BUG: sleeping function called from invalid context at mm/slab.h:416
in_atomic(): 1, irqs_disabled(): 0, pid: 5882, name: syz-executor1
3 locks held by syz-executor1/5882:
 #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.+.}, at: [<ffffffff84401f58>] pfkey_sendmsg+0x4c8/0x9f0 net/key/af_key.c:3649
 #1:  (&pfk->dump_lock){+.+.+.}, at: [<ffffffff84404ec6>] pfkey_do_dump+0x76/0x3f0 net/key/af_key.c:293
 #2:  (&(&net->xfrm.xfrm_policy_lock)->rlock){+...+.}, at: [<ffffffff84215cc2>] spin_lock_bh include/linux/spinlock.h:304 [inline]
 #2:  (&(&net->xfrm.xfrm_policy_lock)->rlock){+...+.}, at: [<ffffffff84215cc2>] xfrm_policy_walk+0x192/0xa30 net/xfrm/xfrm_policy.c:1028
CPU: 0 PID: 5882 Comm: syz-executor1 Not tainted 4.13.0-rc5+ #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:5994
 __might_sleep+0x95/0x190 kernel/sched/core.c:5947
 slab_pre_alloc_hook mm/slab.h:416 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x29b/0x750 mm/slab.c:3559
 skb_clone+0x1a0/0x400 net/core/skbuff.c:1037
 pfkey_broadcast_one+0x4b2/0x6f0 net/key/af_key.c:207
 pfkey_broadcast+0x4ba/0x770 net/key/af_key.c:281
 dump_sp+0x3d6/0x500 net/key/af_key.c:2685
 xfrm_policy_walk+0x2f1/0xa30 net/xfrm/xfrm_policy.c:1042
 pfkey_dump_sp+0x42/0x50 net/key/af_key.c:2695
 pfkey_do_dump+0xaa/0x3f0 net/key/af_key.c:299
 pfkey_spddump+0x1a0/0x210 net/key/af_key.c:2722
 pfkey_process+0x606/0x710 net/key/af_key.c:2814
 pfkey_sendmsg+0x4d6/0x9f0 net/key/af_key.c:3650
 sock_sendmsg_nosec net/socket.c:633 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:643
 sock_write_iter+0x31a/0x5d0 net/socket.c:898
 call_write_iter include/linux/fs.h:1743 [inline]
 new_sync_write fs/read_write.c:457 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:470
 vfs_write+0x189/0x510 fs/read_write.c:518
 SYSC_write fs/read_write.c:565 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:557
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4512e9
RSP: 002b:00007f117d145c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 00000000004512e9
RDX: 0000000000000010 RSI: 0000000020000ff0 RDI: 000000000000001c
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b70fd
R13: 00000000ffffffff R14: 0000000020000000 R15: 0000000000fff000
nla_parse: 6 callbacks suppressed
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
tc_dump_action: action bad kind
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6094 comm=syz-executor3
ALSA: seq fatal error: cannot create timer (-19)
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63196 sclass=netlink_route_socket pig=6302 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63196 sclass=netlink_route_socket pig=6302 comm=syz-executor3
QAT: Invalid ioctl
QAT: Invalid ioctl
ptm ptm1: ldisc open failed (-12), clearing slot 1
tc_dump_action: action bad kind
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6418 comm=syz-executor4
syz-executor3: vmalloc: allocation failure: 17179868160 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor3 cpuset=/ mems_allowed=0
CPU: 1 PID: 6438 Comm: syz-executor3 Tainted: G        W       4.13.0-rc5+ #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 warn_alloc+0x1c2/0x2c0 mm/page_alloc.c:3222
 __vmalloc_node_range+0x57b/0x710 mm/vmalloc.c:1780
 __vmalloc_node mm/vmalloc.c:1809 [inline]
 __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1831
 kvmalloc_node+0x82/0xd0 mm/util.c:406
 kvmalloc include/linux/mm.h:524 [inline]
 kvmalloc_array include/linux/mm.h:540 [inline]
 xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:691
 do_replace net/ipv4/netfilter/ip_tables.c:1134 [inline]
 do_ipt_set_ctl+0x345/0x5c0 net/ipv4/netfilter/ip_tables.c:1670
 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2392
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2904
 SYSC_setsockopt net/socket.c:1838 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1817
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4512e9
