./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3872269736
<...>
Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts.
execve("./syz-executor3872269736", ["./syz-executor3872269736"], 0x7ffd4f299800 /* 10 vars */) = 0
brk(NULL) = 0x55555640a000
brk(0x55555640ac40) = 0x55555640ac40
arch_prctl(ARCH_SET_FS, 0x55555640a300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x55555640a5d0) = 5077
set_robust_list(0x55555640a5e0, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fa2db001000, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa2db0016d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fa2db0010a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa2db0016d0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3872269736", 4096) = 28
brk(0x55555642bc40) = 0x55555642bc40
brk(0x55555642c000) = 0x55555642c000
mprotect(0x7fa2db0c1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
futex(0x7fa2db0c742c, FUTEX_WAKE_PRIVATE, 1000000) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa2dafd1000
mprotect(0x7fa2dafd2000, 131072, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7fa2daff13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7fa2daff1700, child_tidptr=0x7fa2daff19d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5077] futex(0x7fa2db0c7428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] futex(0x7fa2db0c742c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5078] set_robust_list(0x7fa2daff19e0, 24) = 0
[pid 5078] openat(AT_FDCWD, "/dev/snd/midiC2D0", O_WRONLY|O_NOCTTY|O_SYNC|O_NOATIME) = 3
[pid 5078] futex(0x7fa2db0c742c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5077] <... futex resumed>) = 0
[pid 5077] futex(0x7fa2db0c7428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] futex(0x7fa2db0c742c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5078] dup(3) = 4
[pid 5078] futex(0x7fa2db0c742c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5077] <... futex resumed>) = 0
[pid 5077] futex(0x7fa2db0c7428, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] futex(0x7fa2db0c742c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5078] write(4, "\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966572 <unfinished ...>
[pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 5077] futex(0x7fa2db0c742c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 5077] futex(0x7fa2db0c743c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa2dafb0000
[pid 5077] mprotect(0x7fa2dafb1000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 5077] clone(child_stack=0x7fa2dafd03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7fa2dafd0700, child_tidptr=0x7fa2dafd09d0) = 5079
[pid 5077] futex(0x7fa2db0c7438, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] futex(0x7fa2db0c743c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached
<unfinished ...>
[pid 5079] set_robust_list(0x7fa2dafd09e0, 24) = 0
[pid 5079] io_uring_setup(16094, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 5
[pid 5079] mmap(0x20002000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0) = 0x20002000
[pid 5079] mmap(0x20003000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0x10000000) = 0x20003000
[pid 5079] futex(0x7fa2db0c743c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5077] <... futex resumed>) = 0
[pid 5077] futex(0x7fa2db0c7438, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] futex(0x7fa2db0c743c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5079] <... futex resumed>) = 1
[pid 5079] futex(0x7fa2db0c743c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5077] <... futex resumed>) = 0
[pid 5077] futex(0x7fa2db0c7438, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5077] futex(0x7fa2db0c743c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5079] <... futex resumed>) = 1
