./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2436544118 <...> DUID 00:04:c5:01:1a:74:3f:17:5e:51:9c:1b:75:a6:88:34:3b:88 forked to background, child pid 4670 [ 48.751212][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.778755][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. execve("./syz-executor2436544118", ["./syz-executor2436544118"], 0x7ffd0c5a36b0 /* 10 vars */) = 0 brk(NULL) = 0x555557511000 brk(0x555557511c40) = 0x555557511c40 arch_prctl(ARCH_SET_FS, 0x555557511300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2436544118", 4096) = 28 brk(0x555557532c40) = 0x555557532c40 brk(0x555557533000) = 0x555557533000 mprotect(0x7fbcdfb1c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=8, max_entries=5, map_flags=BPF_F_NO_PREALLOC|BPF_F_RDONLY_PROG, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 bpf(BPF_OBJ_GET_INFO_BY_FD, {info={bpf_fd=3, info_len=88, info=0x20000000}}, 16) = 0 bpf(BPF_MAP_GET_FD_BY_ID, {map_id=3, next_id=0, open_flags=0}, 12) = 4 bpf(BPF_MAP_FREEZE, {map_fd=4}, 4) = 0 syzkaller login: [ 77.629117][ T5005] [ 77.631495][ T5005] ===================================== [ 77.637045][ T5005] WARNING: bad unlock balance detected! [ 77.642593][ T5005] 6.4.0-rc1-syzkaller-00360-g321a64b32815 #0 Not tainted [ 77.649786][ T5005] ------------------------------------- [ 77.655332][ T5005] syz-executor243/5005 is trying to release lock (&map->freeze_mutex) at: [ 77.663926][ T5005] [] __sys_bpf+0x3234/0x5520 [ 77.670120][ T5005] but there are no more locks to release! [ 77.675829][ T5005] [ 77.675829][ T5005] other info that might help us debug this: [ 77.683884][ T5005] no locks held by syz-executor243/5005. [ 77.689512][ T5005] [ 77.689512][ T5005] stack backtrace: [ 77.695391][ T5005] CPU: 1 PID: 5005 Comm: syz-executor243 Not tainted 6.4.0-rc1-syzkaller-00360-g321a64b32815 #0 [ 77.705812][ T5005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023 [ 77.715895][ T5005] Call Trace: [ 77.719183][ T5005] [ 77.722122][ T5005] dump_stack_lvl+0xd9/0x150 [ 77.726764][ T5005] lock_release+0x4f1/0x670 [ 77.731293][ T5005] ? __sys_bpf+0x3234/0x5520 [ 77.735900][ T5005] ? lock_downgrade+0x690/0x690 [ 77.740791][ T5005] ? find_held_lock+0x2d/0x110 [ 77.745584][ T5005] __mutex_unlock_slowpath+0x99/0x5e0 [ 77.750978][ T5005] ? lock_downgrade+0x690/0x690 [ 77.755859][ T5005] ? wait_for_completion_io_timeout+0x20/0x20 [ 77.761957][ T5005] __sys_bpf+0x3234/0x5520 [ 77.766387][ T5005] ? lock_sync+0x190/0x190 [ 77.770834][ T5005] ? bpf_perf_link_attach+0x520/0x520 [ 77.776230][ T5005] ? do_raw_spin_lock+0x124/0x2b0 [ 77.781300][ T5005] ? spin_bug+0x1c0/0x1c0 [ 77.785661][ T5005] ? _raw_spin_lock_irq+0x45/0x50 [ 77.790715][ T5005] ? recalc_sigpending_tsk+0x18b/0x1d0 [ 77.796191][ T5005] ? find_held_lock+0x2d/0x110 [ 77.800986][ T5005] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.806216][ T5005] ? lockdep_hardirqs_on+0x7d/0x100 [ 77.811442][ T5005] __x64_sys_bpf+0x79/0xc0 [ 77.815874][ T5005] do_syscall_64+0x39/0xb0 [ 77.820325][ T5005] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.826358][ T5005] RIP: 0033:0x7fbcdfaafc59 [ 77.830783][ T5005] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.850406][ T5005] RSP: 002b:00007ffee6b4a9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 77.858846][ T5005] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbcdfaafc59 [ 77.866827][ T5005] RDX: 0000000000000004 RSI: 0000000020000440 RDI: 0000000000000016 bpf(BPF_MAP_FREEZE, {map_fd=4}, 4) = -1 EPERM (Operation not permitted) exit_group(0) = ? +++ exited with 0 +++ [ 77.874830][ T5005] RBP: 00007fbcdfa73e00 R08: 00000000000