WARNING: can't dereference registers at 000000006170f1db for ip apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 3125 (only 16 groups) audit: type=1804 audit(1666916334.775:74846): pid=6339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2464643458/syzkaller.P7d6nh/933/bus" dev="sda1" ino=15025 res=1 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 3125 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 3125 (only 16 groups) netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 3125 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 3125 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:131: Cannot add at group 3125 (only 16 groups) netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1666916337.565:74847): pid=6477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2853695719/syzkaller.vpkneK/1006/bus" dev="sda1" ino=14195 res=1 IPVS: ftp: loaded support on port[0] = 21 BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 0 PID: 6484 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 add_chain_cache kernel/locking/lockdep.c:2259 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2371 [inline] validate_chain kernel/locking/lockdep.c:2391 [inline] __lock_acquire.cold+0x420/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] nf_conntrack_lock net/netfilter/nf_conntrack_core.c:91 [inline] nf_conntrack_double_lock.constprop.0+0x4e/0x1c0 net/netfilter/nf_conntrack_core.c:129 nf_ct_delete_from_lists+0x1ec/0x550 net/netfilter/nf_conntrack_core.c:610 nf_ct_delete.part.0+0x14d/0x500 net/netfilter/nf_conntrack_core.c:647 nf_ct_delete net/netfilter/nf_conntrack_core.c:624 [inline] nf_ct_kill include/net/netfilter/nf_conntrack.h:216 [inline] nf_ct_gc_expired+0x291/0x300 net/netfilter/nf_conntrack_core.c:689 ____nf_conntrack_find net/netfilter/nf_conntrack_core.c:717 [inline] __nf_conntrack_find_get+0xc0d/0x1740 net/netfilter/nf_conntrack_core.c:750 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1504 [inline] nf_conntrack_in+0x444/0xe20 net/netfilter/nf_conntrack_core.c:1584 ipv4_conntrack_local+0x1b2/0x250 net/netfilter/nf_conntrack_proto.c:480 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc5/0x1e0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] __ip_local_out+0x435/0x800 net/ipv4/ip_output.c:114 ip_local_out+0x26/0x170 net/ipv4/ip_output.c:123 __ip_queue_xmit+0x91e/0x1c10 net/ipv4/ip_output.c:507 __tcp_transmit_skb+0x1b9c/0x3400 net/ipv4/tcp_output.c:1148 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline] tcp_send_active_reset+0x456/0x8e0 net/ipv4/tcp_output.c:3142 tcp_close+0xaa3/0xfd0 net/ipv4/tcp.c:2388 inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427 __sock_release+0xcd/0x2a0 net/socket.c:599 sock_close+0x15/0x20 net/socket.c:1214 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 get_signal+0x1b64/0x1f70 kernel/signal.c:2400 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f85a160a5a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f859fb5c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: 00000000000168fb RBX: 00007f85a172b050 RCX: 00007f85a160a5a9 RDX: 00000001000001bd RSI: 0000000020000300 RDI: 0000000000000005 RBP: 00007f85a16657b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdea05557f R14: 00007f859fb5c300 R15: 0000000000022000 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state audit: type=1804 audit(1666916338.775:74848): pid=6534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2853695719/syzkaller.vpkneK/1007/bus" dev="sda1" ino=15121 res=1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge0: port 1(team0) entered disabled state bridge0: port 2(bridge_slave_1) entered disabled state audit: type=1804 audit(1666916339.735:74849): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir274266461/syzkaller.WUIKqq/359/bus" dev="sda1" ino=15412 res=1 audit: type=1804 audit(1666916339.805:74850): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2853695719/syzkaller.vpkneK/1008/bus" dev="sda1" ino=15414 res=1 audit: type=1804 audit(1666916340.195:74851): pid=6579 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir274266461/syzkaller.WUIKqq/360/bus" dev="sda1" ino=15394 res=1 audit: type=1804 audit(1666916340.515:74852): pid=6586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2853695719/syzkaller.vpkneK/1009/bus" dev="sda1" ino=13863 res=1 device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 1(team0) entered disabled state device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1804 audit(1666916340.825:74853): pid=6603 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir274266461/syzkaller.WUIKqq/361/bus" dev="sda1" ino=15408 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. IPVS: stopping backup sync thread 6674 ... IPVS: sync thread started: state = BACKUP, mcast_ifn = xfrm0, syncid = 0, id = 0 netlink: 'syz-executor.0': attribute type 14 has an invalid length. IPVS: sync thread started: state = BACKUP, mcast_ifn = xfrm0, syncid = 0, id = 0 IPVS: stopping backup sync thread 6686 ... IPVS: stopping backup sync thread 6694 ... IPVS: sync thread started: state = BACKUP, mcast_ifn = xfrm0, syncid = 0, id = 0 IPVS: stopping backup sync thread 6704 ... IPVS: sync thread started: state = BACKUP, mcast_ifn = xfrm0, syncid = 0, id = 0 IPVS: sync thread started: state = BACKUP, mcast_ifn = xfrm0, syncid = 0, id = 0 IPVS: stopping backup sync thread 6713 ... IPVS: stopping backup sync thread 6721 ... IPVS: sync thread started: state = BACKUP, mcast_ifn = xfrm0, syncid = 0, id = 0 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. IPVS: stopping backup sync thread 6730 ... device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.