=====================================
[ BUG: bad unlock balance detected! ]
4.9.67-gf26d3c7 #106 Not tainted
-------------------------------------
syz-executor4/11126 is trying to release lock ([   72.401980] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
mrt_lock) at:
but there are no more locks to release!
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.

other info that might help us debug this:
2 locks held by syz-executor4/11126:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815cf8df>] __fdget_pos+0x9f/0xc0 fs/file.c:781
 #1:  (&p->lock){+.+.+.}, at: [<ffffffff815e4cdd>] seq_read+0xdd/0x1290 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 11126 Comm: syz-executor4 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a67ef8e8 ffffffff81d906e9 ffffffff849ae8f8 ffff8801a8601800
 ffffffff834dec54 ffffffff849ae8f8 ffff8801a8602088 ffff8801a67ef918
 ffffffff812353f4 dffffc0000000000 ffffffff849ae8f8 00000000ffffffff
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff812353f4>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398
 [<ffffffff8123dec8>] __lock_release kernel/locking/lockdep.c:3540 [inline]
 [<ffffffff8123dec8>] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775
 [<ffffffff838a951a>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff838a951a>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff834dec54>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff815e5683>] seq_read+0xa83/0x1290 fs/seq_file.c:283
 [<ffffffff816be32f>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff81568cb1>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156cb20>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156cb20>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156cdd4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156cef6>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815703e7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815703e7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'.
9pnet_virtio: no channels available for device ./file0
netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'.
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
binder: 11334:11336 ioctl c0306201 20006fd0 returned -14
9pnet_virtio: no channels available for device ./file0
device gre0 entered promiscuous mode
binder: 11418:11419 got transaction to invalid handle
binder: 11418:11419 transaction failed 29201/-22, size 0-56 line 3007
binder: 11418:11419 got reply transaction with no transaction stack
binder: 11418:11419 transaction failed 29201/-71, size 112-40 line 2923
binder: 11418:11419 got transaction to invalid handle
binder: 11418:11419 transaction failed 29201/-22, size 0-56 line 3007
binder: 11418:11420 got reply transaction with no transaction stack
binder: 11418:11420 transaction failed 29201/-71, size 112-40 line 2923
binder: undelivered TRANSACTION_ERROR: 29201