Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.432814][ T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 40.523045][ T95] usb 1-1: Using ep0 maxpacket: 8 [ 40.643334][ T95] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=dc.dc [ 40.652497][ T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.662507][ T95] usb 1-1: config 0 descriptor?? [ 40.922910][ T95] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 40.936267][ T95] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 46:c8:39:82:ed:11 executing program [ 41.124679][ T94] usb 1-1: USB disconnect, device number 2 [ 41.131244][ T94] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 41.203346][ T94] ================================================================== [ 41.211533][ T94] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xef [ 41.218655][ T94] Read of size 8 at addr ffff8881d9753e00 by task kworker/1:2/94 [ 41.226353][ T94] [ 41.228676][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Not tainted 5.6.0-rc3-syzkaller #0 [ 41.236904][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.247346][ T94] Workqueue: usb_hub_wq hub_event [ 41.252392][ T94] Call Trace: [ 41.255756][ T94] dump_stack+0xef/0x16e [ 41.259998][ T94] ? ax88172a_unbind+0x76/0xef [ 41.264822][ T94] ? ax88172a_unbind+0x76/0xef [ 41.269591][ T94] print_address_description.constprop.0.cold+0xd3/0x314 [ 41.276612][ T94] ? ax88172a_unbind+0x76/0xef [ 41.281481][ T94] ? ax88172a_unbind+0x76/0xef [ 41.286335][ T94] __kasan_report.cold+0x37/0x77 [ 41.291258][ T94] ? mark_held_locks+0x50/0xe0 [ 41.296017][ T94] ? ax88172a_unbind+0x76/0xef [ 41.300780][ T94] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 41.305982][ T94] kasan_report+0xe/0x20 [ 41.310220][ T94] ax88172a_unbind+0x76/0xef [ 41.314803][ T94] usbnet_disconnect+0x145/0x270 [ 41.319726][ T94] usb_unbind_interface+0x1bd/0x8a0 [ 41.324922][ T94] ? __pm_runtime_idle+0xd1/0x310 [ 41.329942][ T94] ? usb_autoresume_device+0x60/0x60 [ 41.335224][ T94] device_release_driver_internal+0x42f/0x500 [ 41.341285][ T94] bus_remove_device+0x2eb/0x5a0 [ 41.346221][ T94] device_del+0x481/0xd30 [ 41.350537][ T94] ? mark_held_locks+0x9f/0xe0 [ 41.355281][ T94] ? device_create_with_groups+0x120/0x120 [ 41.361156][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 41.366430][ T94] ? remove_intf_ep_devs+0x13f/0x1d0 [ 41.371711][ T94] usb_disable_device+0x23d/0x790 [ 41.376718][ T94] usb_disconnect+0x293/0x900 [ 41.381376][ T94] hub_event+0x1a1d/0x4300 [ 41.385779][ T94] ? hub_port_debounce+0x350/0x350 [ 41.391921][ T94] ? find_held_lock+0x2d/0x110 [ 41.396665][ T94] ? mark_held_locks+0xe0/0xe0 [ 41.401412][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 41.406953][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 41.412219][ T94] process_one_work+0x94b/0x1620 [ 41.417139][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 41.422529][ T94] ? do_raw_spin_lock+0x129/0x290 [ 41.427818][ T94] worker_thread+0x96/0xe20 [ 41.432331][ T94] ? process_one_work+0x1620/0x1620 [ 41.437542][ T94] kthread+0x318/0x420 [ 41.441624][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 41.447069][ T94] ret_from_fork+0x24/0x30 [ 41.451475][ T94] [ 41.453785][ T94] Allocated by task 95: [ 41.457943][ T94] save_stack+0x1b/0x80 [ 41.462081][ T94] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 41.467703][ T94] ax88172a_bind+0xa4/0x8ba [ 41.472192][ T94] usbnet_probe+0xb54/0x2570 [ 41.476793][ T94] usb_probe_interface+0x310/0x800 [ 41.481887][ T94] really_probe+0x290/0xac0 [ 41.486391][ T94] driver_probe_device+0x223/0x350 [ 41.491484][ T94] __device_attach_driver+0x1d1/0x290 [ 41.496846][ T94] bus_for_each_drv+0x162/0x1e0 [ 41.501684][ T94] __device_attach+0x217/0x390 [ 41.506438][ T94] bus_probe_device+0x1e4/0x290 [ 41.511278][ T94] device_add+0x1459/0x1bf0 [ 41.515781][ T94] usb_set_configuration+0xe47/0x17d0 [ 41.521162][ T94] usb_generic_driver_probe+0x9d/0xe0 [ 41.526650][ T94] usb_probe_device+0xd9/0x230 [ 41.531534][ T94] really_probe+0x290/0xac0 [ 41.536118][ T94] driver_probe_device+0x223/0x350 [ 41.541228][ T94] __device_attach_driver+0x1d1/0x290 [ 41.546585][ T94] bus_for_each_drv+0x162/0x1e0 [ 41.551790][ T94] __device_attach+0x217/0x390 [ 41.556541][ T94] bus_probe_device+0x1e4/0x290 [ 41.561384][ T94] device_add+0x1459/0x1bf0 [ 41.565889][ T94] usb_new_device.cold+0x540/0xcd0 [ 41.570984][ T94] hub_event+0x21cb/0x4300 [ 41.575403][ T94] process_one_work+0x94b/0x1620 [ 41.580415][ T94] worker_thread+0x96/0xe20 [ 41.584915][ T94] kthread+0x318/0x420 [ 41.588962][ T94] ret_from_fork+0x24/0x30 [ 41.593386][ T94] [ 41.595729][ T94] Freed by task 95: [ 41.599529][ T94] save_stack+0x1b/0x80 [ 41.603665][ T94] __kasan_slab_free+0x117/0x160 [ 41.608588][ T94] kfree+0xd5/0x300 [ 41.612382][ T94] ax88172a_bind.cold+0x49/0x1d2 [ 41.617478][ T94] usbnet_probe+0xb54/0x2570 [ 41.622118][ T94] usb_probe_interface+0x310/0x800 [ 41.627217][ T94] really_probe+0x290/0xac0 [ 41.631716][ T94] driver_probe_device+0x223/0x350 [ 41.636809][ T94] __device_attach_driver+0x1d1/0x290 [ 41.642164][ T94] bus_for_each_drv+0x162/0x1e0 [ 41.646999][ T94] __device_attach+0x217/0x390 [ 41.651754][ T94] bus_probe_device+0x1e4/0x290 [ 41.656590][ T94] device_add+0x1459/0x1bf0 [ 41.661094][ T94] usb_set_configuration+0xe47/0x17d0 [ 41.666481][ T94] usb_generic_driver_probe+0x9d/0xe0 [ 41.671835][ T94] usb_probe_device+0xd9/0x230 [ 41.676627][ T94] really_probe+0x290/0xac0 [ 41.682079][ T94] driver_probe_device+0x223/0x350 [ 41.687182][ T94] __device_attach_driver+0x1d1/0x290 [ 41.692548][ T94] bus_for_each_drv+0x162/0x1e0 [ 41.697394][ T94] __device_attach+0x217/0x390 [ 41.702142][ T94] bus_probe_device+0x1e4/0x290 [ 41.707006][ T94] device_add+0x1459/0x1bf0 [ 41.711494][ T94] usb_new_device.cold+0x540/0xcd0 [ 41.716584][ T94] hub_event+0x21cb/0x4300 [ 41.720983][ T94] process_one_work+0x94b/0x1620 [ 41.725899][ T94] worker_thread+0x96/0xe20 [ 41.730382][ T94] kthread+0x318/0x420 [ 41.734436][ T94] ret_from_fork+0x24/0x30 [ 41.739530][ T94] [ 41.744365][ T94] The buggy address belongs to the object at ffff8881d9753e00 [ 41.744365][ T94] which belongs to the cache kmalloc-64 of size 64 [ 41.758242][ T94] The buggy address is located 0 bytes inside of [ 41.758242][ T94] 64-byte region [ffff8881d9753e00, ffff8881d9753e40) [ 41.771378][ T94] The buggy address belongs to the page: [ 41.777015][ T94] page:ffffea000765d4c0 refcount:1 mapcount:0 mapping:ffff8881da003180 index:0x0 [ 41.786126][ T94] flags: 0x200000000000200(slab) [ 41.791121][ T94] raw: 0200000000000200 dead000000000100 