[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.141111] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 20.457107] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.383123] random: sshd: uninitialized urandom read (32 bytes read, 119 bits of entropy available) [ 28.136447] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) [ 28.244411] random: nonblocking pool is initialized Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts. executing program executing program executing program [ 33.631617] [ 33.633270] ===================================== [ 33.638083] [ BUG: bad unlock balance detected! ] [ 33.642889] 4.4.107-g610c835 #12 Not tainted [ 33.647266] ------------------------------------- [ 33.652076] syzkaller465762/3317 is trying to release lock (mrt_lock) at: [ 33.659211] [] ipmr_mfc_seq_stop+0xe4/0x140 [ 33.665059] but there are no more locks to release! [ 33.670034] [ 33.670034] other info that might help us debug this: [ 33.676663] 1 lock held by syzkaller465762/3317: [ 33.681382] #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1270 [ 33.689712] [ 33.689712] stack backtrace: [ 33.694177] CPU: 0 PID: 3317 Comm: syzkaller465762 Not tainted 4.4.107-g610c835 #12 [ 33.701932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.711264] 0000000000000000 3c7cff7e93704c59 ffff8801d1397910 ffffffff81d0457d [ 33.719207] ffffffff8476ab98 ffff8800b5635f00 ffffffff833c77d4 ffffffff8476ab98 [ 33.727161] ffff8800b5636748 ffff8801d1397940 ffffffff812301a4 dffffc0000000000 [ 33.735108] Call Trace: [ 33.737663] [] dump_stack+0xc1/0x124 [ 33.742989] [] ? ipmr_mfc_seq_stop+0xe4/0x140 [ 33.749100] [] print_unlock_imbalance_bug+0x174/0x1a0 [ 33.755913] [] lock_release+0x72a/0xc10 [ 33.761513] [] ? memcpy+0x45/0x50 [ 33.766580] [] ? ipmr_mfc_seq_stop+0xe4/0x140 [ 33.772689] [] _raw_read_unlock+0x1a/0x50 [ 33.778452] [] ipmr_mfc_seq_stop+0xe4/0x140 [ 33.784391] [] traverse+0x3a7/0x900 [ 33.789631] [] ? seq_buf_alloc+0x80/0x80 [ 33.795309] [] seq_read+0x7ea/0x1270 [ 33.800638] [] ? seq_lseek+0x3c0/0x3c0 [ 33.806141] [] ? do_futex+0x3e3/0x1670 [ 33.811651] [] ? __vma_link_rb+0x20e/0x310 [ 33.817501] [] ? __vma_link_file+0x10c/0x160 [ 33.823532] [] ? seq_lseek+0x3c0/0x3c0 [ 33.829034] [] proc_reg_read+0xef/0x170 [ 33.834624] [] ? proc_reg_write+0x170/0x170 [ 33.840560] [] __vfs_read+0x103/0x440 [ 33.845976] [] ? vfs_iter_write+0x2d0/0x2d0 [ 33.851911] [] ? fsnotify+0x5ad/0xee0 [ 33.857324] [] ? fsnotify+0xee0/0xee0 [ 33.862746] [] ? avc_policy_seqno+0x9/0x20 [ 33.868594] [] ? selinux_file_permission+0x348/0x460 [ 33.875310] [] ? security_file_permission+0x89/0x1e0 [ 33.882026] [] ? rw_verify_area+0x100/0x2f0 [ 33.887975] [] vfs_read+0x123/0x3a0 [ 33.893224] [] SyS_pread64+0x13f/0x170 [ 33.898724] [] ? SyS_write+0x1b0/0x1b0 [ 33.904225] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 33.910679] [] entry_SYSCALL_64_fastpath+0x16/0x76