Extracting prog: 7m22.614244916s
Minimizing prog: 1h22m38.731798393s
Simplifying prog options: 15m18.606834264s
Extracting C: 5m12.932183087s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-openat$vhost_vsock-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
r1 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r0, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, 0x0, 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, 0x0, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m6.427337842s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m6.427337842s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
extracting C reproducer
testing compiled C program (duration=6m6.427337842s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m6.427337842s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program did not crash
testing program (duration=6m6.427337842s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
validation run: crashed=true
testing program (duration=6m6.427337842s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
validation run: crashed=true
testing program (duration=6m6.427337842s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_freezer_state-openat$cgroup_procs-write$cgroup_pid-write$cgroup_freezer_state
detailed listing:
executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

program crashed: BUG: MAX_LOCKDEP_CHAINS too low!
validation run: crashed=true
reproducing took 2h2m25.714439284s
repro crashed as (corrupted=false):
Bluetooth: hci50: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci50: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci50: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci50: unexpected cc 0x0c38 length: 249 > 2
BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 1 PID: 4766 Comm: kworker/u5:6 Not tainted 6.1.146-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci50 hci_rx_work
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 add_chain_cache kernel/locking/lockdep.c:-1 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3772 [inline]
 validate_chain kernel/locking/lockdep.c:3793 [inline]
 __lock_acquire+0x1b40/0x6544 kernel/locking/lockdep.c:5049
 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
 __queue_work+0x670/0x123c kernel/workqueue.c:-1
 queue_work_on+0xc0/0x16c kernel/workqueue.c:1548
 queue_work include/linux/workqueue.h:512 [inline]
 hci_send_cmd+0xa8/0x174 net/bluetooth/hci_core.c:3055
 hci_conn_complete_evt+0x93c/0xf94 net/bluetooth/hci_event.c:3266
 hci_event_func net/bluetooth/hci_event.c:7381 [inline]
 hci_event_packet+0x6f4/0xf08 net/bluetooth/hci_event.c:7433
 hci_rx_work+0x324/0xaa0 net/bluetooth/hci_core.c:4083
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:849
Bluetooth: hci49: command 0x040f tx timeout
Bluetooth: hci50: command 0x0409 tx timeout
Bluetooth: hci50: command 0x041b tx timeout
Bluetooth: hci52: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci52: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci52: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci52: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci52: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci52: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci50: command 0x040f tx timeout
Bluetooth: hci51: command 0x041b tx timeout
Bluetooth: hci52: command 0x0409 tx timeout
Bluetooth: hci51: command 0x040f tx timeout
Bluetooth: hci52: command 0x040f tx timeout
Bluetooth: hci53: command 0x0409 tx timeout
Bluetooth: hci54: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci54: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci54: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci54: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci54: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci54: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci52: command 0x0419 tx timeout

final repro crashed as (corrupted=false):
Bluetooth: hci50: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci50: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci50: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci50: unexpected cc 0x0c38 length: 249 > 2
BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 1 PID: 4766 Comm: kworker/u5:6 Not tainted 6.1.146-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci50 hci_rx_work
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 add_chain_cache kernel/locking/lockdep.c:-1 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3772 [inline]
 validate_chain kernel/locking/lockdep.c:3793 [inline]
 __lock_acquire+0x1b40/0x6544 kernel/locking/lockdep.c:5049
 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
 __queue_work+0x670/0x123c kernel/workqueue.c:-1
 queue_work_on+0xc0/0x16c kernel/workqueue.c:1548
 queue_work include/linux/workqueue.h:512 [inline]
 hci_send_cmd+0xa8/0x174 net/bluetooth/hci_core.c:3055
 hci_conn_complete_evt+0x93c/0xf94 net/bluetooth/hci_event.c:3266
 hci_event_func net/bluetooth/hci_event.c:7381 [inline]
 hci_event_packet+0x6f4/0xf08 net/bluetooth/hci_event.c:7433
 hci_rx_work+0x324/0xaa0 net/bluetooth/hci_core.c:4083
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:849
Bluetooth: hci49: command 0x040f tx timeout
Bluetooth: hci50: command 0x0409 tx timeout
Bluetooth: hci50: command 0x041b tx timeout
Bluetooth: hci52: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci52: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci52: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci52: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci52: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci52: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci50: command 0x040f tx timeout
Bluetooth: hci51: command 0x041b tx timeout
Bluetooth: hci52: command 0x0409 tx timeout
Bluetooth: hci51: command 0x040f tx timeout
Bluetooth: hci52: command 0x040f tx timeout
Bluetooth: hci53: command 0x0409 tx timeout
Bluetooth: hci54: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci54: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci54: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci54: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci54: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci54: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci52: command 0x0419 tx timeout