audit: type=1326 audit(1517521196.508:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12280 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0

=====================================
[ BUG: bad unlock balance detected! ]
4.4.114-ga81d322 #4 Not tainted
-------------------------------------
syz-executor1/12289 is trying to release lock (mrt_lock) at:
[<ffffffff833c7524>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor1/12289:
 #0:  (&p->lock){+.+.+.}, at: [<ffffffff8158d2fd>] seq_read+0xdd/0x1270 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 12289 Comm: syz-executor1 Not tainted 4.4.114-ga81d322 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 96dbf74f543a418a ffff8801c52979f8 ffffffff81d0394d
 ffffffff84771c98 ffff8800b0b89800 ffffffff833c7524 ffffffff84771c98
 ffff8800b0b8a0a8 ffff8801c5297a28 ffffffff81233354 dffffc0000000000
Call Trace:
 [<ffffffff81d0394d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0394d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81233354>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3266
 [<ffffffff8123e1ea>] __lock_release kernel/locking/lockdep.c:3408 [inline]
 [<ffffffff8123e1ea>] lock_release+0x72a/0xc10 kernel/locking/lockdep.c:3611
 [<ffffffff837737fa>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff837737fa>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff833c7524>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff8158dca0>] seq_read+0xa80/0x1270 fs/seq_file.c:283
 [<ffffffff8166594f>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff8151ce13>] __vfs_read+0x103/0x440 fs/read_write.c:432
 [<ffffffff8151ecb3>] vfs_read+0x123/0x3a0 fs/read_write.c:454
 [<ffffffff815219bf>] SYSC_pread64 fs/read_write.c:607 [inline]
 [<ffffffff815219bf>] SyS_pread64+0x13f/0x170 fs/read_write.c:594
 [<ffffffff83773edf>] entry_SYSCALL_64_fastpath+0x1c/0x98
audit: type=1326 audit(1517521196.548:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12280 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket