================================
WARNING: inconsistent lock state
4.15.0-rc9+ #283 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor7/18830 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (&(&est->lock)->rlock){+.?.}, at: [<000000006de8601a>] spin_lock include/linux/spinlock.h:310 [inline]
 (&(&est->lock)->rlock){+.?.}, at: [<000000006de8601a>] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
  spin_lock include/linux/spinlock.h:310 [inline]
  est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70
  gen_new_estimator+0x317/0x770 net/core/gen_estimator.c:162
  xt_rateest_tg_checkentry+0x487/0xaa0 net/netfilter/xt_RATEEST.c:135
  xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845
  check_target net/ipv4/netfilter/ip_tables.c:518 [inline]
  find_check_entry.isra.8+0x8c8/0xcb0 net/ipv4/netfilter/ip_tables.c:559
  translate_table+0xed1/0x1610 net/ipv4/netfilter/ip_tables.c:730
  do_replace net/ipv4/netfilter/ip_tables.c:1148 [inline]
  do_ipt_set_ctl+0x370/0x5f0 net/ipv4/netfilter/ip_tables.c:1682
  nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
  nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
  ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
  sctp_setsockopt+0x2a0/0x5de0 net/sctp/socket.c:4074
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
  SYSC_setsockopt net/socket.c:1831 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1810
  entry_SYSCALL_64_fastpath+0x29/0xa0
irq event stamp: 704
hardirqs last  enabled at (704): [<00000000e58cfe5c>] restore_regs_and_return_to_kernel+0x0/0x21
hardirqs last disabled at (703): [<00000000e1b36698>] reschedule_interrupt+0xa4/0xb0 arch/x86/entry/entry_64.S:961
softirqs last  enabled at (588): [<0000000020602afe>] __do_softirq+0x7a0/0xb85 kernel/softirq.c:311
softirqs last disabled at (699): [<000000007491007d>] invoke_softirq kernel/softirq.c:365 [inline]
softirqs last disabled at (699): [<000000007491007d>] irq_exit+0x1cc/0x200 kernel/softirq.c:405

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&est->lock)->rlock);
  <Interrupt>
    lock(&(&est->lock)->rlock);

 *** DEADLOCK ***

2 locks held by syz-executor7/18830:
 #0:  (&mm->mmap_sem){++++}, at: [<00000000fe93e881>] vm_mmap_pgoff+0x198/0x280 mm/util.c:331
 #1:  ((&est->timer)){+.-.}, at: [<0000000038903514>] lockdep_copy_map include/linux/lockdep.h:178 [inline]
 #1:  ((&est->timer)){+.-.}, at: [<0000000038903514>] call_timer_fn+0x1c6/0x820 kernel/time/timer.c:1308

stack backtrace:
CPU: 0 PID: 18830 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_usage_bug+0x377/0x38c kernel/locking/lockdep.c:2537
 valid_state kernel/locking/lockdep.c:2550 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2744 [inline]
 mark_lock+0xf61/0x1430 kernel/locking/lockdep.c:3142
 mark_irqflags kernel/locking/lockdep.c:3020 [inline]
 __lock_acquire+0x173a/0x3e00 kernel/locking/lockdep.c:3383
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:310 [inline]
 est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70
 est_timer+0x97/0x7c0 net/core/gen_estimator.c:85
 call_timer_fn+0x228/0x820 kernel/time/timer.c:1318
 expire_timers kernel/time/timer.c:1355 [inline]
 __run_timers+0x7ee/0xb70 kernel/time/timer.c:1658
 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1684
 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285
 invoke_softirq kernel/softirq.c:365 [inline]
 irq_exit+0x1cc/0x200 kernel/softirq.c:405
 exiting_irq arch/x86/include/asm/apic.h:541 [inline]
 smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052
 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:937
 </IRQ>
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:69 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x26/0x50 kernel/kcov.c:101
RSP: 0018:ffff880195ddfa28 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff11
RAX: ffff8801a6df6640 RBX: ffff8801c9d5e758 RCX: ffffffff819c73c6
RDX: 0000000000000002 RSI: ffffc90004495000 RDI: ffff8801c9d5e740
RBP: ffff880195ddfa28 R08: 1ffff10038ea5eb2 R09: ffff880195ddfe10
R10: ffff880195ddfbb0 R11: ffff880195ddfdd0 R12: 0000000000000000
R13: 0000000020000000 R14: dffffc0000000000 R15: ffff8801c9d5e738
 find_vma+0xe6/0x150 mm/mmap.c:2154
 do_munmap+0x147/0xdf0 mm/mmap.c:2649
 mmap_region+0x59e/0x15a0 mm/mmap.c:1646
 do_mmap+0x6c0/0xe00 mm/mmap.c:1483
 do_mmap_pgoff include/linux/mm.h:2217 [inline]
 vm_mmap_pgoff+0x1de/0x280 mm/util.c:333
 SYSC_mmap_pgoff mm/mmap.c:1533 [inline]
 SyS_mmap_pgoff+0x23b/0x5f0 mm/mmap.c:1491
 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
 SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fb86d177c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000003 RSI: 0000000000fff000 RDI: 0000000020000000
RBP: 00000000000001ae R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000000032 R11: 0000000000000212 R12: 00000000006f18f0
R13: 00000000ffffffff R14: 00007fb86d1786d4 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 19485 Comm: syz-executor3 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2948 [inline]
 prepare_alloc_pages mm/page_alloc.c:4187 [inline]
 __alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4226
 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036
 alloc_pages include/linux/gfp.h:492 [inline]
 skb_page_frag_refill+0x358/0x5f0 net/core/sock.c:2201
 tun_build_skb.isra.49+0x2e1/0x17d0 drivers/net/tun.c:1459
 tun_get_user+0x1693/0x3710 drivers/net/tun.c:1628
 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1809
 call_write_iter include/linux/fs.h:1772 [inline]
 do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
 do_iter_write+0x154/0x540 fs/read_write.c:932
 vfs_writev+0x18a/0x340 fs/read_write.c:977
 do_writev+0xfc/0x2a0 fs/read_write.c:1012
 SYSC_writev fs/read_write.c:1085 [inline]
 SyS_writev+0x27/0x30 fs/read_write.c:1082
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453171
RSP: 002b:00007fefd4e89b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007fefd4e89aa0 RCX: 0000000000453171
RDX: 0000000000000001 RSI: 00007fefd4e89bd0 RDI: 0000000000000012
RBP: 00007fefd4e89a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000082 R11: 0000000000000293 R12: 00000000004b8096
R13: 00007fefd4e89bc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 19503 Comm: syz-executor3 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
 __build_skb+0x9d/0x450 net/core/skbuff.c:281
 build_skb+0x6f/0x2a0 net/core/skbuff.c:312
 tun_build_skb.isra.49+0x985/0x17d0 drivers/net/tun.c:1518
 tun_get_user+0x1693/0x3710 drivers/net/tun.c:1628
 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1809
 call_write_iter include/linux/fs.h:1772 [inline]
 do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
 do_iter_write+0x154/0x540 fs/read_write.c:932
 vfs_writev+0x18a/0x340 fs/read_write.c:977
 do_writev+0xfc/0x2a0 fs/read_write.c:1012
 SYSC_writev fs/read_write.c:1085 [inline]
 SyS_writev+0x27/0x30 fs/read_write.c:1082
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453171
RSP: 002b:00007fefd4e89b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007fefd4e89aa0 RCX: 0000000000453171
RDX: 0000000000000001 RSI: 00007fefd4e89bd0 RDI: 0000000000000012
RBP: 00007fefd4e89a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000082 R11: 0000000000000293 R12: 00000000004b8096
R13: 00007fefd4e89bc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 19527 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1147 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1839
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:648
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2028
 __sys_sendmsg+0xe5/0x210 net/socket.c:2062
 SYSC_sendmsg net/socket.c:2073 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2069
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f68ab5d6c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f68ab5d6aa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 000000002001bfc8 RDI: 0000000000000013
RBP: 00007f68ab5d6a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f68ab5d6bc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 19683 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
 create_nsproxy kernel/nsproxy.c:53 [inline]
 create_new_namespaces+0x88/0x880 kernel/nsproxy.c:71
 unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:206
 SYSC_unshare kernel/fork.c:2365 [inline]
 SyS_unshare+0x653/0xfa0 kernel/fork.c:2315
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f708590cc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f708590caa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c000000
RBP: 00007f708590ca90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f708590cbc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 19714 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
 kmalloc include/linux/slab.h:499 [inline]
 create_uts_ns kernel/utsname.c:36 [inline]
 clone_uts_ns kernel/utsname.c:60 [inline]
 copy_utsname+0x1ac/0x440 kernel/utsname.c:102
 create_new_namespaces+0x1e9/0x880 kernel/nsproxy.c:81
 unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:206
 SYSC_unshare kernel/fork.c:2365 [inline]
 SyS_unshare+0x653/0xfa0 kernel/fork.c:2315
