last executing test programs: 10.465093074s ago: executing program 0 (id=257): rt_sigreturn() 8.890758786s ago: executing program 4 (id=313): exit_group(0x0) 8.808614544s ago: executing program 4 (id=315): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0) 8.634627182s ago: executing program 4 (id=320): execve(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 8.547258618s ago: executing program 4 (id=323): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 8.27133718s ago: executing program 3 (id=330): preadv2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 8.158454476s ago: executing program 3 (id=333): socket$isdn(0x22, 0x3, 0x0) 7.955950194s ago: executing program 1 (id=338): process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 7.815057257s ago: executing program 1 (id=340): membarrier(0x0, 0x0) 7.792651087s ago: executing program 3 (id=342): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access', 0x2, 0x0) 7.758235613s ago: executing program 1 (id=343): pivot_root(&(0x7f0000000000), &(0x7f0000000000)) 7.638083836s ago: executing program 1 (id=345): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 7.637694795s ago: executing program 3 (id=346): epoll_create1(0x0) 7.543145269s ago: executing program 3 (id=347): syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x800) 7.418096674s ago: executing program 3 (id=348): socket$isdn_base(0x22, 0x3, 0x0) 4.878864677s ago: executing program 0 (id=349): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.881500542s ago: executing program 4 (id=350): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.347185699s ago: executing program 1 (id=352): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.511346638s ago: executing program 2 (id=353): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0) 2.397467678s ago: executing program 2 (id=357): truncate(&(0x7f0000000000), 0x0) 2.325244781s ago: executing program 2 (id=358): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800) 2.076927333s ago: executing program 2 (id=359): syz_open_dev$sndmidi(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x29, 0x800) 2.046754872s ago: executing program 0 (id=354): pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.96433062s ago: executing program 2 (id=360): syz_open_dev$sndhw(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2b, 0x800) 1.943169436s ago: executing program 0 (id=361): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2a, 0x800) 1.83263899s ago: executing program 2 (id=362): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2a, 0x800) 1.778723861s ago: executing program 0 (id=363): syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800) 1.695889044s ago: executing program 0 (id=364): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2b, 0x800) 175.386739ms ago: executing program 1 (id=356): preadv(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 0s ago: executing program 4 (id=355): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dma_heap/system', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dma_heap/system', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dma_heap/system', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dma_heap/system', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts. [ 159.315499][ T5551] cgroup: Unknown subsys name 'net' [ 159.462535][ T5551] cgroup: Unknown subsys name 'cpuset' [ 159.477056][ T5551] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 165.265209][ T5551] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 179.217870][ T5946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 179.236535][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 179.248109][ T5946] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 179.264458][ T5946] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 179.279359][ T5946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 180.498431][ T5941] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 181.323686][ T4868] Bluetooth: hci0: command tx timeout [ 186.629154][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.637281][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.646530][ T5948] bridge_slave_0: entered allmulticast mode [ 186.658258][ T5948] bridge_slave_0: entered promiscuous mode [ 186.676605][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.685033][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.692645][ T5948] bridge_slave_1: entered allmulticast mode [ 186.711679][ T5948] bridge_slave_1: entered promiscuous mode [ 186.805931][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.822713][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.880778][ T5948] team0: Port device team_slave_0 added [ 186.893914][ T5948] team0: Port device team_slave_1 added [ 186.944682][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.951940][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.979865][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.995045][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.002466][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.029476][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.112882][ T5948] hsr_slave_0: entered promiscuous mode [ 187.121678][ T5948] hsr_slave_1: entered promiscuous mode [ 187.413886][ T5948] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 187.432010][ T5948] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 187.441943][ T5948] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 187.458825][ T5948] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 187.468464][ T5948] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 187.485698][ T5948] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 187.496461][ T5948] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 187.512873][ T5948] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 187.667079][ T47] ===================================================== [ 187.674299][ T47] BUG: KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 187.683330][ T47] irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 187.690015][ T47] irqentry_exit+0x7b/0x760 [ 187.694912][ T47] sysvec_apic_timer_interrupt+0x52/0x90 [ 187.700807][ T47] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 187.706970][ T47] kmsan_get_metadata+0x12e/0x160 [ 187.712562][ T47] kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 187.718501][ T47] __msan_metadata_ptr_for_load_4+0x24/0x40 [ 187.724713][ T47] ip_fast_csum+0x1e6/0x3f0 [ 187.729551][ T47] nsim_dev_trap_report_work+0x8c0/0x1430 [ 187.735462][ T47] process_scheduled_works+0xb65/0x1e40 [ 187.741178][ T47] worker_thread+0xee4/0x1590 [ 187.746086][ T47] kthread+0x53f/0x600 [ 187.750311][ T47] ret_from_fork+0x20f/0x8d0 [ 187.755055][ T47] ret_from_fork_asm+0x1a/0x30 [ 187.760143][ T47] [ 187.762646][ T47] Uninit was created at: [ 187.767249][ T47] __kmalloc_node_track_caller_noprof+0x4f6/0x1750 [ 187.773971][ T47] __alloc_skb+0x90d/0x1190 [ 187.778597][ T47] nsim_dev_trap_report_work+0x3f2/0x1430 [ 187.784475][ T47] process_scheduled_works+0xb65/0x1e40 [ 187.790264][ T47] worker_thread+0xee4/0x1590 [ 187.795433][ T47] kthread+0x53f/0x600 [ 187.799672][ T47] ret_from_fork+0x20f/0x8d0 [ 187.804542][ T47] ret_from_fork_asm+0x1a/0x30 [ 187.809633][ T47] [ 187.812164][ T47] CPU: 1 UID: 0 PID: 47 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) [ 187.821968][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 187.832509][ T47] Workqueue: events_unbound nsim_dev_trap_report_work [ 187.839751][ T47] ===================================================== [ 187.847184][ T47] Disabling lock debugging due to kernel taint [ 187.853765][ T47] Kernel panic - not syncing: kmsan.panic set ... [ 187.860473][ T47] CPU: 1 UID: 0 PID: 47 Comm: kworker/u8:3 Tainted: G B syzkaller #0 PREEMPT(full) [ 187.871651][ T47] Tainted: [B]=BAD_PAGE [ 187.875964][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 187.886736][ T47] Workqueue: events_unbound nsim_dev_trap_report_work [ 187.893967][ T47] Call Trace: [ 187.897588][ T47] [ 187.900692][ T47] __dump_stack+0x26/0x30 [ 187.905172][ T47] dump_stack_lvl+0x50/0x1c0 [ 187.909906][ T47] ? dump_stack+0x12/0x25 [ 187.914373][ T47] dump_stack+0x1e/0x25 [ 187.918886][ T47] vpanic+0x7b4/0x1430 [ 187.923228][ T47] panic+0x15d/0x160 [ 187.927317][ T47] kmsan_report+0x31a/0x320 [ 187.932166][ T47] ? __msan_warning+0x1b/0x30 [ 187.937014][ T47] ? irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 187.943808][ T47] ? irqentry_exit+0x7b/0x760 [ 187.948723][ T47] ? sysvec_apic_timer_interrupt+0x52/0x90 [ 187.954684][ T47] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 187.961270][ T47] ? kmsan_get_metadata+0x12e/0x160 [ 187.966756][ T47] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 187.972947][ T47] ? __msan_metadata_ptr_for_load_4+0x24/0x40 [ 187.979870][ T47] ? ip_fast_csum+0x1e6/0x3f0 [ 187.985164][ T47] ? nsim_dev_trap_report_work+0x8c0/0x1430 [ 187.991456][ T47] ? process_scheduled_works+0xb65/0x1e40 [ 187.997510][ T47] ? worker_thread+0xee4/0x1590 [ 188.002860][ T47] ? kthread+0x53f/0x600 [ 188.007393][ T47] ? ret_from_fork+0x20f/0x8d0 [ 188.012564][ T47] ? ret_from_fork_asm+0x1a/0x30 [ 188.018203][ T47] ? chacha_permute+0x1057/0x1200 [ 188.023497][ T47] ? kmsan_get_metadata+0xf1/0x160 [ 188.028909][ T47] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 188.035866][ T47] ? kmsan_get_metadata+0xf1/0x160 [ 188.041472][ T47] __msan_warning+0x1b/0x30 [ 188.046346][ T47] irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 188.053050][ T47] irqentry_exit+0x7b/0x760 [ 188.058021][ T47] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 188.064697][ T47] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 188.070938][ T47] sysvec_apic_timer_interrupt+0x52/0x90 [ 188.076907][ T47] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 188.083133][ T47] RIP: 0010:kmsan_get_metadata+0x12e/0x160 [ 188.089132][ T47] Code: 85 c0 74 40 81 e3 ff 0f 00 00 45 84 f6 48 0f 45 c8 48 2b 0d 94 13 92 0f 48 c1 e9 04 48 b8 00 d0 cc cc cc cc cc cc 48 0f af c1 <48> 03 05 6b 13 92 0f 48 01 d8 eb 10 41 0f b6 f6 48 89 df e8 2a 00 [ 188.109748][ T47] RSP: 0018:ffff88810412f9c0 EFLAGS: 00000a07 [ 188.116141][ T47] RAX: 0000000029be1000 RBX: 000000000000001c RCX: 00000000000d0b65 [ 188.124521][ T47] RDX: 0000000029fe101c RSI: 0000000000000001 RDI: ffff888029fe101c [ 188.133525][ T47] RBP: ffff88810412f9d8 R08: ffffea000000000f R09: 0000000000000003 [ 188.141639][ T47] R10: 000000000000002e R11: 0000000000000000 R12: 0000000000000000 [ 188.149781][ T47] R13: 0000000004700159 R14: 0000000000000001 R15: 0000000000000001 [ 188.158070][ T47] kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 188.163998][ T47] __msan_metadata_ptr_for_load_4+0x24/0x40 [ 188.170243][ T47] ip_fast_csum+0x1e6/0x3f0 [ 188.175106][ T47] nsim_dev_trap_report_work+0x8c0/0x1430 [ 188.181254][ T47] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 188.188027][ T47] process_scheduled_works+0xb65/0x1e40 [ 188.193892][ T47] worker_thread+0xee4/0x1590 [ 188.199195][ T47] kthread+0x53f/0x600 [ 188.203701][ T47] ? __pfx_worker_thread+0x10/0x10 [ 188.209322][ T47] ? __pfx_kthread+0x10/0x10 [ 188.214601][ T47] ret_from_fork+0x20f/0x8d0 [ 188.219711][ T47] ? __switch_to+0x573/0x7a0 [ 188.224566][ T47] ? __pfx_kthread+0x10/0x10 [ 188.229546][ T47] ret_from_fork_asm+0x1a/0x30 [ 188.234944][ T47] [ 188.238876][ T47] Kernel Offset: disabled [ 188.243448][ T47] Rebooting in 86400 seconds..