binder: 5459:5481 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29189 ===================================== [ BUG: bad unlock balance detected! ] 4.9.70-g9542d2a #109 Not tainted ------------------------------------- syz-executor4/5488 is trying to release lock (mrt_lock[ 124.226179] device lo entered promiscuous mode ) at: but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor4/5488: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:781 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 5488 Comm: syz-executor4 Not tainted 4.9.70-g9542d2a #109 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b96078e8 ffffffff81d90a29 ffffffff849ae9f8 ffff8801d577e000 ffffffff834df9b4 ffffffff849ae9f8 ffff8801d577e888 ffff8801b9607918 ffffffff81235404 dffffc0000000000 ffffffff849ae9f8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa83/0x1290 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo entered promiscuous mode device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo entered promiscuous mode netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'. IPVS: Creating netns size=2536 id=22