Extracting prog: 5m28.006706219s
Minimizing prog: 55m57.555489031s
Simplifying prog options: 0s
Extracting C: 4m9.450381573s
Simplifying C: 21m48.755917944s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: BUG: workqueue lockup
single: successfully extracted reproducer
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, 0x0, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: BUG: workqueue lockup
simplifying C reproducer
testing compiled C program (duration=6m4.949525521s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: BUG: workqueue lockup
testing compiled C program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: BUG: workqueue lockup
testing compiled C program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: BUG: workqueue lockup
testing compiled C program (duration=6m4.949525521s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: BUG: workqueue lockup
reproducing took 1h27m23.768511237s
repro crashed as (corrupted=false):
BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 140s!
BUG: workqueue lockup - pool cpus=0-1 flags=0x4 nice=0 stuck for 141s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
    pending: psi_avgs_work, vmstat_shepherd
workqueue events_unbound: flags=0x2
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/512 refcnt=4
    pending: flush_memcg_stats_dwork, toggle_allocation_gate
workqueue events_power_efficient: flags=0x80
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
    pending: neigh_managed_work, neigh_periodic_work, check_lifetime
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
    in-flight: 206:gc_worker
    pending: neigh_managed_work, neigh_periodic_work
workqueue mm_percpu_wq: flags=0x8
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    pending: vmstat_update
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    pending: vmstat_update
workqueue writeback: flags=0x4a
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
    pending: wb_workfn
workqueue dm_bufio_cache: flags=0x8
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    pending: work_fn
workqueue ipv6_addrconf: flags=0x40008
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
    pending: addrconf_verify_work
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=91s workers=3 idle: 6 19
NMI backtrace for cpu 0
CPU: 0 PID: 420 Comm: syz-executor208 Not tainted 6.1.112-syzkaller-00026-g51bee181735e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:pid_nr_ns kernel/pid.c:480 [inline]
RIP: 0010:__task_pid_nr_ns+0x18a/0x270 kernel/pid.c:501
Code: c0 0f 85 9b 00 00 00 8b 1b 44 89 ff 89 de e8 fd ef 28 00 41 39 df 76 12 e8 73 ee 28 00 31 db eb 52 e8 6a ee 28 00 31 db eb 49 <49> c1 e7 04 4b 8d 5c 3c 68 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74
RSP: 0018:ffffc90001377ed8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888111a2e540
RDX: ffff888111a2e540 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90001377f00 R08: ffffffff814cb733 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881244ce240
R13: dffffc0000000000 R14: ffffffff87100260 R15: 0000000000000000
FS:  00007f723cfc36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f723cfc2e40 CR3: 0000000124571000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 task_tgid_vnr include/linux/sched.h:1657 [inline]
 __do_sys_getpid+0x1d/0x30 kernel/sys.c:955
 x64_sys_call+0x139/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:40
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f723d000b47
Code: 0b e9 68 fe ff ff 48 83 c4 18 48 8d 3d b2 08 09 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 93 d9 fd ff 0f 1f 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 31 f6 31 ff e9 07 e3 02 00 0f 1f 80 00
RSP: 002b:00007f723cfc2c48 EFLAGS: 00000206 ORIG_RAX: 0000000000000027
RAX: ffffffffffffffda RBX: 00007f723cfc2db0 RCX: 00007f723d000b47
RDX: 00007f723cfc2c80 RSI: 00007f723cfc2db0 RDI: 0000000000000021
RBP: 0000000000000000 R08: 00007f723cfc36c0 R09: 00007f723cfc36c0
R10: 0000000000000000 R11: 0000000000000206 R12: 00007f723d08c30c
R13: 0000000000000000 R14: 00007ffe620c6be0 R15: 00007ffe620c6cc8
 </TASK>
----------------
Code disassembly (best guess):
   0:	c0 0f 85             	rorb   $0x85,(%rdi)
   3:	9b                   	fwait
   4:	00 00                	add    %al,(%rax)
   6:	00 8b 1b 44 89 ff    	add    %cl,-0x76bbe5(%rbx)
   c:	89 de                	mov    %ebx,%esi
   e:	e8 fd ef 28 00       	call   0x28f010
  13:	41 39 df             	cmp    %ebx,%r15d
  16:	76 12                	jbe    0x2a
  18:	e8 73 ee 28 00       	call   0x28ee90
  1d:	31 db                	xor    %ebx,%ebx
  1f:	eb 52                	jmp    0x73
  21:	e8 6a ee 28 00       	call   0x28ee90
  26:	31 db                	xor    %ebx,%ebx
  28:	eb 49                	jmp    0x73
* 2a:	49 c1 e7 04          	shl    $0x4,%r15 <-- trapping instruction
  2e:	4b 8d 5c 3c 68       	lea    0x68(%r12,%r15,1),%rbx
  33:	48 89 d8             	mov    %rbx,%rax
  36:	48 c1 e8 03          	shr    $0x3,%rax
  3a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  3f:	74                   	.byte 0x74

final repro crashed as (corrupted=false):
BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 140s!
