Warning: Permanently added '10.128.10.28' (ED25519) to the list of known hosts.
executing program
[   35.565416][ T6099] loop0: detected capacity change from 0 to 32768
[   35.570640][ T6099] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor364 (6099)
[   35.577789][ T6099] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   35.580419][ T6099] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm
[   35.582251][ T6099] BTRFS info (device loop0): enabling auto defrag
[   35.584087][ T6099] BTRFS info (device loop0): enabling disk space caching
[   35.585856][ T6099] BTRFS info (device loop0): max_inline at 0
[   35.587330][ T6099] BTRFS info (device loop0): force clearing of disk cache
[   35.588893][ T6099] BTRFS info (device loop0): turning on sync discard
[   35.590507][ T6099] BTRFS info (device loop0): disk space caching is enabled
[   35.602162][ T6099] BTRFS info (device loop0): enabling ssd optimizations
[   35.605206][ T6099] BTRFS info (device loop0): rebuilding free space tree
[   35.616617][ T6099] BTRFS info (device loop0): disabling free space tree
[   35.618321][ T6099] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   35.620862][ T6099] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   35.630033][ T6099] ==================================================================
[   35.632004][ T6099] BUG: KASAN: slab-out-of-bounds in strlen+0x54/0x70
[   35.633722][ T6099] Read of size 1 at addr ffff0000d3abea28 by task syz-executor364/6099
[   35.635650][ T6099] 
[   35.636262][ T6099] CPU: 0 PID: 6099 Comm: syz-executor364 Not tainted 6.7.0-rc6-syzkaller-gaafe7ad77b91 #0
[   35.638794][ T6099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   35.641307][ T6099] Call trace:
[   35.642063][ T6099]  dump_backtrace+0x1b8/0x1e4
[   35.643104][ T6099]  show_stack+0x2c/0x3c
[   35.644394][ T6099]  dump_stack_lvl+0xd0/0x124
[   35.645425][ T6099]  print_report+0x174/0x514
[   35.646717][ T6099]  kasan_report+0xd8/0x138
[   35.647774][ T6099]  __asan_report_load1_noabort+0x20/0x2c
[   35.649101][ T6099]  strlen+0x54/0x70
[   35.650119][ T6099]  getname_kernel+0x2c/0x2d8
[   35.651126][ T6099]  kern_path+0x2c/0x6c
[   35.652287][ T6099]  bdev_open_by_path+0xcc/0x490
[   35.653362][ T6099]  btrfs_dev_replace_by_ioctl+0x2e4/0x19d4
[   35.654796][ T6099]  btrfs_ioctl_dev_replace+0x348/0x408
[   35.656100][ T6099]  btrfs_ioctl+0xa28/0xb08
[   35.657274][ T6099]  __arm64_sys_ioctl+0x14c/0x1c8
[   35.658425][ T6099]  invoke_syscall+0x98/0x2b8
[   35.659661][ T6099]  el0_svc_common+0x130/0x23c
[   35.660979][ T6099]  do_el0_svc+0x48/0x58
[   35.662231][ T6099]  el0_svc+0x54/0x158
[   35.663397][ T6099]  el0t_64_sync_handler+0x84/0xfc
[   35.664954][ T6099]  el0t_64_sync+0x190/0x194
[   35.666035][ T6099] 
[   35.666599][ T6099] Allocated by task 6099:
[   35.667680][ T6099]  kasan_set_track+0x4c/0x7c
[   35.668782][ T6099]  kasan_save_alloc_info+0x24/0x30
[   35.669984][ T6099]  __kasan_kmalloc+0xac/0xc4
[   35.671280][ T6099]  __kmalloc_node_track_caller+0xd0/0x1c0
[   35.672583][ T6099]  memdup_user+0x4c/0x1f8
[   35.673668][ T6099]  btrfs_ioctl_dev_replace+0xa4/0x408
[   35.674947][ T6099]  btrfs_ioctl+0xa28/0xb08
[   35.676060][ T6099]  __arm64_sys_ioctl+0x14c/0x1c8
[   35.677325][ T6099]  invoke_syscall+0x98/0x2b8
[   35.678679][ T6099]  el0_svc_common+0x130/0x23c
[   35.679961][ T6099]  do_el0_svc+0x48/0x58
[   35.681053][ T6099]  el0_svc+0x54/0x158
[   35.682001][ T6099]  el0t_64_sync_handler+0x84/0xfc
[   35.683391][ T6099]  el0t_64_sync+0x190/0x194
[   35.684680][ T6099] 
[   35.685349][ T6099] The buggy address belongs to the object at ffff0000d3abe000
[   35.685349][ T6099]  which belongs to the cache kmalloc-4k of size 4096
[   35.689274][ T6099] The buggy address is located 0 bytes to the right of
[   35.689274][ T6099]  allocated 2600-byte region [ffff0000d3abe000, ffff0000d3abea28)
[   35.693495][ T6099] 
[   35.694159][ T6099] The buggy address belongs to the physical page:
[   35.695600][ T6099] page:00000000c3060e78 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113ab8
[   35.697978][ T6099] head:00000000c3060e78 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.700075][ T6099] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   35.702548][ T6099] page_type: 0xffffffff()
[   35.703589][ T6099] raw: 05ffc00000000840 ffff0000c0002140 dead000000000122 0000000000000000
[   35.705897][ T6099] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   35.708105][ T6099] page dumped because: kasan: bad access detected
[   35.709760][ T6099] 
[   35.710380][ T6099] Memory state around the buggy address:
[   35.711968][ T6099]  ffff0000d3abe900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.714307][ T6099]  ffff0000d3abe980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.716521][ T6099] >ffff0000d3abea00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   35.718507][ T6099]                                   ^
[   35.719933][ T6099]  ffff0000d3abea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.722015][ T6099]  ffff0000d3abeb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.724009][ T6099] ==================================================================
[   35.726773][ T6099] Disabling lock debugging due to kernel taint