[pid 5079] io_uring_enter(5, 767, 0, 0, NULL, 8192) = 1
[pid 5079] futex(0x7fa2db0c743c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5077] <... futex resumed>) = 0
[pid 5079] <... futex resumed>) = 1
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 5079] futex(0x7fa2db0c7438, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[ 61.602375][ T5079] ==================================================================
[ 61.610502][ T5079] BUG: KASAN: use-after-free in snd_rawmidi_poll+0x559/0x680
[ 61.617898][ T5079] Read of size 8 at addr ffff88801dff4dc8 by task syz-executor387/5079
[ 61.626138][ T5079]
[ 61.628466][ T5079] CPU: 0 PID: 5079 Comm: syz-executor387 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[ 61.638356][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.648410][ T5079] Call Trace:
[ 61.651690][ T5079] <TASK>
[ 61.654622][ T5079] dump_stack_lvl+0xd1/0x138
[ 61.659233][ T5079] print_report+0x15e/0x45d
[ 61.663747][ T5079] ? __phys_addr+0xc8/0x140
[ 61.668269][ T5079] ? snd_rawmidi_poll+0x559/0x680
[ 61.673304][ T5079] kasan_report+0xc0/0xf0
[ 61.677649][ T5079] ? snd_rawmidi_poll+0x559/0x680
[ 61.682692][ T5079] snd_rawmidi_poll+0x559/0x680
[ 61.687556][ T5079] io_poll_task_func+0x3a6/0x1220
[ 61.692592][ T5079] ? snd_rawmidi_read+0x740/0x740
[ 61.697626][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 61.702486][ T5079] ? io_poll_remove_entries.part.0+0x810/0x810
[ 61.708648][ T5079] ? handle_tw_list+0x1a3/0x460
[ 61.713520][ T5079] ? lock_acquire+0x32/0xc0
[ 61.718055][ T5079] ? handle_tw_list+0x1a3/0x460
[ 61.722938][ T5079] handle_tw_list+0xa8/0x460
[ 61.727553][ T5079] tctx_task_work+0x12e/0x530
[ 61.732244][ T5079] ? handle_tw_list+0x460/0x460
[ 61.737111][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 61.741970][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 61.747050][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 61.752000][ T5079] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.757219][ T5079] task_work_run+0x16f/0x270
[ 61.761837][ T5079] ? task_work_cancel+0x30/0x30
[ 61.766708][ T5079] get_signal+0x1c7/0x24f0
[ 61.771133][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 61.776166][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 61.781114][ T5079] ? lock_acquire+0x32/0xc0
[ 61.785624][ T5079] ? ptrace_stop.part.0+0x4e3/0x8e0
[ 61.790830][ T5079] ? exit_signals+0x910/0x910
[ 61.795520][ T5079] ? find_held_lock+0x2d/0x110
[ 61.800304][ T5079] arch_do_signal_or_restart+0x79/0x5c0
[ 61.805871][ T5079] ? get_sigframe_size+0x10/0x10
[ 61.810817][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 61.815678][ T5079] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.820898][ T5079] exit_to_user_mode_prepare+0x11f/0x240
[ 61.826551][ T5079] syscall_exit_to_user_mode+0x1d/0x50
[ 61.832024][ T5079] do_syscall_64+0x46/0xb0
[ 61.836456][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.842371][ T5079] RIP: 0033:0x7fa2db0434a9
[ 61.846793][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.866425][ T5079] RSP: 002b:00007fa2dafd0308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 61.874870][ T5079] RAX: fffffffffffffe00 RBX: 00007fa2db0c7438 RCX: 00007fa2db0434a9
[ 61.882869][ T5079] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2db0c7438
[ 61.890855][ T5079] RBP: 00007fa2db0c7430 R08: 0000000000000000 R09: 0000000000000000
[ 61.898835][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2db095004
[ 61.906831][ T5079] R13: 0000000000000005 R14: 00007fa2dafd0400 R15: 0000000000022000
[ 61.914822][ T5079] </TASK>
[ 61.917843][ T5079]
[ 61.920167][ T5079] Allocated by task 5078:
[ 61.924490][ T5079] kasan_save_stack+0x22/0x40
[ 61.929184][ T5079] kasan_set_track+0x25/0x30
