./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2180971696

<...>
forked to background, child pid 4641
no interfaces have a carrier
[   28.360487][ T4642] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.369876][ T4642] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts.
execve("./syz-executor2180971696", ["./syz-executor2180971696"], 0x7ffd25693110 /* 10 vars */) = 0
brk(NULL)                               = 0x5555566bc000
brk(0x5555566bcc40)                     = 0x5555566bcc40
arch_prctl(ARCH_SET_FS, 0x5555566bc300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2180971696", 4096) = 28
brk(0x5555566ddc40)                     = 0x5555566ddc40
brk(0x5555566de000)                     = 0x5555566de000
mprotect(0x7f01a538a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566bc5d0) = 5063
./strace-static-x86_64: Process 5063 attached
[pid  5063] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5063] setsid()                    = 1
[pid  5063] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5063] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5063] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5063] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5063] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5063] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5063] unshare(CLONE_NEWNS)        = 0
[pid  5063] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5063] unshare(CLONE_NEWIPC)       = 0
[pid  5063] unshare(CLONE_NEWCGROUP)    = 0
[pid  5063] unshare(CLONE_NEWUTS)       = 0
[pid  5063] unshare(CLONE_SYSVSEM)      = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "16777216", 8)     = 8
[pid  5063] close(3)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "536870912", 9)    = 9
[pid  5063] close(3)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "1024", 4)         = 4
[pid  5063] close(3)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "8192", 4)         = 4
[pid  5063] close(3)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "1024", 4)         = 4
[pid  5063] close(3)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "1024", 4)         = 4
[pid  5063] close(3)                    = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5063] close(3)                    = 0
[pid  5063] getpid()                    = 1
[pid  5063] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5063] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5063] unshare(CLONE_NEWNET)       = 0
[pid  5063] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "0 65535", 7)      = 7
[pid  5063] close(3)                    = 0
[pid  5063] mkdir("/dev/binderfs", 0777) = 0
[pid  5063] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5063] memfd_create("syzkaller", 0) = 3
[pid  5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f019cecf000
[pid  5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5063] munmap(0x7f019cecf000, 262144) = 0
[pid  5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5063] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5063] close(3)                    = 0
[pid  5063] mkdir("./file0", 0777)      = 0
syzkaller login: [   52.811427][ T5063] loop0: detected capacity change from 0 to 512
[   52.824049][ T5063] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   52.831520][ T5063] UDF-fs: Scanning with blocksize 512 failed
[   52.838615][ T5063] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   52.846152][ T5063] UDF-fs: Scanning with blocksize 1024 failed
[   52.852885][ T5063] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[pid  5063] mount("/dev/loop0", "./file0", "udf", 0, "longad,gid=ignore,noadinicb,iocharset=macceltic,longad,gid=ignore,longad,") = 0
