./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor518002912 <...> Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. execve("./syz-executor518002912", ["./syz-executor518002912"], 0x7ffd111914a0 /* 10 vars */) = 0 brk(NULL) = 0x5555557b8000 brk(0x5555557b8c40) = 0x5555557b8c40 arch_prctl(ARCH_SET_FS, 0x5555557b8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor518002912", 4096) = 27 brk(0x5555557d9c40) = 0x5555557d9c40 brk(0x5555557da000) = 0x5555557da000 mprotect(0x7f7eb2155000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4095, max_entries=65537, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = 0 [ 79.464746][ T5004] [ 79.467111][ T5004] ===================================== [ 79.472641][ T5004] WARNING: bad unlock balance detected! [ 79.478173][ T5004] 6.4.0-rc1-syzkaller-00358-gc4c84f6fb2c4 #0 Not tainted [ 79.485190][ T5004] ------------------------------------- [ 79.490726][ T5004] syz-executor518/5004 is trying to release lock (&map->freeze_mutex) at: [ 79.499231][ T5004] [] __sys_bpf+0x3234/0x5520 [ 79.505425][ T5004] but there are no more locks to release! [ 79.511132][ T5004] [ 79.511132][ T5004] other info that might help us debug this: [ 79.519184][ T5004] no locks held by syz-executor518/5004. [ 79.524810][ T5004] [ 79.524810][ T5004] stack backtrace: [ 79.530696][ T5004] CPU: 0 PID: 5004 Comm: syz-executor518 Not tainted 6.4.0-rc1-syzkaller-00358-gc4c84f6fb2c4 #0 [ 79.541137][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023 [ 79.551218][ T5004] Call Trace: [ 79.554494][ T5004] [ 79.557422][ T5004] dump_stack_lvl+0xd9/0x150 [ 79.562047][ T5004] lock_release+0x4f1/0x670 [ 79.566560][ T5004] ? __sys_bpf+0x3234/0x5520 [ 79.571155][ T5004] ? lock_downgrade+0x690/0x690 [ 79.576028][ T5004] ? find_held_lock+0x2d/0x110 [ 79.580803][ T5004] __mutex_unlock_slowpath+0x99/0x5e0 [ 79.586187][ T5004] ? lock_downgrade+0x690/0x690 [ 79.591053][ T5004] ? wait_for_completion_io_timeout+0x20/0x20 [ 79.597140][ T5004] __sys_bpf+0x3234/0x5520 [ 79.601559][ T5004] ? lock_sync+0x190/0x190 [ 79.605991][ T5004] ? bpf_perf_link_attach+0x520/0x520 [ 79.611364][ T5004] ? do_raw_spin_lock+0x124/0x2b0 [ 79.616401][ T5004] ? spin_bug+0x1c0/0x1c0 [ 79.620757][ T5004] ? _raw_spin_lock_irq+0x45/0x50 [ 79.626006][ T5004] ? recalc_sigpending_tsk+0x18b/0x1d0 [ 79.631487][ T5004] ? find_held_lock+0x2d/0x110 [ 79.636268][ T5004] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.641496][ T5004] ? lockdep_hardirqs_on+0x7d/0x100 [ 79.646715][ T5004] __x64_sys_bpf+0x79/0xc0 [ 79.651139][ T5004] do_syscall_64+0x39/0xb0 [ 79.655579][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.661502][ T5004] RIP: 0033:0x7f7eb20e8bb9 [ 79.665928][ T5004] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 79.685737][ T5004] RSP: 002b:00007fffe49d4848 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 79.694160][ T5004] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7eb20e8bb9 [ 79.702140][ T5004] RDX: 0000000000000004 RSI: 0000000020000180 RDI: 0000000000000016 bpf(BPF_MAP_FREEZE, {map_fd=3}, 4) = -1 EPERM (Operation not permitted) exit_group(0) = ? +++ exited with 0 +++ [ 79.710143][ T5004] RBP: 00007f7eb20acd60 R08: 0000000000000000