[ 61.933958][ T5079] __kasan_kmalloc+0xa2/0xb0
[ 61.938687][ T5079] snd_rawmidi_open+0x39a/0xb70
[ 61.943547][ T5079] snd_open+0x223/0x460
[ 61.947716][ T5079] chrdev_open+0x26a/0x770
[ 61.952134][ T5079] do_dentry_open+0x6cc/0x13f0
[ 61.956915][ T5079] path_openat+0x1bc1/0x2b40
[ 61.961522][ T5079] do_filp_open+0x1ba/0x410
[ 61.966073][ T5079] do_sys_openat2+0x16d/0x4c0
[ 61.970815][ T5079] __x64_sys_openat+0x143/0x1f0
[ 61.975685][ T5079] do_syscall_64+0x39/0xb0
[ 61.980120][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.986050][ T5079]
[ 61.988384][ T5079] Freed by task 5079:
[ 61.992366][ T5079] kasan_save_stack+0x22/0x40
[ 61.997839][ T5079] kasan_set_track+0x25/0x30
[ 62.002440][ T5079] kasan_save_free_info+0x2e/0x40
[ 62.007482][ T5079] ____kasan_slab_free+0x160/0x1c0
[ 62.012601][ T5079] slab_free_freelist_hook+0x8b/0x1c0
[ 62.017983][ T5079] __kmem_cache_free+0xaf/0x2d0
[ 62.022843][ T5079] snd_rawmidi_release+0x6a/0xf0
[ 62.027792][ T5079] __fput+0x27c/0xa90
[ 62.031788][ T5079] task_work_run+0x16f/0x270
[ 62.036428][ T5079] get_signal+0x1c7/0x24f0
[ 62.040856][ T5079] arch_do_signal_or_restart+0x79/0x5c0
[ 62.046412][ T5079] exit_to_user_mode_prepare+0x11f/0x240
[ 62.052054][ T5079] syscall_exit_to_user_mode+0x1d/0x50
[ 62.057529][ T5079] do_syscall_64+0x46/0xb0
[ 62.061957][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.067869][ T5079]
[ 62.070186][ T5079] The buggy address belongs to the object at ffff88801dff4dc0
[ 62.070186][ T5079] which belongs to the cache kmalloc-32 of size 32
[ 62.084677][ T5079] The buggy address is located 8 bytes inside of
[ 62.084677][ T5079] 32-byte region [ffff88801dff4dc0, ffff88801dff4de0)
[ 62.097694][ T5079]
[ 62.100014][ T5079] The buggy address belongs to the physical page:
[ 62.106423][ T5079] page:ffffea000077fd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dff4
[ 62.116579][ T5079] anon flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 62.124567][ T5079] raw: 00fff00000000200 ffff888012441500 0000000000000000 dead000000000001
[ 62.133154][ T5079] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[ 62.141732][ T5079] page dumped because: kasan: bad access detected
[ 62.148139][ T5079] page_owner tracks the page as allocated
[ 62.153846][ T5079] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4439, tgid 4439 (udevadm), ts 18106124833, free_ts 13090785320
[ 62.171578][ T5079] get_page_from_freelist+0x11bb/0x2d50
[ 62.177148][ T5079] __alloc_pages+0x1cb/0x5c0
[ 62.181748][ T5079] alloc_pages+0x1aa/0x270
[ 62.186172][ T5079] allocate_slab+0x25f/0x350
[ 62.190765][ T5079] ___slab_alloc+0xa91/0x1400
[ 62.195448][ T5079] __slab_alloc.constprop.0+0x56/0xa0
[ 62.200835][ T5079] __kmem_cache_alloc_node+0x136/0x330
[ 62.206300][ T5079] __kmalloc+0x4a/0xd0
[ 62.210381][ T5079] tomoyo_encode2.part.0+0xe9/0x3a0
[ 62.215591][ T5079] tomoyo_encode+0x2c/0x50
[ 62.220018][ T5079] tomoyo_realpath_from_path+0x185/0x600
[ 62.225660][ T5079] tomoyo_path_perm+0x22d/0x430
[ 62.230519][ T5079] security_inode_getattr+0xd3/0x140
[ 62.235816][ T5079] vfs_statx+0x16e/0x430
[ 62.240060][ T5079] vfs_fstatat+0x90/0xb0
[ 62.244307][ T5079] __do_sys_newfstatat+0x8a/0x110
[ 62.249336][ T5079] page last free stack trace:
[ 62.254005][ T5079] free_pcp_prepare+0x4d0/0x910
[ 62.258864][ T5079] free_unref_page+0x1d/0x490
[ 62.263552][ T5079] __vunmap+0x7fe/0xc00
[ 62.267715][ T5079] free_work+0x5c/0x80
[ 62.271787][ T5079] process_one_work+0x9bf/0x1750
[ 62.276741][ T5079] worker_thread+0x669/0x1090
[ 62.281424][ T5079] kthread+0x2e8/0x3a0
[ 62.285498][ T5079] ret_from_fork+0x1f/0x30
[ 62.289935][ T5079]
[ 62.292251][ T5079] Memory state around the buggy address:
