Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 52.632822][ T4188] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 52.641089][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 52.642770][ T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 52.656410][ T1324] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 52.663929][ T21] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 52.882866][ T4188] usb 5-1: Using ep0 maxpacket: 8
[ 52.912785][ T7] usb 1-1: Using ep0 maxpacket: 8
[ 52.932832][ T1324] usb 3-1: Using ep0 maxpacket: 8
[ 52.938009][ T21] usb 2-1: Using ep0 maxpacket: 8
[ 52.943164][ T23] usb 4-1: Using ep0 maxpacket: 8
[ 53.043022][ T4188] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 53.072887][ T7] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 53.122997][ T4188] usb 5-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0
[ 53.133013][ T4188] usb 5-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0
[ 53.142803][ T4188] usb 5-1: config 8 interface 0 has no altsetting 0
[ 53.152951][ T7] usb 1-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0
[ 53.153057][ T1324] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 53.163091][ T7] usb 1-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0
[ 53.170699][ T21] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 53.180302][ T7] usb 1-1: config 8 interface 0 has no altsetting 0
[ 53.188048][ T23] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 53.282969][ T1324] usb 3-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0
[ 53.292995][ T21] usb 2-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0
[ 53.302860][ T23] usb 4-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0
[ 53.312643][ T23] usb 4-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0
[ 53.312730][ T1324] usb 3-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0
[ 53.332565][ T21] usb 2-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0
[ 53.342341][ T23] usb 4-1: config 8 interface 0 has no altsetting 0
[ 53.343129][ T4188] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[ 53.349106][ T21] usb 2-1: config 8 interface 0 has no altsetting 0
[ 53.358693][ T4188] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 53.364734][ T1324] usb 3-1: config 8 interface 0 has no altsetting 0
[ 53.373225][ T4188] usb 5-1: Product: syz
[ 53.383760][ T4188] usb 5-1: Manufacturer: syz
[ 53.388348][ T4188] usb 5-1: SerialNumber: syz
[ 53.413054][ T7] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[ 53.422314][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 53.430416][ T7] usb 1-1: Product: syz
[ 53.436131][ T7] usb 1-1: Manufacturer: syz
[ 53.440872][ T7] usb 1-1: SerialNumber: syz
[ 53.502922][ T23] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[ 53.512442][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 53.520756][ T23] usb 4-1: Product: syz
[ 53.524974][ T23] usb 4-1: Manufacturer: syz
[ 53.529575][ T23] usb 4-1: SerialNumber: syz
[ 53.534422][ T21] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[ 53.543549][ T1324] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
executing program
[ 53.552562][ T1324] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 53.561313][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 53.571255][ T21] usb 2-1: Product: syz
