./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2860420038 <...> DUID 00:04:53:46:a9:9d:03:7a:46:b2:48:ff:4a:ea:3f:46:f2:43 forked to background, child pid 4652 [ 34.912450][ T4653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.940885][ T4653] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. execve("./syz-executor2860420038", ["./syz-executor2860420038"], 0x7ffe60fc6950 /* 10 vars */) = 0 brk(NULL) = 0x5555558f7000 brk(0x5555558f7c40) = 0x5555558f7c40 arch_prctl(ARCH_SET_FS, 0x5555558f7300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555558f75d0) = 5076 set_robust_list(0x5555558f75e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f469a1aa070, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f469a1aa740}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f469a1aa110, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f469a1aa740}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2860420038", 4096) = 28 brk(0x555555918c40) = 0x555555918c40 brk(0x555555919000) = 0x555555919000 mprotect(0x7f469a26a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f469a27042c, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f469a17a000 mprotect(0x7f469a17b000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f469a19a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5077 attached , parent_tid=[5077], tls=0x7f469a19a700, child_tidptr=0x7f469a19a9d0) = 5077 [pid 5076] futex(0x7f469a270428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27042c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] set_robust_list(0x7f469a19a9e0, 24) = 0 [pid 5077] openat(AT_FDCWD, "/dev/snd/midiC2D0", O_WRONLY|O_NOCTTY|O_SYNC|O_NOATIME) = 3 [pid 5077] futex(0x7f469a27042c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f469a270428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27042c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] dup(3) = 4 [pid 5077] futex(0x7f469a27042c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f469a270428, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27042c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] write(4, "\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2f\x64\x65\x76\x2f\x73\x6e\x64\x2f\x6d\x69\x64\x69\x43\x23\x44\x23\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966572 [pid 5076] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f469a27042c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f469a27042c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f469a27043c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f469a159000 [pid 5076] mprotect(0x7f469a15a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7f469a1793f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7f469a179700, child_tidptr=0x7f469a1799d0) = 5078 [pid 5076] futex(0x7f469a270438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27043c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f469a1799e0, 24) = 0 [pid 5078] io_uring_setup(16000, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 5 [pid 5078] mmap(0x20ee9000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0) = 0x20ee9000 [pid 5078] mmap(0x202ab000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0x10000000) = 0x202ab000 [pid 5078] futex(0x7f469a27043c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f469a270438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27043c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] futex(0x7f469a27043c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f469a270438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27043c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] io_uring_enter(5, 2318, 0, 0, NULL, 0) = 1 [pid 