dead000000000122 ffff8881da003180 [ 41.799693][ T94] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 41.808252][ T94] page dumped because: kasan: bad access detected [ 41.814641][ T94] [ 41.816965][ T94] Memory state around the buggy address: [ 41.822585][ T94] ffff8881d9753d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 41.830627][ T94] ffff8881d9753d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 41.838692][ T94] >ffff8881d9753e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 41.846783][ T94] ^ [ 41.850834][ T94] ffff8881d9753e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 41.858879][ T94] ffff8881d9753f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 41.866927][ T94] ================================================================== [ 41.874967][ T94] Disabling lock debugging due to kernel taint [ 41.881159][ T94] Kernel panic - not syncing: panic_on_warn set ... [ 41.887748][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Tainted: G B 5.6.0-rc3-syzkaller #0 [ 41.897264][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.907318][ T94] Workqueue: usb_hub_wq hub_event [ 41.912345][ T94] Call Trace: [ 41.915625][ T94] dump_stack+0xef/0x16e [ 41.919865][ T94] panic+0x2aa/0x6e1 [ 41.923751][ T94] ? add_taint.cold+0x16/0x16 [ 41.928416][ T94] ? ax88172a_unbind+0x76/0xef [ 41.933186][ T94] ? trace_hardirqs_on+0x55/0x200 [ 41.938193][ T94] ? ax88172a_unbind+0x76/0xef [ 41.942946][ T94] end_report+0x43/0x49 [ 41.947099][ T94] ? ax88172a_unbind+0x76/0xef [ 41.951864][ T94] __kasan_report.cold+0x55/0x77 [ 41.956784][ T94] ? mark_held_locks+0x50/0xe0 [ 41.961526][ T94] ? ax88172a_unbind+0x76/0xef [ 41.966268][ T94] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 41.971454][ T94] kasan_report+0xe/0x20 [ 41.975690][ T94] ax88172a_unbind+0x76/0xef [ 41.980256][ T94] usbnet_disconnect+0x145/0x270 [ 41.985172][ T94] usb_unbind_interface+0x1bd/0x8a0 [ 41.990443][ T94] ? __pm_runtime_idle+0xd1/0x310 [ 41.995460][ T94] ? usb_autoresume_device+0x60/0x60 [ 42.000740][ T94] device_release_driver_internal+0x42f/0x500 [ 42.006897][ T94] bus_remove_device+0x2eb/0x5a0 [ 42.011837][ T94] device_del+0x481/0xd30 [ 42.016154][ T94] ? mark_held_locks+0x9f/0xe0 [ 42.021032][ T94] ? device_create_with_groups+0x120/0x120 [ 42.026904][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 42.032224][ T94] ? remove_intf_ep_devs+0x13f/0x1d0 [ 42.037551][ T94] usb_disable_device+0x23d/0x790 [ 42.042573][ T94] usb_disconnect+0x293/0x900 [ 42.047312][ T94] hub_event+0x1a1d/0x4300 [ 42.051771][ T94] ? hub_port_debounce+0x350/0x350 [ 42.056871][ T94] ? find_held_lock+0x2d/0x110 [ 42.061749][ T94] ? mark_held_locks+0xe0/0xe0 [ 42.066521][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.072081][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.077889][ T94] process_one_work+0x94b/0x1620 [ 42.082825][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.088186][ T94] ? do_raw_spin_lock+0x129/0x290 [ 42.093354][ T94] worker_thread+0x96/0xe20 [ 42.097852][ T94] ? process_one_work+0x1620/0x1620 [ 42.103047][ T94] kthread+0x318/0x420 [ 42.107107][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 42.112519][ T94] ret_from_fork+0x24/0x30 [ 42.117901][ T94] Kernel Offset: disabled [ 42.122243][ T94] Rebooting in 86400 seconds..