[ 61.126139][ T2776] bridge0: port 1(bridge_slave_0) entered disabled state
[ 61.143820][ T2776] veth1_macvtap: left promiscuous mode
[ 61.149818][ T2776] veth0_macvtap: left promiscuous mode
[ 61.157311][ T2776] veth1_vlan: left promiscuous mode
[ 61.162861][ T2776] veth0_vlan: left promiscuous mode
[ 61.328789][ T2776] team0 (unregistering): Port device team_slave_1 removed
[ 61.341010][ T2776] team0 (unregistering): Port device team_slave_0 removed
[ 61.353669][ T2776] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 61.370050][ T2776] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 61.427689][ T2776] bond0 (unregistering): Released all slaves
[ 76.706306][ T23] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.173' (ED25519) to the list of known hosts.
2023/12/19 07:36:52 ignoring optional flag "sandboxArg"="0"
2023/12/19 07:36:53 parsed 1 programs
2023/12/19 07:36:54 executed programs: 0
[ 80.181476][ T5409] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 80.236363][ T4458] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 80.244913][ T4458] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 80.252516][ T4458] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 80.261299][ T4458] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 80.269073][ T4458] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 80.276392][ T4458] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 80.390880][ T5415] chnl_net:caif_netlink_parms(): no params data found
[ 80.444731][ T5415] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.451888][ T5415] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.459241][ T5415] bridge_slave_0: entered allmulticast mode
[ 80.466009][ T5415] bridge_slave_0: entered promiscuous mode
[ 80.473402][ T5415] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.480947][ T5415] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.488325][ T5415] bridge_slave_1: entered allmulticast mode
[ 80.495235][ T5415] bridge_slave_1: entered promiscuous mode
[ 80.518699][ T5415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.529848][ T5415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.559314][ T5415] team0: Port device team_slave_0 added
[ 80.566961][ T5415] team0: Port device team_slave_1 added
[ 80.588502][ T5415] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 80.595599][ T5415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.621693][ T5415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 80.633722][ T5415] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 80.640739][ T5415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.667271][ T5415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 80.702745][ T5415] hsr_slave_0: entered promiscuous mode
[ 80.709082][ T5415] hsr_slave_1: entered promiscuous mode
[ 81.317156][ T5415] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.329564][ T5415] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.340787][ T5415] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.353526][ T5415] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.384977][ T5415] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.392153][ T5415] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.399685][ T5415] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.406882][ T5415] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.426666][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.434936][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.517772][ T5415] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.543497][ T5415] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.558993][ T5081] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.566202][ T5081] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.588705][ T780] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.596010][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.786905][ T5415] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.840791][ T5415] veth0_vlan: entered promiscuous mode
[ 81.856871][ T5415] veth1_vlan: entered promiscuous mode
[ 81.892982][ T5415] veth0_macvtap: entered promiscuous mode
[ 81.906390][ T5415] veth1_macvtap: entered promiscuous mode
[ 81.931283][ T5415] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.949477][ T5415] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.965369][ T5415] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.976563][ T5415] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.986871][ T5415] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.997255][ T5415] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.084810][ T2776] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.092683][ T2776] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.140304][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.154277][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.295419][ T50] Bluetooth: hci0: command 0x0409 tx timeout
[ 82.529842][ T5479] loop0: detected capacity change from 0 to 32768
[ 82.556485][ T5479] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (5479)
[ 82.582507][ T5479] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 82.595008][ T5479] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 82.603811][ T5479] BTRFS info (device loop0): enabling auto defrag
[ 82.611946][ T5479] BTRFS info (device loop0): enabling disk space caching
[ 82.621813][ T5479] BTRFS info (device loop0): max_inline at 0
[ 82.629520][ T5479] BTRFS info (device loop0): force clearing of disk cache
[ 82.637155][ T5479] BTRFS info (device loop0): turning on sync discard
[ 82.643988][ T5479] BTRFS info (device loop0): disk space caching is enabled
[ 82.681661][ T5479] BTRFS info (device loop0): enabling ssd optimizations
[ 82.692979][ T5479] BTRFS info (device loop0): rebuilding free space tree
[ 82.741778][ T5479] BTRFS info (device loop0): disabling free space tree
[ 82.749310][ T5479] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 82.760665][ T5479] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 82.875327][ T5479] ==================================================================
[ 82.883438][ T5479] BUG: KASAN: stack-out-of-bounds in strlen+0x58/0x70
[ 82.890225][ T5479] Read of size 1 at addr ffffc9000519fe08 by task syz-executor.0/5479
[ 82.898391][ T5479]
[ 82.900727][ T5479] CPU: 1 PID: 5479 Comm: syz-executor.0 Not tainted 6.7.0-rc5-syzkaller-00200-g3bd7d7488169-dirty #0
[ 82.911652][ T5479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 82.922334][ T5479] Call Trace:
[ 82.925628][ T5479]
[ 82.928576][ T5479] dump_stack_lvl+0x1e7/0x2d0
[ 82.933279][ T5479] ? nf_tcp_handle_invalid+0x650/0x650
[ 82.938770][ T5479] ? panic+0x850/0x850
[ 82.942863][ T5479] ? _printk+0xd5/0x120
[ 82.947044][ T5479] print_report+0x163/0x540
[ 82.951569][ T5479] ? __virt_addr_valid+0xbd/0x2e0
[ 82.956681][ T5479] ? strlen+0x58/0x70
[ 82.960803][ T5479] kasan_report+0x142/0x170
[ 82.965330][ T5479] ? strlen+0x58/0x70
[ 82.969334][ T5479] strlen+0x58/0x70
[ 82.973164][ T5479] getname_kernel+0x1d/0x2e0
[ 82.977788][ T5479] kern_path+0x1d/0x50
[ 82.981881][ T5479] bdev_open_by_path+0xd1/0x540
[ 82.986759][ T5479] ? blkdev_put+0x770/0x770
[ 82.991284][ T5479] btrfs_dev_replace_by_ioctl+0x41b/0x2010
[ 82.997117][ T5479] ? read_lock_is_recursive+0x20/0x20
[ 83.002508][ T5479] ? btrfs_finish_block_group_to_copy+0x480/0x480
[ 83.008949][ T5479] ? __lock_acquire+0x1fd0/0x1fd0
[ 83.014004][ T5479] ? do_raw_spin_lock+0x14e/0x370
[ 83.019058][ T5479] ? do_raw_spin_unlock+0x13b/0x8b0
[ 83.024285][ T5479] ? __might_fault+0xc1/0x120
[ 83.028993][ T5479] btrfs_ioctl_dev_replace+0x3c9/0x4a0
[ 83.034482][ T5479] ? btrfs_ioctl_quota_rescan_wait+0x40/0x40
[ 83.040594][ T5479] ? __fget_files+0x3fe/0x480
[ 83.045305][ T5479] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 83.051749][ T5479] __se_sys_ioctl+0xf8/0x170
[ 83.056367][ T5479] do_syscall_64+0x45/0x110
[ 83.060897][ T5479] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 83.066816][ T5479] RIP: 0033:0x7f412127cba9
[ 83.071251][ T5479] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 83.090878][ T5479] RSP: 002b:00007f4121f980c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 83.099316][ T5479] RAX: ffffffffffffffda RBX: 00007f412139bf80 RCX: 00007f412127cba9
[ 83.107311][ T5479] RDX: 0000000020000540 RSI: 00000000ca289435 RDI: 0000000000000005
[ 83.115304][ T5479] RBP: 00007f41212c847a R08: 0000000000000000 R09: 0000000000000000
[ 83.123296][ T5479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 83.131323][ T5479] R13: 000000000000000b R14: 00007f412139bf80 R15: 00007ffcdd6baae8
[ 83.139324][ T5479]
[ 83.142356][ T5479]
[ 83.144689][ T5479] The buggy address belongs to stack of task syz-executor.0/5479
[ 83.152421][ T5479] and is located at offset 2632 in frame:
[ 83.158236][ T5479] btrfs_ioctl_dev_replace+0x0/0x4a0
[ 83.163550][ T5479]
[ 83.165885][ T5479] This frame has 1 object:
[ 83.170311][ T5479] [32, 2632) 'p'
[ 83.170326][ T5479]
[ 83.176311][ T5479] The buggy address belongs to the virtual mapping at
[ 83.176311][ T5479] [ffffc90005198000, ffffc900051a1000) created by:
[ 83.176311][ T5479] copy_process+0x5d1/0x3fb0
[ 83.193951][ T5479]
[ 83.196293][ T5479] The buggy address belongs to the physical page:
[ 83.202716][ T5479] page:ffffea00007149c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c527
[ 83.212892][ T5479] memcg:ffff88801e905a82
[ 83.217143][ T5479] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 83.224268][ T5479] page_type: 0xffffffff()
[ 83.228614][ T5479] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 83.237217][ T5479] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88801e905a82
[ 83.245807][ T5479] page dumped because: kasan: bad access detected
