syz-executor260[5024]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
loop0: detected capacity change from 0 to 2048
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
==================================================================
BUG: KASAN: use-after-free in udf_close_lvid+0x6a8/0x9a0 fs/udf/super.c:2035
Write of size 1 at addr ffff8880b2446068 by task syz-executor260/5024

CPU: 0 PID: 5024 Comm: syz-executor260 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x163/0x540 mm/kasan/report.c:475
 kasan_report+0x175/0x1b0 mm/kasan/report.c:588
 udf_close_lvid+0x6a8/0x9a0 fs/udf/super.c:2035
 udf_put_super+0xcd/0x160 fs/udf/super.c:2322
 generic_shutdown_super+0x13a/0x2c0 fs/super.c:693
 kill_block_super+0x41/0x70 fs/super.c:1646
 deactivate_locked_super+0xa4/0x110 fs/super.c:481
 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1254
 task_work_run+0x24a/0x300 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x68f/0x2290 kernel/exit.c:874
 do_group_exit+0x206/0x2c0 kernel/exit.c:1024
 __do_sys_exit_group kernel/exit.c:1035 [inline]
 __se_sys_exit_group kernel/exit.c:1033 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fba760598b9
Code: Unable to access opcode bytes at 0x7fba7605988f.
RSP: 002b:00007ffcf1ea95f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fba760598b9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007fba760f23b0 R08: ffffffffffffffb0 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fba760f23b0
R13: 0000000000000000 R14: 00007fba760f51e0 R15: 00007fba7601c5a0
 </TASK>

The buggy address belongs to the physical page:
page:ffffea0002c91180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb2446
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000000 ffffea0002c91188 ffffea0002c91188 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffff8880b2445f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff8880b2445f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8880b2446000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                          ^
 ffff8880b2446080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff8880b2446100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================