[   61.440839][   T40] audit: type=1400 audit(1780367523.261:190): avc:  denied  { transition } for  pid=5825 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   61.450180][   T40] audit: type=1400 audit(1780367523.271:191): avc:  denied  { noatsecure } for  pid=5825 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   61.458199][   T40] audit: type=1400 audit(1780367523.281:192): avc:  denied  { rlimitinh } for  pid=5825 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   61.465838][   T40] audit: type=1400 audit(1780367523.281:193): avc:  denied  { siginh } for  pid=5825 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '[localhost]:53834' (ED25519) to the list of known hosts.
[   65.783928][   T40] audit: type=1400 audit(1780367527.611:194): avc:  denied  { execute } for  pid=5841 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   65.790575][   T40] audit: type=1400 audit(1780367527.611:195): avc:  denied  { execute_no_trans } for  pid=5841 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
2026/06/02 02:32:07 ignoring optional flag "type"="qemu"
2026/06/02 02:32:07 parsed 1 programs
[   66.163561][   T40] audit: type=1400 audit(1780367527.991:196): avc:  denied  { unlink } for  pid=5849 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   66.349088][   T40] audit: type=1400 audit(1780367528.171:197): avc:  denied  { write } for  pid=5850 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   66.392415][   T40] audit: type=1400 audit(1780367528.221:198): avc:  denied  { write } for  pid=5853 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   66.817251][   T40] audit: type=1400 audit(1780367528.641:199): avc:  denied  { write } for  pid=5857 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   66.881663][   T40] audit: type=1400 audit(1780367528.711:200): avc:  denied  { write } for  pid=5860 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   66.969861][   T40] audit: type=1400 audit(1780367528.791:201): avc:  denied  { write } for  pid=5864 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   67.042571][   T40] audit: type=1400 audit(1780367528.871:202): avc:  denied  { write } for  pid=5867 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   67.281003][ T5849] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2026/06/02 02:32:09 executed programs: 0
[   67.327451][ T5095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.332237][ T5095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.336060][ T5095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.341597][ T5095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.345501][ T5095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.423318][   T40] audit: type=1400 audit(1780367529.251:203): avc:  denied  { write } for  pid=5883 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   67.472365][   T40] audit: type=1400 audit(1780367529.301:204): avc:  denied  { write } for  pid=5889 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   67.699039][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.702182][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.705420][ T5876] bridge_slave_0: entered allmulticast mode
[   67.709280][ T5876] bridge_slave_0: entered promiscuous mode
[   67.717418][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.720503][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.723561][ T5876] bridge_slave_1: entered allmulticast mode
[   67.727448][ T5876] bridge_slave_1: entered promiscuous mode
[   67.782420][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.789236][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.841212][ T5876] team0: Port device team_slave_0 added
[   67.845242][ T5876] team0: Port device team_slave_1 added
[   67.894661][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.897282][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   67.906784][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.912283][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.914997][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   67.924679][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.985492][ T5876] hsr_slave_0: entered promiscuous mode
[   67.988940][ T5876] hsr_slave_1: entered promiscuous mode
[   68.153158][   T40] audit: type=1400 audit(1780367529.981:205): avc:  denied  { write } for  pid=5903 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.212574][   T40] audit: type=1400 audit(1780367530.041:206): avc:  denied  { write } for  pid=5906 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.293472][   T40] audit: type=1400 audit(1780367530.121:207): avc:  denied  { write } for  pid=5908 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.337634][   T40] audit: type=1400 audit(1780367530.161:208): avc:  denied  { write } for  pid=5911 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.490758][ T5876] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   68.495660][ T5876] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   68.498541][ T5876] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   68.502639][ T5876] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   68.505612][ T5876] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   68.509826][ T5876] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   68.513232][ T5876] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.520320][ T5876] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   68.532649][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.534873][ T5876] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.537217][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.539387][ T5876] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.573163][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.582205][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.584972][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.595259][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[   68.601655][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.604093][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.612327][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.614807][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.883451][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.915278][ T5876] veth0_vlan: entered promiscuous mode
[   68.924804][ T5876] veth1_vlan: entered promiscuous mode
[   68.952441][ T5876] veth0_macvtap: entered promiscuous mode
[   68.957979][ T5876] veth1_macvtap: entered promiscuous mode
[   68.971867][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.981542][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.992201][   T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.995578][   T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.999719][   T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.003817][   T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.178149][ T5959] FAULT_INJECTION: forcing a failure.