[ 62.297884][ T5079] ffff88801dff4c80: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[ 62.305946][ T5079] ffff88801dff4d00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 62.314009][ T5079] >ffff88801dff4d80: 00 00 00 05 fc fc fc fc fa fb fb fb fc fc fc fc
[ 62.322068][ T5079] ^
[ 62.328478][ T5079] ffff88801dff4e00: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[ 62.336537][ T5079] ffff88801dff4e80: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
[ 62.344591][ T5079] ==================================================================
[ 62.353252][ T5079] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 62.360466][ T5079] CPU: 1 PID: 5079 Comm: syz-executor387 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[ 62.370380][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 62.380439][ T5079] Call Trace:
[ 62.383721][ T5079] <TASK>
[ 62.386651][ T5079] dump_stack_lvl+0xd1/0x138
[ 62.391251][ T5079] panic+0x2cc/0x626
[ 62.395198][ T5079] ? panic_print_sys_info.part.0+0x112/0x112
[ 62.401199][ T5079] ? preempt_schedule_thunk+0x1a/0x20
[ 62.406597][ T5079] ? preempt_schedule_common+0x59/0xc0
[ 62.412082][ T5079] check_panic_on_warn.cold+0x19/0x35
[ 62.417483][ T5079] end_report.part.0+0x36/0x73
[ 62.422252][ T5079] ? snd_rawmidi_poll+0x559/0x680
[ 62.427371][ T5079] kasan_report.cold+0xa/0xf
[ 62.431971][ T5079] ? snd_rawmidi_poll+0x559/0x680
[ 62.437007][ T5079] snd_rawmidi_poll+0x559/0x680
[ 62.442128][ T5079] io_poll_task_func+0x3a6/0x1220
[ 62.447161][ T5079] ? snd_rawmidi_read+0x740/0x740
[ 62.452194][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 62.457051][ T5079] ? io_poll_remove_entries.part.0+0x810/0x810
[ 62.463216][ T5079] ? handle_tw_list+0x1a3/0x460
[ 62.468087][ T5079] ? lock_acquire+0x32/0xc0
[ 62.472595][ T5079] ? handle_tw_list+0x1a3/0x460
[ 62.477462][ T5079] handle_tw_list+0xa8/0x460
[ 62.482079][ T5079] tctx_task_work+0x12e/0x530
[ 62.486767][ T5079] ? handle_tw_list+0x460/0x460
[ 62.491628][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 62.496490][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 62.501523][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 62.506476][ T5079] ? _raw_spin_unlock_irq+0x23/0x50
[ 62.511694][ T5079] task_work_run+0x16f/0x270
[ 62.516303][ T5079] ? task_work_cancel+0x30/0x30
[ 62.521170][ T5079] get_signal+0x1c7/0x24f0
[ 62.525591][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 62.530626][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 62.535581][ T5079] ? lock_acquire+0x32/0xc0
[ 62.540091][ T5079] ? ptrace_stop.part.0+0x4e3/0x8e0
[ 62.545297][ T5079] ? exit_signals+0x910/0x910
[ 62.549981][ T5079] ? find_held_lock+0x2d/0x110
[ 62.554870][ T5079] arch_do_signal_or_restart+0x79/0x5c0
[ 62.560518][ T5079] ? get_sigframe_size+0x10/0x10
[ 62.565560][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 62.570594][ T5079] ? _raw_spin_unlock_irq+0x23/0x50
[ 62.575818][ T5079] exit_to_user_mode_prepare+0x11f/0x240
[ 62.581465][ T5079] syscall_exit_to_user_mode+0x1d/0x50
[ 62.586941][ T5079] do_syscall_64+0x46/0xb0
[ 62.591393][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.597301][ T5079] RIP: 0033:0x7fa2db0434a9
[ 62.601732][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.621346][ T5079] RSP: 002b:00007fa2dafd0308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 62.629762][ T5079] RAX: fffffffffffffe00 RBX: 00007fa2db0c7438 RCX: 00007fa2db0434a9
[ 62.637737][ T5079] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2db0c7438
[ 62.645708][ T5079] RBP: 00007fa2db0c7430 R08: 0000000000000000 R09: 0000000000000000
[ 62.653681][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2db095004
[ 62.661651][ T5079] R13: 0000000000000005 R14: 00007fa2dafd0400 R15: 0000000000022000
[ 62.669632][ T5079] </TASK>
[ 62.672810][ T5079] Kernel Offset: disabled
[ 62.677131][ T5079] Rebooting in 86400 seconds..