Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   57.409993][ T5071] ==================================================================
[   57.418093][ T5071] BUG: KASAN: use-after-free in snd_rawmidi_poll+0x559/0x680
[   57.425461][ T5071] Read of size 8 at addr ffff888029a3dd08 by task syz-executor371/5071
[   57.433684][ T5071] 
[   57.435995][ T5071] CPU: 1 PID: 5071 Comm: syz-executor371 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   57.445893][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.455932][ T5071] Call Trace:
[   57.459200][ T5071]  <TASK>
[   57.462117][ T5071]  dump_stack_lvl+0xd1/0x138
[   57.466704][ T5071]  print_report+0x15e/0x45d
[   57.471195][ T5071]  ? __phys_addr+0xc8/0x140
[   57.475706][ T5071]  ? snd_rawmidi_poll+0x559/0x680
[   57.480718][ T5071]  kasan_report+0xc0/0xf0
[   57.485038][ T5071]  ? snd_rawmidi_poll+0x559/0x680
[   57.490072][ T5071]  snd_rawmidi_poll+0x559/0x680
[   57.494936][ T5071]  io_poll_task_func+0x3a6/0x1220
[   57.499968][ T5071]  ? snd_rawmidi_read+0x740/0x740
[   57.505000][ T5071]  ? lock_downgrade+0x6e0/0x6e0
[   57.509862][ T5071]  ? io_poll_remove_entries.part.0+0x810/0x810
[   57.516030][ T5071]  ? handle_tw_list+0x1a3/0x460
[   57.520894][ T5071]  ? lock_acquire+0x32/0xc0
[   57.525408][ T5071]  ? handle_tw_list+0x1a3/0x460
[   57.530269][ T5071]  handle_tw_list+0xa8/0x460
[   57.534874][ T5071]  tctx_task_work+0x12e/0x530
[   57.539569][ T5071]  ? handle_tw_list+0x460/0x460
[   57.544427][ T5071]  ? lock_downgrade+0x6e0/0x6e0
[   57.549284][ T5071]  ? do_raw_spin_lock+0x124/0x2b0
[   57.554316][ T5071]  ? rwlock_bug.part.0+0x90/0x90
[   57.559264][ T5071]  ? _raw_spin_unlock_irq+0x23/0x50
[   57.564487][ T5071]  task_work_run+0x16f/0x270
[   57.569099][ T5071]  ? task_work_cancel+0x30/0x30
[   57.573970][ T5071]  get_signal+0x1c7/0x24f0
[   57.578392][ T5071]  ? kmem_cache_free+0xec/0x4e0
[   57.583258][ T5071]  ? exit_signals+0x910/0x910
[   57.587946][ T5071]  ? do_sys_openat2+0xa1/0x4c0
[   57.592716][ T5071]  ? __ia32_sys_get_robust_list+0x400/0x400
[   57.598624][ T5071]  arch_do_signal_or_restart+0x79/0x5c0
[   57.604180][ T5071]  ? get_sigframe_size+0x10/0x10
[   57.609127][ T5071]  ? __x64_sys_open+0x11d/0x1c0
[   57.613986][ T5071]  exit_to_user_mode_prepare+0x11f/0x240
[   57.619633][ T5071]  syscall_exit_to_user_mode+0x1d/0x50
[   57.625110][ T5071]  do_syscall_64+0x46/0xb0
[   57.629536][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.635447][ T5071] RIP: 0033:0x7f6bc7db1669
[   57.639864][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   57.659478][ T5071] RSP: 002b:00007f6bc7d3e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   57.667896][ T5071] RAX: fffffffffffffffe RBX: 00007f6bc7e374f8 RCX: 00007f6bc7db1669
[   57.675873][ T5071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[   57.683932][ T5071] RBP: 00007f6bc7e374f0 R08: 0000000000000000 R09: 0000000000000000
[   57.691907][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bc7e374fc
[   57.699883][ T5071] R13: 00007f6bc7e04004 R14: 0030656c69662f2e R15: 0000000000000000
[   57.708125][ T5071]  </TASK>
[   57.711148][ T5071] 
[   57.713464][ T5071] Allocated by task 5070:
[   57.717787][ T5071]  kasan_save_stack+0x22/0x40
[   57.722471][ T5071]  kasan_set_track+0x25/0x30
[   57.727068][ T5071]  __kasan_kmalloc+0xa2/0xb0
[   57.731669][ T5071]  snd_rawmidi_open+0x39a/0xb70
[   57.736527][ T5071]  snd_open+0x223/0x460
[   57.740692][ T5071]  chrdev_open+0x26a/0x770
[   57.745109][ T5071]  do_dentry_open+0x6cc/0x13f0
[   57.749886][ T5071]  path_openat+0x1bc1/0x2b40
[   57.754487][ T5071]  do_filp_open+0x1ba/0x410
[   57.759006][ T5071]  do_sys_openat2+0x16d/0x4c0
[   57.763693][ T5071]  __x64_sys_openat+0x143/0x1f0
[   57.768551][ T5071]  do_syscall_64+0x39/0xb0
