ci starts bisection 2023-05-26 05:18:00.398139666 +0000 UTC m=+7527.579645730
bisecting cause commit starting from c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e
building syzkaller on 0513b3e670c9ff1eb79183e59e0f7d46ea76d243
ensuring issue is reproducible on original commit c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e

testing commit c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c4c5970188e208ddc3e5195d088ec2a00de17021141e0e66260f10f47e293e23
all runs: crashed: WARNING: bad unlock balance in bpf
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9da871336ff74966a4379ddc9fbd15a56d3bc5be39babbfcdcd6260b79ef1914
all runs: OK
# git bisect start c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e 457391b0380335d5e9a5babdec90ac53928b23b4
Bisecting: 6309 revisions left to test after this (roughly 13 steps)
[6e98b09da931a00bf4e0477d0fa52748bf28fcce] Merge tag 'net-next-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

testing commit 6e98b09da931a00bf4e0477d0fa52748bf28fcce gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 07d839d53fb6eea9ee42249b85d16bbc50947623647491741538f8be833753e1
all runs: OK
# git bisect good 6e98b09da931a00bf4e0477d0fa52748bf28fcce
Bisecting: 3152 revisions left to test after this (roughly 12 steps)
[b28e6315a0b42b39351d1953c1c4b54f80855857] Merge tag 'dma-mapping-6.4-2023-04-28' of git://git.infradead.org/users/hch/dma-mapping

testing commit b28e6315a0b42b39351d1953c1c4b54f80855857 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0474cd6d7112a216b62640be4e5f1f6fbce8d04b5cf21847f59816f6c8f7fe2e
all runs: OK
# git bisect good b28e6315a0b42b39351d1953c1c4b54f80855857
Bisecting: 1502 revisions left to test after this (roughly 11 steps)
[348551ddaf311c76b01cdcbaf61b6fef06a49144] Merge tag 'pinctrl-v6.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

testing commit 348551ddaf311c76b01cdcbaf61b6fef06a49144 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c25f8c24028d511d7b37840b44534d465471a9603fb6717110baf1e701779743
all runs: OK
# git bisect good 348551ddaf311c76b01cdcbaf61b6fef06a49144
Bisecting: 745 revisions left to test after this (roughly 10 steps)
[1c1094e47ef10be267a982fb1c69dbb80aa4f257] Merge tag 'mailbox-v6.4' of git://git.linaro.org/landing-teams/working/fujitsu/integration

testing commit 1c1094e47ef10be267a982fb1c69dbb80aa4f257 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 57f3b42911ffe2ff99c33f2621782616b07b35229a89950a54bb14707dee56dc
all runs: OK
# git bisect good 1c1094e47ef10be267a982fb1c69dbb80aa4f257
Bisecting: 379 revisions left to test after this (roughly 9 steps)
[9a2d5178b9d51e1c5f9e08989ff97fc8d4893f31] Revert "perf build: Make BUILD_BPF_SKEL default, rename to NO_BPF_SKEL"

testing commit 9a2d5178b9d51e1c5f9e08989ff97fc8d4893f31 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 174253e0a41e497b7098b78b290cca93029c097b35985a7a094f40b2b2ab0c5b
all runs: OK
# git bisect good 9a2d5178b9d51e1c5f9e08989ff97fc8d4893f31
Bisecting: 198 revisions left to test after this (roughly 8 steps)
[befcc1fce564bdb20ee55be981a355b0a7d0eac5] sfc: fix use-after-free in efx_tc_flower_record_encap_match()

testing commit befcc1fce564bdb20ee55be981a355b0a7d0eac5 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e92f4146da465126f0d77866604a3eec2a5843ce954afd3bed986475428abcf5
all runs: OK
# git bisect good befcc1fce564bdb20ee55be981a355b0a7d0eac5
Bisecting: 117 revisions left to test after this (roughly 7 steps)
[e641577eb6e82cbb89dde7cfc44ef2541c42278c] Merge branch 'spdx-conversion-for-bonding-8390-and-i825xx-drivers'

testing commit e641577eb6e82cbb89dde7cfc44ef2541c42278c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9992d36d6e1ab5a7a800905cfe91d84a69de5d69f2399a214575370868950754
all runs: basic kernel testing failed: WARNING in register_net_sysctl
# git bisect skip e641577eb6e82cbb89dde7cfc44ef2541c42278c
Bisecting: 117 revisions left to test after this (roughly 7 steps)
[effcf62416240e5ec0eded0ea2644c48d2c7c9f1] selftests/bpf: Make bpf_dynptr_is_rdonly() prototyype consistent with kernel

testing commit effcf62416240e5ec0eded0ea2644c48d2c7c9f1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: dc92780ea70e0092ef0ae2eb2abe67c713bb996fa91e6a0a83e2acc4ceae3496
all runs: OK
# git bisect good effcf62416240e5ec0eded0ea2644c48d2c7c9f1
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[1a8bc2299f4028e9bac36020ffaaec27a0dfb9c1] selftests/bpf: Test bpf_sock_destroy

