Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.237380][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 41.337643][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 41.457470][ T12] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=dc.dc [ 41.466735][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.476105][ T12] usb 1-1: config 0 descriptor?? [ 41.737667][ T12] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 41.750458][ T12] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, ba:06:39:0c:02:ab executing program [ 41.941635][ T94] usb 1-1: USB disconnect, device number 2 [ 41.948094][ T94] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 42.017963][ T94] ================================================================== [ 42.026194][ T94] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xef [ 42.033292][ T94] Read of size 8 at addr ffff8881d6c2c480 by task kworker/1:2/94 [ 42.041098][ T94] [ 42.043473][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Not tainted 5.5.0-rc7-syzkaller #0 [ 42.051632][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.061684][ T94] Workqueue: usb_hub_wq hub_event [ 42.066781][ T94] Call Trace: [ 42.070064][ T94] dump_stack+0xef/0x16e [ 42.074305][ T94] ? ax88172a_unbind+0x76/0xef [ 42.079057][ T94] ? ax88172a_unbind+0x76/0xef [ 42.083805][ T94] print_address_description.constprop.0.cold+0xd3/0x314 [ 42.090822][ T94] ? ax88172a_unbind+0x76/0xef [ 42.095585][ T94] ? ax88172a_unbind+0x76/0xef [ 42.100349][ T94] __kasan_report.cold+0x37/0x85 [ 42.105271][ T94] ? mark_held_locks+0x90/0xe0 [ 42.110016][ T94] ? ax88172a_unbind+0x76/0xef [ 42.114768][ T94] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 42.119957][ T94] kasan_report+0xe/0x20 [ 42.124190][ T94] ax88172a_unbind+0x76/0xef [ 42.128765][ T94] usbnet_disconnect+0x145/0x270 [ 42.133696][ T94] usb_unbind_interface+0x1bd/0x8a0 [ 42.138892][ T94] ? usb_autoresume_device+0x60/0x60 [ 42.144225][ T94] device_release_driver_internal+0x42f/0x500 [ 42.150293][ T94] bus_remove_device+0x2eb/0x5a0 [ 42.155307][ T94] device_del+0x481/0xd30 [ 42.159630][ T94] ? mark_held_locks+0x9f/0xe0 [ 42.164387][ T94] ? device_create_with_groups+0x120/0x120 [ 42.170175][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 42.175568][ T94] ? remove_intf_ep_devs+0x13f/0x1d0 [ 42.180856][ T94] usb_disable_device+0x23d/0x790 [ 42.185953][ T94] usb_disconnect+0x293/0x900 [ 42.190618][ T94] hub_event+0x1a1d/0x4300 [ 42.195128][ T94] ? hub_port_debounce+0x350/0x350 [ 42.200346][ T94] ? find_held_lock+0x2d/0x110 [ 42.208237][ T94] ? mark_held_locks+0xe0/0xe0 [ 42.213141][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.218689][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.224100][ T94] process_one_work+0x945/0x15c0 [ 42.229036][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.234434][ T94] ? do_raw_spin_lock+0x129/0x290 [ 42.240165][ T94] worker_thread+0x96/0xe20 [ 42.244754][ T94] ? process_one_work+0x15c0/0x15c0 [ 42.249950][ T94] kthread+0x318/0x420 [ 42.254088][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 42.259469][ T94] ret_from_fork+0x24/0x30 [ 42.263886][ T94] [ 42.266199][ T94] Allocated by task 12: [ 42.270343][ T94] save_stack+0x1b/0x80 [ 42.274552][ T94] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 42.280193][ T94] ax88172a_bind+0xa4/0x8ba [ 42.284685][ T94] usbnet_probe+0xb54/0x2570 [ 42.289259][ T94] usb_probe_interface+0x310/0x800 [ 42.294350][ T94] really_probe+0x290/0xad0 [ 42.298843][ T94] driver_probe_device+0x223/0x350 [ 42.303955][ T94] __device_attach_driver+0x1d1/0x290 [ 42.309368][ T94] bus_for_each_drv+0x162/0x1e0 [ 42.314204][ T94] __device_attach+0x217/0x390 [ 42.319006][ T94] bus_probe_device+0x1e4/0x290 [ 42.323977][ T94] device_add+0x1459/0x1bf0 [ 42.328473][ T94] usb_set_configuration+0xe47/0x17d0 [ 42.333856][ T94] generic_probe+0x9d/0xd5 [ 42.338277][ T94] usb_probe_device+0xaf/0x140 [ 42.343042][ T94] really_probe+0x290/0xad0 [ 42.347572][ T94] driver_probe_device+0x223/0x350 [ 42.352671][ T94] __device_attach_driver+0x1d1/0x290 [ 42.358047][ T94] bus_for_each_drv+0x162/0x1e0 [ 42.362890][ T94] __device_attach+0x217/0x390 [ 42.367764][ T94] bus_probe_device+0x1e4/0x290 [ 42.372608][ T94] device_add+0x1459/0x1bf0 [ 42.377095][ T94] usb_new_device.cold+0x540/0xcd0 [ 42.382191][ T94] hub_event+0x21cb/0x4300 [ 42.386747][ T94] process_one_work+0x945/0x15c0 [ 42.391674][ T94] worker_thread+0x96/0xe20 [ 42.396156][ T94] kthread+0x318/0x420 [ 42.400221][ T94] ret_from_fork+0x24/0x30 [ 42.404608][ T94] [ 42.408836][ T94] Freed by task 12: [ 42.412635][ T94] save_stack+0x1b/0x80 [ 42.416777][ T94] __kasan_slab_free+0x117/0x160 [ 42.421707][ T94] kfree+0xd5/0x300 [ 42.425556][ T94] ax88172a_bind.cold+0x49/0x1d2 [ 42.431793][ T94] usbnet_probe+0xb54/0x2570 [ 42.436366][ T94] usb_probe_interface+0x310/0x800 [ 42.441474][ T94] really_probe+0x290/0xad0 [ 42.445956][ T94] driver_probe_device+0x223/0x350 [ 42.451111][ T94] __device_attach_driver+0x1d1/0x290 [ 42.456535][ T94] bus_for_each_drv+0x162/0x1e0 [ 42.461496][ T94] __device_attach+0x217/0x390 [ 42.466261][ T94] bus_probe_device+0x1e4/0x290 [ 42.471107][ T94] device_add+0x1459/0x1bf0 [ 42.475595][ T94] usb_set_configuration+0xe47/0x17d0 [ 42.480967][ T94] generic_probe+0x9d/0xd5 [ 42.485525][ T94] usb_probe_device+0xaf/0x140 [ 42.490273][ T94] really_probe+0x290/0xad0 [ 42.494766][ T94] driver_probe_device+0x223/0x350 [ 42.499863][ T94] __device_attach_driver+0x1d1/0x290 [ 42.505230][ T94] bus_for_each_drv+0x162/0x1e0 [ 42.510182][ T94] __device_attach+0x217/0x390 [ 42.514978][ T94] bus_probe_device+0x1e4/0x290 [ 42.519820][ T94] device_add+0x1459/0x1bf0 [ 42.524455][ T94] usb_new_device.cold+0x540/0xcd0 [ 42.529563][ T94] hub_event+0x21cb/0x4300 [ 42.533969][ T94] process_one_work+0x945/0x15c0 [ 42.538914][ T94] worker_thread+0x96/0xe20 [ 42.543406][ T94] kthread+0x318/0x420 [ 42.547472][ T94] ret_from_fork+0x24/0x30 [ 42.551883][ T94] [ 42.554226][ T94] The buggy address belongs to the object at ffff8881d6c2c480 [ 42.554226][ T94] which belongs to the cache kmalloc-64 of size 64 [ 42.568095][ T94] The buggy address is located 0 bytes inside of [ 42.568095][ T94] 64-byte region [ffff8881d6c2c480, ffff8881d6c2c4c0) [ 42.581193][ T94] The buggy address belongs to the page: [ 42.586822][ T94] page:ffffea00075b0b00 refcount:1 mapcount:0 mapping:ffff8881da003180 index:0x0 [ 42.595918][ T94] raw: 0200000000000200 