[   57.772973][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.778885][ T5071] 
[   57.781202][ T5071] Freed by task 5071:
[   57.785174][ T5071]  kasan_save_stack+0x22/0x40
[   57.789861][ T5071]  kasan_set_track+0x25/0x30
[   57.794467][ T5071]  kasan_save_free_info+0x2e/0x40
[   57.799538][ T5071]  ____kasan_slab_free+0x160/0x1c0
[   57.804674][ T5071]  slab_free_freelist_hook+0x8b/0x1c0
[   57.810107][ T5071]  __kmem_cache_free+0xaf/0x2d0
[   57.814973][ T5071]  snd_rawmidi_release+0x6a/0xf0
[   57.819934][ T5071]  __fput+0x27c/0xa90
[   57.823939][ T5071]  task_work_run+0x16f/0x270
[   57.828547][ T5071]  get_signal+0x1c7/0x24f0
[   57.832967][ T5071]  arch_do_signal_or_restart+0x79/0x5c0
[   57.838519][ T5071]  exit_to_user_mode_prepare+0x11f/0x240
[   57.844162][ T5071]  syscall_exit_to_user_mode+0x1d/0x50
[   57.849651][ T5071]  do_syscall_64+0x46/0xb0
[   57.854073][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.859997][ T5071] 
[   57.862323][ T5071] The buggy address belongs to the object at ffff888029a3dd00
[   57.862323][ T5071]  which belongs to the cache kmalloc-32 of size 32
[   57.876468][ T5071] The buggy address is located 8 bytes inside of
[   57.876468][ T5071]  32-byte region [ffff888029a3dd00, ffff888029a3dd20)
[   57.889487][ T5071] 
[   57.891807][ T5071] The buggy address belongs to the physical page:
[   57.898472][ T5071] page:ffffea0000a68f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29a3d
[   57.908628][ T5071] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   57.916187][ T5071] raw: 00fff00000000200 ffff888012441500 ffffea0000733140 0000000000000004
[   57.924775][ T5071] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[   57.933351][ T5071] page dumped because: kasan: bad access detected
[   57.939760][ T5071] page_owner tracks the page as allocated
[   57.945466][ T5071] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4448, tgid 4448 (udevd), ts 32458987221, free_ts 32407330792
[   57.963013][ T5071]  get_page_from_freelist+0x11bb/0x2d50
[   57.968575][ T5071]  __alloc_pages+0x1cb/0x5c0
[   57.973178][ T5071]  alloc_pages+0x1aa/0x270
[   57.977610][ T5071]  allocate_slab+0x25f/0x350
[   57.982203][ T5071]  ___slab_alloc+0xa91/0x1400
[   57.986891][ T5071]  __slab_alloc.constprop.0+0x56/0xa0
[   57.992276][ T5071]  __kmem_cache_alloc_node+0x136/0x330
[   57.997824][ T5071]  __kmalloc+0x4a/0xd0
[   58.001905][ T5071]  tomoyo_encode2.part.0+0xe9/0x3a0
[   58.007115][ T5071]  tomoyo_encode+0x2c/0x50
[   58.011540][ T5071]  tomoyo_realpath_from_path+0x185/0x600
[   58.017185][ T5071]  tomoyo_path_perm+0x22d/0x430
[   58.022041][ T5071]  security_inode_getattr+0xd3/0x140
[   58.027335][ T5071]  vfs_statx+0x16e/0x430
[   58.031583][ T5071]  vfs_fstatat+0x90/0xb0
[   58.035828][ T5071]  __do_sys_newfstatat+0x8a/0x110
[   58.040855][ T5071] page last free stack trace:
[   58.045520][ T5071]  free_pcp_prepare+0x4d0/0x910
[   58.050383][ T5071]  free_unref_page+0x1d/0x490
[   58.055210][ T5071]  qlist_free_all+0x6a/0x170
[   58.061180][ T5071]  kasan_quarantine_reduce+0x192/0x220
[   58.067122][ T5071]  __kasan_slab_alloc+0x63/0x90
[   58.072654][ T5071]  kmem_cache_alloc+0x175/0x320
[   58.077996][ T5071]  security_file_alloc+0x38/0x170
[   58.083030][ T5071]  __alloc_file+0xd9/0x270
[   58.087457][ T5071]  alloc_empty_file+0x71/0x170
[   58.092231][ T5071]  path_openat+0xe6/0x2b40
[   58.096664][ T5071]  do_filp_open+0x1ba/0x410
[   58.101181][ T5071]  do_sys_openat2+0x16d/0x4c0
[   58.105864][ T5071]  __x64_sys_openat+0x143/0x1f0
[   58.110722][ T5071]  do_syscall_64+0x39/0xb0
[   58.115146][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.121058][ T5071] 
[   58.123375][ T5071] Memory state around the buggy address:
