===================================== [ BUG: bad unlock balance detected! ] 4.4.114-g4e74e98 #5 Not tainted ------------------------------------- syz-executor3/12783 is trying to release lock (mrt_lock) at: [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor3/12783: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:780 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1270 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 12783 Comm: syz-executor3 Not tainted 4.4.114-g4e74e98 #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000[ 79.794092] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor0/12827 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 c506c44c67ee0c17 ffff8801d2f6f920 ffffffff81d03d2d ffffffff84771c98 ffff8800ac836000 ffffffff833c7904 ffffffff84771c98 ffff8800ac8368a8 ffff8801d2f6f950 ffffffff81233354 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266 [] __lock_release kernel/locking/lockdep.c:3408 [inline] [] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa80/0x1270 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680 [] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810 [] vfs_readv+0x78/0xb0 fs/read_write.c:834 [] SYSC_readv fs/read_write.c:860 [inline] [] SyS_readv+0xd9/0x240 fs/read_write.c:852 [] entry_SYSCALL_64_fastpath+0x1c/0x98 CPU: 0 PID: 12827 Comm: syz-executor0 Not tainted 4.4.114-g4e74e98 #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 a34c0f7122bf8eaa ffff8801c50ef800 ffffffff81d03d2d 0000000000000000 ffffffff839fe3a0 ffffffff83cef720 ffff8800a8464800 0000000000000003 ffff8801c50ef840 ffffffff81d63c74 ffffffff810002b8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] ? 0xffffffff810002b8 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278 [] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485 [] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531 [] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134 [] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] SYSC_sendto+0x2c8/0x340 net/socket.c:1665 [] SyS_sendto+0x40/0x50 net/socket.c:1633 [] entry_SYSCALL_64_fastpath+0x1c/0x98 binder_alloc: 12825: binder_alloc_buf, no vma binder: 12825:12840 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12853:12854 transaction 68 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 67, process died. binder: send failed reply for transaction 68, target dead binder: release 12863:12866 transaction 71 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 70, process died. binder: send failed reply for transaction 71, target dead binder: 12886:12904 got reply transaction with bad transaction stack, transaction 74 has target 12886:12887 binder: 12897:12907 got reply transaction with bad transaction stack, transaction 75 has target 12897:12899 binder: 12886:12904 transaction failed 29201/-71, size 0-0 line 2936 binder: 12897:12907 transaction failed 29201/-71, size 0-0 line 2936 binder: release 12886:12887 transaction 78 out, still active binder: release 12886:12887 transaction 74 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 12886:12904 transaction 74 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 78, target dead binder: send failed reply for transaction 74, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: release 12897:12899 transaction 79 out, still active binder: release 12897:12899 transaction 75 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 12897:12907 transaction 75 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 79, target dead binder: send failed reply for transaction 75, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: release 12938:12941 transaction 87 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 86, process died. binder: send failed reply for transaction 87, target dead binder: release 12932:12933 transaction 84 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 83, process died. binder: send failed reply for transaction 84, target dead binder: 12960:12969 got reply transaction with bad transaction stack, transaction 90 has target 12960:12965 binder: 12953:12967 got reply transaction with bad transaction stack, transaction 91 has target 12953:12964 binder: 12960:12969 transaction failed 29201/-71, size 0-0 line 2936 binder: 12953:12967 transaction failed 29201/-71, size 0-0 line 2936 binder: release 12960:12965 transaction 90 in, still active binder: send failed reply for transaction 90 to 12960:12969 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12960:12980 transaction 94 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 94, target dead binder: release 12953:12964 transaction 95 out, still active binder: release 12953:12964 transaction 91 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 12953:12967 transaction 91 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 95, target dead binder: send failed reply for transaction 91, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: 12990:13005 got reply transaction with bad transaction stack, transaction 98 has target 12990:12998 binder: 12987:13006 got reply transaction with bad transaction stack, transaction 99 has target 12987:13000 binder: 12987:13006 transaction failed 29201/-71, size 0-0 line 2936 binder: release 12987:13000 transaction 99 in, still active binder: send failed reply for transaction 99 to 12987:13006 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: 12990:13005 transaction failed 29201/-71, size 0-0 line 2936 binder: release 12990:12998 transaction 98 in, still active binder: send failed reply for transaction 98 to 12990:13005 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13021:13022 transaction 103 in, still active binder: send failed reply for transaction 103 to 13021:13026 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13034:13037 transaction 106 in, still active binder: send failed reply for transaction 106 to 13034:13052 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13032:13045 transaction 107 in, still active binder: send failed reply for transaction 107 to 13032:13056 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13078:13088 transaction 110 in, still active binder: send failed reply for transaction 110 to 13078:13101 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13076:13089 transaction 111 in, still active binder: send failed reply for transaction 111 to 13076:13103 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13125:13129 transaction 115 in, still active binder: send failed reply for transaction 