[ 83.252230][ T5479] page_owner tracks the page as allocated
[ 83.257955][ T5479] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5449, tgid 5449 (dhcpcd-run-hook), ts 81588018886, free_ts 81585719939
[ 83.276555][ T5479] post_alloc_hook+0x1e6/0x210
[ 83.281346][ T5479] get_page_from_freelist+0x33ea/0x3570
[ 83.286916][ T5479] __alloc_pages+0x255/0x680
[ 83.291524][ T5479] alloc_pages_mpol+0x3de/0x640
[ 83.296394][ T5479] __vmalloc_node_range+0x9a3/0x14a0
[ 83.301705][ T5479] dup_task_struct+0x3e5/0x7d0
[ 83.306518][ T5479] copy_process+0x5d1/0x3fb0
[ 83.311126][ T5479] kernel_clone+0x222/0x840
[ 83.315646][ T5479] __x64_sys_clone+0x258/0x2a0
[ 83.320424][ T5479] do_syscall_64+0x45/0x110
[ 83.324951][ T5479] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 83.330869][ T5479] page last free stack trace:
[ 83.335551][ T5479] free_unref_page_prepare+0x931/0xa60
[ 83.341030][ T5479] free_unref_page_list+0x5a0/0x840
[ 83.346249][ T5479] release_pages+0x2117/0x2400
[ 83.351033][ T5479] tlb_flush_mmu+0x34c/0x4e0
[ 83.355637][ T5479] tlb_finish_mmu+0xd4/0x1f0
[ 83.360244][ T5479] exit_mmap+0x4d3/0xc60
[ 83.364512][ T5479] __mmput+0x115/0x3c0
[ 83.368593][ T5479] exit_mm+0x21f/0x300
[ 83.372681][ T5479] do_exit+0x9b7/0x2750
[ 83.376861][ T5479] do_group_exit+0x206/0x2c0
[ 83.381473][ T5479] __x64_sys_exit_group+0x3f/0x40
[ 83.386517][ T5479] do_syscall_64+0x45/0x110
[ 83.391043][ T5479] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 83.396959][ T5479]
[ 83.399294][ T5479] Memory state around the buggy address:
[ 83.404933][ T5479] ffffc9000519fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 83.413003][ T5479] ffffc9000519fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 83.421079][ T5479] >ffffc9000519fe00: 00 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
[ 83.429149][ T5479] ^
[ 83.433486][ T5479] ffffc9000519fe80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 83.441568][ T5479] ffffc9000519ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 83.449638][ T5479] ==================================================================
[ 83.465602][ T5479] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 83.472833][ T5479] CPU: 1 PID: 5479 Comm: syz-executor.0 Not tainted 6.7.0-rc5-syzkaller-00200-g3bd7d7488169-dirty #0
[ 83.483694][ T5479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 83.493775][ T5479] Call Trace:
[ 83.497076][ T5479]
[ 83.500019][ T5479] dump_stack_lvl+0x1e7/0x2d0
[ 83.504727][ T5479] ? nf_tcp_handle_invalid+0x650/0x650
[ 83.510207][ T5479] ? panic+0x850/0x850
[ 83.514471][ T5479] ? vscnprintf+0x5d/0x80
[ 83.518807][ T5479] panic+0x349/0x850
[ 83.522696][ T5479] ? check_panic_on_warn+0x21/0xa0
[ 83.527799][ T5479] ? __memcpy_flushcache+0x2b0/0x2b0
[ 83.533081][ T5479] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 83.539047][ T5479] ? _raw_spin_unlock+0x40/0x40
[ 83.543919][ T5479] ? print_report+0x4fb/0x540
[ 83.548697][ T5479] check_panic_on_warn+0x82/0xa0
[ 83.553624][ T5479] ? strlen+0x58/0x70
[ 83.557597][ T5479] end_report+0x6e/0x140
[ 83.561831][ T5479] kasan_report+0x153/0x170
[ 83.566332][ T5479] ? strlen+0x58/0x70
[ 83.570306][ T5479] strlen+0x58/0x70
[ 83.574106][ T5479] getname_kernel+0x1d/0x2e0
[ 83.578703][ T5479] kern_path+0x1d/0x50
[ 83.582767][ T5479] bdev_open_by_path+0xd1/0x540
[ 83.587614][ T5479] ? blkdev_put+0x770/0x770
[ 83.592107][ T5479] btrfs_dev_replace_by_ioctl+0x41b/0x2010
[ 83.597924][ T5479] ? read_lock_is_recursive+0x20/0x20
[ 83.603309][ T5479] ? btrfs_finish_block_group_to_copy+0x480/0x480
[ 83.609729][ T5479] ? __lock_acquire+0x1fd0/0x1fd0
[ 83.614753][ T5479] ? do_raw_spin_lock+0x14e/0x370
[ 83.619779][ T5479] ? do_raw_spin_unlock+0x13b/0x8b0
[ 83.624985][ T5479] ? __might_fault+0xc1/0x120
[ 83.629672][ T5479] btrfs_ioctl_dev_replace+0x3c9/0x4a0
[ 83.635132][ T5479] ? btrfs_ioctl_quota_rescan_wait+0x40/0x40
[ 83.641188][ T5479] ? __fget_files+0x3fe/0x480
[ 83.645862][ T5479] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 83.652263][ T5479] __se_sys_ioctl+0xf8/0x170
[ 83.656847][ T5479] do_syscall_64+0x45/0x110
[ 83.661344][ T5479] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 83.667231][ T5479] RIP: 0033:0x7f412127cba9
[ 83.671649][ T5479] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 83.691245][ T5479] RSP: 002b:00007f4121f980c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 83.699654][ T5479] RAX: ffffffffffffffda RBX: 00007f412139bf80 RCX: 00007f412127cba9
[ 83.707612][ T5479] RDX: 0000000020000540 RSI: 00000000ca289435 RDI: 0000000000000005
[ 83.715573][ T5479] RBP: 00007f41212c847a R08: 0000000000000000 R09: 0000000000000000
[ 83.723532][ T5479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 83.731513][ T5479] R13: 000000000000000b R14: 00007f412139bf80 R15: 00007ffcdd6baae8
[ 83.739489][ T5479]
[ 83.742750][ T5479] Kernel Offset: disabled
[ 83.747073][ T5479] Rebooting in 86400 seconds..