe62c2cc65f24344d13bac9400b
Bisecting: 165 revisions left to test after this (roughly 7 steps)
[b4c13deff35929ff568bbb993b4a86f4961709e6] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers

determine whether the revision contains the guilty commit
revision 6139f2a02fe0ac7a08389b4eb786e0c659039ddd crashed and is reachable
testing commit b4c13deff35929ff568bbb993b4a86f4961709e6 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 21a57ca3601c77c9db80dd24d7ef9a9b19074fad8b6f6aaf7d2f806f70fdb101
all runs: OK
false negative chance: 0.000
# git bisect bad b4c13deff35929ff568bbb993b4a86f4961709e6
Bisecting: 82 revisions left to test after this (roughly 6 steps)
[99fa6d451d989fbefc615e12c76710922390bb1c] net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio

determine whether the revision contains the guilty commit
revision e2aaab6fcb16cfe62c2cc65f24344d13bac9400b crashed and is reachable
testing commit 99fa6d451d989fbefc615e12c76710922390bb1c gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6a0d023f72328e59eded31649f978c2e8b9b0810e8edfeb049c4d26f519a28ec
run #0: crashed: BUG: scheduling while atomic in bit_wait_io
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in do_task_dead
run #5: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in bit_wait_io, types: [ATOMIC_SLEEP]
# git bisect good 99fa6d451d989fbefc615e12c76710922390bb1c
Bisecting: 41 revisions left to test after this (roughly 5 steps)
[8fa90634ec3e9cc50f42dd605eec60f2d146ced8] nilfs2: fix potential bug in end_buffer_async_write

determine whether the revision contains the guilty commit
revision e2aaab6fcb16cfe62c2cc65f24344d13bac9400b crashed and is reachable
testing commit 8fa90634ec3e9cc50f42dd605eec60f2d146ced8 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e6d18b2e5603781ad6b4a1c8fadd664bbf4a048c2f14e04fe995166d2b348086
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in do_task_dead
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in do_task_dead
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in do_task_dead
run #8: crashed: BUG: scheduling while atomic in do_task_dead
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #10: crashed: BUG: scheduling while atomic in do_task_dead
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
# git bisect good 8fa90634ec3e9cc50f42dd605eec60f2d146ced8
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb] smb: client: fix parsing of SMB3.1.1 POSIX create context

determine whether the revision contains the guilty commit
revision 6139f2a02fe0ac7a08389b4eb786e0c659039ddd crashed and is reachable
testing commit ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c94554b08c55312fd5eec37f24d6c1d68c2331573b1ffba4d55b4e7b2cea4de5
run #0: crashed: BUG: scheduling while atomic in do_task_dead
run #1: crashed: BUG: scheduling while atomic in do_task_dead
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in bit_wait_io
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in do_task_dead, types: [ATOMIC_SLEEP]
# git bisect good ee0fb9baa7a4fc50ea710565da6f7a3139f5b3eb
Bisecting: 10 revisions left to test after this (roughly 3 steps)
[5295b5f2e5614bdaccb3eea1d1a73af8a8618877] sched/rt: Fix sysctl_sched_rr_timeslice intial value

determine whether the revision contains the guilty commit
revision 6139f2a02fe0ac7a08389b4eb786e0c659039ddd crashed and is reachable
testing commit 5295b5f2e5614bdaccb3eea1d1a73af8a8618877 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 419b48c96fef55c39c4565b220a51fdd754cc1e52627b347da15f38ddafabd80
all runs: OK
false negative chance: 0.000
# git bisect bad 5295b5f2e5614bdaccb3eea1d1a73af8a8618877
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[4b349c55bbd33c8918dbac13876d6842af571505] bpf: Do cleanup in bpf_bprintf_cleanup only when needed

determine whether the revision contains the guilty commit
revision e2aaab6fcb16cfe62c2cc65f24344d13bac9400b crashed and is reachable
testing commit 4b349c55bbd33c8918dbac13876d6842af571505 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 42c40e939c687661c39cb37806d0a5272cc66fc97215af1639dcb97f84f6ff78
all runs: OK
false negative chance: 0.000
# git bisect bad 4b349c55bbd33c8918dbac13876d6842af571505
Bisecting: 2 revisions left to test after this (roughly 1 step)
[ab2e127896a2432e2b0d02ea48e1c7e57278a5aa] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()