115 to 13125:13148 binder: BINDER_SET_CONTEXT_MGR already set binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13122:13131 transaction 114 in, still active binder: 13162:13166 ioctl 40046207 0 returned -16 binder: send failed reply for transaction 114 to 13122:13147 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 13162:13166 transaction failed 29189/-22, size 0-0 line 3005 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13180:13182 transaction 120 in, still active binder: send failed reply for transaction 120 to 13180:13192 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13513:13514 transaction 130 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 129, process died. binder: send failed reply for transaction 130, target dead binder: release 13547:13548 transaction 134 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 133, process died. binder: send failed reply for transaction 134, target dead binder: release 13578:13588 transaction 138 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 137, process died. binder: send failed reply for transaction 138, target dead binder: release 13614:13616 transaction 142 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 141, process died. binder: send failed reply for transaction 142, target dead binder: 13634:13650 got new transaction with bad transaction stack, transaction 144 has target 13634:13635 binder: 13634:13650 transaction failed 29201/-71, size 0-0 line 3032 binder: release 13634:13635 transaction 144 in, still active binder: send failed reply for transaction 144 to 13634:13650 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13673:13675 transaction 148 out, still active binder: release 13673:13675 transaction 147 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 13673:13679 transaction 147 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 148, target dead binder: send failed reply for transaction 147, target dead binder: 13692:13705 got new transaction with bad transaction stack, transaction 150 has target 13692:13699 binder: 13692:13705 transaction failed 29201/-71, size 0-0 line 3032 binder: release 13692:13699 transaction 150 in, still active binder: send failed reply for transaction 150 to 13692:13705 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13724:13726 transaction 154 out, still active binder: release 13724:13726 transaction 153 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 13724:13733 transaction 153 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 154, target dead binder: 13739:13743 BC_FREE_BUFFER u0000000020000000 no match binder: send failed reply for transaction 153, target dead binder: release 13739:13743 transaction 156 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 156, target dead binder: 13766:13780 BC_FREE_BUFFER u0000000020000000 no match binder: release 13766:13776 transaction 158 in, still active binder: send failed reply for transaction 158 to 13766:13780 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 13789:13796 BC_FREE_BUFFER u0000000020000000 no match binder: release 13789:13790 transaction 160 in, still active binder: send failed reply for transaction 160 to 13789:13796 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder_alloc: 13805: binder_alloc_buf, no vma binder: 13805:13814 transaction failed 29189/-3, size 0-0 line 3128 binder: 13805:13816 BC_FREE_BUFFER u0000000000000000 no match binder_alloc: 13805: binder_alloc_buf, no vma binder: 13805:13816 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder_alloc: 13827: binder_alloc_buf, no vma binder: 13827:13842 transaction failed 29189/-3, size 0-0 line 3128 binder: 13827:13845 BC_FREE_BUFFER u0000000000000000 no match binder_alloc: 13827: binder_alloc_buf, no vma binder: 13827:13845 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder_alloc: 13855: binder_alloc_buf, no vma binder: 13855:13865 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: 13878:13888 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: 13878:13888 got new transaction with bad transaction stack, transaction 170 has target 13878:0 binder: 13878:13888 transaction failed 29201/-71, size 0-0 line 3032 binder: release 13878:13888 transaction 170 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 170, target dead binder: 13901:13909 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: 13901:13909 got new transaction with bad transaction stack, transaction 173 has target 13901:0 binder: 13901:13909 transaction failed 29201/-71, size 0-0 line 3032 binder: release 13901:13909 transaction 173 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 13922:13923 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: 13922:13923 got new transaction with bad transaction stack, transaction 176 has target 13922:0 binder: 13922:13923 transaction failed 29201/-71, size 0-0 line 3032 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 173, target dead binder: release 13922:13923 transaction 176 out, still active binder: undelivered TRANSACTION_COMPLETE binder: 13924:13929 transaction failed 29189/-22, size 0-0 line 3005 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 176, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder: 13936:13943 transaction failed 29189/-22, size 0-0 line 3005 binder: undelivered TRANSACTION_ERROR: 29189 binder: 13951:13966 transaction failed 29189/-22, size 0-0 line 3005 binder: undelivered TRANSACTION_ERROR: 29189 binder: 13975:13980 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: 13975:13980 got new transaction with bad transaction stack, transaction 182 has target 13975:0 binder: 13975:13980 transaction failed 29201/-71, size 0-0 line 3032 binder: release 13975:13980 transaction 182 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 182, target dead binder: 13991:13996 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: 13991:13996 got new transaction with bad transaction stack, transaction 185 has target 13991:0 binder: 13991:13996 transaction failed 29201/-71, size 0-0 line 3032 binder: release 13991:13996 transaction 185 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 185, target dead binder: 14005:14019 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder: 14005:14019 got new transaction with bad transaction stack, transaction 188 has target 14005:0 binder: 14005:14019 transaction failed 29201/-71, size 0-0 line 3032 binder: release 14005:14019 transaction 188 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 188, target dead