BUG: sleeping function called from invalid context at mm/slab.h:416 in_atomic(): 1, irqs_disabled(): 0, pid: 5882, name: syz-executor1 3 locks held by syz-executor1/5882: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.+.}, at: [] pfkey_sendmsg+0x4c8/0x9f0 net/key/af_key.c:3649 #1: (&pfk->dump_lock){+.+.+.}, at: [] pfkey_do_dump+0x76/0x3f0 net/key/af_key.c:293 #2: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...+.}, at: [] spin_lock_bh include/linux/spinlock.h:304 [inline] #2: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...+.}, at: [] xfrm_policy_walk+0x192/0xa30 net/xfrm/xfrm_policy.c:1028 CPU: 0 PID: 5882 Comm: syz-executor1 Not tainted 4.13.0-rc5+ #35 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:5994 __might_sleep+0x95/0x190 kernel/sched/core.c:5947 slab_pre_alloc_hook mm/slab.h:416 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x29b/0x750 mm/slab.c:3559 skb_clone+0x1a0/0x400 net/core/skbuff.c:1037 pfkey_broadcast_one+0x4b2/0x6f0 net/key/af_key.c:207 pfkey_broadcast+0x4ba/0x770 net/key/af_key.c:281 dump_sp+0x3d6/0x500 net/key/af_key.c:2685 xfrm_policy_walk+0x2f1/0xa30 net/xfrm/xfrm_policy.c:1042 pfkey_dump_sp+0x42/0x50 net/key/af_key.c:2695 pfkey_do_dump+0xaa/0x3f0 net/key/af_key.c:299 pfkey_spddump+0x1a0/0x210 net/key/af_key.c:2722 pfkey_process+0x606/0x710 net/key/af_key.c:2814 pfkey_sendmsg+0x4d6/0x9f0 net/key/af_key.c:3650 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 sock_write_iter+0x31a/0x5d0 net/socket.c:898 call_write_iter include/linux/fs.h:1743 [inline] new_sync_write fs/read_write.c:457 [inline] __vfs_write+0x684/0x970 fs/read_write.c:470 vfs_write+0x189/0x510 fs/read_write.c:518 SYSC_write fs/read_write.c:565 [inline] SyS_write+0xef/0x220 fs/read_write.c:557 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x4512e9 RSP: 002b:00007f117d145c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 00000000004512e9 RDX: 0000000000000010 RSI: 0000000020000ff0 RDI: 000000000000001c RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b70fd R13: 00000000ffffffff R14: 0000000020000000 R15: 0000000000fff000 nla_parse: 6 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. tc_dump_action: action bad kind SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6094 comm=syz-executor3 ALSA: seq fatal error: cannot create timer (-19) QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63196 sclass=netlink_route_socket pig=6302 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63196 sclass=netlink_route_socket pig=6302 comm=syz-executor3 QAT: Invalid ioctl QAT: Invalid ioctl ptm ptm1: ldisc open failed (-12), clearing slot 1 tc_dump_action: action bad kind SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6418 comm=syz-executor4 syz-executor3: vmalloc: allocation failure: 17179868160 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor3 cpuset=/ mems_allowed=0 CPU: 1 PID: 6438 Comm: syz-executor3 Tainted: G W 4.13.0-rc5+ #35 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2c0 mm/page_alloc.c:3222 __vmalloc_node_range+0x57b/0x710 mm/vmalloc.c:1780 __vmalloc_node mm/vmalloc.c:1809 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1831 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:524 [inline] kvmalloc_array include/linux/mm.h:540 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:691 do_replace net/ipv4/netfilter/ip_tables.c:1134 [inline] do_ipt_set_ctl+0x345/0x5c0 net/ipv4/netfilter/ip_tables.c:1670 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2392 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2904 SYSC_setsockopt net/socket.c:1838 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1817 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x4512e9 RSP: 002b:00007fb337950c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000718150 RCX: 00000000004512e9 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 RBP: 0000000000000086 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000216 R12: 00000000004b671b R13: 00000000ffffffff R14: ffffffffffffffff R15: 0000000000000003 Mem-Info: active_anon:100358 inactive_anon:32 isolated_anon:0 active_file:3439 inactive_file:4725 isolated_file:0 unevictable:0 dirty:96 writeback:0 unstable:0 slab_reclaimable:8534 slab_unreclaimable:94725 mapped:20884 shmem:43 pagetables:789 bounce:0 free:1395770 free_pcp:554 free_cma:0 Node 0 active_anon:403480kB inactive_anon:128kB active_file:13756kB inactive_file:18900kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83536kB dirty:384kB writeback:0kB shmem:172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 47104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2883 6396 6396 Node 0 DMA32 free:2954496kB min:30392kB low:37988kB high:45584kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2955344kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:844kB local_pcp:128kB free_cma:0kB lowmem_reserve[]: 0 0 3513 3513 Node 0 Normal free:2617512kB min:37024kB low:46280kB high:55536kB active_anon:399564kB inactive_anon:192kB active_file:13756kB inactive_file:18912kB unevictable:0kB writepending:420kB present:4718592kB managed:3597456kB mlocked:0kB kernel_stack:3872kB pagetables:3132kB bounce:0kB free_pcp:1084kB local_pcp:740kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 6*4kB (UM) 5*8kB (UM) 4*16kB (M) 2*32kB (UM) 3*64kB (M) 1*128kB (M) 5*256kB (UM) 5*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 718*4096kB (M) = 2954496kB Node 0 Normal: 1728*4kB (UME) 17*8kB (ME) 324*16kB (UME) 1451*32kB (UME) 980*64kB (UME) 111*128kB (UME) 19*256kB (ME) 29*512kB (UM) 21*1024kB (UM) 13*2048kB (UME) 588*4096kB (M) = 2611880kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 8225 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 323802 pages reserved device lo entered promiscuous mode sctp: [Deprecated]: syz-executor5 (pid 6645) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 6654) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device syz4 entered promiscuous mode TCP: request_sock_TCP: Possible SYN flooding on port 20012. Sending cookies. Check SNMP counters. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6857 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6866 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6866 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6866 comm=syz-executor1 nla_parse: 6 callbacks suppressed netlink: 48 bytes leftover after parsing attributes in process `syz-executor6'. QAT: Invalid ioctl QAT: Invalid ioctl netlink: 48 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 64 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 64 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 33 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with unknown ifindex syz5: Invalid MTU 65536 requested, hw max 65521 syz5: Invalid MTU 65536 requested, hw max 65521 netlink: 33 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. sctp: [Deprecated]: syz-executor2 (pid 7327) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead TCP: request_sock_TCP: Possible SYN flooding on port 20016. Sending cookies. Check SNMP counters. sctp: [Deprecated]: syz-executor2 (pid 7351) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5098 sclass=netlink_audit_socket pig=7401 comm=syz-executor6 sctp: [Deprecated]: syz-executor7 (pid 7611) Use of int in max_burst socket option. Use struct sctp_assoc_value instead QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1 sclass=netlink_tcpdiag_socket pig=7681 comm=syz-executor0 TCP: request_sock_TCPv6: Possible SYN flooding on port 20001. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20001. Sending cookies. Check SNMP counters.