[ BUG: bad unlock balance detected! ] 4.4.114-g4e74e98 #5 Not tainted ------------------------------------- syz-executor3/8867 is trying to release lock (mrt_lock) at: [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor3/8867: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:780 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1270 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 8867 Comm: syz-executor3 Not tainted 4.4.114-g4e74e98 #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 aa548a95600aa1f8 ffff8800a836f920 ffffffff81d03d2d ffffffff84771c98 ffff8800b5bb9800 ffffffff833c7904 ffffffff84771c98 ffff8800b5bba0a8 ffff8800a836f950 ffffffff81233354 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266 [] __lock_release kernel/locking/lockdep.c:3408 [inline] [] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa80/0x1270 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680 [] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810 [] vfs_readv+0x78/0xb0 fs/read_write.c:834 [] SYSC_readv fs/read_write.c:860 [inline] [] SyS_readv+0xd9/0x240 fs/read_write.c:852 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1400 audit(1517641807.070:29): avc: denied { bind } for pid=9560 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517641807.290:30): avc: denied { create } for pid=9657 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket audit: type=1400 audit(1517641811.920:31): avc: denied { bind } for pid=11405 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1517641812.050:32): avc: denied { execute } for pid=11463 comm="syz-executor7" path="/proc/859/uid_map" dev="proc" ino=21157 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4134 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4134 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42001 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=42001 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=768 sclass=netlink_route_socket SELinux: unrecognized netlink message: protocol=0 nlmsg_type=768 sclass=netlink_route_socket