[   58.129005][ T5071]  ffff888029a3dc00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   58.137065][ T5071]  ffff888029a3dc80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   58.145126][ T5071] >ffff888029a3dd00: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[   58.153182][ T5071]                       ^
[   58.157507][ T5071]  ffff888029a3dd80: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   58.165565][ T5071]  ffff888029a3de00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   58.173623][ T5071] ==================================================================
[   58.182923][ T5071] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   58.190141][ T5071] CPU: 0 PID: 5071 Comm: syz-executor371 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   58.200047][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   58.210105][ T5071] Call Trace:
[   58.213370][ T5071]  <TASK>
[   58.216287][ T5071]  dump_stack_lvl+0xd1/0x138
[   58.220872][ T5071]  panic+0x2cc/0x626
[   58.224769][ T5071]  ? panic_print_sys_info.part.0+0x112/0x112
[   58.230746][ T5071]  ? preempt_schedule_thunk+0x1a/0x20
[   58.236110][ T5071]  ? preempt_schedule_common+0x59/0xc0
[   58.241564][ T5071]  check_panic_on_warn.cold+0x19/0x35
[   58.246934][ T5071]  end_report.part.0+0x36/0x73
[   58.251686][ T5071]  ? snd_rawmidi_poll+0x559/0x680
[   58.256700][ T5071]  kasan_report.cold+0xa/0xf
[   58.261277][ T5071]  ? snd_rawmidi_poll+0x559/0x680
[   58.266291][ T5071]  snd_rawmidi_poll+0x559/0x680
[   58.271132][ T5071]  io_poll_task_func+0x3a6/0x1220
[   58.276144][ T5071]  ? snd_rawmidi_read+0x740/0x740
[   58.281156][ T5071]  ? lock_downgrade+0x6e0/0x6e0
[   58.285996][ T5071]  ? io_poll_remove_entries.part.0+0x810/0x810
[   58.292137][ T5071]  ? handle_tw_list+0x1a3/0x460
[   58.296982][ T5071]  ? lock_acquire+0x32/0xc0
[   58.301477][ T5071]  ? handle_tw_list+0x1a3/0x460
[   58.306344][ T5071]  handle_tw_list+0xa8/0x460
[   58.310945][ T5071]  tctx_task_work+0x12e/0x530
[   58.315613][ T5071]  ? handle_tw_list+0x460/0x460
[   58.320450][ T5071]  ? lock_downgrade+0x6e0/0x6e0
[   58.325294][ T5071]  ? do_raw_spin_lock+0x124/0x2b0
[   58.330320][ T5071]  ? rwlock_bug.part.0+0x90/0x90
[   58.335245][ T5071]  ? _raw_spin_unlock_irq+0x23/0x50
[   58.340443][ T5071]  task_work_run+0x16f/0x270
[   58.345027][ T5071]  ? task_work_cancel+0x30/0x30
[   58.349876][ T5071]  get_signal+0x1c7/0x24f0
[   58.354281][ T5071]  ? kmem_cache_free+0xec/0x4e0
[   58.359122][ T5071]  ? exit_signals+0x910/0x910
[   58.363801][ T5071]  ? do_sys_openat2+0xa1/0x4c0
[   58.368555][ T5071]  ? __ia32_sys_get_robust_list+0x400/0x400
[   58.374448][ T5071]  arch_do_signal_or_restart+0x79/0x5c0
[   58.379999][ T5071]  ? get_sigframe_size+0x10/0x10
[   58.384928][ T5071]  ? __x64_sys_open+0x11d/0x1c0
[   58.389769][ T5071]  exit_to_user_mode_prepare+0x11f/0x240
[   58.395390][ T5071]  syscall_exit_to_user_mode+0x1d/0x50
[   58.400843][ T5071]  do_syscall_64+0x46/0xb0
[   58.405250][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.411136][ T5071] RIP: 0033:0x7f6bc7db1669
[   58.415534][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   58.435129][ T5071] RSP: 002b:00007f6bc7d3e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   58.443528][ T5071] RAX: fffffffffffffffe RBX: 00007f6bc7e374f8 RCX: 00007f6bc7db1669
[   58.451483][ T5071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[   58.459440][ T5071] RBP: 00007f6bc7e374f0 R08: 0000000000000000 R09: 0000000000000000
[   58.467403][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bc7e374fc
[   58.475356][ T5071] R13: 00007f6bc7e04004 R14: 0030656c69662f2e R15: 0000000000000000
[   58.483318][ T5071]  </TASK>
[   58.486482][ T5071] Kernel Offset: disabled
[   58.490800][ T5071] Rebooting in 86400 seconds..