Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts.
executing program
[  532.112564][ T3537] loop0: detected capacity change from 0 to 2048
[  532.120075][ T3537] =======================================================
[  532.120075][ T3537] WARNING: The mand mount option has been deprecated and
[  532.120075][ T3537]          and is ignored by this kernel. Remove the mand
[  532.120075][ T3537]          option from the mount to silence this warning.
[  532.120075][ T3537] =======================================================
[  532.159878][ T3537] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  532.172811][ T3537] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  532.277854][ T3535] ==================================================================
[  532.286021][ T3535] BUG: KASAN: use-after-free in udf_close_lvid+0x6a4/0x9a0
[  532.293290][ T3535] Write of size 1 at addr ffff88807eef01d8 by task syz-executor956/3535
[  532.301604][ T3535] 
[  532.303918][ T3535] CPU: 1 PID: 3535 Comm: syz-executor956 Not tainted 5.15.120-syzkaller #0
[  532.312512][ T3535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[  532.322558][ T3535] Call Trace:
[  532.325830][ T3535]  <TASK>
[  532.328754][ T3535]  dump_stack_lvl+0x1e3/0x2cb
[  532.333467][ T3535]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[  532.339100][ T3535]  ? _printk+0xd1/0x111
[  532.343250][ T3535]  ? __wake_up_klogd+0xcc/0x100
[  532.348104][ T3535]  ? panic+0x84d/0x84d
[  532.352164][ T3535]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  532.357672][ T3535]  print_address_description+0x63/0x3b0
[  532.363257][ T3535]  ? udf_close_lvid+0x6a4/0x9a0
[  532.368110][ T3535]  kasan_report+0x16b/0x1c0
[  532.372609][ T3535]  ? udf_close_lvid+0x6a4/0x9a0
[  532.377457][ T3535]  udf_close_lvid+0x6a4/0x9a0
[  532.382130][ T3535]  ? hook_inode_free_security+0xa0/0xa0
[  532.387738][ T3535]  ? udf_open_lvid+0x5a0/0x5a0
[  532.392498][ T3535]  ? iput+0x367/0x8b0
[  532.396507][ T3535]  ? clear_inode+0x150/0x150
[  532.401106][ T3535]  udf_put_super+0xc9/0x160
[  532.405631][ T3535]  ? udf_free_in_core_inode+0x20/0x20
[  532.411000][ T3535]  generic_shutdown_super+0x136/0x2c0
[  532.416418][ T3535]  kill_block_super+0x7a/0xe0
[  532.421102][ T3535]  deactivate_locked_super+0xa0/0x110
[  532.426476][ T3535]  cleanup_mnt+0x44e/0x500
[  532.430917][ T3535]  ? lockdep_hardirqs_on+0x94/0x130
[  532.436166][ T3535]  task_work_run+0x129/0x1a0
[  532.440782][ T3535]  exit_to_user_mode_loop+0x106/0x130
[  532.446165][ T3535]  exit_to_user_mode_prepare+0xb1/0x140
[  532.451723][ T3535]  syscall_exit_to_user_mode+0x5d/0x250
[  532.457281][ T3535]  do_syscall_64+0x49/0xb0
[  532.461697][ T3535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  532.467583][ T3535] RIP: 0033:0x7f880f66b707
[  532.471993][ T3535] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[  532.491603][ T3535] RSP: 002b:00007ffda4d9f028 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  532.500011][ T3535] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f880f66b707
[  532.507992][ T3535] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffda4d9f0e0
[  532.515955][ T3535] RBP: 00007ffda4d9f0e0 R08: 0000000000000000 R09: 0000000000000000
[  532.523915][ T3535] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffda4da0150
[  532.531876][ T3535] R13: 0000555555f5d6c0 R14: 431bde82d7b634db R15: 00007ffda4da0170
[  532.539849][ T3535]  </TASK>
[  532.542856][ T3535] 
[  532.545169][ T3535] Allocated by task 3305:
[  532.549483][ T3535]  ____kasan_kmalloc+0xba/0xf0
[  532.554238][ T3535]  __kmalloc+0x168/0x300
[  532.558469][ T3535]  tomoyo_realpath_from_path+0xd8/0x5e0
[  532.564053][ T3535]  tomoyo_check_open_permission+0x22c/0x490
[  532.569958][ T3535]  security_file_open+0x5f/0xa0
[  532.574795][ T3535]  do_dentry_open+0x315/0xfb0
[  532.579483][ T3535]  path_openat+0x2702/0x2f20
[  532.584061][ T3535]  do_filp_open+0x21c/0x460
[  532.588552][ T3535]  do_sys_openat2+0x13b/0x500
[  532.593219][ T3535]  __x64_sys_openat+0x243/0x290
[  532.598058][ T3535]  do_syscall_64+0x3d/0xb0
[  532.602464][ T3535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  532.608350][ T3535] 
[  532.610674][ T3535] Freed by task 3305:
[  532.614650][ T3535]  kasan_set_track+0x4b/0x80
[  532.619228][ T3535]  kasan_set_free_info+0x1f/0x40
[  532.624162][ T3535]  ____kasan_slab_free+0xd8/0x120
[  532.629178][ T3535]  slab_free_freelist_hook+0xdd/0x160
[  532.634541][ T3535]  kfree+0xf1/0x270
[  532.638335][ T3535]  tomoyo_realpath_from_path+0x5ad/0x5e0
[  532.643957][ T3535]  tomoyo_check_open_permission+0x22c/0x490
[  532.649846][ T3535]  security_file_open+0x5f/0xa0
[  532.654712][ T3535]  do_dentry_open+0x315/0xfb0
[  532.659398][ T3535]  path_openat+0x2702/0x2f20
[  532.663976][ T3535]  do_filp_open+0x21c/0x460
[  532.668467][ T3535]  do_sys_openat2+0x13b/0x500
[  532.673132][ T3535]  __x64_sys_openat+0x243/0x290
[  532.677969][ T3535]  do_syscall_64+0x3d/0xb0
[  532.682398][ T3535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  532.688300][ T3535] 
[  532.690618][ T3535] The buggy address belongs to the object at ffff88807eef0000
[  532.690618][ T3535]  which belongs to the cache kmalloc-4k of size 4096
[  532.704664][ T3535] The buggy address is located 472 bytes inside of
[  532.704664][ T3535]  4096-byte region [ffff88807eef0000, ffff88807eef1000)
[  532.718014][ T3535] The buggy address belongs to the page:
[  532.723631][ T3535] page:ffffea0001fbbc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eef0
[  532.733794][ T3535] head:ffffea0001fbbc00 order:3 compound_mapcount:0 compound_pincount:0
[  532.742103][ T3535] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  532.750077][ T3535] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888011c42140
[  532.758666][ T3535] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  532.767236][ T3535] page dumped because: kasan: bad access detected
[  532.773632][ T3535] page_owner tracks the page as allocated
[  532.779333][ T3535] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2942, ts 18370823301, free_ts 16938059753
[  532.797728][ T3535]  get_page_from_freelist+0x322a/0x33c0
[  532.803376][ T3535]  __alloc_pages+0x272/0x700
[  532.807962][ T3535]  new_slab+0xbb/0x4b0
[  532.812022][ T3535]  ___slab_alloc+0x6f6/0xe10
[  532.816602][ T3535]  kmem_cache_alloc_trace+0x1a0/0x290
[  532.821961][ T3535]  tomoyo_dump_page+0x115/0x660
[  532.826808][ T3535]  tomoyo_find_next_domain+0x1143/0x1cf0
[  532.832432][ T3535]  tomoyo_bprm_check_security+0xdb/0x120
[  532.838094][ T3535]  security_bprm_check+0x5f/0xa0
[  532.843044][ T3535]  bprm_execve+0x84e/0x17c0
[  532.847556][ T3535]  do_execveat_common+0x583/0x720
[  532.852572][ T3535]  __x64_sys_execve+0x8e/0xa0
[  532.857238][ T3535]  do_syscall_64+0x3d/0xb0
[  532.861646][ T3535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  532.867532][ T3535] page last free stack trace:
[  532.872191][ T3535]  free_unref_page_prepare+0xc34/0xcf0
[  532.877667][ T3535]  free_unref_page+0x95/0x2d0
[  532.882335][ T3535]  free_contig_range+0x95/0xf0
[  532.887099][ T3535]  destroy_args+0xfe/0x97f
[  532.891543][ T3535]  debug_vm_pgtable+0x40d/0x462
[  532.896419][ T3535]  do_one_initcall+0x22b/0x7a0
[  532.901223][ T3535]  do_initcall_level+0x157/0x207
[  532.906194][ T3535]  do_initcalls+0x49/0x86
[  532.910526][ T3535]  kernel_init_freeable+0x43c/0x5c5
[  532.915723][ T3535]  kernel_init+0x19/0x290
[  532.920067][ T3535]  ret_from_fork+0x1f/0x30
