./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2436544118

<...>
DUID 00:04:c5:01:1a:74:3f:17:5e:51:9c:1b:75:a6:88:34:3b:88
forked to background, child pid 4670
[   48.751212][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.778755][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts.
execve("./syz-executor2436544118", ["./syz-executor2436544118"], 0x7ffd0c5a36b0 /* 10 vars */) = 0
brk(NULL)                               = 0x555557511000
brk(0x555557511c40)                     = 0x555557511c40
arch_prctl(ARCH_SET_FS, 0x555557511300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2436544118", 4096) = 28
brk(0x555557532c40)                     = 0x555557532c40
brk(0x555557533000)                     = 0x555557533000
mprotect(0x7fbcdfb1c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_LPM_TRIE, key_size=5, value_size=8, max_entries=5, map_flags=BPF_F_NO_PREALLOC|BPF_F_RDONLY_PROG, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3
bpf(BPF_OBJ_GET_INFO_BY_FD, {info={bpf_fd=3, info_len=88, info=0x20000000}}, 16) = 0
bpf(BPF_MAP_GET_FD_BY_ID, {map_id=3, next_id=0, open_flags=0}, 12) = 4
bpf(BPF_MAP_FREEZE, {map_fd=4}, 4)      = 0
syzkaller login: [   77.629117][ T5005] 
[   77.631495][ T5005] =====================================
[   77.637045][ T5005] WARNING: bad unlock balance detected!
[   77.642593][ T5005] 6.4.0-rc1-syzkaller-00360-g321a64b32815 #0 Not tainted
[   77.649786][ T5005] -------------------------------------
[   77.655332][ T5005] syz-executor243/5005 is trying to release lock (&map->freeze_mutex) at:
[   77.663926][ T5005] [<ffffffff8193e2c4>] __sys_bpf+0x3234/0x5520
[   77.670120][ T5005] but there are no more locks to release!
[   77.675829][ T5005] 
[   77.675829][ T5005] other info that might help us debug this:
[   77.683884][ T5005] no locks held by syz-executor243/5005.
[   77.689512][ T5005] 
[   77.689512][ T5005] stack backtrace:
[   77.695391][ T5005] CPU: 1 PID: 5005 Comm: syz-executor243 Not tainted 6.4.0-rc1-syzkaller-00360-g321a64b32815 #0
[   77.705812][ T5005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
[   77.715895][ T5005] Call Trace:
[   77.719183][ T5005]  <TASK>
[   77.722122][ T5005]  dump_stack_lvl+0xd9/0x150
[   77.726764][ T5005]  lock_release+0x4f1/0x670
[   77.731293][ T5005]  ? __sys_bpf+0x3234/0x5520
[   77.735900][ T5005]  ? lock_downgrade+0x690/0x690
[   77.740791][ T5005]  ? find_held_lock+0x2d/0x110
[   77.745584][ T5005]  __mutex_unlock_slowpath+0x99/0x5e0
[   77.750978][ T5005]  ? lock_downgrade+0x690/0x690
[   77.755859][ T5005]  ? wait_for_completion_io_timeout+0x20/0x20
[   77.761957][ T5005]  __sys_bpf+0x3234/0x5520
[   77.766387][ T5005]  ? lock_sync+0x190/0x190
[   77.770834][ T5005]  ? bpf_perf_link_attach+0x520/0x520
[   77.776230][ T5005]  ? do_raw_spin_lock+0x124/0x2b0
[   77.781300][ T5005]  ? spin_bug+0x1c0/0x1c0
[   77.785661][ T5005]  ? _raw_spin_lock_irq+0x45/0x50
[   77.790715][ T5005]  ? recalc_sigpending_tsk+0x18b/0x1d0
[   77.796191][ T5005]  ? find_held_lock+0x2d/0x110
[   77.800986][ T5005]  ? _raw_spin_unlock_irq+0x23/0x50
[   77.806216][ T5005]  ? lockdep_hardirqs_on+0x7d/0x100
[   77.811442][ T5005]  __x64_sys_bpf+0x79/0xc0
[   77.815874][ T5005]  do_syscall_64+0x39/0xb0
[   77.820325][ T5005]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.826358][ T5005] RIP: 0033:0x7fbcdfaafc59
[   77.830783][ T5005] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   77.850406][ T5005] RSP: 002b:00007ffee6b4a9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   77.858846][ T5005] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbcdfaafc59
[   77.866827][ T5005] RDX: 0000000000000004 RSI: 0000000020000440 RDI: 0000000000000016
bpf(BPF_MAP_FREEZE, {map_fd=4}, 4)      = -1 EPERM (Operation not permitted)
exit_group(0)                           = ?
+++ exited with 0 +++
[   77.874830][ T5005] RBP: 00007fbcdfa73e00 R08: 00000000000