Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
syzkaller login: [   54.700479][ T3538] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   54.726028][ T3542] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.733731][ T3542] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.741866][ T3542] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.749510][ T3542] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.757211][ T3542] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   54.764909][ T3542] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[   54.828671][ T3540] loop0: detected capacity change from 0 to 2048
[   54.836524][ T3540] =======================================================
[   54.836524][ T3540] WARNING: The mand mount option has been deprecated and
[   54.836524][ T3540]          and is ignored by this kernel. Remove the mand
[   54.836524][ T3540]          option from the mount to silence this warning.
[   54.836524][ T3540] =======================================================
[   54.874583][ T3540] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   54.886928][ T3540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   54.999369][ T3540] ==================================================================
[   55.007457][ T3540] BUG: KASAN: use-after-free in udf_close_lvid+0x6a4/0x9a0
[   55.014657][ T3540] Write of size 1 at addr ffff8880aed46b78 by task syz-executor347/3540
[   55.022959][ T3540] 
[   55.025264][ T3540] CPU: 0 PID: 3540 Comm: syz-executor347 Not tainted 6.1.35-syzkaller #0
[   55.033778][ T3540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   55.043824][ T3540] Call Trace:
[   55.047089][ T3540]  <TASK>
[   55.050000][ T3540]  dump_stack_lvl+0x1e3/0x2cb
[   55.054678][ T3540]  ? irq_work_queue+0xc6/0x150
[   55.059427][ T3540]  ? nf_tcp_handle_invalid+0x642/0x642
[   55.064867][ T3540]  ? panic+0x75d/0x75d
[   55.068927][ T3540]  ? _printk+0xd1/0x111
[   55.073068][ T3540]  ? _raw_spin_lock_irqsave+0xac/0x120
[   55.078506][ T3540]  print_report+0x15f/0x4f0
[   55.083000][ T3540]  ? hook_sb_delete+0x728/0xb30
[   55.087830][ T3540]  ? __virt_addr_valid+0x22b/0x2e0
[   55.092928][ T3540]  ? __phys_addr+0xb6/0x170
[   55.097412][ T3540]  ? udf_close_lvid+0x6a4/0x9a0
[   55.102243][ T3540]  kasan_report+0x136/0x160
[   55.106734][ T3540]  ? udf_close_lvid+0x6a4/0x9a0
[   55.111567][ T3540]  udf_close_lvid+0x6a4/0x9a0
[   55.116234][ T3540]  ? udf_open_lvid+0x5a0/0x5a0
[   55.120980][ T3540]  ? iput+0x3f7/0x980
[   55.124953][ T3540]  ? clear_inode+0x150/0x150
[   55.129520][ T3540]  udf_put_super+0xc9/0x160
[   55.134004][ T3540]  ? udf_free_in_core_inode+0x20/0x20
[   55.139358][ T3540]  generic_shutdown_super+0x130/0x340
[   55.144714][ T3540]  kill_block_super+0x7a/0xe0
[   55.149388][ T3540]  deactivate_locked_super+0xa0/0x110
[   55.154741][ T3540]  cleanup_mnt+0x490/0x520
[   55.159138][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   55.164313][ T3540]  task_work_run+0x246/0x300
[   55.168883][ T3540]  ? kasan_quarantine_put+0xd4/0x220
[   55.174147][ T3540]  ? task_work_cancel+0x2b0/0x2b0
[   55.179152][ T3540]  ? kmem_cache_free+0x292/0x510
[   55.184067][ T3540]  ? do_exit+0x6f6/0x2300
[   55.188375][ T3540]  do_exit+0x6fb/0x2300
[   55.192514][ T3540]  ? do_group_exit+0x1f2/0x2b0
[   55.197265][ T3540]  ? put_task_struct+0x80/0x80
[   55.202009][ T3540]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.207982][ T3540]  ? print_irqtrace_events+0x210/0x210
[   55.213419][ T3540]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.218595][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   55.223768][ T3540]  do_group_exit+0x202/0x2b0
[   55.228339][ T3540]  __x64_sys_exit_group+0x3b/0x40
[   55.233343][ T3540]  do_syscall_64+0x3d/0xb0
[   55.237741][ T3540]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.243613][ T3540] RIP: 0033:0x7f00a3c96e19
[   55.248004][ T3540] Code: Unable to access opcode bytes at 0x7f00a3c96def.
[   55.254999][ T3540] RSP: 002b:00007ffd12431cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.263389][ T3540] RAX: ffffffffffffffda RBX: 00007f00a3d3e470 RCX: 00007f00a3c96e19
[   55.271337][ T3540] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   55.279288][ T3540] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 0000000000000000
[   55.287238][ T3540] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f00a3d3e470
[   55.295187][ T3540] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   55.303144][ T3540]  </TASK>
[   55.306141][ T3540] 
[   55.308441][ T3540] The buggy address belongs to the physical page:
[   55.314829][ T3540] page:ffffea0002bb5180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaed46
[   55.324957][ T3540] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   55.332043][ T3540] raw: 00fff00000000000 ffffea0002bb5188 ffffea0002bb5188 0000000000000000
[   55.340600][ T3540] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   55.349156][ T3540] page dumped because: kasan: bad access detected
[   55.355552][ T3540] page_owner info is not present (never set?)