BUG: workqueue lockup - pool cpus=0-1 flags=0x4 nice=0 stuck for 141s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
    pending: psi_avgs_work, vmstat_shepherd
workqueue events_unbound: flags=0x2
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/512 refcnt=4
    pending: flush_memcg_stats_dwork, toggle_allocation_gate
workqueue events_power_efficient: flags=0x80
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
    pending: neigh_managed_work, neigh_periodic_work, check_lifetime
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
    in-flight: 206:gc_worker
    pending: neigh_managed_work, neigh_periodic_work
workqueue mm_percpu_wq: flags=0x8
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    pending: vmstat_update
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    pending: vmstat_update
workqueue writeback: flags=0x4a
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
    pending: wb_workfn
workqueue dm_bufio_cache: flags=0x8
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    pending: work_fn
workqueue ipv6_addrconf: flags=0x40008
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
    pending: addrconf_verify_work
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=91s workers=3 idle: 6 19
NMI backtrace for cpu 0
CPU: 0 PID: 420 Comm: syz-executor208 Not tainted 6.1.112-syzkaller-00026-g51bee181735e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:pid_nr_ns kernel/pid.c:480 [inline]
RIP: 0010:__task_pid_nr_ns+0x18a/0x270 kernel/pid.c:501
Code: c0 0f 85 9b 00 00 00 8b 1b 44 89 ff 89 de e8 fd ef 28 00 41 39 df 76 12 e8 73 ee 28 00 31 db eb 52 e8 6a ee 28 00 31 db eb 49 <49> c1 e7 04 4b 8d 5c 3c 68 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74
RSP: 0018:ffffc90001377ed8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888111a2e540
RDX: ffff888111a2e540 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90001377f00 R08: ffffffff814cb733 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881244ce240
R13: dffffc0000000000 R14: ffffffff87100260 R15: 0000000000000000
FS:  00007f723cfc36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f723cfc2e40 CR3: 0000000124571000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 task_tgid_vnr include/linux/sched.h:1657 [inline]
 __do_sys_getpid+0x1d/0x30 kernel/sys.c:955
 x64_sys_call+0x139/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:40
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f723d000b47
Code: 0b e9 68 fe ff ff 48 83 c4 18 48 8d 3d b2 08 09 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 93 d9 fd ff 0f 1f 00 b8 27 00 00 00 0f 05 <c3> 0f 1f 84 00 00 00 00 00 31 f6 31 ff e9 07 e3 02 00 0f 1f 80 00
RSP: 002b:00007f723cfc2c48 EFLAGS: 00000206 ORIG_RAX: 0000000000000027
RAX: ffffffffffffffda RBX: 00007f723cfc2db0 RCX: 00007f723d000b47
RDX: 00007f723cfc2c80 RSI: 00007f723cfc2db0 RDI: 0000000000000021
RBP: 0000000000000000 R08: 00007f723cfc36c0 R09: 00007f723cfc36c0
R10: 0000000000000000 R11: 0000000000000206 R12: 00007f723d08c30c
R13: 0000000000000000 R14: 00007ffe620c6be0 R15: 00007ffe620c6cc8
 </TASK>
----------------
Code disassembly (best guess):
   0:	c0 0f 85             	rorb   $0x85,(%rdi)
   3:	9b                   	fwait
   4:	00 00                	add    %al,(%rax)
   6:	00 8b 1b 44 89 ff    	add    %cl,-0x76bbe5(%rbx)
   c:	89 de                	mov    %ebx,%esi
   e:	e8 fd ef 28 00       	call   0x28f010
  13:	41 39 df             	cmp    %ebx,%r15d
  16:	76 12                	jbe    0x2a
  18:	e8 73 ee 28 00       	call   0x28ee90
  1d:	31 db                	xor    %ebx,%ebx
  1f:	eb 52                	jmp    0x73
  21:	e8 6a ee 28 00       	call   0x28ee90
  26:	31 db                	xor    %ebx,%ebx
  28:	eb 49                	jmp    0x73
* 2a:	49 c1 e7 04          	shl    $0x4,%r15 <-- trapping instruction
  2e:	4b 8d 5c 3c 68       	lea    0x68(%r12,%r15,1),%rbx
  33:	48 89 d8             	mov    %rbx,%rax
  36:	48 c1 e8 03          	shr    $0x3,%rax
  3a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  3f:	74                   	.byte 0x74