[ 53.575645][ T1324] usb 3-1: Product: syz
[ 53.579808][ T1324] usb 3-1: Manufacturer: syz
[ 53.584783][ T21] usb 2-1: Manufacturer: syz
[ 53.589380][ T21] usb 2-1: SerialNumber: syz
[ 53.594153][ T1324] usb 3-1: SerialNumber: syz
executing program
[ 53.745803][ T4188] usb 5-1: selecting invalid altsetting 0
[ 53.774326][ T7] usb 1-1: selecting invalid altsetting 0
[ 53.781314][ T4188] snd-usb-audio: probe of 5-1:8.0 failed with error -12
executing program
executing program
executing program
[ 53.798971][ T4188] usb 5-1: USB disconnect, device number 2
[ 53.839265][ T7] ------------[ cut here ]------------
[ 53.852760][ T7] ODEBUG: free active (active state 0) object type: timer_list hint: snd_usbmidi_error_timer+0x0/0x660
[ 53.865547][ T7] WARNING: CPU: 0 PID: 7 at lib/debugobjects.c:521 debug_check_no_obj_freed+0x43c/0x530
[ 53.876196][ T7] Modules linked in:
[ 53.881241][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted syzkaller #0
[ 53.888852][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 53.899207][ T7] Workqueue: usb_hub_wq hub_event
[ 53.904286][ T7] RIP: 0010:debug_check_no_obj_freed+0x43c/0x530
[ 53.910627][ T7] Code: ef e8 c8 fd dc fd 4c 8b 45 00 48 c7 c7 20 f1 59 8a 48 c7 c6 e0 ed 59 8a 48 c7 c2 80 f2 59 8a 8b 0c 24 4d 89 e9 e8 e4 f0 b7 05 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 45 32 8a
[ 53.930816][ T7] RSP: 0018:ffffc90000cc6a18 EFLAGS: 00010246
[ 53.933084][ C1] ==================================================================
[ 53.936941][ T7] RAX: 8340c79405972a00 RBX: ffffffff962b0728 RCX: ffff888016a8bb80
[ 53.945014][ C1] BUG: KASAN: use-after-free in snd_usbmidi_error_timer+0x5fe/0x660
[ 53.945042][ C1] Read of size 1 at addr ffff888146e53d43 by task swapper/1/0
[ 53.953057][ T7] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 53.961068][ C1]
[ 53.961079][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 53.968689][ T7] RBP: ffffffff8a0c9cc0 R08: dffffc0000000000 R09: ffffed10172067b0
[ 53.976605][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 53.976619][ C1] Call Trace:
[ 53.976629][ C1]
[ 53.976638][ C1] dump_stack_lvl+0x168/0x230
[ 53.978940][ T7] R10: ffffed10172067b0 R11: 1ffff110172067af R12: ffff88807b89ac00
[ 53.985941][ C1] ? show_regs_print_info+0x20/0x20
[ 53.985963][ C1] ? load_image+0x3b0/0x3b0
[ 53.985978][ C1] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 53.985996][ C1] ? lock_acquire+0x1f2/0x3f0
[ 53.986016][ C1] print_address_description+0x60/0x2d0
[ 53.986033][ C1] ? snd_usbmidi_error_timer+0x5fe/0x660
[ 53.986050][ C1] kasan_report+0xdf/0x130
[ 53.986069][ C1] ? snd_usbmidi_error_timer+0x5fe/0x660
[ 53.986091][ C1] snd_usbmidi_error_timer+0x5fe/0x660
[ 53.994927][ T7] R13: ffffffff87bc58f0 R14: ffff88807b89a000 R15: ffff88807b89a840
[ 54.004079][ C1] ? __snd_usbmidi_create+0x2f90/0x2f90
[ 54.004105][ C1] call_timer_fn+0x16c/0x530
[ 54.007567][ T7] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[ 54.010206][ C1] ? __snd_usbmidi_create+0x2f90/0x2f90
[ 54.014966][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.022891][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 54.022914][ C1] ? __run_timers+0x7c0/0x7c0
[ 54.022939][ C1] ? rcu_is_watching+0x11/0xa0
