Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. executing program [ 30.392868][ T93] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 30.483067][ T93] usb 1-1: Using ep0 maxpacket: 8 [ 30.603441][ T93] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=dc.dc [ 30.612620][ T93] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.622614][ T93] usb 1-1: config 0 descriptor?? [ 30.872971][ T93] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 30.886565][ T93] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 66:4e:8e:1b:1b:96 executing program [ 31.074800][ T93] usb 1-1: USB disconnect, device number 2 [ 31.081397][ T93] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 31.153942][ T93] ================================================================== [ 31.162124][ T93] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xef [ 31.169583][ T93] Read of size 8 at addr ffff8881c62db800 by task kworker/0:2/93 [ 31.177294][ T93] [ 31.181997][ T93] CPU: 0 PID: 93 Comm: kworker/0:2 Not tainted 5.6.0-rc3-syzkaller #0 [ 31.190244][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.201036][ T93] Workqueue: usb_hub_wq hub_event [ 31.206312][ T93] Call Trace: [ 31.210126][ T93] dump_stack+0xef/0x16e [ 31.214371][ T93] ? ax88172a_unbind+0x76/0xef [ 31.219143][ T93] ? ax88172a_unbind+0x76/0xef [ 31.224086][ T93] print_address_description.constprop.0.cold+0xd3/0x314 [ 31.231201][ T93] ? ax88172a_unbind+0x76/0xef [ 31.235973][ T93] ? ax88172a_unbind+0x76/0xef [ 31.240719][ T93] __kasan_report.cold+0x37/0x77 [ 31.245656][ T93] ? mark_held_locks+0x50/0xe0 [ 31.250409][ T93] ? ax88172a_unbind+0x76/0xef [ 31.255166][ T93] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 31.260354][ T93] kasan_report+0xe/0x20 [ 31.264626][ T93] ax88172a_unbind+0x76/0xef [ 31.269217][ T93] usbnet_disconnect+0x145/0x270 [ 31.274155][ T93] usb_unbind_interface+0x1bd/0x8a0 [ 31.279346][ T93] ? __pm_runtime_idle+0xd1/0x310 [ 31.284364][ T93] ? usb_autoresume_device+0x60/0x60 [ 31.289645][ T93] device_release_driver_internal+0x42f/0x500 [ 31.295704][ T93] bus_remove_device+0x2eb/0x5a0 [ 31.300635][ T93] device_del+0x481/0xd30 [ 31.304951][ T93] ? mark_held_locks+0x9f/0xe0 [ 31.309705][ T93] ? device_create_with_groups+0x120/0x120 [ 31.315604][ T93] ? lockdep_hardirqs_on+0x382/0x580 [ 31.320926][ T93] ? remove_intf_ep_devs+0x13f/0x1d0 [ 31.326209][ T93] usb_disable_device+0x23d/0x790 [ 31.332173][ T93] usb_disconnect+0x293/0x900 [ 31.336874][ T93] hub_event+0x1a1d/0x4300 [ 31.341300][ T93] ? hub_port_debounce+0x350/0x350 [ 31.346459][ T93] ? find_held_lock+0x2d/0x110 [ 31.351314][ T93] ? mark_held_locks+0xe0/0xe0 [ 31.356083][ T93] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 31.361611][ T93] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 31.366891][ T93] process_one_work+0x94b/0x1620 [ 31.371820][ T93] ? pwq_dec_nr_in_flight+0x310/0x310 [ 31.377232][ T93] ? do_raw_spin_lock+0x129/0x290 [ 31.382240][ T93] worker_thread+0x96/0xe20 [ 31.386780][ T93] ? process_one_work+0x1620/0x1620 [ 31.391991][ T93] kthread+0x318/0x420 [ 31.396051][ T93] ? kthread_create_on_node+0xf0/0xf0 [ 31.401551][ T93] ret_from_fork+0x24/0x30 [ 31.405945][ T93] [ 31.408256][ T93] Allocated by task 93: [ 31.412395][ T93] save_stack+0x1b/0x80 [ 