[   69.178149][ T5959] name failslab, interval 1, probability 0, space 0, times 1
[   69.183768][ T5959] CPU: 0 UID: 0 PID: 5959 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT(full) 
[   69.183833][ T5959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   69.183843][ T5959] Call Trace:
[   69.183850][ T5959]  <TASK>
[   69.183854][ T5959]  dump_stack_lvl+0x100/0x190
[   69.183873][ T5959]  should_fail_ex.cold+0x5/0xa
[   69.183889][ T5959]  should_failslab+0xc2/0x120
[   69.183902][ T5959]  __kmalloc_cache_node_noprof+0x7d/0x770
[   69.183915][ T5959]  ? sbitmap_queue_init_node+0x291/0x4a0
[   69.183930][ T5959]  sbitmap_queue_init_node+0x291/0x4a0
[   69.183944][ T5959]  blk_mq_init_tags+0x184/0x300
[   69.183956][ T5959]  blk_mq_alloc_map_and_rqs+0x218/0xeb0
[   69.183975][ T5959]  ? __kmalloc_node_noprof+0x324/0x850
[   69.183991][ T5959]  ? blk_mq_update_nr_hw_queues+0xa5d/0x15f0
[   69.184011][ T5959]  blk_mq_update_nr_hw_queues+0xc77/0x15f0
[   69.184028][ T5959]  ? nbd_start_device+0x107/0xbd0
[   69.184084][ T5959]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[   69.184112][ T5959]  nbd_start_device+0x1a6/0xbd0
[   69.184130][ T5959]  ? security_capable+0x80/0x260
[   69.184146][ T5959]  nbd_ioctl+0x4a6/0xd30
[   69.184162][ T5959]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   69.184174][ T5959]  ? __pfx_nbd_ioctl+0x10/0x10
[   69.184189][ T5959]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   69.184210][ T5959]  ? __fget_files+0x215/0x3d0
[   69.184224][ T5959]  ? __pfx_nbd_ioctl+0x10/0x10
[   69.184241][ T5959]  blkdev_ioctl+0x5ad/0x6f0
[   69.184256][ T5959]  ? __pfx_blkdev_ioctl+0x10/0x10
[   69.184274][ T5959]  ? selinux_file_ioctl+0x13b/0x290
[   69.184289][ T5959]  ? selinux_file_ioctl+0xb6/0x290
[   69.184306][ T5959]  ? __pfx_blkdev_ioctl+0x10/0x10
[   69.184321][ T5959]  __x64_sys_ioctl+0x18e/0x210
[   69.184334][ T5959]  do_syscall_64+0x115/0x870
[   69.184424][ T5959]  ? clear_bhb_loop+0x40/0x90
[   69.184443][ T5959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.184459][ T5959] RIP: 0033:0x7f20f2a6d179
[   69.184473][ T5959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48
[   69.184490][ T5959] RSP: 002b:00007f20f37e3078 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.184506][ T5959] RAX: ffffffffffffffda RBX: 00007f20f2babf80 RCX: 00007f20f2a6d179
[   69.184519][ T5959] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007
[   69.184528][ T5959] RBP: 00007f20f37e30e0 R08: 0000000000000000 R09: 0000000000000000
[   69.184540][ T5959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   69.184550][ T5959] R13: 000000000000000b R14: 00007f20f2babf80 R15: 00007ffc1be217a8
[   69.184574][ T5959]  </TASK>
[   69.421518][   T62] Bluetooth: hci0: command tx timeout
[   69.882098][ T5688] block nbd0: Receive control failed (result -32)
[   69.882099][ T5095] block nbd0: Receive control failed (result -32)
[   69.888399][ T5959] block nbd0: shutting down sockets
[   70.040190][ T5992] block nbd0: Device being setup by another task
[   70.045199][ T5991] FAULT_INJECTION: forcing a failure.