[pid  5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5063] chdir("./file0")            = 0
[pid  5063] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5063] close(4)                    = 0
[pid  5063] open(".", O_RDONLY)         = 4
[   52.860259][ T5063] UDF-fs: Scanning with blocksize 2048 failed
[   52.867343][ T5063] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[   52.878661][ T5063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   52.897719][ T5063] ==================================================================
[   52.905909][ T5063] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x7e9/0x8f0
[   52.913515][ T5063] Write of size 4 at addr ffff888021abbff0 by task syz-executor218/5063
[   52.921827][ T5063] 
[   52.924131][ T5063] CPU: 0 PID: 5063 Comm: syz-executor218 Not tainted 6.1.0-syzkaller-14446-g8395ae05cb5a #0
[   52.934228][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.944275][ T5063] Call Trace:
[   52.947540][ T5063]  <TASK>
[   52.950460][ T5063]  dump_stack_lvl+0xd1/0x138
[   52.955047][ T5063]  print_report+0x15e/0x45d
[   52.959547][ T5063]  ? __phys_addr+0xc8/0x140
[   52.964042][ T5063]  ? udf_write_aext+0x7e9/0x8f0
[   52.968885][ T5063]  kasan_report+0xbf/0x1f0
[   52.973293][ T5063]  ? udf_write_aext+0x7e9/0x8f0
[   52.978140][ T5063]  udf_write_aext+0x7e9/0x8f0
[   52.982811][ T5063]  udf_add_entry+0xd03/0x2ac0
[   52.987486][ T5063]  ? udf_write_fi+0xf20/0xf20
[   52.992161][ T5063]  ? udf_new_inode+0xc07/0x11f0
[   52.997015][ T5063]  udf_mkdir+0x149/0x650
[   53.001240][ T5063]  ? userns_owner+0x40/0x40
[   53.005735][ T5063]  ? udf_create+0x180/0x180
[   53.010229][ T5063]  ? hook_path_mkdir+0x44d/0x530
[   53.015161][ T5063]  ? d_alloc+0x1c0/0x240
[   53.019397][ T5063]  ? from_kgid+0x8b/0xd0
[   53.023631][ T5063]  ? from_kuid_munged+0x130/0x130
[   53.028646][ T5063]  ? generic_permission+0x28f/0x7a0
[   53.033836][ T5063]  ? bpf_lsm_inode_permission+0x9/0x10
[   53.039287][ T5063]  ? security_inode_permission+0xc9/0xf0
[   53.044912][ T5063]  ? bpf_lsm_inode_mkdir+0x9/0x10
[   53.049926][ T5063]  vfs_mkdir+0x48d/0x740
[   53.054160][ T5063]  do_mkdirat+0x27b/0x2f0
[   53.058484][ T5063]  ? __ia32_sys_mknod+0xb0/0xb0
[   53.063348][ T5063]  ? getname_flags.part.0+0x1dd/0x4f0
[   53.068716][ T5063]  __x64_sys_mkdirat+0x119/0x170
[   53.073645][ T5063]  do_syscall_64+0x39/0xb0
[   53.078055][ T5063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.083934][ T5063] RIP: 0033:0x7f01a531bf79
[   53.088333][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.107927][ T5063] RSP: 002b:00007fffd2a85868 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   53.116326][ T5063] RAX: ffffffffffffffda RBX: 00007f01a538aed0 RCX: 00007f01a531bf79
[   53.124718][ T5063] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000004
[   53.132672][ T5063] RBP: 00007fffd2a85878 R08: 00007f01a538ae40 R09: 00007f01a538ae40
[   53.140800][ T5063] R10: 000000000000056b R11: 0000000000000246 R12: 00007fffd2a85880
[   53.148755][ T5063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   53.156715][ T5063]  </TASK>
[   53.159735][ T5063] 
[   53.162041][ T5063] Allocated by task 5063:
[   53.166522][ T5063]  kasan_save_stack+0x22/0x40
[   53.171185][ T5063]  kasan_set_track+0x25/0x30
[   53.175765][ T5063]  __kasan_kmalloc+0xa5/0xb0
[   53.180338][ T5063]  tomoyo_init_log+0x18e/0x1ec0
[   53.185173][ T5063]  tomoyo_supervisor+0x354/0xf10
[   53.190099][ T5063]  tomoyo_path_number_perm+0x410/0x570
