=====================================
[ BUG: bad unlock balance detected! ]
4.4.111-g1849cd3 #19 Not tainted
-------------------------------------
syz-executor4/22096 is trying to release lock (mrt_lock) at:
[<ffffffff833c9304>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz-executor4/22096:
 #0:  (sb_writers#7){.+.+.+}, at: [<ffffffff81520644>] file_start_write include/linux/fs.h:2521 [inline]
 #0:  (sb_writers#7){.+.+.+}, at: [<ffffffff81520644>] do_sendfile+0x8e4/0xd30 fs/read_write.c:1226
 #1:  (&p->lock){+.+.+.}, at: [<ffffffff8158ce7d>] seq_read+0xdd/0x1270 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 22096 Comm: syz-executor4 Not tainted 4.4.111-g1849cd3 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 42e11976bea96633 ffff8800ab257110 ffffffff81d0509d
 ffffffff84770798 ffff8801cd322f80 ffffffff833c9304 ffffffff84770798
 ffff8801cd3237c8 ffff8800ab257140 ffffffff81232374 dffffc0000000000
Call Trace:
 [<ffffffff81d0509d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0509d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81232374>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266
 [<ffffffff8123d21a>] __lock_release kernel/locking/lockdep.c:3408 [inline]
 [<ffffffff8123d21a>] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611
 [<ffffffff8377519a>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff8377519a>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff833c9304>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff8158d820>] seq_read+0xa80/0x1270 fs/seq_file.c:283
 [<ffffffff81665cef>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff8151cc51>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680
 [<ffffffff8151efad>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810
 [<ffffffff8151f128>] vfs_readv+0x78/0xb0 fs/read_write.c:834
 [<ffffffff815b9b9a>] kernel_readv fs/splice.c:586 [inline]
 [<ffffffff815b9b9a>] default_file_splice_read+0x4fa/0x8e0 fs/splice.c:662
 [<ffffffff815b58c5>] do_splice_to+0xf5/0x140 fs/splice.c:1154
 [<ffffffff815b5b60>] splice_direct_to_actor+0x250/0x830 fs/splice.c:1226
 [<ffffffff815b62e7>] do_splice_direct+0x1a7/0x270 fs/splice.c:1337
 [<ffffffff815202ac>] do_sendfile+0x54c/0xd30 fs/read_write.c:1227
 [<ffffffff81522481>] C_SYSC_sendfile fs/read_write.c:1303 [inline]
 [<ffffffff81522481>] compat_SyS_sendfile+0xd1/0x160 fs/read_write.c:1292
 [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff8377722a>] sysenter_flags_fixed+0xd/0x17
audit: type=1400 audit(1515972426.815:49): avc:  denied  { listen } for  pid=22124 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
device syz0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
device syz0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz6 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz7 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode
device syz0 entered promiscuous mode