31.416543][ T93] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 31.422176][ T93] ax88172a_bind+0xa4/0x8ba [ 31.426664][ T93] usbnet_probe+0xb54/0x2570 [ 31.431244][ T93] usb_probe_interface+0x310/0x800 [ 31.436347][ T93] really_probe+0x290/0xac0 [ 31.440857][ T93] driver_probe_device+0x223/0x350 [ 31.445995][ T93] __device_attach_driver+0x1d1/0x290 [ 31.451350][ T93] bus_for_each_drv+0x162/0x1e0 [ 31.456188][ T93] __device_attach+0x217/0x390 [ 31.461001][ T93] bus_probe_device+0x1e4/0x290 [ 31.465892][ T93] device_add+0x1459/0x1bf0 [ 31.470384][ T93] usb_set_configuration+0xe47/0x17d0 [ 31.475859][ T93] usb_generic_driver_probe+0x9d/0xe0 [ 31.481232][ T93] usb_probe_device+0xd9/0x230 [ 31.485977][ T93] really_probe+0x290/0xac0 [ 31.490464][ T93] driver_probe_device+0x223/0x350 [ 31.495594][ T93] __device_attach_driver+0x1d1/0x290 [ 31.500983][ T93] bus_for_each_drv+0x162/0x1e0 [ 31.505820][ T93] __device_attach+0x217/0x390 [ 31.510652][ T93] bus_probe_device+0x1e4/0x290 [ 31.515528][ T93] device_add+0x1459/0x1bf0 [ 31.520025][ T93] usb_new_device.cold+0x540/0xcd0 [ 31.525116][ T93] hub_event+0x21cb/0x4300 [ 31.529527][ T93] process_one_work+0x94b/0x1620 [ 31.534454][ T93] worker_thread+0x96/0xe20 [ 31.538943][ T93] kthread+0x318/0x420 [ 31.543135][ T93] ret_from_fork+0x24/0x30 [ 31.547726][ T93] [ 31.550134][ T93] Freed by task 93: [ 31.553937][ T93] save_stack+0x1b/0x80 [ 31.558083][ T93] __kasan_slab_free+0x117/0x160 [ 31.563005][ T93] kfree+0xd5/0x300 [ 31.566799][ T93] ax88172a_bind.cold+0x49/0x1d2 [ 31.571733][ T93] usbnet_probe+0xb54/0x2570 [ 31.576304][ T93] usb_probe_interface+0x310/0x800 [ 31.581395][ T93] really_probe+0x290/0xac0 [ 31.585933][ T93] driver_probe_device+0x223/0x350 [ 31.591074][ T93] __device_attach_driver+0x1d1/0x290 [ 31.596436][ T93] bus_for_each_drv+0x162/0x1e0 [ 31.601308][ T93] __device_attach+0x217/0x390 [ 31.606082][ T93] bus_probe_device+0x1e4/0x290 [ 31.610915][ T93] device_add+0x1459/0x1bf0 [ 31.615488][ T93] usb_set_configuration+0xe47/0x17d0 [ 31.620933][ T93] usb_generic_driver_probe+0x9d/0xe0 [ 31.626288][ T93] usb_probe_device+0xd9/0x230 [ 31.631073][ T93] really_probe+0x290/0xac0 [ 31.635560][ T93] driver_probe_device+0x223/0x350 [ 31.640676][ T93] __device_attach_driver+0x1d1/0x290 [ 31.646029][ T93] bus_for_each_drv+0x162/0x1e0 [ 31.650872][ T93] __device_attach+0x217/0x390 [ 31.655618][ T93] bus_probe_device+0x1e4/0x290 [ 31.660449][ T93] device_add+0x1459/0x1bf0 [ 31.664929][ T93] usb_new_device.cold+0x540/0xcd0 [ 31.670023][ T93] hub_event+0x21cb/0x4300 [ 31.674494][ T93] process_one_work+0x94b/0x1620 [ 31.679456][ T93] worker_thread+0x96/0xe20 [ 31.683966][ T93] kthread+0x318/0x420 [ 31.688035][ T93] ret_from_fork+0x24/0x30 [ 31.692426][ T93] [ 31.694852][ T93] The buggy address belongs to the object at ffff8881c62db800 [ 31.694852][ T93] which belongs to the cache kmalloc-64 of size 64 [ 31.708722][ T93] The buggy address is located 0 bytes inside of [ 31.708722][ T93] 64-byte region [ffff8881c62db800, ffff8881c62db840) [ 31.721722][ T93] The buggy address belongs to the page: [ 31.727354][ T93] page:ffffea000718b6c0 refcount:1 mapcount:0 mapping:ffff8881da003180 index:0x0 [ 31.736796][ T93] flags: 0x200000000000200(slab) [ 31.741727][ T93] raw: 0200000000000200 