RSP: 002b:00007fb337950c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000718150 RCX: 00000000004512e9
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000086 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000216 R12: 00000000004b671b
R13: 00000000ffffffff R14: ffffffffffffffff R15: 0000000000000003
Mem-Info:
active_anon:100358 inactive_anon:32 isolated_anon:0
 active_file:3439 inactive_file:4725 isolated_file:0
 unevictable:0 dirty:96 writeback:0 unstable:0
 slab_reclaimable:8534 slab_unreclaimable:94725
 mapped:20884 shmem:43 pagetables:789 bounce:0
 free:1395770 free_pcp:554 free_cma:0
Node 0 active_anon:403480kB inactive_anon:128kB active_file:13756kB inactive_file:18900kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83536kB dirty:384kB writeback:0kB shmem:172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 47104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2883 6396 6396
Node 0 DMA32 free:2954496kB min:30392kB low:37988kB high:45584kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2955344kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:844kB local_pcp:128kB free_cma:0kB
lowmem_reserve[]: 0 0 3513 3513
Node 0 Normal free:2617512kB min:37024kB low:46280kB high:55536kB active_anon:399564kB inactive_anon:192kB active_file:13756kB inactive_file:18912kB unevictable:0kB writepending:420kB present:4718592kB managed:3597456kB mlocked:0kB kernel_stack:3872kB pagetables:3132kB bounce:0kB free_pcp:1084kB local_pcp:740kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 6*4kB (UM) 5*8kB (UM) 4*16kB (M) 2*32kB (UM) 3*64kB (M) 1*128kB (M) 5*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 718*4096kB (M) = 2954496kB
Node 0 Normal: 1728*4kB (UME) 17*8kB (ME) 324*16kB (UME) 1451*32kB (UME) 980*64kB (UME) 111*128kB (UME) 19*256kB (ME) 29*512kB (UM) 21*1024kB (UM) 13*2048kB (UME) 588*4096kB (M) = 2611880kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
8225 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
323802 pages reserved
device lo entered promiscuous mode
sctp: [Deprecated]: syz-executor5 (pid 6645) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor5 (pid 6654) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
device syz4 entered promiscuous mode
TCP: request_sock_TCP: Possible SYN flooding on port 20012. Sending cookies.  Check SNMP counters.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6857 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6866 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6866 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6866 comm=syz-executor1
nla_parse: 6 callbacks suppressed
netlink: 48 bytes leftover after parsing attributes in process `syz-executor6'.
QAT: Invalid ioctl
QAT: Invalid ioctl
netlink: 48 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 33 bytes leftover after parsing attributes in process `syz-executor5'.
PF_BRIDGE: br_mdb_parse() with unknown ifindex
syz5: Invalid MTU 65536 requested, hw max 65521
syz5: Invalid MTU 65536 requested, hw max 65521
netlink: 33 bytes leftover after parsing attributes in process `syz-executor5'.
PF_BRIDGE: br_mdb_parse() with unknown ifindex
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
sctp: [Deprecated]: syz-executor2 (pid 7327) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
TCP: request_sock_TCP: Possible SYN flooding on port 20016. Sending cookies.  Check SNMP counters.
sctp: [Deprecated]: syz-executor2 (pid 7351) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5098 sclass=netlink_audit_socket pig=7401 comm=syz-executor6
sctp: [Deprecated]: syz-executor7 (pid 7611) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1 sclass=netlink_tcpdiag_socket pig=7681 comm=syz-executor0
TCP: request_sock_TCPv6: Possible SYN flooding on port 20001. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20001. Sending cookies.  Check SNMP counters.