Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. executing program [ 24.580649][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.670842][ T5] usb 1-1: Using ep0 maxpacket: 8 [ 24.790568][ T5] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=dc.dc [ 24.799995][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.810440][ T5] usb 1-1: config 0 descriptor?? [ 25.060374][ T5] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 25.076524][ T5] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, c6:81:24:ce:e2:bd executing program [ 25.262252][ T5] usb 1-1: USB disconnect, device number 2 [ 25.269277][ T5] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 25.330504][ T5] ================================================================== [ 25.338718][ T5] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xef [ 25.345814][ T5] Read of size 8 at addr ffff8881d418b100 by task kworker/0:0/5 [ 25.353436][ T5] [ 25.355764][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.6.0-rc7-syzkaller #0 [ 25.363809][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.373908][ T5] Workqueue: usb_hub_wq hub_event [ 25.378911][ T5] Call Trace: [ 25.382206][ T5] dump_stack+0xef/0x16e [ 25.386445][ T5] ? ax88172a_unbind+0x76/0xef [ 25.391208][ T5] ? ax88172a_unbind+0x76/0xef [ 25.395955][ T5] print_address_description.constprop.0.cold+0xd3/0x314 [ 25.403044][ T5] ? ax88172a_unbind+0x76/0xef [ 25.407790][ T5] ? ax88172a_unbind+0x76/0xef [ 25.412566][ T5] __kasan_report.cold+0x37/0x77 [ 25.417487][ T5] ? mark_held_locks+0x50/0xe0 [ 25.422235][ T5] ? ax88172a_unbind+0x76/0xef [ 25.427016][ T5] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 25.432218][ T5] kasan_report+0xe/0x20 [ 25.436442][ T5] ax88172a_unbind+0x76/0xef [ 25.441038][ T5] usbnet_disconnect+0x145/0x270 [ 25.445982][ T5] usb_unbind_interface+0x1bd/0x8a0 [ 25.451184][ T5] ? __pm_runtime_idle+0xd1/0x310 [ 25.456188][ T5] ? usb_autoresume_device+0x60/0x60 [ 25.461459][ T5] device_release_driver_internal+0x42f/0x500 [ 25.467511][ T5] bus_remove_device+0x2eb/0x5a0 [ 25.472451][ T5] device_del+0x481/0xd30 [ 25.476762][ T5] ? mark_held_locks+0x9f/0xe0 [ 25.484827][ T5] ? device_create_with_groups+0x120/0x120 [ 25.490623][ T5] ? lockdep_hardirqs_on+0x382/0x580 [ 25.495919][ T5] ? remove_intf_ep_devs+0x13f/0x1d0 [ 25.501201][ T5] usb_disable_device+0x23d/0x790 [ 25.506207][ T5] usb_disconnect+0x293/0x900 [ 25.510882][ T5] hub_event+0x1a1d/0x4300 [ 25.515294][ T5] ? hub_port_debounce+0x350/0x350 [ 25.520404][ T5] ? find_held_lock+0x2d/0x110 [ 25.525198][ T5] ? mark_held_locks+0xe0/0xe0 [ 25.530041][ T5] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.535579][ T5] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.540856][ T5] process_one_work+0x94b/0x1620 [ 25.545785][ T5] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.551141][ T5] ? do_raw_spin_lock+0x129/0x290 [ 25.556190][ T5] worker_thread+0x96/0xe20 [ 25.560677][ T5] ? process_one_work+0x1620/0x1620 [ 25.565861][ T5] kthread+0x318/0x420 [ 25.569913][ T5] ? kthread_create_on_node+0xf0/0xf0 [ 25.575282][ T5] ret_from_fork+0x24/0x30 [ 25.579674][ T5] [ 25.582005][ T5] Allocated by task 5: [ 25.586097][ T5] save_stack+0x1b/0x80 [ 25.590238][ T5] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.595868][ T5] ax88172a_bind+0xa4/0x8ba [ 25.600363][ T5] usbnet_probe+0xb54/0x2570 [ 25.604964][ T5] usb_probe_interface+0x310/0x800 [ 25.610057][ T5] really_probe+0x290/0xac0 [ 25.614549][ T5] driver_probe_device+0x223/0x350 [ 25.619653][ T5] __device_attach_driver+0x1d1/0x290 [ 25.625127][ T5] bus_for_each_drv+0x162/0x1e0 [ 25.629994][ T5] __device_attach+0x217/0x390 [ 25.634754][ T5] bus_probe_device+0x1e4/0x290 [ 25.639602][ T5] device_add+0x1459/0x1bf0 [ 25.644111][ T5] usb_set_configuration+0xece/0x1840 [ 25.649465][ T5] usb_generic_driver_probe+0x9d/0xe0 [ 25.654816][ T5] usb_probe_device+0xd9/0x230 [ 25.659561][ T5] really_probe+0x290/0xac0 [ 25.664066][ T5] driver_probe_device+0x223/0x350 [ 25.669176][ T5] __device_attach_driver+0x1d1/0x290 [ 25.674576][ T5] bus_for_each_drv+0x162/0x1e0 [ 25.679448][ T5] __device_attach+0x217/0x390 [ 25.684196][ T5] bus_probe_device+0x1e4/0x290 [ 25.689028][ T5] device_add+0x1459/0x1bf0 [ 25.693510][ T5] usb_new_device.cold+0x540/0xcd0 [ 25.698601][ T5] hub_event+0x21cb/0x4300 [ 25.703008][ T5] process_one_work+0x94b/0x1620 [ 25.707935][ T5] worker_thread+0x96/0xe20 [ 25.712418][ T5] kthread+0x318/0x420 [ 25.716466][ T5] ret_from_fork+0x24/0x30 [ 25.722330][ T5] [ 25.724638][ T5] Freed by task 5: [ 25.728342][ T5] save_stack+0x1b/0x80 [ 25.732531][ T5] __kasan_slab_free+0x117/0x160 [ 25.737469][ T5] kfree+0xd5/0x300 [ 25.741262][ T5] ax88172a_bind.cold+0x49/0x1d2 [ 25.746206][ T5] usbnet_probe+0xb54/0x2570 [ 25.750782][ T5] usb_probe_interface+0x310/0x800 [ 25.756016][ T5] really_probe+0x290/0xac0 [ 25.760498][ T5] driver_probe_device+0x223/0x350 [ 25.765631][ T5] __device_attach_driver+0x1d1/0x290 [ 25.770994][ T5] bus_for_each_drv+0x162/0x1e0 [ 25.775840][ T5] __device_attach+0x217/0x390 [ 25.780583][ T5] bus_probe_device+0x1e4/0x290 [ 25.785435][ T5] device_add+0x1459/0x1bf0 [ 25.789936][ T5] usb_set_configuration+0xece/0x1840 [ 25.795289][ T5] usb_generic_driver_probe+0x9d/0xe0 [ 25.800666][ T5] usb_probe_device+0xd9/0x230 [ 25.805450][ T5] really_probe+0x290/0xac0 [ 25.809935][ T5] driver_probe_device+0x223/0x350 [ 25.815035][ T5] __device_attach_driver+0x1d1/0x290 [ 25.820399][ T5] bus_for_each_drv+0x162/0x1e0 [ 25.825271][ T5] __device_attach+0x217/0x390 [ 25.830016][ T5] bus_probe_device+0x1e4/0x290 [ 25.834943][ T5] device_add+0x1459/0x1bf0 [ 25.839447][ T5] usb_new_device.cold+0x540/0xcd0 [ 25.844543][ T5] hub_event+0x21cb/0x4300 [ 25.848989][ T5] process_one_work+0x94b/0x1620 [ 25.853918][ T5] worker_thread+0x96/0xe20 [ 25.858404][ T5] kthread+0x318/0x420 [ 25.862457][ T5] ret_from_fork+0x24/0x30 [ 25.866864][ T5] [ 25.869174][ T5] The buggy address belongs to the object at ffff8881d418b100 [ 25.869174][ T5] which belongs to the cache kmalloc-64 of size 64 [ 25.883057][ T5] The buggy address is located 0 bytes inside of [ 25.883057][ T5] 64-byte region [ffff8881d418b100, ffff8881d418b140) [ 25.896077][ T5] The buggy address belongs to the page: [ 25.901693][ T5] page:ffffea00075062c0 refcount:1 mapcount:0 mapping:ffff8881da003180 index:0x0 [ 25.910782][ T5] flags: 0x200000000000200(slab) [ 25.915705][ T5] raw: 0200000000000200 