=====================================
[ BUG: bad unlock balance detected! ]
4.4.113-g202e079 #1 Not tainted
-------------------------------------
syz-executor1/11433 is trying to release lock (mrt_lock) at:
[<ffffffff833c5524>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor1/11433:
 #0:  (&p->lock){+.+.+.}, at: [<ffffffff8158c14d>] seq_read+0xdd/0x1270 fs/seq_file.c:178

stack backtrace:
CPU: 0 PID: 11433 Comm: syz-executor1 Not tainted 4.4.113-g202e079 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 d9c2d1be75990197 ffff8801d9b6f930 ffffffff81d0278d
 ffffffff84771c18 ffff8801cd722f80 ffffffff833c5524 ffffffff84771c18
 ffff8801cd7237c8 ffff8801d9b6f960 ffffffff81232314 dffffc0000000000
Call Trace:
 [<ffffffff81d0278d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0278d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81232314>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266
 [<ffffffff8123d1aa>] __lock_release kernel/locking/lockdep.c:3408 [inline]
 [<ffffffff8123d1aa>] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611
 [<ffffffff8377145a>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff8377145a>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff833c5524>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff8158caf0>] seq_read+0xa80/0x1270 fs/seq_file.c:283
 [<ffffffff8166479f>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff8151c561>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680
 [<ffffffff8151e8bd>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810
 [<ffffffff8151ea38>] vfs_readv+0x78/0xb0 fs/read_write.c:834
 [<ffffffff815212a9>] SYSC_preadv fs/read_write.c:912 [inline]
 [<ffffffff815212a9>] SyS_preadv+0x199/0x230 fs/read_write.c:898
 [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
audit: type=1400 audit(1517205856.314:54): avc:  denied  { ioctl } for  pid=11469 comm="syz-executor5" path="socket:[20195]" dev="sockfs" ino=20195 ioctlcmd=5411 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
netlink: 4096 bytes leftover after parsing attributes in process `syz-executor5'.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/11681
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 11681 Comm: syz-executor5 Not tainted 4.4.113-g202e079 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 271aa82b2d89119e ffff8800b297f480 ffffffff81d0278d
 0000000000000001 ffffffff839fe3a0 ffffffff83d0b8a0 ffff8801ccd14740
 0000000000000003 ffff8800b297f4c0 ffffffff81d626d4 ffff8800b297f4d8
Call Trace:
 [<ffffffff81d0278d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0278d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d626d4>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff81d6273c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff832e0288>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832e0288>] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff832484e0>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
 [<ffffffff832bebf7>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058
 [<ffffffff832dda76>] xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline]
 [<ffffffff832dda76>] xfrm_add_sa+0x1916/0x2e40 net/xfrm/xfrm_user.c:636
 [<ffffffff832cdfdc>] xfrm_user_rcv_msg+0x41c/0x6b0 net/xfrm/xfrm_user.c:2525
 [<ffffffff82f889be>] netlink_rcv_skb+0x13e/0x370 net/netlink/af_netlink.c:2349
 [<ffffffff832ca50f>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
 [<ffffffff82f87542>] netlink_unicast_kernel net/netlink/af_netlink.c:1267 [inline]
 [<ffffffff82f87542>] netlink_unicast+0x522/0x760 net/netlink/af_netlink.c:1293
 [<ffffffff82f88068>] netlink_sendmsg+0x8e8/0xc50 net/netlink/af_netlink.c:1847
 [<ffffffff82dea0aa>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea0aa>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82debc81>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82dedcd3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82deddbd>] SYSC_sendmsg net/socket.c:2007 [inline]
 [<ffffffff82deddbd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
 [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor5/11681
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 11681 Comm: syz-executor5 Not tainted 4.4.113-g202e079 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 271aa82b2d89119e ffff8800b297f480 ffffffff81d0278d
 0000000000000001 ffffffff839fe3a0 ffffffff83d0b8a0 ffff8801ccd14740
 0000000000000003 ffff8800b297f4c0 ffffffff81d626d4 ffff8800b297f4d8
Call Trace:
 [<ffffffff81d0278d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0278d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d626d4>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff81d6273c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff832e0288>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832e0288>] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff832484e0>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
 [<ffffffff832bebf7>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058
 [<ffffffff832dda76>] xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline]
 [<ffffffff832dda76>] xfrm_add_sa+0x1916/0x2e40 net/xfrm/xfrm_user.c:636
 [<ffffffff832cdfdc>] xfrm_user_rcv_msg+0x41c/0x6b0 net/xfrm/xfrm_user.c:2525
 [<ffffffff82f889be>] netlink_rcv_skb+0x13e/0x370 net/netlink/af_netlink.c:2349
 [<ffffffff832ca50f>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
 [<ffffffff82f87542>] netlink_unicast_kernel net/netlink/af_netlink.c:1267 [inline]
 [<ffffffff82f87542>] netlink_unicast+0x522/0x760 net/netlink/af_netlink.c:1293
 [<ffffffff82f88068>] netlink_sendmsg+0x8e8/0xc50 net/netlink/af_netlink.c:1847
 [<ffffffff82dea0aa>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea0aa>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82debc81>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82dedcd3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82deddbd>] SYSC_sendmsg net/socket.c:2007 [inline]
 [<ffffffff82deddbd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
 [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
audit: type=1400 audit(1517205857.904:55): avc:  denied  { create } for  pid=11735 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
audit: type=1400 audit(1517205858.134:56): avc:  denied  { setopt } for  pid=11788 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
TCP: request_sock_TCPv6: Possible SYN flooding on port 20030. Sending cookies.  Check SNMP counters.