5078] futex(0x7f469a27043c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f469a270438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27043c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] ioctl(-1, SIOCGIFINDEX, {ifr_name="batadv0"}) = -1 EBADF (Bad file descriptor) [pid 5078] futex(0x7f469a27043c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f469a270438, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f469a27043c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] write(-1, NULL, 34136651) = -1 EBADF (Bad file descriptor) [pid 5078] futex(0x7f469a27043c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5078] futex(0x7f469a270438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) syzkaller login: [ 59.468981][ T5078] ================================================================== [ 59.477097][ T5078] BUG: KASAN: use-after-free in snd_rawmidi_poll+0x559/0x680 [ 59.484511][ T5078] Read of size 8 at addr ffff88801cfdad88 by task syz-executor286/5078 [ 59.492756][ T5078] [ 59.495076][ T5078] CPU: 1 PID: 5078 Comm: syz-executor286 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0 [ 59.504991][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.515056][ T5078] Call Trace: [ 59.518342][ T5078] [ 59.521284][ T5078] dump_stack_lvl+0xd1/0x138 [ 59.525900][ T5078] print_report+0x15e/0x45d [ 59.530414][ T5078] ? __phys_addr+0xc8/0x140 [ 59.534941][ T5078] ? snd_rawmidi_poll+0x559/0x680 [ 59.539979][ T5078] kasan_report+0xc0/0xf0 [ 59.544326][ T5078] ? snd_rawmidi_poll+0x559/0x680 [ 59.549375][ T5078] snd_rawmidi_poll+0x559/0x680 [ 59.554238][ T5078] io_poll_task_func+0x3a6/0x1220 [ 59.559295][ T5078] ? snd_rawmidi_read+0x740/0x740 [ 59.564439][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 59.569312][ T5078] ? io_poll_remove_entries.part.0+0x810/0x810 [ 59.575493][ T5078] ? handle_tw_list+0x1a3/0x460 [ 59.580375][ T5078] ? lock_acquire+0x32/0xc0 [ 59.584893][ T5078] ? handle_tw_list+0x1a3/0x460 [ 59.589766][ T5078] handle_tw_list+0xa8/0x460 [ 59.594381][ T5078] tctx_task_work+0x12e/0x530 [ 59.599071][ T5078] ? handle_tw_list+0x460/0x460 [ 59.603962][ T5078] task_work_run+0x16f/0x270 [ 59.608580][ T5078] ? task_work_cancel+0x30/0x30 [ 59.613457][ T5078] get_signal+0x1c7/0x24f0 [ 59.617883][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 59.622924][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 59.627871][ T5078] ? lock_acquire+0x32/0xc0 [ 59.632384][ T5078] ? ptrace_stop.part.0+0x4e3/0x8e0 [ 59.637594][ T5078] ? exit_signals+0x910/0x910 [ 59.642282][ T5078] ? find_held_lock+0x2d/0x110 [ 59.647078][ T5078] arch_do_signal_or_restart+0x79/0x5c0 [ 59.652639][ T5078] ? get_sigframe_size+0x10/0x10 [ 59.657595][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 59.662460][ T5078] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.667687][ T5078] exit_to_user_mode_prepare+0x11f/0x240 [ 59.673333][ T5078] syscall_exit_to_user_mode+0x1d/0x50 [ 59.678819][ T5078] do_syscall_64+0x46/0xb0 [ 59.683252][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.689168][ T5078] RIP: 0033:0x7f469a1ec519 [ 59.693676][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.713293][ T5078] RSP: 002b:00007f469a179308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 59.721757][ T5078] RAX: fffffffffffffe00 RBX: 00007f469a270438 RCX: 00007f469a1ec519 [ 59.729743][ T5078] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f469a270438 [ 59.737720][ T5078] RBP: 00007f469a270430 R08: 0000000000000000 R09: 0000000000000000 [ 59.745699][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f469a23e004 [ 59.753673][ T5078] R13: 0000000000000005 R14: 00007f469a179400 R15: 0000000000022000 [ 59.761656][ T5078] [ 59.764680][ T5078] [ 