===================================== [ BUG: bad unlock balance detected! ] 4.9.80-g20c8a00 #30 Not tainted ------------------------------------- syz-executor2/9470 is trying to release lock (mrt_lock) at: [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor2/9470: #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 9470 Comm: syz-executor2 Not tainted 4.9.80-g20c8a00 #30 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d4ea7918 ffffffff81d94b69 ffffffff849b6cf8 ffff8801d51f9800 ffffffff834e8f44 ffffffff849b6cf8 ffff8801d51fa088 ffff8801d4ea7948 ffffffff81237e04 dffffc0000000000 ffffffff849b6cf8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] traverse+0x3a7/0x900 fs/seq_file.c:148 [] seq_read+0x7ea/0x1290 fs/seq_file.c:195 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] __vfs_read+0x103/0x670 fs/read_write.c:452 [] vfs_read+0x11e/0x380 fs/read_write.c:475 [] SYSC_pread64 fs/read_write.c:629 [inline] [] SyS_pread64+0x13f/0x170 fs/read_write.c:616 [] entry_SYSCALL_64_fastpath+0x29/0xe8 binder: 9504:9506 ioctl 541b 20000ffc returned -22 binder: 9504:9506 ERROR: BC_REGISTER_LOOPER called without request binder: 9504:9506 ioctl 541b 20000ffc returned -22 binder_alloc: binder_alloc_mmap_handler: 9504 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 9504:9506 ioctl 40046207 0 returned -16 binder: 9504:9542 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 9504: binder_alloc_buf, no vma binder: 9504:9542 transaction failed 29189/-3, size 0-0 line 3127 binder: undelivered TRANSACTION_ERROR: 29189 binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE device gre0 entered promiscuous mode binder: 9574:9583 ioctl c0306201 20007fd0 returned -11 binder: 9574:9583 transaction failed 29189/-22, size 0-0 line 3004 binder: undelivered transaction 55, process died. binder: undelivered TRANSACTION_ERROR: 29189 IPVS: Creating netns size=2536 id=11 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPv4: Oversized IP packet from 127.0.0.1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 9946 Comm: syz-executor6 Not tainted 4.9.80-g20c8a00 #30 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b25df970 ffffffff81d94b69 ffff8801b25dfc50 0000000000000000 ffff8801cbce3490 ffff8801b25dfb40 ffff8801cbce3380 ffff8801b25dfb68 ffffffff816624ba ffff8801b25df9d8 ffff8801b25dfac0 00000001c4e5d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa3a/0x1310 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1407 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1470 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1055 [] entry_SYSCALL_64_fastpath+0x29/0xe8 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 audit: type=1400 audit(1518054883.197:36): avc: denied { listen } for pid=10640 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 net_ratelimit: 33 callbacks suppressed IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 device eql entered promiscuous mode