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 11813 Comm: syz-executor0 Not tainted 4.4.113-g202e079 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 aa64c946b0edd8bb ffff8801d7dff990 ffffffff81d0278d
 ffff8800b56c2600 1ffff1003afbff3f ffff8801d7dffb18 0000000000000000
 0000000000000000 ffff8801d7dffb40 ffffffff81605d55 ffffffff812363c0
Call Trace:
 [<ffffffff81d0278d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0278d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81605d55>] handle_userfault+0x715/0xf50 fs/userfaultfd.c:316
 [<ffffffff814a1ca8>] do_anonymous_page mm/memory.c:2731 [inline]
 [<ffffffff814a1ca8>] handle_pte_fault mm/memory.c:3295 [inline]
 [<ffffffff814a1ca8>] __handle_mm_fault mm/memory.c:3426 [inline]
 [<ffffffff814a1ca8>] handle_mm_fault+0x2938/0x3190 mm/memory.c:3455
 [<ffffffff810dc6cb>] __do_page_fault+0x35b/0xa00 arch/x86/mm/fault.c:1245
 [<ffffffff810dcd97>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308
 [<ffffffff83772f88>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1033
 [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
binder: BINDER_SET_CONTEXT_MGR already set
binder: 11911:11915 ioctl 40046207 0 returned -16
binder: 12002:12003 Release 1 refcount change on invalid ref 4 ret -22
binder: 12002:12003 BC_CLEAR_DEATH_NOTIFICATION death notification not active
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor1/12008
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 1 PID: 12008 Comm: syz-executor1 Not tainted 4.4.113-g202e079 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 ece2c31012084b81 ffff8800b9547480 ffffffff81d0278d
 0000000000000001 ffffffff839fe3a0 ffffffff83d0b8a0 ffff8800baedc740
 0000000000000003 ffff8800b95474c0 ffffffff81d626d4 ffff8800b95474d8
Call Trace:
 [<ffffffff81d0278d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0278d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d626d4>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff81d6273c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff832e0288>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832e0288>] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff832484e0>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
 [<ffffffff832bebf7>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058
 [<ffffffff832dda76>] xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline]
 [<ffffffff832dda76>] xfrm_add_sa+0x1916/0x2e40 net/xfrm/xfrm_user.c:636
 [<ffffffff832cdfdc>] xfrm_user_rcv_msg+0x41c/0x6b0 net/xfrm/xfrm_user.c:2525
 [<ffffffff82f889be>] netlink_rcv_skb+0x13e/0x370 net/netlink/af_netlink.c:2349
 [<ffffffff832ca50f>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
 [<ffffffff82f87542>] netlink_unicast_kernel net/netlink/af_netlink.c:1267 [inline]
 [<ffffffff82f87542>] netlink_unicast+0x522/0x760 net/netlink/af_netlink.c:1293
 [<ffffffff82f88068>] netlink_sendmsg+0x8e8/0xc50 net/netlink/af_netlink.c:1847
 [<ffffffff82dea0aa>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea0aa>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82debc81>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82dedcd3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82deddbd>] SYSC_sendmsg net/socket.c:2007 [inline]
 [<ffffffff82deddbd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
 [<ffffffff83771b5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
binder: BINDER_SET_CONTEXT_MGR already set
binder: 12002:12012 ioctl 40046207 0 returned -16
binder: 12002:12012 Release 1 refcount change on invalid ref 4 ret -22
binder: 12002:12003 BC_CLEAR_DEATH_NOTIFICATION death notification not active
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable