netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'.

================================
WARNING: inconsistent lock state
4.15.0-rc9+ #283 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor0/9665 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (&(&est->lock)->rlock){+.?.}, at: [<00000000ed6c9e74>] spin_lock include/linux/spinlock.h:310 [inline]
 (&(&est->lock)->rlock){+.?.}, at: [<00000000ed6c9e74>] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
  spin_lock include/linux/spinlock.h:310 [inline]
  est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70
  gen_new_estimator+0x317/0x770 net/core/gen_estimator.c:162
  xt_rateest_tg_checkentry+0x487/0xaa0 net/netfilter/xt_RATEEST.c:135
  xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845
  check_target net/ipv6/netfilter/ip6_tables.c:538 [inline]
  find_check_entry.isra.7+0x935/0xcf0 net/ipv6/netfilter/ip6_tables.c:580
  translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:749
  do_replace net/ipv6/netfilter/ip6_tables.c:1167 [inline]
  do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1693
  nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
  nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
  ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928
  udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1452
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968
  SYSC_setsockopt net/socket.c:1831 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1810
  entry_SYSCALL_64_fastpath+0x29/0xa0
irq event stamp: 1958
hardirqs last  enabled at (1958): [<00000000d32b4de7>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (1958): [<00000000d32b4de7>] _raw_spin_unlock_irq+0x27/0x70 kernel/locking/spinlock.c:192
hardirqs last disabled at (1957): [<000000002a77f179>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (1957): [<000000002a77f179>] _raw_spin_lock_irq+0x3c/0x80 kernel/locking/spinlock.c:160
softirqs last  enabled at (918): [<00000000b204f48f>] spin_unlock_bh include/linux/spinlock.h:355 [inline]
softirqs last  enabled at (918): [<00000000b204f48f>] peernet2id+0xcb/0x110 net/core/net_namespace.c:246
softirqs last disabled at (1955): [<00000000e20d4c8d>] invoke_softirq kernel/softirq.c:365 [inline]
softirqs last disabled at (1955): [<00000000e20d4c8d>] irq_exit+0x1cc/0x200 kernel/softirq.c:405

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&est->lock)->rlock);
  <Interrupt>
    lock(&(&est->lock)->rlock);

 *** DEADLOCK ***

3 locks held by syz-executor0/9665:
 #0:  (&sb->s_type->i_mutex_key#4){++++}, at: [<000000005bc4f9c6>] inode_lock include/linux/fs.h:713 [inline]
 #0:  (&sb->s_type->i_mutex_key#4){++++}, at: [<000000005bc4f9c6>] debugfs_remove_recursive+0xdd/0x5e0 fs/debugfs/inode.c:716
 #1:  (&(&s->s_inode_list_lock)->rlock){+.+.}, at: [<00000000386e669c>] spin_lock include/linux/spinlock.h:310 [inline]
 #1:  (&(&s->s_inode_list_lock)->rlock){+.+.}, at: [<00000000386e669c>] inode_sb_list_del fs/inode.c:446 [inline]
 #1:  (&(&s->s_inode_list_lock)->rlock){+.+.}, at: [<00000000386e669c>] evict+0x2c8/0x920 fs/inode.c:542
 #2:  ((&est->timer)){+.-.}, at: [<000000002db2ec56>] lockdep_copy_map include/linux/lockdep.h:178 [inline]
 #2:  ((&est->timer)){+.-.}, at: [<000000002db2ec56>] call_timer_fn+0x1c6/0x820 kernel/time/timer.c:1308

stack backtrace:
CPU: 0 PID: 9665 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #283
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_usage_bug+0x377/0x38c kernel/locking/lockdep.c:2537
 valid_state kernel/locking/lockdep.c:2550 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2744 [inline]
 mark_lock+0xf61/0x1430 kernel/locking/lockdep.c:3142
 mark_irqflags kernel/locking/lockdep.c:3020 [inline]
 __lock_acquire+0x173a/0x3e00 kernel/locking/lockdep.c:3383
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:310 [inline]
 est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70
 est_timer+0x97/0x7c0 net/core/gen_estimator.c:85
 call_timer_fn+0x228/0x820 kernel/time/timer.c:1318
 expire_timers kernel/time/timer.c:1355 [inline]
 __run_timers+0x7ee/0xb70 kernel/time/timer.c:1658
 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1684
 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285
 invoke_softirq kernel/softirq.c:365 [inline]
 irq_exit+0x1cc/0x200 kernel/softirq.c:405
 exiting_irq arch/x86/include/asm/apic.h:541 [inline]
 smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052
 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:937
 </IRQ>
RIP: 0010:lock_acquire+0x26d/0x580 kernel/locking/lockdep.c:3903
RSP: 0018:ffff8801cca8e9b8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11
RAX: dffffc0000000000 RBX: ffff8801cfea43c0 RCX: 0000000000000000
RDX: 1ffffffff0d5918d RSI: 0000000060138b88 RDI: 0000000000000282
RBP: ffff8801cca8eab0 R08: 1ffff10039951c9b R09: 0000000000000004
R10: ffff8801cca8e998 R11: 0000000000000000 R12: 1ffff10039951d3d
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:310 [inline]
 inode_sb_list_del fs/inode.c:446 [inline]
 evict+0x2c8/0x920 fs/inode.c:542
 iput_final fs/inode.c:1515 [inline]
 iput+0x7b9/0xaf0 fs/inode.c:1542
 dentry_unlink_inode+0x4b0/0x5e0 fs/dcache.c:375
 d_delete+0x1a7/0x250 fs/dcache.c:2367
 __debugfs_remove_file fs/debugfs/inode.c:626 [inline]
 __debugfs_remove.part.10+0x185/0x250 fs/debugfs/inode.c:656
 __debugfs_remove include/linux/dcache.h:492 [inline]
 debugfs_remove_recursive+0x22e/0x5e0 fs/debugfs/inode.c:738
 kvm_destroy_vm_debugfs arch/x86/kvm/../../../virt/kvm/kvm_main.c:561 [inline]
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:715 [inline]
 kvm_put_kvm+0x1da/0xdf0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:755
 kvm_vm_release+0x42/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:766
 __fput+0x327/0x7e0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x9bb/0x1ad0 kernel/exit.c:865
 do_group_exit+0x149/0x400 kernel/exit.c:968
 get_signal+0x73f/0x16c0 kernel/signal.c:2335
 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809
 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
 entry_SYSCALL_64_fastpath+0x9e/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f1457f28c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 000000000071bf58 RCX: 0000000000453299
RDX: 000000000000000c RSI: 0000000000000001 RDI: 000000000071bf84
RBP: 000000000000020e R08: 0000000000000000 R09: 000000000000020e
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006f21f0
R13: 00000000ffffffff R14: 00007f1457f296d4 R15: 0000000000000002
netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'.
kauditd_printk_skb: 7 callbacks suppressed
audit: type=1400 audit(1517128729.620:201): avc:  denied  { net_bind_service } for  pid=1328 comm="kworker/1:1H" capability=10  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1
tc_dump_action: action bad kind
tc_dump_action: action bad kind
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=37684 sclass=netlink_route_socket pig=10466 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=37684 sclass=netlink_route_socket pig=10483 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=37684 sclass=netlink_route_socket pig=10497 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pig=10707 comm=syz-executor4
binder: 10923:10925 got new transaction with bad transaction stack, transaction 12 has target 10923:0
binder: 10923:10925 transaction failed 29201/-71, size 0-0 line 2815
binder: release 10923:10925 transaction 12 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 12, target dead
binder: release 10923:10953 transaction 15 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 15, target dead
binder: 10959:10965 got new transaction with bad transaction stack, transaction 17 has target 10959:0
binder: 10959:10965 transaction failed 29201/-71, size 0-0 line 2815
binder: release 10959:10965 transaction 17 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 17, target dead