dead000000000100 dead000000000122 ffff8881da003180 [ 31.750299][ T93] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 31.758870][ T93] page dumped because: kasan: bad access detected [ 31.765401][ T93] [ 31.767729][ T93] Memory state around the buggy address: [ 31.773343][ T93] ffff8881c62db700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.781393][ T93] ffff8881c62db780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.789447][ T93] >ffff8881c62db800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.797488][ T93] ^ [ 31.801542][ T93] ffff8881c62db880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.809589][ T93] ffff8881c62db900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.817641][ T93] ================================================================== [ 31.825713][ T93] Disabling lock debugging due to kernel taint [ 31.832018][ T93] Kernel panic - not syncing: panic_on_warn set ... [ 31.838604][ T93] CPU: 0 PID: 93 Comm: kworker/0:2 Tainted: G B 5.6.0-rc3-syzkaller #0 [ 31.848120][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.858171][ T93] Workqueue: usb_hub_wq hub_event [ 31.863288][ T93] Call Trace: [ 31.866564][ T93] dump_stack+0xef/0x16e [ 31.870875][ T93] panic+0x2aa/0x6e1 [ 31.874843][ T93] ? add_taint.cold+0x16/0x16 [ 31.879501][ T93] ? ax88172a_unbind+0x76/0xef [ 31.885407][ T93] ? trace_hardirqs_on+0x55/0x200 [ 31.890475][ T93] ? ax88172a_unbind+0x76/0xef [ 31.895325][ T93] end_report+0x43/0x49 [ 31.899470][ T93] ? ax88172a_unbind+0x76/0xef [ 31.904218][ T93] __kasan_report.cold+0x55/0x77 [ 31.909151][ T93] ? mark_held_locks+0x50/0xe0 [ 31.913903][ T93] ? ax88172a_unbind+0x76/0xef [ 31.918711][ T93] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 31.923893][ T93] kasan_report+0xe/0x20 [ 31.928117][ T93] ax88172a_unbind+0x76/0xef [ 31.932705][ T93] usbnet_disconnect+0x145/0x270 [ 31.937627][ T93] usb_unbind_interface+0x1bd/0x8a0 [ 31.942821][ T93] ? __pm_runtime_idle+0xd1/0x310 [ 31.948273][ T93] ? usb_autoresume_device+0x60/0x60 [ 31.953577][ T93] device_release_driver_internal+0x42f/0x500 [ 31.959647][ T93] bus_remove_device+0x2eb/0x5a0 [ 31.964582][ T93] device_del+0x481/0xd30 [ 31.968916][ T93] ? mark_held_locks+0x9f/0xe0 [ 31.973707][ T93] ? device_create_with_groups+0x120/0x120 [ 31.979512][ T93] ? lockdep_hardirqs_on+0x382/0x580 [ 31.984787][ T93] ? remove_intf_ep_devs+0x13f/0x1d0 [ 31.990181][ T93] usb_disable_device+0x23d/0x790 [ 31.995246][ T93] usb_disconnect+0x293/0x900 [ 31.999914][ T93] hub_event+0x1a1d/0x4300 [ 32.004314][ T93] ? hub_port_debounce+0x350/0x350 [ 32.009402][ T93] ? find_held_lock+0x2d/0x110 [ 32.014153][ T93] ? mark_held_locks+0xe0/0xe0 [ 32.018943][ T93] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 32.024495][ T93] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 32.029766][ T93] process_one_work+0x94b/0x1620 [ 32.034685][ T93] ? pwq_dec_nr_in_flight+0x310/0x310 [ 32.040148][ T93] ? do_raw_spin_lock+0x129/0x290 [ 32.045172][ T93] worker_thread+0x96/0xe20 [ 32.049711][ T93] ? process_one_work+0x1620/0x1620 [ 32.054897][ T93] kthread+0x318/0x420 [ 32.058956][ T93] ? kthread_create_on_node+0xf0/0xf0 [ 32.064311][ T93] ret_from_fork+0x24/0x30 [ 32.069363][ T93] Kernel Offset: disabled [ 32.073691][ T93] Rebooting in 86400 seconds..