testing commit 1a8bc2299f4028e9bac36020ffaaec27a0dfb9c1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f347dfd132e4965edfd45c692a52bed6bb39e1aa32c44f31911e2dcdcc0ffba2
all runs: OK
# git bisect good 1a8bc2299f4028e9bac36020ffaaec27a0dfb9c1
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[cb8edce28073a906401c9e421eca7c99f3396da1] bpf: Support O_PATH FDs in BPF_OBJ_PIN and BPF_OBJ_GET commands

testing commit cb8edce28073a906401c9e421eca7c99f3396da1 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0871060d89b9bd11861165acba7d9df460ddd78822eace18b8d0ea400cf2fb43
all runs: OK
# git bisect good cb8edce28073a906401c9e421eca7c99f3396da1
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[9d0a23313b1aa107df857e8441ea2ed74811ea17] libbpf: Add capability for resizing datasec maps

testing commit 9d0a23313b1aa107df857e8441ea2ed74811ea17 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b6dd6ccc3526a24b204162aabca3f872cd78564ca2ccc31531a5e71f85e34b51
all runs: OK
# git bisect good 9d0a23313b1aa107df857e8441ea2ed74811ea17
Bisecting: 1 revision left to test after this (roughly 1 step)
[08b0895675736c49f7b172eac7d5c042fc71c3ec] libbpf: Selftests for resizing datasec maps

testing commit 08b0895675736c49f7b172eac7d5c042fc71c3ec gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bb0cc147eebda07983281d7f684c4261b875650a4d0ee98acf1ec597b79d9304
all runs: OK
# git bisect good 08b0895675736c49f7b172eac7d5c042fc71c3ec
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[fcf1fa29c8ea75bf104c35ce29b65ce2ba6a6a9d] Merge branch 'libbpf: capability for resizing datasec maps'

testing commit fcf1fa29c8ea75bf104c35ce29b65ce2ba6a6a9d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1fcc85a7d3b927c41dbfd008a8548b317175c418efeb13604ece2205bfdd9fa6
all runs: OK
# git bisect good fcf1fa29c8ea75bf104c35ce29b65ce2ba6a6a9d
c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e is the first bad commit
commit c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e
Author: Andrii Nakryiko <andrii@kernel.org>
Date:   Wed May 24 15:54:19 2023 -0700

    bpf: drop unnecessary bpf_capable() check in BPF_MAP_FREEZE command
    
    Seems like that extra bpf_capable() check in BPF_MAP_FREEZE handler was
    unintentionally left when we switched to a model that all BPF map
    operations should be allowed regardless of CAP_BPF (or any other
    capabilities), as long as process got BPF map FD somehow.
    
    This patch replaces bpf_capable() check in BPF_MAP_FREEZE handler with
    writeable access check, given conceptually freezing the map is modifying
    it: map becomes unmodifiable for subsequent updates.
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/r/20230524225421.1587859-2-andrii@kernel.org
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>

 kernel/bpf/syscall.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

culprit signature: c4c5970188e208ddc3e5195d088ec2a00de17021141e0e66260f10f47e293e23
parent  signature: 1fcc85a7d3b927c41dbfd008a8548b317175c418efeb13604ece2205bfdd9fa6
revisions tested: 15, total time: 4h18m19.735623268s (build: 2h12m52.765204217s, test: 2h3m17.66421127s)
first bad commit: c4c84f6fb2c4dc4c0f5fd927b3c3d3fd28b7030e bpf: drop unnecessary bpf_capable() check in BPF_MAP_FREEZE command
recipients (to): ["andrii@kernel.org" "ast@kernel.org"]
recipients (cc): []
crash: WARNING: bad unlock balance in bpf
=====================================
WARNING: bad unlock balance detected!
6.4.0-rc1-syzkaller #0 Not tainted
-------------------------------------
syz-executor.0/5447 is trying to release lock (&map->freeze_mutex) at:
[<ffffffff8184da09>] map_freeze kernel/bpf/syscall.c:1951 [inline]
[<ffffffff8184da09>] __sys_bpf+0x2389/0x3fd0 kernel/bpf/syscall.c:5078
but there are no more locks to release!

other info that might help us debug this:
no locks held by syz-executor.0/5447.

stack backtrace:
CPU: 0 PID: 5447 Comm: syz-executor.0 Not tainted 6.4.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x64/0xb0 lib/dump_stack.c:106
 __lock_release kernel/locking/lockdep.c:5368 [inline]
 lock_release+0x4f1/0x670 kernel/locking/lockdep.c:5711
 __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:907
 map_freeze kernel/bpf/syscall.c:1951 [inline]
 __sys_bpf+0x2389/0x3fd0 kernel/bpf/syscall.c:5078
 __do_sys_bpf kernel/bpf/syscall.c:5185 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5183 [inline]
 __x64_sys_bpf+0x74/0xb0 kernel/bpf/syscall.c:5183
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3f1268c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3f119fe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f3f127abf80 RCX: 00007f3f1268c169
RDX: 0000000000000004 RSI: 0000000020000180 RDI: 0000000000000016
RBP: 00007f3f126e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff5489f8cf R14: 00007f3f119fe300 R15: 0000000000022000
 </TASK>