[   55.361586][ T3540] 
[   55.363886][ T3540] Memory state around the buggy address:
[   55.369488][ T3540]  ffff8880aed46a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.377523][ T3540]  ffff8880aed46a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.385556][ T3540] >ffff8880aed46b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.393673][ T3540]                                                                 ^
[   55.401638][ T3540]  ffff8880aed46b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.409672][ T3540]  ffff8880aed46c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.417707][ T3540] ==================================================================
[   55.425982][ T3540] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.433187][ T3540] CPU: 0 PID: 3540 Comm: syz-executor347 Not tainted 6.1.35-syzkaller #0
[   55.441591][ T3540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   55.451633][ T3540] Call Trace:
[   55.454905][ T3540]  <TASK>
[   55.457825][ T3540]  dump_stack_lvl+0x1e3/0x2cb
[   55.462515][ T3540]  ? nf_tcp_handle_invalid+0x642/0x642
[   55.467989][ T3540]  ? panic+0x75d/0x75d
[   55.472066][ T3540]  ? preempt_schedule_common+0xa6/0xd0
[   55.477523][ T3540]  ? vscnprintf+0x59/0x80
[   55.481848][ T3540]  panic+0x318/0x75d
[   55.485739][ T3540]  ? check_panic_on_warn+0x1d/0xa0
[   55.490842][ T3540]  ? memcpy_page_flushcache+0xfc/0xfc
[   55.496206][ T3540]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   55.502170][ T3540]  ? _raw_spin_unlock+0x40/0x40
[   55.507003][ T3540]  ? print_report+0x4a3/0x4f0
[   55.511673][ T3540]  check_panic_on_warn+0x7e/0xa0
[   55.516596][ T3540]  ? udf_close_lvid+0x6a4/0x9a0
[   55.521436][ T3540]  end_report+0x66/0x110
[   55.525668][ T3540]  kasan_report+0x143/0x160
[   55.530161][ T3540]  ? udf_close_lvid+0x6a4/0x9a0
[   55.535003][ T3540]  udf_close_lvid+0x6a4/0x9a0
[   55.539672][ T3540]  ? udf_open_lvid+0x5a0/0x5a0
[   55.544430][ T3540]  ? iput+0x3f7/0x980
[   55.548398][ T3540]  ? clear_inode+0x150/0x150
[   55.552978][ T3540]  udf_put_super+0xc9/0x160
[   55.557468][ T3540]  ? udf_free_in_core_inode+0x20/0x20
[   55.562829][ T3540]  generic_shutdown_super+0x130/0x340
[   55.568191][ T3540]  kill_block_super+0x7a/0xe0
[   55.572857][ T3540]  deactivate_locked_super+0xa0/0x110
[   55.578214][ T3540]  cleanup_mnt+0x490/0x520
[   55.582622][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   55.587821][ T3540]  task_work_run+0x246/0x300
[   55.592414][ T3540]  ? kasan_quarantine_put+0xd4/0x220
[   55.597701][ T3540]  ? task_work_cancel+0x2b0/0x2b0
[   55.602727][ T3540]  ? kmem_cache_free+0x292/0x510
[   55.607664][ T3540]  ? do_exit+0x6f6/0x2300
[   55.611989][ T3540]  do_exit+0x6fb/0x2300
[   55.616140][ T3540]  ? do_group_exit+0x1f2/0x2b0
[   55.620894][ T3540]  ? put_task_struct+0x80/0x80
[   55.625647][ T3540]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   55.631615][ T3540]  ? print_irqtrace_events+0x210/0x210
[   55.637061][ T3540]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.642247][ T3540]  ? lockdep_hardirqs_on+0x94/0x130
[   55.647435][ T3540]  do_group_exit+0x202/0x2b0
[   55.652018][ T3540]  __x64_sys_exit_group+0x3b/0x40
[   55.657048][ T3540]  do_syscall_64+0x3d/0xb0
[   55.661467][ T3540]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.667359][ T3540] RIP: 0033:0x7f00a3c96e19
[   55.671778][ T3540] Code: Unable to access opcode bytes at 0x7f00a3c96def.
[   55.678790][ T3540] RSP: 002b:00007ffd12431cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.687201][ T3540] RAX: ffffffffffffffda RBX: 00007f00a3d3e470 RCX: 00007f00a3c96e19
[   55.695177][ T3540] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   55.703151][ T3540] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 0000000000000000
[   55.711111][ T3540] R10: 0000000000000022 R11: 0000000000000246 R12: 00007f00a3d3e470
[   55.719067][ T3540] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   55.727145][ T3540]  </TASK>
[   55.730299][ T3540] Kernel Offset: disabled
[   55.734609][ T3540] Rebooting in 86400 seconds..