[   70.045199][ T5991] name failslab, interval 1, probability 0, space 0, times 0
[   70.050499][ T5991] CPU: 3 UID: 0 PID: 5991 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.050521][ T5991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   70.050530][ T5991] Call Trace:
[   70.050536][ T5991]  <TASK>
[   70.050543][ T5991]  dump_stack_lvl+0x100/0x190
[   70.050569][ T5991]  should_fail_ex.cold+0x5/0xa
[   70.050592][ T5991]  should_failslab+0xc2/0x120
[   70.050612][ T5991]  kmem_cache_alloc_noprof+0x7b/0x6e0
[   70.050636][ T5991]  ? security_inode_alloc+0x3b/0x2c0
[   70.050658][ T5991]  ? lockdep_init_map_type+0x5c/0x250
[   70.050682][ T5991]  security_inode_alloc+0x3b/0x2c0
[   70.050711][ T5991]  inode_init_always_gfp+0xc77/0xfb0
[   70.050736][ T5991]  alloc_inode+0x8e/0x250
[   70.050752][ T5991]  new_inode+0x22/0x1c0
[   70.050771][ T5991]  __debugfs_create_file+0x105/0x4f0
[   70.050795][ T5991]  debugfs_create_file_full+0x41/0x60
[   70.050817][ T5991]  nbd_start_device+0x4b3/0xbd0
[   70.050843][ T5991]  ? security_capable+0x80/0x260
[   70.050865][ T5991]  nbd_ioctl+0x4a6/0xd30
[   70.050888][ T5991]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   70.050906][ T5991]  ? __pfx_nbd_ioctl+0x10/0x10
[   70.050927][ T5991]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   70.050958][ T5991]  ? __fget_files+0x215/0x3d0
[   70.050979][ T5991]  ? __pfx_nbd_ioctl+0x10/0x10
[   70.051002][ T5991]  blkdev_ioctl+0x5ad/0x6f0
[   70.051025][ T5991]  ? __pfx_blkdev_ioctl+0x10/0x10
[   70.051045][ T5991]  ? selinux_file_ioctl+0x13b/0x290
[   70.051068][ T5991]  ? selinux_file_ioctl+0xb6/0x290
[   70.051092][ T5991]  ? __pfx_blkdev_ioctl+0x10/0x10
[   70.051115][ T5991]  __x64_sys_ioctl+0x18e/0x210
[   70.051134][ T5991]  do_syscall_64+0x115/0x870
[   70.051154][ T5991]  ? clear_bhb_loop+0x40/0x90
[   70.051174][ T5991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.051191][ T5991] RIP: 0033:0x7f20f2a6d179
[   70.051205][ T5991] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48
[   70.051219][ T5991] RSP: 002b:00007f20f37e3078 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.051235][ T5991] RAX: ffffffffffffffda RBX: 00007f20f2babf80 RCX: 00007f20f2a6d179
[   70.051245][ T5991] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007
[   70.051255][ T5991] RBP: 00007f20f37e30e0 R08: 0000000000000000 R09: 0000000000000000
[   70.051264][ T5991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   70.051273][ T5991] R13: 000000000000000b R14: 00007f20f2babf80 R15: 00007ffc1be217a8
[   70.051295][ T5991]  </TASK>
[   70.051315][ T5991] debugfs: out of free dentries, can not create file 'flags'
[   70.742317][ T5095] block nbd0: Receive control failed (result -32)
[   70.745511][ T5991] block nbd0: shutting down sockets
[   70.932173][ T5994] ==================================================================
[   70.934650][ T5994] BUG: KASAN: slab-out-of-bounds in blk_mq_free_rqs+0x6e2/0x760
[   70.937008][ T5994] Read of size 8 at addr ffff8880280d4828 by task syz-executor.0/5994
[   70.941179][ T5994] 
[   70.942491][ T5994] CPU: 2 UID: 0 PID: 5994 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.942509][ T5994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   70.942519][ T5994] Call Trace:
[   70.942525][ T5994]  <TASK>
[   70.942536][ T5994]  dump_stack_lvl+0x100/0x190
[   70.942557][ T5994]  print_report+0x13d/0x4b0
