Extracting prog: 56.539914059s
Minimizing prog: 29m1.7082023s
Simplifying prog options: 4m58.216172463s
Extracting C: 2m33.247945648s
Simplifying C: 0s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-socket$pppl2tp-connect$pppl2tp-openat$cgroup_pressure-read-setns-setsockopt$inet6_tcp_int
detailed listing:
executing program 0:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
unshare(0x2a020480)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x4)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x9}}, 0x2e)
r9 = openat$cgroup_pressure(r4, &(0x7f0000000540)='cpu.pressure\x00', 0x2, 0x0)
read(r9, &(0x7f0000000040)=""/252, 0xfc)
setns(r2, 0x8020080)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000640)=0x8a9, 0x4)

program crashed: WARNING in put_pid_ns
single: successfully extracted reproducer
found reproducer with 19 syscalls
minimizing guilty program
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-socket$pppl2tp-connect$pppl2tp-openat$cgroup_pressure-read-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x4)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x9}}, 0x2e)
r8 = openat$cgroup_pressure(r3, &(0x7f0000000540)='cpu.pressure\x00', 0x2, 0x0)
read(r8, &(0x7f0000000040)=""/252, 0xfc)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-socket$pppl2tp-connect$pppl2tp-openat$cgroup_pressure-read
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x9}}, 0x2e)
r7 = openat$cgroup_pressure(r2, &(0x7f0000000540)='cpu.pressure\x00', 0x2, 0x0)
read(r7, &(0x7f0000000040)=""/252, 0xfc)

program did not crash
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-socket$pppl2tp-connect$pppl2tp-openat$cgroup_pressure-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x4)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x9}}, 0x2e)
openat$cgroup_pressure(r3, &(0x7f0000000540)='cpu.pressure\x00', 0x2, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-socket$pppl2tp-connect$pppl2tp-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x9}}, 0x2e)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-socket$pppl2tp-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-connect$inet6-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-socket$inet6_udp-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-sendmsg$nl_xfrm-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-socket$nl_xfrm-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x4)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-fsconfig$FSCONFIG_CMD_CREATE-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-fsopen-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-unshare-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
unshare(0x2a020480)
setns(r1, 0x8020080)

program crashed: WARNING in put_pid_ns
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in alloc_pid
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-getpid-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
getpid()
setns(0xffffffffffffffff, 0x8020080)

program did not crash
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-syz_pidfd_open-setns
detailed listing:
executing program 0:
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_pidfd_open(0x0, 0x0)
setns(r0, 0x8020080)

program did not crash
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in alloc_pid
extracting C reproducer
testing compiled C program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
program crashed: WARNING in nsproxy_ns_active_put
a never seen crash title: WARNING in nsproxy_ns_active_put, ignore
simplifying guilty program options
testing program (duration=46.304583765s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program did not crash
testing program (duration=46.304583765s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: SYZFAIL: failed to recv rpc
a never seen crash title: SYZFAIL: failed to recv rpc, ignore
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in nsproxy_ns_active_put
a never seen crash title: WARNING in nsproxy_ns_active_put, ignore
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in alloc_pid
validation run: crashed=true
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in alloc_pid
validation run: crashed=true
testing program (duration=46.304583765s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): getpid-syz_pidfd_open-setns
detailed listing:
executing program 0:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020080)

program crashed: WARNING in alloc_pid
validation run: crashed=true
reproducing took 42m34.650092271s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: ./include/linux/ns_common.h:288 at __ns_ref_active_get include/linux/ns_common.h:288 [inline], CPU#1: syz-executor/5939
WARNING: ./include/linux/ns_common.h:288 at alloc_pid+0xad6/0xc70 kernel/pid.c:285, CPU#1: syz-executor/5939
Modules linked in:
CPU: 1 UID: 0 PID: 5939 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:__ns_ref_active_get include/linux/ns_common.h:288 [inline]
RIP: 0010:alloc_pid+0xad6/0xc70 kernel/pid.c:285
Code: cc e8 7e d6 34 00 be 02 00 00 00 eb 0a e8 72 d6 34 00 be 01 00 00 00 48 89 df e8 a5 d0 0c 03 e9 84 fa ff ff e8 5b d6 34 00 90 <0f> 0b 90 e9 2c fd ff ff e8 4d d6 34 00 90 0f 0b 90 e9 5b fd ff ff
RSP: 0018:ffffc90003fbf9d8 EFLAGS: 00010293
RAX: ffffffff818cf9d5 RBX: ffff88807e445438 RCX: ffff888024b58000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffff88807a9dd201 R08: ffff88807e44543b R09: 1ffff1100fc88a87
R10: dffffc0000000000 R11: ffffed100fc88a88 R12: dffffc0000000000
R13: 1ffff1100f53ba61 R14: ffff88807e4452d0 R15: dffffc0000000000
FS:  000055557f992500(0000) GS:ffff888125b79000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f67e8d156c0 CR3: 000000002d2a6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 copy_process+0x18e7/0x3930 kernel/fork.c:2196
 kernel_clone+0x21e/0x840 kernel/fork.c:2609
 __do_sys_clone kernel/fork.c:2750 [inline]
 __se_sys_clone kernel/fork.c:2734 [inline]
 __x64_sys_clone+0x18b/0x1e0 kernel/fork.c:2734
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f67e7f85e13
Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007ffedd486dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67e7f85e13
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 000055557f9927d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000927c0 R14: 0000000000017510 R15: 00007ffedd486f70
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: ./include/linux/ns_common.h:288 at __ns_ref_active_get include/linux/ns_common.h:288 [inline], CPU#1: syz-executor/5939
WARNING: ./include/linux/ns_common.h:288 at alloc_pid+0xad6/0xc70 kernel/pid.c:285, CPU#1: syz-executor/5939
Modules linked in:
CPU: 1 UID: 0 PID: 5939 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:__ns_ref_active_get include/linux/ns_common.h:288 [inline]
RIP: 0010:alloc_pid+0xad6/0xc70 kernel/pid.c:285
Code: cc e8 7e d6 34 00 be 02 00 00 00 eb 0a e8 72 d6 34 00 be 01 00 00 00 48 89 df e8 a5 d0 0c 03 e9 84 fa ff ff e8 5b d6 34 00 90 <0f> 0b 90 e9 2c fd ff ff e8 4d d6 34 00 90 0f 0b 90 e9 5b fd ff ff
RSP: 0018:ffffc90003fbf9d8 EFLAGS: 00010293
RAX: ffffffff818cf9d5 RBX: ffff88807e445438 RCX: ffff888024b58000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffff88807a9dd201 R08: ffff88807e44543b R09: 1ffff1100fc88a87
R10: dffffc0000000000 R11: ffffed100fc88a88 R12: dffffc0000000000
R13: 1ffff1100f53ba61 R14: ffff88807e4452d0 R15: dffffc0000000000
FS:  000055557f992500(0000) GS:ffff888125b79000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f67e8d156c0 CR3: 000000002d2a6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 copy_process+0x18e7/0x3930 kernel/fork.c:2196
 kernel_clone+0x21e/0x840 kernel/fork.c:2609
 __do_sys_clone kernel/fork.c:2750 [inline]
 __se_sys_clone kernel/fork.c:2734 [inline]
 __x64_sys_clone+0x18b/0x1e0 kernel/fork.c:2734
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f67e7f85e13
Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007ffedd486dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67e7f85e13
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 000055557f9927d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000927c0 R14: 0000000000017510 R15: 00007ffedd486f70
 </TASK>