[   53.195547][ T5063]  tomoyo_path_mkdir+0x9c/0xe0
[   53.200474][ T5063]  security_path_mkdir+0xec/0x160
[   53.205483][ T5063]  do_mkdirat+0x14d/0x2f0
[   53.209800][ T5063]  __x64_sys_mkdirat+0x119/0x170
[   53.214728][ T5063]  do_syscall_64+0x39/0xb0
[   53.219228][ T5063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.225107][ T5063] 
[   53.227409][ T5063] Freed by task 5063:
[   53.231364][ T5063]  kasan_save_stack+0x22/0x40
[   53.236024][ T5063]  kasan_set_track+0x25/0x30
[   53.240597][ T5063]  kasan_save_free_info+0x2e/0x40
[   53.245611][ T5063]  ____kasan_slab_free+0x160/0x1c0
[   53.250709][ T5063]  slab_free_freelist_hook+0x8b/0x1c0
[   53.256070][ T5063]  __kmem_cache_free+0xaf/0x3b0
[   53.260902][ T5063]  tomoyo_init_log+0x1403/0x1ec0
[   53.265823][ T5063]  tomoyo_supervisor+0x354/0xf10
[   53.270744][ T5063]  tomoyo_path_number_perm+0x410/0x570
[   53.276190][ T5063]  tomoyo_path_mkdir+0x9c/0xe0
[   53.281048][ T5063]  security_path_mkdir+0xec/0x160
[   53.286060][ T5063]  do_mkdirat+0x14d/0x2f0
[   53.290380][ T5063]  __x64_sys_mkdirat+0x119/0x170
[   53.295307][ T5063]  do_syscall_64+0x39/0xb0
[   53.299711][ T5063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.305588][ T5063] 
[   53.307896][ T5063] The buggy address belongs to the object at ffff888021aba000
[   53.307896][ T5063]  which belongs to the cache kmalloc-4k of size 4096
[   53.321932][ T5063] The buggy address is located 4080 bytes to the right of
[   53.321932][ T5063]  4096-byte region [ffff888021aba000, ffff888021abb000)
[   53.335883][ T5063] 
[   53.338188][ T5063] The buggy address belongs to the physical page:
[   53.344583][ T5063] page:ffffea000086ae00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21ab8
[   53.354716][ T5063] head:ffffea000086ae00 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[   53.364759][ T5063] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   53.372900][ T5063] raw: 00fff00000010200 ffff888012442140 dead000000000122 0000000000000000
[   53.381464][ T5063] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   53.390024][ T5063] page dumped because: kasan: bad access detected
[   53.396418][ T5063] page_owner tracks the page as allocated
[   53.402112][ T5063] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5063, tgid 5063 (syz-executor218), ts 52896424702, free_ts 52890537450
[   53.423108][ T5063]  get_page_from_freelist+0x119c/0x2ce0
[   53.428647][ T5063]  __alloc_pages+0x1cb/0x5b0
[   53.433224][ T5063]  alloc_pages+0x1aa/0x270
[   53.437638][ T5063]  allocate_slab+0x25f/0x350
[   53.442221][ T5063]  ___slab_alloc+0xa91/0x1400
[   53.446879][ T5063]  __slab_alloc.constprop.0+0x56/0xa0
[   53.452237][ T5063]  __kmem_cache_alloc_node+0x1a4/0x430
[   53.457679][ T5063]  __kmalloc+0x4a/0xd0
[   53.461737][ T5063]  tomoyo_realpath_from_path+0xc3/0x600
[   53.467275][ T5063]  tomoyo_path_number_perm+0x217/0x570
[   53.472724][ T5063]  tomoyo_path_mkdir+0x9c/0xe0
[   53.477482][ T5063]  security_path_mkdir+0xec/0x160
[   53.482492][ T5063]  do_mkdirat+0x14d/0x2f0
[   53.486812][ T5063]  __x64_sys_mkdirat+0x119/0x170
[   53.491742][ T5063]  do_syscall_64+0x39/0xb0
[   53.496151][ T5063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.502030][ T5063] page last free stack trace:
[   53.506784][ T5063]  free_pcp_prepare+0x65c/0xc00
[   53.511637][ T5063]  free_unref_page+0x1d/0x490
[   53.516322][ T5063]  __folio_put+0x109/0x140
[   53.520726][ T5063]  put_page+0x21b/0x280
[   53.524873][ T5063]  page_to_skb+0x96d/0xc60
[   53.529278][ T5063]  receive_buf+0x11c5/0x5630
[   53.533860][ T5063]  virtnet_poll+0x704/0x1300