59.767000][ T5078] Allocated by task 5077: [ 59.771324][ T5078] kasan_save_stack+0x22/0x40 [ 59.776012][ T5078] kasan_set_track+0x25/0x30 [ 59.780617][ T5078] __kasan_kmalloc+0xa2/0xb0 [ 59.785214][ T5078] snd_rawmidi_open+0x39a/0xb70 [ 59.790082][ T5078] snd_open+0x223/0x460 [ 59.794252][ T5078] chrdev_open+0x26a/0x770 [ 59.798694][ T5078] do_dentry_open+0x6cc/0x13f0 [ 59.803478][ T5078] path_openat+0x1bc1/0x2b40 [ 59.808085][ T5078] do_filp_open+0x1ba/0x410 [ 59.812606][ T5078] do_sys_openat2+0x16d/0x4c0 [ 59.817290][ T5078] __x64_sys_openat+0x143/0x1f0 [ 59.822150][ T5078] do_syscall_64+0x39/0xb0 [ 59.826581][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.832491][ T5078] [ 59.834818][ T5078] Freed by task 5078: [ 59.838799][ T5078] kasan_save_stack+0x22/0x40 [ 59.843580][ T5078] kasan_set_track+0x25/0x30 [ 59.848180][ T5078] kasan_save_free_info+0x2e/0x40 [ 59.853218][ T5078] ____kasan_slab_free+0x160/0x1c0 [ 59.858339][ T5078] slab_free_freelist_hook+0x8b/0x1c0 [ 59.863719][ T5078] __kmem_cache_free+0xaf/0x2d0 [ 59.868756][ T5078] snd_rawmidi_release+0x6a/0xf0 [ 59.873705][ T5078] __fput+0x27c/0xa90 [ 59.877701][ T5078] task_work_run+0x16f/0x270 [ 59.882309][ T5078] get_signal+0x1c7/0x24f0 [ 59.886730][ T5078] arch_do_signal_or_restart+0x79/0x5c0 [ 59.892301][ T5078] exit_to_user_mode_prepare+0x11f/0x240 [ 59.897948][ T5078] syscall_exit_to_user_mode+0x1d/0x50 [ 59.903429][ T5078] do_syscall_64+0x46/0xb0 [ 59.907857][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.913769][ T5078] [ 59.916090][ T5078] The buggy address belongs to the object at ffff88801cfdad80 [ 59.916090][ T5078] which belongs to the cache kmalloc-32 of size 32 [ 59.929973][ T5078] The buggy address is located 8 bytes inside of [ 59.929973][ T5078] 32-byte region [ffff88801cfdad80, ffff88801cfdada0) [ 59.942990][ T5078] [ 59.945314][ T5078] The buggy address belongs to the physical page: [ 59.951720][ T5078] page:ffffea000073f680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cfda [ 59.961874][ T5078] ksm flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 59.969779][ T5078] raw: 00fff00000000200 ffff888012441500 ffffea0000a04940 dead000000000003 [ 59.978366][ T5078] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 59.986945][ T5078] page dumped because: kasan: bad access detected [ 59.993355][ T5078] page_owner tracks the page as allocated [ 59.999077][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 9375514533, free_ts 9300851488 [ 60.016285][ T5078] get_page_from_freelist+0x11bb/0x2d50 [ 60.021851][ T5078] __alloc_pages+0x1cb/0x5c0 [ 60.026459][ T5078] alloc_page_interleave+0x1e/0x200 [ 60.031701][ T5078] alloc_pages+0x233/0x270 [ 60.036128][ T5078] allocate_slab+0x25f/0x350 [ 60.040728][ T5078] ___slab_alloc+0xa91/0x1400 [ 60.045410][ T5078] __slab_alloc.constprop.0+0x56/0xa0 [ 60.050799][ T5078] __kmem_cache_alloc_node+0x136/0x330 [ 60.056269][ T5078] kmalloc_trace+0x26/0x60 [ 60.060785][ T5078] usb_get_device_descriptor+0x63/0xf0 [ 60.066291][ T5078] register_root_hub+0x14f/0x573 [ 60.071247][ T5078] usb_add_hcd.cold+0x100c/0x13a1 [ 60.076278][ T5078] vhci_hcd_probe+0x14f/0x3a0 [ 60.080974][ T5078] platform_probe+0x100/0x1f0 [ 60.085694][ T5078] really_probe+0x249/0xb90 [ 60.090208][ T5078] __driver_probe_device+0x1df/0x4d0 [ 60.095507][ T5078] page last free stack trace: [ 60.100180][ T5078] free_pcp_prepare+0x4d0/0x910 [ 60.105063][ T5078] free_unref_page+0x1d/0x490 [ 60.109771][ T5078] __vunmap+0x7fe/0xc00 [ 60.113940][ T5078] free_work+0x5c/0x80 [ 60.118022][ T5078] process_one_work+0x9bf/0x1750 [ 60.122993][ T5078] worker_thread+0x669/0x1090 [ 60.127703][ T5078] kthread+0x2e8/0x3a0 [ 60.131796][ T5078] ret_from_fork+0x1f/0x30 [ 60.136250][ T5078] [ 60.138573][ T5078] Memory state around the buggy address: [ 60.144217][ T5078] ffff88801cfdac80: 00 00 00 01 fc fc fc fc fa fb fb fb fc fc fc fc [ 60.152287][ T5078] ffff88801cfdad00: 00 00 00 07 fc fc fc fc 00 00 00 00 fc fc fc fc [ 60.160368][ T5078] >ffff88801cfdad80: fa fb fb fb fc fc fc fc 00 00 00 07 fc fc fc fc [ 60.168446][ T5078] ^ [ 60.172779][ T5078] ffff88801cfdae00: 00 00 00 00 fc fc fc fc 00 00 00 07 fc fc fc fc [ 60.180861][ T5078] ffff88801cfdae80: fb fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 60.188922][ T5078] ================================================================== [ 60.198776][ T5078] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.206000][ T5078] CPU: 1 PID: 5078 Comm: syz-executor286 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0 [ 60.215944][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.226002][ T5078] Call Trace: [ 60.229320][ T5078] [ 60.232245][ T5078] dump_stack_lvl+0xd1/0x138 [ 60.236833][ T5078] panic+0x2cc/0x626 [ 60.240738][ T5078] ? panic_print_sys_info.part.0+0x112/0x112 [ 60.246731][ T5078] ? preempt_schedule_thunk+0x1a/0x20 [ 60.252108][ T5078] ? preempt_schedule_common+0x59/0xc0 [ 60.257570][ T5078] check_panic_on_warn.cold+0x19/0x35 [ 60.262947][ T5078] end_report.part.0+0x36/0x73 [ 60.267704][ T5078] ? snd_rawmidi_poll+0x559/0x680 [ 60.272812][ T5078] kasan_report.cold+0xa/0xf [ 60.277483][ T5078] ? snd_rawmidi_poll+0x559/0x680 [ 60.282497][ T5078] snd_rawmidi_poll+0x559/0x680 [ 60.287340][ T5078] io_poll_task_func+0x3a6/0x1220 [ 60.292356][ T5078] ? snd_rawmidi_read+0x740/0x740 [ 60.297368][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 60.302235][ T5078] ? io_poll_remove_entries.part.0+0x810/0x810 [ 60.308378][ T5078] ? handle_tw_list+0x1a3/0x460 [ 60.313224][ T5078] ? lock_acquire+0x32/0xc0 [ 60.317737][ T5078] ? handle_tw_list+0x1a3/0x460 [ 60.322624][ T5078] handle_tw_list+0xa8/0x460 [ 60.327234][ T5078] tctx_task_work+0x12e/0x530 [ 60.331925][ T5078] ? handle_tw_list+0x460/0x460 [ 60.336806][ T5078] task_work_run+0x16f/0x270 [ 60.341419][ T5078] ? task_work_cancel+0x30/0x30 [ 60.346294][ T5078] get_signal+0x1c7/0x24f0 [ 60.350721][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 60.355775][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 60.360723][ T5078] ? lock_acquire+0x32/0xc0 [ 60.365232][ T5078] ? ptrace_stop.part.0+0x4e3/0x8e0 [ 60.370439][ T5078] ? exit_signals+0x910/0x910 [ 60.375126][ T5078] ? find_held_lock+0x2d/0x110 [ 60.379912][ T5078] arch_do_signal_or_restart+0x79/0x5c0 [ 60.385472][ T5078] ? get_sigframe_size+0x10/0x10 [ 60.390419][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 60.395283][ T5078] ? _raw_spin_unlock_irq+0x23/0x50 [ 60.400507][ T5078] exit_to_user_mode_prepare+0x11f/0x240 [ 60.406162][ T5078] syscall_exit_to_user_mode+0x1d/0x50 [ 60.411649][ T5078] do_syscall_64+0x46/0xb0 [ 60.416081][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.422002][ T5078] RIP: 0033:0x7f469a1ec519 [ 60.426430][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.446132][ T5078] RSP: 002b:00007f469a179308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 60.454553][ T5078] RAX: fffffffffffffe00 RBX: 00007f469a270438 RCX: 00007f469a1ec519 [ 60.462530][ T5078] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f469a270438 [ 60.470542][ T5078] RBP: 00007f469a270430 R08: 0000000000000000 R09: 0000000000000000 [ 60.478526][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f469a23e004 [ 60.486534][ T5078] R13: 0000000000000005 R14: 00007f469a179400 R15: 0000000000022000 [ 60.494517][ T5078] [ 60.497690][ T5078] Kernel Offset: disabled [ 60.502012][ T5078] Rebooting in 86400 seconds..