=====================================
[ BUG: bad unlock balance detected! ]
4.9.80-g550c01d #29 Not tainted
-------------------------------------
syz-executor7/8548 is trying to release lock (mrt_lock) at:
[<ffffffff834e8ee4>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz-executor7/8548:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d3a5f>] __fdget_pos+0x9f/0xc0 fs/file.c:781
 #1:  (&p->lock){+.+.+.}, at: [<ffffffff815e8e5d>] seq_read+0xdd/0x1290 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 8548 Comm: syz-executor7 Not tainted 4.9.80-g550c01d #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c69378e8 ffffffff81d94b69 ffffffff849b6cf8 ffff8801c47d9800
 ffffffff834e8ee4 ffffffff849b6cf8 ffff8801c47da088 ffff8801c6937918
 ffffffff81237e04 dffffc0000000000 ffffffff849b6cf8 00000000ffffffff
Call Trace:
 [<ffffffff81d94b69>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d94b69>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81237e04>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398
 [<ffffffff812408d8>] __lock_release kernel/locking/lockdep.c:3540 [inline]
 [<ffffffff812408d8>] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775
 [<ffffffff838b2fda>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff838b2fda>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff834e8ee4>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff815e9803>] seq_read+0xa83/0x1290 fs/seq_file.c:283
 [<ffffffff816c24ff>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff8156cc21>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff81570a90>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff81570a90>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff81570d44>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff81570e66>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81574357>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81574357>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838b346e>] entry_SYSCALL_64_fastpath+0x29/0xe8
binder: 8713:8714 ioctl 541b 202c3ffc returned -22
audit: type=1400 audit(1517954059.559:34): avc:  denied  { execute } for  pid=8708 comm="syz-executor0" dev="pipefs" ino=17821 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1
binder: 8713:8714 ioctl 541b 202c3ffc returned -22
audit: type=1400 audit(1517954060.149:35): avc:  denied  { create } for  pid=8935 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1
audit: type=1400 audit(1517954060.659:36): avc:  denied  { execute } for  pid=9030 comm="syz-executor6" path="/proc/552/ns" dev="proc" ino=18981 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1