[   53.538462][ T5063]  __napi_poll+0xb8/0x770
[   53.543131][ T5063]  net_rx_action+0xa00/0xde0
[   53.547709][ T5063]  __do_softirq+0x1fb/0xadc
[   53.552205][ T5063] 
[   53.554509][ T5063] Memory state around the buggy address:
[   53.560117][ T5063]  ffff888021abbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.568162][ T5063]  ffff888021abbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.576207][ T5063] >ffff888021abbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.584248][ T5063]                                                              ^
[   53.591939][ T5063]  ffff888021abc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.599979][ T5063]  ffff888021abc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.608107][ T5063] ==================================================================
[   53.622947][ T5063] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.630254][ T5063] CPU: 1 PID: 5063 Comm: syz-executor218 Not tainted 6.1.0-syzkaller-14446-g8395ae05cb5a #0
[   53.640395][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.650444][ T5063] Call Trace:
[   53.653708][ T5063]  <TASK>
[   53.656620][ T5063]  dump_stack_lvl+0xd1/0x138
[   53.661198][ T5063]  panic+0x2cc/0x626
[   53.665079][ T5063]  ? panic_print_sys_info.part.0+0x110/0x110
[   53.671057][ T5063]  ? preempt_schedule_thunk+0x1a/0x20
[   53.676430][ T5063]  ? preempt_schedule_common+0x59/0xc0
[   53.681877][ T5063]  check_panic_on_warn.cold+0x19/0x35
[   53.687232][ T5063]  end_report.part.0+0x36/0x73
[   53.691982][ T5063]  ? udf_write_aext+0x7e9/0x8f0
[   53.696820][ T5063]  kasan_report.cold+0xa/0xf
[   53.701406][ T5063]  ? udf_write_aext+0x7e9/0x8f0
[   53.706283][ T5063]  udf_write_aext+0x7e9/0x8f0
[   53.710954][ T5063]  udf_add_entry+0xd03/0x2ac0
[   53.716153][ T5063]  ? udf_write_fi+0xf20/0xf20
[   53.720824][ T5063]  ? udf_new_inode+0xc07/0x11f0
[   53.725690][ T5063]  udf_mkdir+0x149/0x650
[   53.729921][ T5063]  ? userns_owner+0x40/0x40
[   53.734419][ T5063]  ? udf_create+0x180/0x180
[   53.738925][ T5063]  ? hook_path_mkdir+0x44d/0x530
[   53.743850][ T5063]  ? d_alloc+0x1c0/0x240
[   53.748094][ T5063]  ? from_kgid+0x8b/0xd0
[   53.752346][ T5063]  ? from_kuid_munged+0x130/0x130
[   53.757358][ T5063]  ? generic_permission+0x28f/0x7a0
[   53.762544][ T5063]  ? bpf_lsm_inode_permission+0x9/0x10
[   53.768160][ T5063]  ? security_inode_permission+0xc9/0xf0
[   53.773785][ T5063]  ? bpf_lsm_inode_mkdir+0x9/0x10
[   53.778798][ T5063]  vfs_mkdir+0x48d/0x740
[   53.783029][ T5063]  do_mkdirat+0x27b/0x2f0
[   53.787347][ T5063]  ? __ia32_sys_mknod+0xb0/0xb0
[   53.792185][ T5063]  ? getname_flags.part.0+0x1dd/0x4f0
[   53.797557][ T5063]  __x64_sys_mkdirat+0x119/0x170
[   53.802486][ T5063]  do_syscall_64+0x39/0xb0
[   53.806893][ T5063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.812772][ T5063] RIP: 0033:0x7f01a531bf79
[   53.817169][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.836777][ T5063] RSP: 002b:00007fffd2a85868 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   53.845180][ T5063] RAX: ffffffffffffffda RBX: 00007f01a538aed0 RCX: 00007f01a531bf79
[   53.853144][ T5063] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000004
[   53.861099][ T5063] RBP: 00007fffd2a85878 R08: 00007f01a538ae40 R09: 00007f01a538ae40
[   53.869062][ T5063] R10: 000000000000056b R11: 0000000000000246 R12: 00007fffd2a85880
[   53.877027][ T5063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   53.884994][ T5063]  </TASK>
[   53.888093][ T5063] Kernel Offset: disabled
[   53.892428][ T5063] Rebooting in 86400 seconds..