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f708590cc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f708590caa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000c000000
RBP: 00007f708590ca90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f708590cbc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 20006 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 nlmsg_new include/net/netlink.h:511 [inline]
 inet_netconf_notify_devconf+0xb4/0x1d0 net/ipv4/devinet.c:1890
 __devinet_sysctl_unregister.isra.23+0x87/0xb0 net/ipv4/devinet.c:2341
 devinet_sysctl_unregister+0x92/0xf0 net/ipv4/devinet.c:2365
 inetdev_destroy net/ipv4/devinet.c:310 [inline]
 inetdev_event+0x9e5/0x1240 net/ipv4/devinet.c:1529
 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
 call_netdevice_notifiers_info+0x32/0x60 net/core/dev.c:1691
 call_netdevice_notifiers net/core/dev.c:1709 [inline]
 rollback_registered_many+0x8ad/0xdf0 net/core/dev.c:7266
 rollback_registered+0x1be/0x3c0 net/core/dev.c:7308
 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8296
 unregister_netdevice include/linux/netdevice.h:2462 [inline]
 __tun_detach+0x520/0x10b0 drivers/net/tun.c:666
 tun_detach drivers/net/tun.c:676 [inline]
 tun_chr_close+0x44/0x60 drivers/net/tun.c:2872
 __fput+0x327/0x7e0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
 entry_SYSCALL_64_fastpath+0x9e/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f61b4f90c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000052 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ef850
R13: 0000000000000014 R14: 00007f61b4f916d4 R15: ffffffffffffffff
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1810 sclass=netlink_route_socket pig=20079 comm=syz-executor1
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1810 sclass=netlink_route_socket pig=20079 comm=syz-executor1
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 20170 Comm: syz-executor5 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 nlmsg_new include/net/netlink.h:511 [inline]
 inet_netconf_notify_devconf+0xb4/0x1d0 net/ipv4/devinet.c:1890
 __devinet_sysctl_unregister.isra.23+0x87/0xb0 net/ipv4/devinet.c:2341
 devinet_sysctl_unregister+0x92/0xf0 net/ipv4/devinet.c:2365
 inetdev_destroy net/ipv4/devinet.c:310 [inline]
 inetdev_event+0x9e5/0x1240 net/ipv4/devinet.c:1529
 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
 call_netdevice_notifiers_info+0x32/0x60 net/core/dev.c:1691
 call_netdevice_notifiers net/core/dev.c:1709 [inline]
 rollback_registered_many+0x8ad/0xdf0 net/core/dev.c:7266
 rollback_registered+0x1be/0x3c0 net/core/dev.c:7308
 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8296
 unregister_netdevice include/linux/netdevice.h:2462 [inline]
 __tun_detach+0x520/0x10b0 drivers/net/tun.c:666
 tun_detach drivers/net/tun.c:676 [inline]
 tun_chr_close+0x44/0x60 drivers/net/tun.c:2872
 __fput+0x327/0x7e0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
 entry_SYSCALL_64_fastpath+0x9e/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fc3ae9aec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000052 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ef850
R13: 0000000000000014 R14: 00007fc3ae9af6d4 R15: ffffffffffffffff
kauditd_printk_skb: 2 callbacks suppressed
audit: type=1400 audit(1517130827.827:1230): avc:  denied  { write } for  pid=20268 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 20569 Comm: syz-executor6 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 nlmsg_new include/net/netlink.h:511 [inline]
 inet6_netconf_notify_devconf+0x9a/0x1a0 net/ipv6/addrconf.c:587
 ip6mr_sk_done+0x39e/0x450 net/ipv6/ip6mr.c:1630
 ip6_mroute_setsockopt+0x1009/0x35b0 net/ipv6/ip6mr.c:1697
 do_ipv6_setsockopt.isra.8+0x2f0/0x39d0 net/ipv6/ipv6_sockglue.c:163
 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
 SYSC_setsockopt net/socket.c:1831 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1810
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f0882313c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f0882313aa0 RCX: 0000000000453299
RDX: 00000000000000c9 RSI: 0000000000000029 RDI: 0000000000000015
RBP: 00007f0882313a90 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020c3a000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f0882313bc8 R14: 00000000004b8096 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 20582 Comm: syz-executor6 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651
 __do_kmalloc_node mm/slab.c:3671 [inline]
 __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686
 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137
 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205