binder: 22374:22375 ERROR: BC_REGISTER_LOOPER called without request ===================================== [ BUG: bad unlock balance detected! ] 4.9.68-gfb66dc2 #107 Not tainted ------------------------------------- syz-executor5/22372 is trying to release lock ([ 126.804729] binder: 22374:22384 transaction failed 29189/-22, size 0-0 line 3007 binder: 22374:22384 BC_ACQUIRE_DONE node 334 has no pending acquire request binder: 22374:22384 got reply transaction with no transaction stack binder: 22374:22384 transaction failed 29201/-71, size 48-40 line 2923 mrt_lock) at: binder: 22374:22384 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 22374: binder_alloc_buf, no vma binder: 22374:22375 transaction failed 29189/-3, size 0-0 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 22374:22375 ioctl 40046207 0 returned -16 binder: 22374:22384 BC_ACQUIRE_DONE u0000000000000000 no match binder: 22374:22384 got reply transaction with no transaction stack binder: 22374:22384 transaction failed 29201/-71, size 48-40 line 2923 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 but there are no more locks to release! other info that might help us debug this: 2 locks held by syz-executor5/22372: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:781 #1: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 22372 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1f278e8 ffffffff81d90889 ffffffff849ae9f8 ffff8801c2dbe000 ffffffff834dfc54 ffffffff849ae9f8 ffff8801c2dbe888 ffff8801d1f27918 ffffffff812353f4 dffffc0000000000 ffffffff849ae9f8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa83/0x1290 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=22453 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22453 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65528 sclass=netlink_xfrm_socket pig=22453 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=22453 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22461 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65528 sclass=netlink_xfrm_socket pig=22461 comm=syz-executor7 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode devpts: called with bogus options devpts: called with bogus options device gre0 entered promiscuous mode sg_write: data in/out 760718663/119 bytes for SCSI command 0xa2-- guessing data in; program syz-executor0 not setting count and/or reply_len properly device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=27 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=28 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=260 sclass=netlink_tcpdiag_socket pig=22955 comm=syz-executor5 device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=29 device gre0 entered promiscuous mode device gre0 entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode nla_parse: 4 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. PF_BRIDGE: RTM_SETLINK with unknown ifindex device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. PF_BRIDGE: RTM_SETLINK with unknown ifindex device gre0 entered promiscuous mode device gre0 entered promiscuous mode @: renamed from syz0 keychord: Insufficient bytes present for keycount 18 device gre0 entered promiscuous mode rfkill: input handler disabled rfkill: input handler enabled keychord: Insufficient bytes present for keycount 18 rfkill: input handler disabled rfkill: input handler enabled device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'.