[ 54.022957][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.028244][ T7] CR2: 00005649f5df23e0 CR3: 000000007a7a8000 CR4: 00000000003506f0
[ 54.032601][ C1] ? lockdep_hardirqs_on+0x94/0x140
[ 54.038595][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.042594][ C1] ? __snd_usbmidi_create+0x2f90/0x2f90
[ 54.048147][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.053728][ C1] __run_timers+0x525/0x7c0
[ 54.053762][ C1] ? detach_timer+0x2b0/0x2b0
[ 54.053779][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 54.058305][ T7] Call Trace:
[ 54.063787][ C1] ? sched_clock_cpu+0x15/0x3c0
[ 54.063808][ C1] ? ktime_get_real_ts64+0x420/0x420
[ 54.069406][ T7]
[ 54.077196][ C1] run_timer_softirq+0x63/0xf0
[ 54.077220][ C1] handle_softirqs+0x328/0x820
[ 54.082932][ T7] slab_free_freelist_hook+0x8b/0x170
[ 54.087322][ C1] ? __irq_exit_rcu+0x12f/0x220
[ 54.096410][ T7] ? snd_rawmidi_free+0x3b7/0x3e0
[ 54.101744][ C1] ? do_softirq+0x200/0x200
[ 54.108467][ T7] kfree+0xef/0x2a0
[ 54.114262][ C1] ? irqtime_account_irq+0xb2/0x1b0
[ 54.114287][ C1] __irq_exit_rcu+0x12f/0x220
[ 54.119097][ T7] ? ch345_broken_sysex_input+0x490/0x490
[ 54.123671][ C1] ? irq_exit_rcu+0x20/0x20
[ 54.123701][ C1] irq_exit_rcu+0x5/0x20
[ 54.128867][ T7] snd_rawmidi_free+0x3b7/0x3e0
[ 54.136812][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 54.136836][ C1]
[ 54.136843][ C1]
[ 54.136851][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 54.136870][ C1] RIP: 0010:default_idle+0xb/0x10
[ 54.136887][ C1] Code: bf 48 89 df e8 c6 03 11 f8 eb b5 e8 ef b5 f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 66 90 0f 00 2d 17 93 5a 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48
[ 54.136900][ C1] RSP: 0018:ffffc90000d67d48 EFLAGS: 000002c2
[ 54.136916][ C1] RAX: 1282fb4a7a5bbf00 RBX: ffff88813fe40000 RCX: 1282fb4a7a5bbf00
[ 54.142515][ T7] snd_rawmidi_dev_free+0x34/0x40
[ 54.150210][ C1] RDX: 0000000000000001 RSI: ffffffff8a0b1be0 RDI: ffffffff8a59e800
[ 54.150225][ C1] RBP: ffffc90000d67e80 R08: dffffc0000000000 R09: ffffed1017227662
[ 54.150239][ C1] R10: ffffed1017227662 R11: 1ffff11017227661 R12: ffffffff8d6935a8
[ 54.155933][ T7] __snd_device_free+0x1cd/0x2e0
[ 54.163706][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11027fc8000
[ 54.163736][ C1] default_idle_call+0x81/0xc0
[ 54.168454][ T7] snd_device_free_all+0xcb/0x180
[ 54.172949][ C1] do_idle+0x21b/0x5b0
[ 54.172971][ C1] ? ttwu_queue_wakelist+0x284/0x3b0
[ 54.179081][ T7] ? snd_mixer_oss_ioctl1+0x1590/0x1590
[ 54.182189][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 54.187105][ T7] release_card_device+0x6d/0x1f0
[ 54.192279][ C1] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 54.192307][ C1] ? lockdep_hardirqs_on+0x94/0x140
[ 54.192329][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 54.195388][ T7] ? snd_power_wait+0x80/0x80
[ 54.199981][ C1] ? _raw_spin_unlock+0x40/0x40
[ 54.204736][ T7] device_release+0x92/0x1c0
[ 54.210063][ C1] ? complete+0x56/0xa0
[ 54.210087][ C1] cpu_startup_entry+0x14/0x20
[ 54.210107][ C1] start_secondary+0x31f/0x430
[ 54.215090][ T7] kobject_put+0x21d/0x460
[ 54.219934][ C1] ? arch_scale_freq_tick+0x120/0x120
[ 54.224438][ T7] snd_card_free+0x123/0x190
[ 54.228199][ C1] secondary_startup_64_no_verify+0xb1/0xbb
[ 54.228235][ C1]
[ 54.228243][ C1]
[ 54.228249][ C1] Allocated by task 7:
