===================================== [ BUG: bad unlock balance detected! ] 4.9.68-gfb66dc2 #107 Not tainted ------------------------------------- syz-executor0/6987 is trying to release lock ([ 44.350074] audit: type=1400 audit(1513137848.090:42): avc: denied { setopt } for pid=7004 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device gre0 entered promiscuous mode tc_dump_action: action bad kind mrt_lock) at: but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor0/6987: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:781 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 6987 Comm: syz-executor0 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801abbbf8e8 ffffffff81d90889 ffffffff849ae9f8 ffff8801adc6e000 ffffffff834dfc54 ffffffff849ae9f8 ffff8801adc6e888 ffff8801abbbf918 ffffffff812353f4 dffffc0000000000 ffffffff849ae9f8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa83/0x1290 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 keychord: invalid keycode count 0 keychord: invalid keycode count 0 tc_dump_action: action bad kind device gre0 entered promiscuous mode device gre0 entered promiscuous mode tc_dump_action: action bad kind tc_dump_action: action bad kind device gre0 entered promiscuous mode tc_dump_action: action bad kind tc_dump_action: action bad kind device gre0 entered promiscuous mode tc_dump_action: action bad kind device gre0 entered promiscuous mode tc_dump_action: action bad kind tc_dump_action: action bad kind device gre0 entered promiscuous mode tc_dump_action: action bad kind device gre0 entered promiscuous mode tc_dump_action: action bad kind tc_dump_action: action bad kind device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=9230 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=9333 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=9349 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=9380 comm=syz-executor1 audit: type=1400 audit(1513137854.940:43): avc: denied { bind } for pid=9835 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1513137855.080:44): avc: denied { setattr } for pid=9895 comm="syz-executor1" name="NETLINK" dev="sockfs" ino=17106 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=10414 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=10428 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=10632 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=257 sclass=netlink_xfrm_socket pig=10632 comm=syz-executor1 audit: type=1400 audit(1513137856.640:45): avc: denied { create } for pid=10698 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 audit: type=1400 audit(1513137856.670:46): avc: denied { write } for pid=10698 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=10809 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=10809 comm=syz-executor1