ffffea00073b29c0 0000001600000016 ffff8881da003180 [ 25.924292][ T5] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 25.932852][ T5] page dumped because: kasan: bad access detected [ 25.939249][ T5] [ 25.941569][ T5] Memory state around the buggy address: [ 25.947186][ T5] ffff8881d418b000: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.955284][ T5] ffff8881d418b080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.963327][ T5] >ffff8881d418b100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.971366][ T5] ^ [ 25.975417][ T5] ffff8881d418b180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.983469][ T5] ffff8881d418b200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.991540][ T5] ================================================================== [ 25.999590][ T5] Disabling lock debugging due to kernel taint [ 26.005770][ T5] Kernel panic - not syncing: panic_on_warn set ... [ 26.012358][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 26.021845][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.031916][ T5] Workqueue: usb_hub_wq hub_event [ 26.036940][ T5] Call Trace: [ 26.040248][ T5] dump_stack+0xef/0x16e [ 26.044491][ T5] panic+0x2aa/0x6e1 [ 26.048421][ T5] ? add_taint.cold+0x16/0x16 [ 26.053115][ T5] ? ax88172a_unbind+0x76/0xef [ 26.057881][ T5] ? trace_hardirqs_on+0x55/0x200 [ 26.062888][ T5] ? ax88172a_unbind+0x76/0xef [ 26.067677][ T5] end_report+0x43/0x49 [ 26.071811][ T5] ? ax88172a_unbind+0x76/0xef [ 26.076602][ T5] __kasan_report.cold+0x55/0x77 [ 26.081649][ T5] ? mark_held_locks+0x50/0xe0 [ 26.086446][ T5] ? ax88172a_unbind+0x76/0xef [ 26.091200][ T5] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 26.096393][ T5] kasan_report+0xe/0x20 [ 26.100627][ T5] ax88172a_unbind+0x76/0xef [ 26.105256][ T5] usbnet_disconnect+0x145/0x270 [ 26.110202][ T5] usb_unbind_interface+0x1bd/0x8a0 [ 26.115392][ T5] ? __pm_runtime_idle+0xd1/0x310 [ 26.120415][ T5] ? usb_autoresume_device+0x60/0x60 [ 26.125723][ T5] device_release_driver_internal+0x42f/0x500 [ 26.131789][ T5] bus_remove_device+0x2eb/0x5a0 [ 26.136722][ T5] device_del+0x481/0xd30 [ 26.141051][ T5] ? mark_held_locks+0x9f/0xe0 [ 26.145843][ T5] ? device_create_with_groups+0x120/0x120 [ 26.151638][ T5] ? lockdep_hardirqs_on+0x382/0x580 [ 26.156921][ T5] ? remove_intf_ep_devs+0x13f/0x1d0 [ 26.162193][ T5] usb_disable_device+0x23d/0x790 [ 26.167204][ T5] usb_disconnect+0x293/0x900 [ 26.171863][ T5] hub_event+0x1a1d/0x4300 [ 26.176268][ T5] ? hub_port_debounce+0x350/0x350 [ 26.181381][ T5] ? find_held_lock+0x2d/0x110 [ 26.186136][ T5] ? mark_held_locks+0xe0/0xe0 [ 26.190890][ T5] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 26.196432][ T5] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 26.202060][ T5] process_one_work+0x94b/0x1620 [ 26.207114][ T5] ? pwq_dec_nr_in_flight+0x310/0x310 [ 26.212471][ T5] ? do_raw_spin_lock+0x129/0x290 [ 26.217477][ T5] worker_thread+0x96/0xe20 [ 26.221998][ T5] ? process_one_work+0x1620/0x1620 [ 26.227188][ T5] kthread+0x318/0x420 [ 26.231248][ T5] ? kthread_create_on_node+0xf0/0xf0 [ 26.236606][ T5] ret_from_fork+0x24/0x30 [ 26.241570][ T5] Kernel Offset: disabled [ 26.245892][ T5] Rebooting in 86400 seconds..