[ 54.233611][ T4188] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 54.238059][ C1] __kasan_kmalloc+0xb5/0xf0
[ 54.243979][ T7] ? snd_card_free_on_error+0x1d0/0x1d0
[ 54.248227][ C1] snd_usbmidi_in_endpoint_create+0x7e/0xa20
[ 54.252463][ T7] usb_audio_probe+0x187f/0x1d50
[ 54.257263][ C1] __snd_usbmidi_create+0x16f8/0x2f90
[ 54.257278][ C1] create_composite_quirk+0x1ec/0x4e0
[ 54.257297][ C1] usb_audio_probe+0xb72/0x1d50
[ 54.257313][ C1] usb_probe_interface+0x5a0/0xaf0
[ 54.257330][ C1] really_probe+0x284/0xc80
[ 54.263102][ T7] ? snd_usb_autosuspend+0x1b0/0x1b0
[ 54.265852][ C1] __driver_probe_device+0x18c/0x330
[ 54.268770][ T7] ? pm_runtime_enable+0x1be/0x300
[ 54.274742][ C1] driver_probe_device+0x4f/0x420
[ 54.274759][ C1] __device_attach_driver+0x2b0/0x500
[ 54.274773][ C1] bus_for_each_drv+0x175/0x200
[ 54.274788][ C1] __device_attach+0x29b/0x460
[ 54.274803][ C1] bus_probe_device+0xbc/0x1e0
[ 54.279929][ T7] usb_probe_interface+0x5a0/0xaf0
[ 54.299385][ C1] device_add+0xa00/0xfb0
[ 54.299406][ C1] usb_set_configuration+0x1991/0x1fd0
[ 54.299420][ C1] usb_generic_driver_probe+0x89/0x150
[ 54.299435][ C1] usb_probe_device+0x139/0x270
[ 54.299451][ C1] really_probe+0x284/0xc80
[ 54.299466][ C1] __driver_probe_device+0x18c/0x330
[ 54.299477][ C1] driver_probe_device+0x4f/0x420
[ 54.299489][ C1] __device_attach_driver+0x2b0/0x500
[ 54.299503][ C1] bus_for_each_drv+0x175/0x200
[ 54.299515][ C1] __device_attach+0x29b/0x460
[ 54.299528][ C1] bus_probe_device+0xbc/0x1e0
[ 54.299540][ C1] device_add+0xa00/0xfb0
[ 54.299554][ C1] usb_new_device+0xd53/0x1640
[ 54.305873][ T7] ? usb_register_driver+0x3d0/0x3d0
[ 54.313556][ C1] hub_event+0x2dd9/0x5560
[ 54.313578][ C1] process_one_work+0x863/0x1000
[ 54.313595][ C1] worker_thread+0xaa8/0x12a0
[ 54.318842][ T7] really_probe+0x284/0xc80
[ 54.326571][ C1] kthread+0x436/0x520
[ 54.326590][ C1] ret_from_fork+0x1f/0x30
[ 54.326607][ C1]
[ 54.326613][ C1] Freed by task 7:
[ 54.334855][ T7] __driver_probe_device+0x18c/0x330
[ 54.342611][ C1] kasan_set_track+0x4b/0x70
[ 54.348168][ T7] driver_probe_device+0x4f/0x420
[ 54.355495][ C1] kasan_set_free_info+0x1f/0x40
[ 54.355517][ C1] ____kasan_slab_free+0xd5/0x110
[ 54.355533][ C1] slab_free_freelist_hook+0xea/0x170
[ 54.360538][ T7] __device_attach_driver+0x2b0/0x500
[ 54.365367][ C1] kfree+0xef/0x2a0
[ 54.365383][ C1] snd_usbmidi_rawmidi_free+0xaa/0x150
[ 54.365405][ C1] snd_rawmidi_free+0x3b7/0x3e0
[ 54.369453][ T7] ? deferred_probe_work_func+0x230/0x230
[ 54.374800][ C1] snd_rawmidi_dev_free+0x34/0x40
[ 54.374815][ C1] __snd_device_free+0x1cd/0x2e0
[ 54.374829][ C1] snd_device_free_all+0xcb/0x180
[ 54.374844][ C1] release_card_device+0x6d/0x1f0
[ 54.374857][ C1] device_release+0x92/0x1c0
[ 54.374869][ C1] kobject_put+0x21d/0x460
[ 54.374884][ C1] snd_card_free+0x123/0x190
[ 54.380557][ T7] bus_for_each_drv+0x175/0x200
[ 54.385572][ C1] usb_audio_probe+0x187f/0x1d50
[ 54.385592][ C1] usb_probe_interface+0x5a0/0xaf0
[ 54.390780][ T7] ? _raw_spin_unlock+0x40/0x40
[ 54.396466][ C1] really_probe+0x284/0xc80
[ 54.396483][ C1] __driver_probe_device+0x18c/0x330
[ 54.396498][ C1] driver_probe_device+0x4f/0x420
[ 54.396510][ C1] __device_attach_driver+0x2b0/0x500
[ 54.401869][ T7] ? subsys_find_device_by_id+0x350/0x350
[ 54.407556][ C1] bus_for_each_drv+0x175/0x200