[   70.942577][ T5994]  ? __virt_addr_valid+0x239/0x430
[   70.942588][ T5994]  ? blk_mq_free_rqs+0x6e2/0x760
[   70.942606][ T5994]  kasan_report+0xdf/0x1d0
[   70.942618][ T5994]  ? blk_mq_free_rqs+0x6e2/0x760
[   70.942633][ T5994]  blk_mq_free_rqs+0x6e2/0x760
[   70.942649][ T5994]  blk_mq_free_map_and_rqs+0x30/0x120
[   70.942665][ T5994]  blk_mq_free_sched_tags+0xeb/0x1b0
[   70.942679][ T5994]  blk_mq_free_sched_res+0x52/0x150
[   70.942692][ T5994]  elevator_change_done+0x187/0x650
[   70.942704][ T5994]  ? lockdep_hardirqs_on+0x78/0x100
[   70.942718][ T5994]  ? __pfx_elevator_change_done+0x10/0x10
[   70.942731][ T5994]  elevator_change+0x2d7/0x530
[   70.942743][ T5994]  elevator_set_none+0x92/0xf0
[   70.942755][ T5994]  ? __pfx_elevator_set_none+0x10/0x10
[   70.942767][ T5994]  ? blk_mq_unregister_hctx.part.0+0x1ba/0x230
[   70.942782][ T5994]  blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[   70.942798][ T5994]  ? nbd_start_device+0x107/0xbd0
[   70.942814][ T5994]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[   70.942828][ T5994]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[   70.942847][ T5994]  nbd_start_device+0x1a6/0xbd0
[   70.942862][ T5994]  ? security_capable+0x80/0x260
[   70.942875][ T5994]  nbd_ioctl+0x4a6/0xd30
[   70.942890][ T5994]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   70.942900][ T5994]  ? __pfx_nbd_ioctl+0x10/0x10
[   70.942914][ T5994]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   70.942932][ T5994]  ? __fget_files+0x215/0x3d0
[   70.942945][ T5994]  ? __pfx_nbd_ioctl+0x10/0x10
[   70.942959][ T5994]  blkdev_ioctl+0x5ad/0x6f0
[   70.942973][ T5994]  ? __pfx_blkdev_ioctl+0x10/0x10
[   70.942986][ T5994]  ? selinux_file_ioctl+0x13b/0x290
[   70.943001][ T5994]  ? selinux_file_ioctl+0xb6/0x290
[   70.943016][ T5994]  ? __pfx_blkdev_ioctl+0x10/0x10
[   70.943029][ T5994]  __x64_sys_ioctl+0x18e/0x210
[   70.943041][ T5994]  do_syscall_64+0x115/0x870
[   70.943054][ T5994]  ? clear_bhb_loop+0x40/0x90
[   70.943066][ T5994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.943076][ T5994] RIP: 0033:0x7f20f2a6d179
[   70.943085][ T5994] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48
[   70.943095][ T5994] RSP: 002b:00007f20f37e3078 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.943105][ T5994] RAX: ffffffffffffffda RBX: 00007f20f2babf80 RCX: 00007f20f2a6d179
[   70.943112][ T5994] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007
[   70.943118][ T5994] RBP: 00007f20f37e30e0 R08: 0000000000000000 R09: 0000000000000000
[   70.943124][ T5994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   70.943129][ T5994] R13: 000000000000000b R14: 00007f20f2babf80 R15: 00007ffc1be217a8
[   70.943138][ T5994]  </TASK>
[   70.943142][ T5994] 
[   71.040331][ T5994] Allocated by task 1:
[   71.041587][ T5994]  kasan_save_stack+0x30/0x50
[   71.043058][ T5994]  kasan_save_track+0x14/0x30
[   71.044514][ T5994]  __kasan_kmalloc+0xaa/0xb0
[   71.045930][ T5994]  __kmalloc_node_noprof+0x307/0x850
[   71.047566][ T5994]  blk_mq_alloc_tag_set+0x477/0x1330
[   71.049333][ T5994]  nbd_dev_add+0x342/0xb10
[   71.050837][ T5994]  nbd_init+0x291/0x2b0
[   71.052228][ T5994]  do_one_initcall+0x121/0x750
[   71.053717][ T5994]  kernel_init_freeable+0x6ea/0x7b0
[   71.055312][ T5994]  kernel_init+0x1f/0x1e0
[   71.056655][ T5994]  ret_from_fork+0x72b/0xd50
