===================================== [ BUG: bad unlock balance detected! ] 4.4.113-g202e079 #1 Not tainted ------------------------------------- syz-executor5/16597 is trying to release lock (mrt_lock) at: [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor5/16597: #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1270 fs/seq_file.c:178 stack backtrace: CPU: 0 PID: 16597 Comm: syz-executor5 Not tainted 4.4.113-g202e079 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 f7e9126b7fa9923e ffff8800b9eff930 ffffffff81d0278d ffffffff84771c18 ffff8801d3e0af80 ffffffff833c5524 ffffffff84771c18 ffff8801d3e0b7c8 ffff8800b9eff960 ffffffff81232314 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266 [] __lock_release kernel/locking/lockdep.c:3408 [inline] [] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa80/0x1270 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680 [] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810 [] vfs_readv+0x78/0xb0 fs/read_write.c:834 [] SYSC_preadv fs/read_write.c:912 [inline] [] SyS_preadv+0x199/0x230 fs/read_write.c:898 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1400 audit(1517202115.510:44): avc: denied { getattr } for pid=16685 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 16689 Comm: syz-executor5 Not tainted 4.4.113-g202e079 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 756f53fa0e6828e1 ffff8800b7ff7a20 ffffffff81d0278d ffff8801d5a92600 1ffff10016ffef51 ffff8800b7ff7ba8 0000000000000000 0000000000000000 ffff8800b7ff7bd0 ffffffff81605d55 ffffffff812363c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316 [] do_anonymous_page mm/memory.c:2731 [inline] [] handle_pte_fault mm/memory.c:3295 [inline] [] __handle_mm_fault mm/memory.c:3426 [inline] [] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455 [] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033 [] entry_SYSCALL_64_fastpath+0x1c/0x98 IPVS: length: 64855 != 8 IPVS: length: 64855 != 8 netlink: 28 bytes leftover after parsing attributes in process `syz-executor7'. binder: 17127:17130 ERROR: BC_REGISTER_LOOPER called without request binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: invalid inc weak node for 120 binder: 17127:17130 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 17127:17145 ioctl 40046207 0 returned -16 binder: 17127:17145 IncRefs 0 refcount change on invalid ref 1 ret -22 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 119, process died. netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 17262 Comm: syz-executor6 Not tainted 4.4.113-g202e079 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 7b4b5a189883c1ce ffff8800b65279f0 ffffffff81d0278d ffff8801d5a92780 1ffff10016ca4f4b ffff8800b6527b78 0000000000000000 0000000000000000 ffff8800b6527ba0 ffffffff81605d55 ffffffff812363c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316 [] do_anonymous_page mm/memory.c:2731 [inline] [] handle_pte_fault mm/memory.c:3295 [inline] [] __handle_mm_fault mm/memory.c:3426 [inline] [] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455 [] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033 [] entry_SYSCALL_64_fastpath+0x1c/0x98 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 17262 Comm: syz-executor6 Not tainted 4.4.113-g202e079 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 7b4b5a189883c1ce ffff8800b65279f0 ffffffff81d0278d ffff8801c59bca80 1ffff10016ca4f4b ffff8800b6527b78 0000000000000000 0000000000000000 ffff8800b6527ba0 ffffffff81605d55 ffffffff812363c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316 [] do_anonymous_page mm/memory.c:2731 [inline] [] handle_pte_fault mm/memory.c:3295 [inline] [] __handle_mm_fault mm/memory.c:3426 [inline] [] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455 [] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1400 audit(1517202118.240:45): avc: denied { ioctl } for pid=17343 comm="syz-executor5" path="socket:[29722]" dev="sockfs" ino=29722 ioctlcmd=5429 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket audit: type=1400 audit(1517202120.900:46): avc: denied { create } for pid=18343 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket binder: 18377:18387 ioctl 400454d1 20837000 returned -22 binder: 18377:18387 ioctl 400454d1 20837000 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6400 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket audit: type=1400 audit(1517202123.910:47): avc: denied { connect } for pid=19258 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 19228:19253 ioctl 40086414 202eeff8 returned -22 binder: 19228:19253 ioctl 40086414 202eeff8 returned -22 binder: 19290:19328 unknown command 0 binder: 19290:19328 ioctl c0306201 20741000 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6400 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6400 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6400 sclass=netlink_route_socket