===================================== [ BUG: bad unlock balance detected! ] 4.4.113-g962d1f3 #2 Not tainted ------------------------------------- syz-executor5/7433 is trying to release lock (mrt_lock) at: [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor5/7433: #0: (sb_writers#7){.+.+.+}, at: [] file_start_write include/linux/fs.h:2523 [inline] #0: (sb_writers#7){.+.+.+}, at: [] do_sendfile+0x8e4/0xd30 fs/read_write.c:1226 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1270 fs/seq_file.c:178 stack backtrace: CPU: 0 PID: 7433 Comm: syz-executor5 Not tainted 4.4.113-g962d1f3 #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 3e2ff381b8631190 ffff8801d2e570a8 ffffffff81d028ed ffffffff84771c18 ffff8801d32a5f00 ffffffff833c5684 ffffffff84771c18 ffff8801d32a6748 ffff8801d2e570d8 ffffffff81232484 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266 [] __lock_release kernel/locking/lockdep.c:3408 [inline] [] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] traverse+0x3a7/0x900 fs/seq_file.c:148 [] seq_read+0x7ea/0x1270 fs/seq_file.c:195 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680 [] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810 [] vfs_readv+0x78/0xb0 fs/read_write.c:834 [] kernel_readv fs/splice.c:586 [inline] [] default_file_splice_read+0x4fa/0x8e0 fs/splice.c:662 [] do_splice_to+0xf5/0x140 fs/splice.c:1154 [] splice_direct_to_actor+0x250/0x830 fs/splice.c:1226 [] do_splice_direct+0x1a7/0x270 fs/splice.c:1337 [] do_sendfile+0x54c/0xd30 fs/read_write.c:1227 [] SYSC_sendfile64 fs/read_write.c:1282 [inline] [] SyS_sendfile64+0xc3/0x150 fs/read_write.c:1274 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1401 audit(1517335546.797:23): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335546.827:24): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335546.877:25): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335546.987:26): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335547.077:27): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335547.127:28): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335547.177:29): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335547.267:30): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335547.367:31): op=setxattr invalid_context="net/softnet_stat" audit: type=1401 audit(1517335547.407:32): op=setxattr invalid_context="net/softnet_stat"