determine whether the revision contains the guilty commit
revision 8fa90634ec3e9cc50f42dd605eec60f2d146ced8 crashed and is reachable
testing commit ab2e127896a2432e2b0d02ea48e1c7e57278a5aa gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 978f10c8214c1dfedf5af9d7a087cc37186727eb67ccbffaa12c075a282da299
run #0: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in bit_wait_io
run #6: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in exit_to_user_mode_prepare, types: [ATOMIC_SLEEP]
# git bisect good ab2e127896a2432e2b0d02ea48e1c7e57278a5aa
Bisecting: 0 revisions left to test after this (roughly 1 step)
[bcbaeb081ad846ae7f824ecf2df3d21de17608ea] bpf: Add struct for bin_args arg in bpf_bprintf_prepare

determine whether the revision contains the guilty commit
revision e2aaab6fcb16cfe62c2cc65f24344d13bac9400b crashed and is reachable
testing commit bcbaeb081ad846ae7f824ecf2df3d21de17608ea gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bf889ee47061f7491660b733b0c853bfa0e654c8e195330bb347fc45f79b6bb7
run #0: crashed: BUG: scheduling while atomic in do_task_dead
run #1: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #2: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #3: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #4: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #5: crashed: BUG: scheduling while atomic in bit_wait_io
run #6: crashed: BUG: scheduling while atomic in bit_wait_io
run #7: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #8: crashed: BUG: scheduling while atomic in do_task_dead
run #9: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #10: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #11: crashed: BUG: scheduling while atomic in exit_to_user_mode_prepare
run #12: crashed: BUG: scheduling while atomic in do_task_dead
run #13: crashed: BUG: scheduling while atomic in unlink_anon_vmas
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: BUG: scheduling while atomic in do_task_dead, types: [ATOMIC_SLEEP]
# git bisect good bcbaeb081ad846ae7f824ecf2df3d21de17608ea
4b349c55bbd33c8918dbac13876d6842af571505 is the first bad commit
commit 4b349c55bbd33c8918dbac13876d6842af571505
Author: Jiri Olsa <jolsa@kernel.org>
Date:   Sat Feb 17 09:13:20 2024 -0300

    bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    
    commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
    
    Currently we always cleanup/decrement bpf_bprintf_nest_level variable
    in bpf_bprintf_cleanup if it's > 0.
    
    There's possible scenario where this could cause a problem, when
    bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
    and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
    variable, like:
    
      in task context:
        bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
        -> first irq :
           bpf_bprintf_prepare(num_args == 0)
           bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
        -> second irq:
           bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
           gets same buffer as task context above
    
    Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
    got bin_args data in the first place.
    
    Signed-off-by: Jiri Olsa <jolsa@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
    [cascardo: there is no bpf_trace_vprintk in 5.15]
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/bpf.h      |  2 +-
 kernel/bpf/helpers.c     | 16 +++++++++-------
 kernel/trace/bpf_trace.c |  4 ++--
 3 files changed, 12 insertions(+), 10 deletions(-)

accumulated error probability: 0.00
culprit signature: 42c40e939c687661c39cb37806d0a5272cc66fc97215af1639dcb97f84f6ff78
parent  signature: bf889ee47061f7491660b733b0c853bfa0e654c8e195330bb347fc45f79b6bb7
reproducer is flaky (0.42 repro chance estimate)
revisions tested: 17, total time: 4h40m3.064585229s (build: 35m20.382728834s, test: 3h41m58.302867534s)
first good commit: 4b349c55bbd33c8918dbac13876d6842af571505 bpf: Do cleanup in bpf_bprintf_cleanup only when needed
recipients (to): ["cascardo@igalia.com" "daniel@iogearbox.net" "gregkh@linuxfoundation.org" "jolsa@kernel.org" "yhs@fb.com"]
recipients (cc): []