ffffea00075c2a00 0000000d0000000d ffff8881da003180 [ 42.604499][ T94] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 42.613071][ T94] page dumped because: kasan: bad access detected [ 42.619466][ T94] [ 42.621794][ T94] Memory state around the buggy address: [ 42.627953][ T94] ffff8881d6c2c380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 42.636004][ T94] ffff8881d6c2c400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 42.644207][ T94] >ffff8881d6c2c480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 42.652320][ T94] ^ [ 42.656479][ T94] ffff8881d6c2c500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 42.664522][ T94] ffff8881d6c2c580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 42.672570][ T94] ================================================================== [ 42.680729][ T94] Disabling lock debugging due to kernel taint [ 42.687576][ T94] Kernel panic - not syncing: panic_on_warn set ... [ 42.694217][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 42.703740][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.713790][ T94] Workqueue: usb_hub_wq hub_event [ 42.718802][ T94] Call Trace: [ 42.722078][ T94] dump_stack+0xef/0x16e [ 42.726336][ T94] panic+0x2aa/0x6e1 [ 42.730229][ T94] ? add_taint.cold+0x16/0x16 [ 42.734939][ T94] ? ax88172a_unbind+0x76/0xef [ 42.739722][ T94] ? trace_hardirqs_on+0x55/0x200 [ 42.744822][ T94] ? ax88172a_unbind+0x76/0xef [ 42.749762][ T94] end_report+0x43/0x49 [ 42.753905][ T94] ? ax88172a_unbind+0x76/0xef [ 42.758887][ T94] __kasan_report.cold+0x55/0x85 [ 42.763822][ T94] ? mark_held_locks+0x90/0xe0 [ 42.768591][ T94] ? ax88172a_unbind+0x76/0xef [ 42.773359][ T94] ? ax88172a_bind.cold+0x1d2/0x1d2 [ 42.778542][ T94] kasan_report+0xe/0x20 [ 42.782807][ T94] ax88172a_unbind+0x76/0xef [ 42.787395][ T94] usbnet_disconnect+0x145/0x270 [ 42.792327][ T94] usb_unbind_interface+0x1bd/0x8a0 [ 42.797523][ T94] ? usb_autoresume_device+0x60/0x60 [ 42.802806][ T94] device_release_driver_internal+0x42f/0x500 [ 42.808864][ T94] bus_remove_device+0x2eb/0x5a0 [ 42.813819][ T94] device_del+0x481/0xd30 [ 42.818173][ T94] ? mark_held_locks+0x9f/0xe0 [ 42.822923][ T94] ? device_create_with_groups+0x120/0x120 [ 42.828772][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 42.834057][ T94] ? remove_intf_ep_devs+0x13f/0x1d0 [ 42.839343][ T94] usb_disable_device+0x23d/0x790 [ 42.844372][ T94] usb_disconnect+0x293/0x900 [ 42.849039][ T94] hub_event+0x1a1d/0x4300 [ 42.853448][ T94] ? hub_port_debounce+0x350/0x350 [ 42.858538][ T94] ? find_held_lock+0x2d/0x110 [ 42.863281][ T94] ? mark_held_locks+0xe0/0xe0 [ 42.868033][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.873693][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.878962][ T94] process_one_work+0x945/0x15c0 [ 42.883888][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.889245][ T94] ? do_raw_spin_lock+0x129/0x290 [ 42.894405][ T94] worker_thread+0x96/0xe20 [ 42.898889][ T94] ? process_one_work+0x15c0/0x15c0 [ 42.904114][ T94] kthread+0x318/0x420 [ 42.908299][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 42.913661][ T94] ret_from_fork+0x24/0x30 [ 42.918785][ T94] Kernel Offset: disabled [ 42.923113][ T94] Rebooting in 86400 seconds..