[  532.924483][ T3535] 
[  532.926803][ T3535] Memory state around the buggy address:
[  532.932504][ T3535]  ffff88807eef0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  532.940566][ T3535]  ffff88807eef0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  532.948614][ T3535] >ffff88807eef0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  532.956659][ T3535]                                                     ^
[  532.963577][ T3535]  ffff88807eef0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  532.971623][ T3535]  ffff88807eef0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  532.979680][ T3535] ==================================================================
[  532.987761][ T3535] Disabling lock debugging due to kernel taint
[  532.994598][ T3535] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  533.001811][ T3535] CPU: 0 PID: 3535 Comm: syz-executor956 Tainted: G    B             5.15.120-syzkaller #0
[  533.011797][ T3535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[  533.021843][ T3535] Call Trace:
[  533.025137][ T3535]  <TASK>
[  533.028064][ T3535]  dump_stack_lvl+0x1e3/0x2cb
[  533.032740][ T3535]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[  533.038365][ T3535]  ? panic+0x84d/0x84d
[  533.042539][ T3535]  ? rcu_is_watching+0x11/0xa0
[  533.047358][ T3535]  ? preempt_schedule_common+0xa6/0xd0
[  533.052835][ T3535]  panic+0x318/0x84d
[  533.056726][ T3535]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  533.062876][ T3535]  ? check_panic_on_warn+0x1d/0xa0
[  533.068119][ T3535]  ? fb_is_primary_device+0xcc/0xcc
[  533.073315][ T3535]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  533.079293][ T3535]  ? _raw_spin_unlock+0x40/0x40
[  533.084142][ T3535]  check_panic_on_warn+0x7e/0xa0
[  533.089079][ T3535]  ? udf_close_lvid+0x6a4/0x9a0
[  533.093939][ T3535]  end_report+0x6d/0xf0
[  533.098097][ T3535]  kasan_report+0x18e/0x1c0
[  533.102591][ T3535]  ? udf_close_lvid+0x6a4/0x9a0
[  533.107440][ T3535]  udf_close_lvid+0x6a4/0x9a0
[  533.112113][ T3535]  ? hook_inode_free_security+0xa0/0xa0
[  533.117664][ T3535]  ? udf_open_lvid+0x5a0/0x5a0
[  533.122424][ T3535]  ? iput+0x367/0x8b0
[  533.126398][ T3535]  ? clear_inode+0x150/0x150
[  533.131009][ T3535]  udf_put_super+0xc9/0x160
[  533.135515][ T3535]  ? udf_free_in_core_inode+0x20/0x20
[  533.140907][ T3535]  generic_shutdown_super+0x136/0x2c0
[  533.146277][ T3535]  kill_block_super+0x7a/0xe0
[  533.150968][ T3535]  deactivate_locked_super+0xa0/0x110
[  533.156332][ T3535]  cleanup_mnt+0x44e/0x500
[  533.160743][ T3535]  ? lockdep_hardirqs_on+0x94/0x130
[  533.165941][ T3535]  task_work_run+0x129/0x1a0
[  533.170549][ T3535]  exit_to_user_mode_loop+0x106/0x130
[  533.175929][ T3535]  exit_to_user_mode_prepare+0xb1/0x140
[  533.181476][ T3535]  syscall_exit_to_user_mode+0x5d/0x250
[  533.187021][ T3535]  do_syscall_64+0x49/0xb0
[  533.191460][ T3535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  533.197356][ T3535] RIP: 0033:0x7f880f66b707
[  533.201796][ T3535] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[  533.221396][ T3535] RSP: 002b:00007ffda4d9f028 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  533.229890][ T3535] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f880f66b707
[  533.237873][ T3535] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffda4d9f0e0
[  533.245836][ T3535] RBP: 00007ffda4d9f0e0 R08: 0000000000000000 R09: 0000000000000000
[  533.253800][ T3535] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffda4da0150
[  533.261761][ T3535] R13: 0000555555f5d6c0 R14: 431bde82d7b634db R15: 00007ffda4da0170
[  533.269728][ T3535]  </TASK>
[  533.273000][ T3535] Kernel Offset: disabled
[  533.277324][ T3535] Rebooting in 86400 seconds..