Extracting prog: 11m15.05630357s
Minimizing prog: 1h8m4.108755282s
Simplifying prog options: 15m24.099028945s
Extracting C: 5m9.918973224s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
dup(r0)

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m9.129369864s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m9.129369864s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
extracting C reproducer
testing compiled C program (duration=6m9.129369864s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m9.129369864s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program did not crash
testing program (duration=6m9.129369864s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
validation run: crashed=true
testing program (duration=6m9.129369864s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
validation run: crashed=true
testing program (duration=6m9.129369864s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-openat$ppp-syz_open_procfs-dup-mount$9p_fd
detailed listing:
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000010380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
validation run: crashed=true
reproducing took 1h52m15.970210495s
repro crashed as (corrupted=false):
Bluetooth: hci64: unexpected cc 0x0c03 length: 249 > 1
BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6723 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: hci64 hci_rx_work
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 add_chain_cache kernel/locking/lockdep.c:-1 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3855 [inline]
 validate_chain kernel/locking/lockdep.c:3876 [inline]
 __lock_acquire+0xf9c/0x30a4 kernel/locking/lockdep.c:5237
 lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868
 _raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:378
 raw_spin_rq_lock_nested kernel/sched/core.c:639 [inline]
 raw_spin_rq_lock kernel/sched/sched.h:1558 [inline]
 rq_lock kernel/sched/sched.h:1885 [inline]
 ttwu_queue kernel/sched/core.c:3892 [inline]
 try_to_wake_up+0x440/0xe24 kernel/sched/core.c:4218
 default_wake_function+0x58/0x74 kernel/sched/core.c:7202
 autoremove_wake_function+0x24/0xf8 kernel/sched/wait.c:403
 __wake_up_common kernel/sched/wait.c:108 [inline]
 __wake_up_common_lock kernel/sched/wait.c:125 [inline]
 __wake_up+0x10c/0x1a8 kernel/sched/wait.c:146
 hci_cmd_sync_complete+0x1dc/0x340 net/bluetooth/hci_sync.c:48
 hci_event_packet+0x8a8/0xf50 net/bluetooth/hci_event.c:7783
 hci_rx_work+0x300/0xd80 net/bluetooth/hci_core.c:4076
 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3421
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
Bluetooth: hci63: command tx timeout
Bluetooth: hci30: command 0x0406 tx timeout

final repro crashed as (corrupted=false):
Bluetooth: hci64: unexpected cc 0x0c03 length: 249 > 1
BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6723 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: hci64 hci_rx_work
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 add_chain_cache kernel/locking/lockdep.c:-1 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3855 [inline]
 validate_chain kernel/locking/lockdep.c:3876 [inline]
 __lock_acquire+0xf9c/0x30a4 kernel/locking/lockdep.c:5237
 lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868
 _raw_spin_lock_nested+0x50/0x6c kernel/locking/spinlock.c:378
 raw_spin_rq_lock_nested kernel/sched/core.c:639 [inline]
 raw_spin_rq_lock kernel/sched/sched.h:1558 [inline]
 rq_lock kernel/sched/sched.h:1885 [inline]
 ttwu_queue kernel/sched/core.c:3892 [inline]
 try_to_wake_up+0x440/0xe24 kernel/sched/core.c:4218
 default_wake_function+0x58/0x74 kernel/sched/core.c:7202
 autoremove_wake_function+0x24/0xf8 kernel/sched/wait.c:403
 __wake_up_common kernel/sched/wait.c:108 [inline]
 __wake_up_common_lock kernel/sched/wait.c:125 [inline]
 __wake_up+0x10c/0x1a8 kernel/sched/wait.c:146
 hci_cmd_sync_complete+0x1dc/0x340 net/bluetooth/hci_sync.c:48
 hci_event_packet+0x8a8/0xf50 net/bluetooth/hci_event.c:7783
 hci_rx_work+0x300/0xd80 net/bluetooth/hci_core.c:4076
 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3421
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
Bluetooth: hci63: command tx timeout
Bluetooth: hci30: command 0x0406 tx timeout