[   71.058206][ T5994]  ret_from_fork_asm+0x1a/0x30
[   71.059924][ T5994] 
[   71.060698][ T5994] The buggy address belongs to the object at ffff8880280d4820
[   71.060698][ T5994]  which belongs to the cache kmalloc-8 of size 8
[   71.064831][ T5994] The buggy address is located 0 bytes to the right of
[   71.064831][ T5994]  allocated 8-byte region [ffff8880280d4820, ffff8880280d4828)
[   71.069096][ T5994] 
[   71.069852][ T5994] The buggy address belongs to the physical page:
[   71.071821][ T5994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880280d4460 pfn:0x280d4
[   71.074865][ T5994] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[   71.077333][ T5994] page_type: f5(slab)
[   71.078497][ T5994] raw: 00fff00000000200 ffff88801b842500 ffffea00009f6190 ffffea0000a1f610
[   71.081140][ T5994] raw: ffff8880280d4460 000000080080007f 00000000f5000000 0000000000000000
[   71.083777][ T5994] page dumped because: kasan: bad access detected
[   71.085838][ T5994] page_owner tracks the page as allocated
[   71.087590][ T5994] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 12042019816, free_ts 6231045139
[   71.093493][ T5994]  post_alloc_hook+0xfd/0x120
[   71.094961][ T5994]  get_page_from_freelist+0x11a6/0x3410
[   71.096661][ T5994]  __alloc_frozen_pages_noprof+0x27c/0x2bc0
[   71.098498][ T5994]  new_slab+0xa6/0x6c0
[   71.099781][ T5994]  refill_objects+0x277/0x420
[   71.101235][ T5994]  __pcs_replace_empty_main+0x375/0x650
[   71.102960][ T5994]  __kmalloc_node_track_caller_noprof+0x694/0x850
[   71.104948][ T5994]  kstrdup+0x51/0xe0
[   71.106161][ T5994]  kstrdup_const+0x63/0x80
[   71.107557][ T5994]  __kernfs_new_node+0x9b/0x9f0
[   71.109064][ T5994]  kernfs_new_node+0x11b/0x1a0
[   71.110540][ T5994]  kernfs_create_dir_ns+0x4c/0x1a0
[   71.112147][ T5994]  sysfs_create_dir_ns+0x13a/0x2b0
[   71.113747][ T5994]  kobject_add_internal+0x2c8/0x930
[   71.115374][ T5994]  kobject_add+0x16a/0x1e0
[   71.116802][ T5994]  blk_mq_register_hctx+0x124/0x460
[   71.118409][ T5994] page last free pid 55 tgid 55 stack trace:
[   71.120241][ T5994]  __free_frozen_pages+0x794/0x10a0
[   71.121857][ T5994]  vfree+0x15f/0x8d0
[   71.123112][ T5994]  delayed_vfree_work+0x56/0x80
[   71.124623][ T5994]  process_one_work+0xa0e/0x1980
[   71.126182][ T5994]  worker_thread+0x5ef/0xe50
[   71.127627][ T5994]  kthread+0x370/0x450
[   71.128893][ T5994]  ret_from_fork+0x72b/0xd50
[   71.130415][ T5994]  ret_from_fork_asm+0x1a/0x30
[   71.131994][ T5994] 
[   71.132791][ T5994] Memory state around the buggy address:
[   71.134508][ T5994]  ffff8880280d4700: fa fc fc fc fa fc fc fc 05 fc fc fc 05 fc fc fc
[   71.136973][ T5994]  ffff8880280d4780: 05 fc fc fc 05 fc fc fc 05 fc fc fc 00 fc fc fc
[   71.139410][ T5994] >ffff8880280d4800: 05 fc fc fc 00 fc fc fc 05 fc fc fc 05 fc fc fc
[   71.141841][ T5994]                                   ^
[   71.143499][ T5994]  ffff8880280d4880: 05 fc fc fc 05 fc fc fc 05 fc fc fc 05 fc fc fc
[   71.145951][ T5994]  ffff8880280d4900: 05 fc fc fc 05 fc fc fc 05 fc fc fc 05 fc fc fc
[   71.148410][ T5994] ==================================================================
[   71.151704][ T5994] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.154837][ T5994] CPU: 1 UID: 0 PID: 5994 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT(full) 
[   71.158844][ T5994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   71.163049][ T5994] Call Trace:
