ci2 starts bisection 2025-09-19 13:52:20.896164088 +0000 UTC m=+13809.298285231 bisecting fixing commit since 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 building syzkaller on 22ec1469fe8c0ba256de07e8f97fa7b375b522bd ensuring issue is reproducible on original commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 72ba47556f4b23653b3ab6bee4cc8b97ca531df0a7999fae0236b4a222bfdc60 all runs: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [bug_or_warning kasan locking atomic_sleep hang memleak ubsan], they are not needed testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 06bc891848ce4a0a5ee6af2d4e3c54a68c042a6e4ba7b46483cc31ee868aa5b0 all runs: OK false negative chance: 0.000 kconfig minimization: base=3913 full=7800 leaves diff=2162 split chunks (needed=false): <2162> split chunk #0 of len 2162 into 5 parts testing without sub-chunk 1/5 testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 2932a98fb2662ac9ab56b3374420926a05117e6b6c6d24e186a32f70142a01d6 all runs: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: cee128a564a743f7206e5d4b200bb762e22fbc8a4c0fba6e4c641e9976203d55 all runs: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: cd8796e94f61144986308cc84031667e55585487a880d1667568ae89f6f52c89 all runs: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: dbb57e51e7d16f88a9f06ba157bf7988e99539c57860c4f6d79204d0f7a36ddb run #0: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #1: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #2: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #3: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #4: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #5: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #6: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #7: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #8: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #9: OK representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 testing commit 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 7015ae6bf6448557fe8ed479efecf1ce10ec4f5f3079869da787155e043c1867 all runs: OK false negative chance: 0.000 minimized to 430 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC CRYPTO_842 CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_LZO CRYPTO_ZSTD DVB_CORE EXTCON FB GPIOLIB HID_ZEROPLUS I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD NOP_USB_XCEIV PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_CATC USB_CDC_PHONET USB_CDNS2_UDC USB_CDNS3 USB_CDNS3_GADGET USB_CDNS3_HOST USB_CDNS3_PCI_WRAP USB_CDNSP_GADGET USB_CDNSP_HOST USB_CDNSP_PCI USB_CDNS_HOST USB_CDNS_SUPPORT USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_GENERIC USB_CHIPIDEA_HOST USB_CHIPIDEA_MSM USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_MIDI2 USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CONN_GPIO USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_HAPS USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_FSL USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_MIDI2 USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LGM_PHY USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3420_UDC USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AQC111 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_RNDIS_WLAN USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PCI_RENESAS USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VDPA_USER VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CMDLINE VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_NOMODESET VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PRIV WEXT_PROC WIREGUARD WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_SILABS X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK X86_X2APIC XARRAY_MULTI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XILLYBUS_CLASS XILLYUSB XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZBUD ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_DEF_COMP_LZORLE ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_LZO ZSWAP_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZBUD] testing current HEAD 60a9e718726fa7019ae00916e4b1c52498da5b60 testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 86b57f66d369421745628f837fb153652a1a980c8e6a69d96564fa3e9c713b8b all runs: OK false negative chance: 0.000 # git bisect start 60a9e718726fa7019ae00916e4b1c52498da5b60 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 Bisecting: 526 revisions left to test after this (roughly 9 steps) [2e487c0fdeb9fe877db2da551aea6968cf2dbe57] apparmor: shift ouid when mediating hard links in userns determine whether the revision contains the guilty commit revision 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 crashed and is reachable testing commit 2e487c0fdeb9fe877db2da551aea6968cf2dbe57 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 81db1e1cfbb460b1fb1ee2f7040c67a54da82b7d032938723f29f93dac2cfd6e all runs: OK false negative chance: 0.000 # git bisect bad 2e487c0fdeb9fe877db2da551aea6968cf2dbe57 Bisecting: 263 revisions left to test after this (roughly 8 steps) [17a66aef7ddca6f9c76407fd74938d22d88d5ce1] io_uring: don't use int for ABI determine whether the revision contains the guilty commit revision 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 crashed