[ 54.407573][ C1] __device_attach+0x29b/0x460
[ 54.407587][ C1] bus_probe_device+0xbc/0x1e0
[ 54.412443][ T7] __device_attach+0x29b/0x460
[ 54.417088][ C1] device_add+0xa00/0xfb0
[ 54.417116][ C1] usb_set_configuration+0x1991/0x1fd0
[ 54.421678][ T7] ? kobject_uevent_env+0x371/0x890
[ 54.425809][ C1] usb_generic_driver_probe+0x89/0x150
[ 54.425826][ C1] usb_probe_device+0x139/0x270
[ 54.425842][ C1] really_probe+0x284/0xc80
[ 54.425857][ C1] __driver_probe_device+0x18c/0x330
[ 54.425871][ C1] driver_probe_device+0x4f/0x420
[ 54.430740][ T7] ? device_attach+0x20/0x20
[ 54.435343][ C1] __device_attach_driver+0x2b0/0x500
[ 54.435361][ C1] bus_for_each_drv+0x175/0x200
[ 54.435376][ C1] __device_attach+0x29b/0x460
[ 54.439776][ T7] ? kobject_uevent_env+0x371/0x890
[ 54.445121][ C1] bus_probe_device+0xbc/0x1e0
[ 54.445137][ C1] device_add+0xa00/0xfb0
[ 54.445152][ C1] usb_new_device+0xd53/0x1640
[ 54.445170][ C1] hub_event+0x2dd9/0x5560
[ 54.445182][ C1] process_one_work+0x863/0x1000
[ 54.445204][ C1] worker_thread+0xaa8/0x12a0
[ 54.445222][ C1] kthread+0x436/0x520
[ 54.450229][ T7] bus_probe_device+0xbc/0x1e0
[ 54.455656][ C1] ret_from_fork+0x1f/0x30
[ 54.455675][ C1]
[ 54.455680][ C1] The buggy address belongs to the object at ffff888146e53c00
[ 54.455680][ C1] which belongs to the cache kmalloc-512 of size 512
[ 54.458684][ T7] ? device_add+0x97c/0xfb0
[ 54.461001][ C1] The buggy address is located 323 bytes inside of
[ 54.461001][ C1] 512-byte region [ffff888146e53c00, ffff888146e53e00)
[ 54.461019][ C1] The buggy address belongs to the page:
[ 54.461038][ C1] page:ffffea00051b9400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146e50
[ 54.465255][ T7] device_add+0xa00/0xfb0
[ 54.472546][ C1] head:ffffea00051b9400 order:2 compound_mapcount:0 compound_pincount:0
[ 54.477390][ T7] usb_set_configuration+0x1991/0x1fd0
[ 54.482658][ C1] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 54.482700][ C1] raw: 057ff00000010200 0000000000000000 0000000a00000001 ffff888016841c80
[ 54.488853][ T7] usb_generic_driver_probe+0x89/0x150
[ 54.493566][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 54.493576][ C1] page dumped because: kasan: bad access detected
[ 54.493592][ C1] page_owner tracks the page as allocated
[ 54.493597][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 6474586599, free_ts 6471475424
[ 54.499210][ T7] usb_probe_device+0x139/0x270
[ 54.504393][ C1] get_page_from_freelist+0x1b77/0x1c60
[ 54.504415][ C1] __alloc_pages+0x1e1/0x470
[ 54.509433][ T7] ? usb_register_device_driver+0x230/0x230
[ 54.514330][ C1] alloc_page_interleave+0x24/0x1e0
[ 54.514349][ C1] new_slab+0xc0/0x4b0
[ 54.518832][ T7] really_probe+0x284/0xc80
[ 54.524087][ C1] ___slab_alloc+0x81e/0xdf0
[ 54.524102][ C1] kmem_cache_alloc_node_trace+0x1dd/0x300
[ 54.524117][ C1] __alloc_disk_node+0x6b/0x4e0
[ 54.524134][ C1] __blk_alloc_disk+0x2a/0x60
[ 54.524148][ C1] brd_alloc+0x376/0x760
[ 54.529534][ T7] __driver_probe_device+0x18c/0x330
[ 54.534487][ C1] brd_init+0x125/0x1b0
[ 54.534506][ C1] do_one_initcall+0x1ee/0x680
[ 54.539684][ T7] driver_probe_device+0x4f/0x420
[ 54.544868][ C1] do_initcall_level+0x137/0x1f0
[ 54.544885][ C1] do_initcalls+0x4b/0x90
[ 54.544897][ C1] kernel_init_freeable+0x3ce/0x560
[ 54.544909][ C1] kernel_init+0x19/0x1b0
[ 54.544922][ C1] ret_from_fork+0x1f/0x30
[ 54.544941][ C1] page last free stack trace:
[ 54.550131][ T7] __device_attach_driver+0x2b0/0x500
[ 54.554527][ C1] free_unref_page_prepare+0x637/0x6c0
[ 54.554549][ C1] free_unref_page+0x94/0x280
[ 54.554565][ C1] stack_depot_save+0x418/0x440
[ 54.559319][ T7] ? deferred_probe_work_func+0x230/0x230
[ 54.564413][ C1] __kasan_slab_alloc+0xb3/0xd0
[ 54.564435][ C1] slab_post_alloc_hook+0x4c/0x380
[ 54.564446][ C1] kmem_cache_alloc+0x100/0x290
[ 54.564457][ C1] __debug_object_init+0x7ab/0xa40
[ 54.564476][ C1] init_timer_key+0x3d/0x2a0
[ 54.564491][ C1] blk_alloc_queue+0x1a9/0x5a0
[ 54.564507][ C1] __blk_alloc_disk+0x15/0x60
[ 54.564523][ C1] brd_alloc+0x376/0x760
[ 54.568994][ T7] bus_for_each_drv+0x175/0x200
[ 54.574260][ C1] brd_init+0x125/0x1b0
[ 54.574280][ C1] do_one_initcall+0x1ee/0x680
[ 54.579884][ T7] ? _raw_spin_unlock+0x40/0x40
[ 54.584543][ C1] do_initcall_level+0x137/0x1f0
[ 54.584561][ C1] do_initcalls+0x4b/0x90
[ 54.584574][ C1] kernel_init_freeable+0x3ce/0x560
[ 54.589070][ T7] ? subsys_find_device_by_id+0x350/0x350
[ 54.594327][ C1]
[ 54.594332][ C1] Memory state around the buggy address:
[ 54.594342][ C1] ffff888146e53c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.594352][ C1] ffff888146e53c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.594363][ C1] >ffff888146e53d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.594371][ C1] ^
[ 54.594380][ C1] ffff888146e53d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.594389][ C1] ffff888146e53e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.594396][ C1] ==================================================================
[ 54.594403][ C1] Disabling lock debugging due to kernel taint
[ 54.594443][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 54.594452][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0
[ 54.594466][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 54.594474][ C1] Call Trace:
[ 54.594480][ C1]
[ 54.599607][ T7] ? lockdep_hardirqs_on+0x94/0x140
[ 54.604849][ C1] dump_stack_lvl+0x168/0x230
[ 54.604870][ C1] ? show_regs_print_info+0x20/0x20
[ 54.609796][ T7] __device_attach+0x29b/0x460
[ 54.614427][ C1] ? load_image+0x3b0/0x3b0
[ 54.614449][ C1] panic+0x2c9/0x7f0
[ 54.619193][ T7] ? device_attach+0x20/0x20
[ 54.623496][ C1] ? bpf_jit_dump+0xd0/0xd0
[ 54.623510][ C1] ? _raw_spin_unlock_irqrestore+0xa5/0x100
[ 54.623527][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 54.628356][ T7] ? kobject_uevent_env+0x371/0x890
[ 54.633521][ C1] ? _raw_spin_unlock+0x40/0x40
[ 54.633540][ C1] ? snd_usbmidi_error_timer+0x5fe/0x660
[ 54.637929][ T7] bus_probe_device+0xbc/0x1e0
[ 54.643013][ C1] check_panic_on_warn+0x80/0xa0
[ 54.643032][ C1] ? snd_usbmidi_error_timer+0x5fe/0x660
[ 54.643047][ C1] end_report+0x6d/0xf0
[ 54.643063][ C1] kasan_report+0x102/0x130
[ 54.643079][ C1] ? snd_usbmidi_error_timer+0x5fe/0x660
[ 54.647824][ T4188] usb 5-1: Using ep0 maxpacket: 8
[ 54.652194][ C1] snd_usbmidi_error_timer+0x5fe/0x660
[ 54.656258][ T7] ? device_add+0x97c/0xfb0
[ 54.660620][ C1] ? __snd_usbmidi_create+0x2f90/0x2f90
[ 54.660636][ C1] call_timer_fn+0x16c/0x530
[ 54.660655][ C1] ? __snd_usbmidi_create+0x2f90/0x2f90
[ 54.663102][ T7] device_add+0xa00/0xfb0
