DUID 00:04:c5:78:79:07:21:f0:b3:e0:09:b6:1a:d6:4d:97:86:4f forked to background, child pid 3180 [ 30.859274][ T3181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.877769][ T3181] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.619140][ T3597] [ 51.621483][ T3597] ===================================== [ 51.627011][ T3597] WARNING: bad unlock balance detected! [ 51.632530][ T3597] 5.16.0-rc6-syzkaller #0 Not tainted [ 51.637877][ T3597] ------------------------------------- [ 51.643395][ T3597] syz-executor011/3597 is trying to release lock (&call->user_mutex) at: [ 51.651794][ T3597] [] rxrpc_do_sendmsg+0xc13/0x1350 [ 51.658475][ T3597] but there are no more locks to release! [ 51.664166][ T3597] [ 51.664166][ T3597] other info that might help us debug this: [ 51.672197][ T3597] no locks held by syz-executor011/3597. [ 51.677805][ T3597] [ 51.677805][ T3597] stack backtrace: [ 51.683724][ T3597] CPU: 1 PID: 3597 Comm: syz-executor011 Not tainted 5.16.0-rc6-syzkaller #0 [ 51.692466][ T3597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.702500][ T3597] Call Trace: [ 51.705760][ T3597] [ 51.708670][ T3597] dump_stack_lvl+0xcd/0x134 [ 51.713246][ T3597] lock_release.cold+0x49/0x4e [ 51.717992][ T3597] ? rxrpc_do_sendmsg+0xc13/0x1350 [ 51.723099][ T3597] ? lock_downgrade+0x6e0/0x6e0 [ 51.727958][ T3597] ? trace_rxrpc_timer+0x290/0x290 [ 51.733050][ T3597] __mutex_unlock_slowpath+0x99/0x5e0 [ 51.738405][ T3597] ? wait_for_completion_io+0x270/0x270 [ 51.743931][ T3597] ? wake_up_q+0xf0/0xf0 [ 51.748159][ T3597] ? rxrpc_do_sendmsg+0xef8/0x1350 [ 51.753260][ T3597] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.759486][ T3597] ? rxrpc_put_peer+0x8a/0x3c0 [ 51.764233][ T3597] rxrpc_do_sendmsg+0xc13/0x1350 [ 51.769153][ T3597] ? rxrpc_kernel_send_data+0x450/0x450 [ 51.774680][ T3597] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 51.780904][ T3597] ? rxrpc_lookup_local+0x9bd/0x1050 [ 51.786176][ T3597] rxrpc_sendmsg+0x420/0x630 [ 51.790750][ T3597] ? rxrpc_sock_set_min_security_level+0xe0/0xe0 [ 51.797059][ T3597] sock_sendmsg+0xcf/0x120 [ 51.801460][ T3597] ____sys_sendmsg+0x6e8/0x810 [ 51.806218][ T3597] ? kernel_sendmsg+0x50/0x50 [ 51.810876][ T3597] ? do_recvmmsg+0x6d0/0x6d0 [ 51.815457][ T3597] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.821447][ T3597] ? lock_downgrade+0x6e0/0x6e0 [ 51.826303][ T3597] ___sys_sendmsg+0xf3/0x170 [ 51.830878][ T3597] ? sendmsg_copy_msghdr+0x160/0x160 [ 51.836143][ T3597] ? lock_downgrade+0x6e0/0x6e0 [ 51.841001][ T3597] ? __fget_light+0xea/0x280 [ 51.845577][ T3597] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.851800][ T3597] __sys_sendmsg+0xe5/0x1b0 [ 51.856284][ T3597] ? __sys_sendmsg_sock+0x30/0x30 [ 51.861292][ T3597] ? syscall_enter_from_user_mode+0x21/0x70 [ 51.867174][ T3597] do_syscall_64+0x35/0xb0 [ 51.871584][ T3597] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.877467][ T3597] RIP: 0033:0x7f65339e7df9 [ 51.881872][ T3597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.901464][ T3597] RSP: 002b:00007f653399a318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 51.909870][ T3597] RAX: ffffffffffffffda RBX: 00007f6533a703e8 RCX: 00007f65339e7df9 [ 51.917830][ T3597] RDX: 00