[   71.164502][ T5994]  <TASK>
[   71.165792][ T5994]  dump_stack_lvl+0x100/0x190
[   71.167893][ T5994]  vpanic+0x552/0x970
[   71.169692][ T5994]  ? __pfx_vpanic+0x10/0x10
[   71.171645][ T5994]  ? mark_held_locks+0x40/0x70
[   71.173724][ T5994]  ? blk_mq_free_rqs+0x6e2/0x760
[   71.175870][ T5994]  panic+0xd1/0xe0
[   71.177503][ T5994]  ? __pfx_panic+0x10/0x10
[   71.179415][ T5994]  ? blk_mq_free_rqs+0x6e2/0x760
[   71.181493][ T5994]  ? preempt_schedule_common+0x42/0xc0
[   71.183836][ T5994]  ? check_panic_on_warn+0x1f/0x90
[   71.186022][ T5994]  check_panic_on_warn.cold+0x19/0x34
[   71.188311][ T5994]  end_report.part.0+0x3a/0x90
[   71.190381][ T5994]  kasan_report.cold+0xe/0x18
[   71.192441][ T5994]  ? blk_mq_free_rqs+0x6e2/0x760
[   71.194557][ T5994]  blk_mq_free_rqs+0x6e2/0x760
[   71.196619][ T5994]  blk_mq_free_map_and_rqs+0x30/0x120
[   71.198884][ T5994]  blk_mq_free_sched_tags+0xeb/0x1b0
[   71.201153][ T5994]  blk_mq_free_sched_res+0x52/0x150
[   71.203334][ T5994]  elevator_change_done+0x187/0x650
[   71.205570][ T5994]  ? lockdep_hardirqs_on+0x78/0x100
[   71.207799][ T5994]  ? __pfx_elevator_change_done+0x10/0x10
[   71.210336][ T5994]  elevator_change+0x2d7/0x530
[   71.212435][ T5994]  elevator_set_none+0x92/0xf0
[   71.214487][ T5994]  ? __pfx_elevator_set_none+0x10/0x10
[   71.216835][ T5994]  ? blk_mq_unregister_hctx.part.0+0x1ba/0x230
[   71.219419][ T5994]  blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[   71.221917][ T5994]  ? nbd_start_device+0x107/0xbd0
[   71.224079][ T5994]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[   71.226466][ T5994]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[   71.229293][ T5994]  nbd_start_device+0x1a6/0xbd0
[   71.231422][ T5994]  ? security_capable+0x80/0x260
[   71.233558][ T5994]  nbd_ioctl+0x4a6/0xd30
[   71.235388][ T5994]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   71.237563][ T5994]  ? __pfx_nbd_ioctl+0x10/0x10
[   71.239583][ T5994]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   71.242487][ T5994]  ? __fget_files+0x215/0x3d0
[   71.244519][ T5994]  ? __pfx_nbd_ioctl+0x10/0x10
[   71.246536][ T5994]  blkdev_ioctl+0x5ad/0x6f0
[   71.248494][ T5994]  ? __pfx_blkdev_ioctl+0x10/0x10
[   71.250691][ T5994]  ? selinux_file_ioctl+0x13b/0x290
[   71.253042][ T5994]  ? selinux_file_ioctl+0xb6/0x290
[   71.255369][ T5994]  ? __pfx_blkdev_ioctl+0x10/0x10
[   71.257532][ T5994]  __x64_sys_ioctl+0x18e/0x210
[   71.259546][ T5994]  do_syscall_64+0x115/0x870
[   71.261564][ T5994]  ? clear_bhb_loop+0x40/0x90
[   71.263625][ T5994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.265963][ T5994] RIP: 0033:0x7f20f2a6d179
[   71.267905][ T5994] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48
[   71.276135][ T5994] RSP: 002b:00007f20f37e3078 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.279756][ T5994] RAX: ffffffffffffffda RBX: 00007f20f2babf80 RCX: 00007f20f2a6d179
[   71.283161][ T5994] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007
[   71.286509][ T5994] RBP: 00007f20f37e30e0 R08: 0000000000000000 R09: 0000000000000000
[   71.289844][ T5994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   71.293179][ T5994] R13: 000000000000000b R14: 00007f20f2babf80 R15: 00007ffc1be217a8
[   71.296531][ T5994]  </TASK>
[   71.298730][ T5994] Kernel Offset: disabled
[   71.300594][ T5994] Rebooting in 86400 seconds..