and is reachable testing commit 17a66aef7ddca6f9c76407fd74938d22d88d5ce1 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: f85ee63afdcef39577a4b9eea750e0eb56ec1d94137d09f773a07612b8e6e1b8 all runs: OK false negative chance: 0.000 # git bisect bad 17a66aef7ddca6f9c76407fd74938d22d88d5ce1 Bisecting: 131 revisions left to test after this (roughly 7 steps) [adf2da0bf11969434fdacba0cfd94d63c2febfc7] kernel: trace: preemptirq_delay_test: use offstack cpu mask determine whether the revision contains the guilty commit revision 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 crashed and is reachable testing commit adf2da0bf11969434fdacba0cfd94d63c2febfc7 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 8df29122afb560e3a9dd81560e459cc5c225227bdb8bd1dedd77e5bb96c52ecb all runs: OK false negative chance: 0.000 # git bisect bad adf2da0bf11969434fdacba0cfd94d63c2febfc7 Bisecting: 65 revisions left to test after this (roughly 6 steps) [6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da] kselftest/arm64: Fix check for setting new VLs in sve-ptrace determine whether the revision contains the guilty commit revision 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 crashed and is reachable testing commit 6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 93e8202fd93673475a450a2f19e3db0ce77a39f1c9fd49071fca5213647cf8b5 run #0: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #1: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #2: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #3: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #4: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #5: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #6: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #7: OK run #8: OK run #9: OK representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] # git bisect good 6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da Bisecting: 32 revisions left to test after this (roughly 5 steps) [58004aa21e79addaf41667bfe65e93ec51653f18] netfilter: xt_nfacct: don't assume acct name is null-terminated determine whether the revision contains the guilty commit revision 6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da crashed and is reachable testing commit 58004aa21e79addaf41667bfe65e93ec51653f18 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 60197a8dd66394e8f635e2eeea410cced18375c8cd76e07254d004def5ff3a29 all runs: OK false negative chance: 0.000 # git bisect bad 58004aa21e79addaf41667bfe65e93ec51653f18 Bisecting: 16 revisions left to test after this (roughly 4 steps) [df51cc1e965a2fef5d6b9fcf2e3091455e90d528] iommu/amd: Fix geometry.aperture_end for V2 tables determine whether the revision contains the guilty commit revision 6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da crashed and is reachable testing commit df51cc1e965a2fef5d6b9fcf2e3091455e90d528 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: d4f527a5d33042d52325397f46933b669891a2fbf59d0dac2b7781395c7b2bc4 all runs: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] # git bisect good df51cc1e965a2fef5d6b9fcf2e3091455e90d528 Bisecting: 8 revisions left to test after this (roughly 3 steps) [50e98be435dfc35164d03265a3b64d0aa00bf67b] wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE determine whether the revision contains the guilty commit revision 6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da crashed and is reachable testing commit 50e98be435dfc35164d03265a3b64d0aa00bf67b gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 3516fced699271b18feab8d7c7d16152ce48790900222c3c2f880156d7a6bf1c run #0: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #1: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #2: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #3: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #4: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #5: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #6: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #7: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #8: OK run #9: OK representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] # git bisect good 50e98be435dfc35164d03265a3b64d0aa00bf67b Bisecting: 4 revisions left to test after this (roughly 2 steps) [ee2502485702e4398cd74dbfb288bfa111d25e62] bpf: Disable migration in nf_hook_run_bpf(). determine whether the revision contains the guilty commit revision df51cc1e965a2fef5d6b9fcf2e3091455e90d528 crashed and is reachable testing commit ee2502485702e4398cd74dbfb288bfa111d25e62 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e616b0fc8a4243dd71632d4e8724ccd611715d8fad27d7213cfc4450be6562ae all runs: OK false negative chance: 0.000 # git bisect bad ee2502485702e4398cd74dbfb288bfa111d25e62 Bisecting: 1 revision left to test after this (roughly 1 step) [cdb509f59aaf0624bb6113cbb022968e2e1eda5a] kcsan: test: Initialize dummy variable determine whether the revision contains the guilty commit revision 3a8ababb8b6a0ced2be230b60b6e3ddbd8d67014 crashed and is reachable testing commit cdb509f59aaf0624bb6113cbb022968e2e1eda5a gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 3492e68b146542ce31cfe0934658592ce50b0f09762f0f18d9a3595a0c77b8b5 run #0: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #1: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #2: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #3: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #4: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #5: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #6: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #7: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #8: OK run #9: OK representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] # git bisect good cdb509f59aaf0624bb6113cbb022968e2e1eda5a Bisecting: 0 revisions left to test after this (roughly 0 steps) [9d5aecb57e938595321e651c7c0c45398d79f731] Bluetooth: hci_event: Mask data status from LE ext adv reports determine whether the revision contains the guilty commit revision 6d029d85aa2b7fa22cd2742a3f9a7f3c8bbdd5da crashed and is reachable testing commit 9d5aecb57e938595321e651c7c0c45398d79f731 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: ffd73d4869643b1c85d2e939a6ace9363d46e27d440040065d2961da8c09bbe2 run #0: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #1: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #2: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #3: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #4: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #5: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #6: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #7: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #8: crashed: BUG: assuming non migratable context at include/linux/filter.h:LINE run #9: OK representative crash: BUG: assuming non migratable context at include/linux/filter.h:LINE, types: [UNKNOWN] # git bisect good 9d5aecb57e938595321e651c7c0c45398d79f731 ee2502485702e4398cd74dbfb288bfa111d25e62 is the first bad commit commit ee2502485702e4398cd74dbfb288bfa111d25e62 Author: Kuniyuki Iwashima Date: Tue Jul 22 22:40:37 2025 +0000 bpf: Disable migration in nf_hook_run_bpf(). [ Upstream commit 17ce3e5949bc37557305ad46316f41c7875d6366 ] syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the splat below. [0] Let's use bpf_prog_run_pin_on_cpu() in nf_hook_run_bpf(). [0]: BUG: assuming non migratable context at ./include/linux/filter.h:703 in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 5829, name: sshd-session 3 locks held by sshd-session/5829: #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline] #0: ffff88807b4e4218 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x20/0x50 net/ipv4/tcp.c:1395 #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x69/0x26c0 net/ipv4/ip_output.c:470 #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #2: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xb2/0x680 include/linux/netfilter.h:241 CPU: 0 UID: 0 PID: 5829 Comm: sshd-session Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 __cant_migrate kernel/sched/core.c:8860 [inline] __cant_migrate+0x1c7/0x250 kernel/sched/core.c:8834 __bpf_prog_run include/linux/filter.h:703 [inline] bpf_prog_run include/linux/filter.h:725 [inline] nf_hook_run_bpf+0x83/0x1e0 net/netfilter/nf_bpf_link.c:20 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline] nf_hook_slow+0xbb/0x200 net/netfilter/core.c:623 nf_hook+0x370/0x680 include/linux/netfilter.h:272 NF_HOOK_COND include/linux/netfilter.h:305 [inline] ip_output+0x1bc/0x2a0 net/ipv4/ip_output.c:433 dst_output include/net/dst.h:459 [inline] ip_local_out net/ipv4/ip_output.c:129 [inline] __ip_queue_xmit+0x1d7d/0x26c0 net/ipv4/ip_output.c:527 __tcp_transmit_skb+0x2686/0x3e90 net/ipv4/tcp_output.c:1479 tcp_transmit_skb net/ipv4/tcp_output.c:1497 [inline] tcp_write_xmit+0x1274/0x84e0 net/ipv4/tcp_output.c:2838 __tcp_push_pending_frames+0xaf/0x390 net/ipv4/tcp_output.c:3021 tcp_push+0x225/0x700 net/ipv4/tcp.c:759 tcp_sendmsg_locked+0x1870/0x42b0 net/ipv4/tcp.c:1359 tcp_sendmsg+0x2e/0x50 net/ipv4/tcp.c:1396 inet_sendmsg+0xb9/0x140 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] sock_write_iter+0x4aa/0x5b0 net/socket.c:1131 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x6c7/0x1150 fs/read_write.c:686 ksys_write+0x1f8/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe7d365d407 Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff RSP: Fixes: fd9c663b9ad67 ("bpf: minimal support for programs hooked into netfilter framework") Reported-by: syzbot+40f772d37250b6d10efc@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6879466d.a00a0220.3af5df.0022.GAE@google.com/ Signed-off-by: Kuniyuki Iwashima Signed-off-by: Martin KaFai Lau Tested-by: syzbot+40f772d37250b6d10efc@syzkaller.appspotmail.com Acked-by: Florian Westphal Link: https://patch.msgid.link/20250722224041.112292-1-kuniyu@google.com Signed-off-by: Sasha Levin net/netfilter/nf_bpf_link.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: e616b0fc8a4243dd71632d4e8724ccd611715d8fad27d7213cfc4450be6562ae parent signature: ffd73d4869643b1c85d2e939a6ace9363d46e27d440040065d2961da8c09bbe2 revisions tested: 18, total time: 5h35m2.616701475s (build: 1h58m53.5416923s, test: 3h24m51.274524568s) first good commit: ee2502485702e4398cd74dbfb288bfa111d25e62 bpf: Disable migration in nf_hook_run_bpf(). recipients (to): ["fw@strlen.de" "kuniyu@google.com" "martin.lau@kernel.org" "sashal@kernel.org" "syzbot+40f772d37250b6d10efc@syzkaller.appspotmail.com"] recipients (cc): []