[ 54.666643][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 54.671903][ T7] usb_new_device+0xd53/0x1640
[ 54.676458][ C1] ? __run_timers+0x7c0/0x7c0
[ 54.676477][ C1] ? rcu_is_watching+0x11/0xa0
[ 54.676491][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.681584][ T7] ? lock_chain_count+0x20/0x20
[ 54.686400][ C1] ? lockdep_hardirqs_on+0x94/0x140
[ 54.686421][ C1] ? __snd_usbmidi_create+0x2f90/0x2f90
[ 54.691411][ T7] ? usb_disconnect+0x8a0/0x8a0
[ 54.696758][ C1] __run_timers+0x525/0x7c0
[ 54.696780][ C1] ? detach_timer+0x2b0/0x2b0
[ 54.696794][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 54.696810][ C1] ? sched_clock_cpu+0x15/0x3c0
[ 54.696824][ C1] ? ktime_get_real_ts64+0x420/0x420
[ 54.696842][ C1] run_timer_softirq+0x63/0xf0
[ 54.696856][ C1] handle_softirqs+0x328/0x820
[ 54.696871][ C1] ? __irq_exit_rcu+0x12f/0x220
[ 54.702450][ T7] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.706004][ C1] ? do_softirq+0x200/0x200
[ 54.706023][ C1] ? irqtime_account_irq+0xb2/0x1b0
[ 54.711450][ T7] ? lockdep_hardirqs_on+0x94/0x140
[ 54.716278][ C1] __irq_exit_rcu+0x12f/0x220
[ 54.716293][ C1] ? irq_exit_rcu+0x20/0x20
[ 54.716310][ C1] irq_exit_rcu+0x5/0x20
[ 54.716323][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 54.722107][ T7] hub_event+0x2dd9/0x5560
[ 54.727008][ C1]
[ 54.727015][ C1]
[ 54.727020][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 54.731945][ T7] ? hub_post_resume+0x120/0x120
[ 54.736950][ C1] RIP: 0010:default_idle+0xb/0x10
[ 54.736968][ C1] Code: bf 48 89 df e8 c6 03 11 f8 eb b5 e8 ef b5 f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 66 90 0f 00 2d 17 93 5a 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48
[ 54.736981][ C1] RSP: 0018:ffffc90000d67d48 EFLAGS: 000002c2
[ 54.742238][ T7] ? read_lock_is_recursive+0x10/0x10
[ 54.746671][ C1]
[ 54.746677][ C1] RAX: 1282fb4a7a5bbf00 RBX: ffff88813fe40000 RCX: 1282fb4a7a5bbf00
[ 54.746689][ C1] RDX: 0000000000000001 RSI: ffffffff8a0b1be0 RDI: ffffffff8a59e800
[ 54.746699][ C1] RBP: ffffc90000d67e80 R08: dffffc0000000000 R09: ffffed1017227662
[ 54.746709][ C1] R10: ffffed1017227662 R11: 1ffff11017227661 R12: ffffffff8d6935a8
[ 54.746719][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11027fc8000
[ 54.746733][ C1] default_idle_call+0x81/0xc0
[ 54.746750][ C1] do_idle+0x21b/0x5b0
[ 54.746765][ C1] ? ttwu_queue_wakelist+0x284/0x3b0
[ 54.746779][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 54.751338][ T7] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 54.755744][ C1] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 54.755763][ C1] ? lockdep_hardirqs_on+0x94/0x140
[ 54.755780][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 54.760705][ T7] ? _raw_spin_unlock+0x40/0x40
[ 54.765517][ C1] ? _raw_spin_unlock+0x40/0x40
[ 54.765534][ C1] ? complete+0x56/0xa0
[ 54.770618][ T7] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.775440][ C1] cpu_startup_entry+0x14/0x20
[ 54.775459][ C1] start_secondary+0x31f/0x430
[ 54.775479][ C1] ? arch_scale_freq_tick+0x120/0x120
[ 54.780046][ T7] process_one_work+0x863/0x1000
[ 54.785206][ C1] secondary_startup_64_no_verify+0xb1/0xbb
[ 54.790361][ T7] ? worker_detach_from_pool+0x240/0x240
[ 54.795557][ C1]
[ 54.795865][ C1] Kernel Offset: disabled
[ 55.813923][ C1] Rebooting in 86400 seconds..