Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. executing program [ 24.614431][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.874063][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 25.013959][ T12] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=78.22 [ 25.023122][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.034102][ T12] usb 1-1: config 0 descriptor?? [ 25.293707][ T12] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 25.309883][ T12] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 0a:90:68:08:3e:b1 executing program [ 25.495283][ T12] usb 1-1: USB disconnect, device number 2 [ 25.502171][ T12] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 25.554172][ T12] ================================================================== [ 25.562407][ T12] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xf5 [ 25.569615][ T12] Read of size 8 at addr ffff8881cb73b100 by task kworker/0:1/12 [ 25.577314][ T12] [ 25.579657][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 25.587814][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.597883][ T12] Workqueue: usb_hub_wq hub_event [ 25.602917][ T12] Call Trace: [ 25.606211][ T12] dump_stack+0xf6/0x16e [ 25.610456][ T12] ? ax88172a_unbind+0x76/0xf5 [ 25.615222][ T12] ? ax88172a_unbind+0x76/0xf5 [ 25.619979][ T12] print_address_description.constprop.0.cold+0xd3/0x415 [ 25.627053][ T12] ? usbnet_disconnect+0xf0/0x270 [ 25.632122][ T12] ? vprintk_func+0x93/0x133 [ 25.636729][ T12] ? ax88172a_unbind+0x76/0xf5 [ 25.641479][ T12] kasan_report.cold+0x37/0x7c [ 25.646350][ T12] ? ax88172a_unbind+0x76/0xf5 [ 25.651123][ T12] ? ax88172a_bind.cold+0x1d0/0x1d0 [ 25.656322][ T12] ax88172a_unbind+0x76/0xf5 [ 25.660919][ T12] usbnet_disconnect+0x145/0x270 [ 25.665873][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 25.671058][ T12] ? __pm_runtime_idle+0xd1/0x300 [ 25.676096][ T12] ? usb_autoresume_device+0x60/0x60 [ 25.681400][ T12] device_release_driver_internal+0x432/0x500 [ 25.687486][ T12] bus_remove_device+0x2eb/0x5a0 [ 25.692432][ T12] device_del+0x481/0xd30 [ 25.696767][ T12] ? device_create_with_groups+0x120/0x120 [ 25.702591][ T12] ? mark_held_locks+0x9f/0xe0 [ 25.707357][ T12] ? remove_intf_ep_devs+0x13f/0x1d0 [ 25.712656][ T12] usb_disable_device+0x23d/0x790 [ 25.717701][ T12] usb_disconnect+0x293/0x900 [ 25.722434][ T12] hub_event+0x1abf/0x43c0 [ 25.726842][ T12] ? hub_port_debounce+0x350/0x350 [ 25.731961][ T12] ? put_unbound_pool+0x170/0x760 [ 25.736999][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.742534][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.747829][ T12] process_one_work+0x965/0x1620 [ 25.752773][ T12] ? lock_release+0x710/0x710 [ 25.757446][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.762805][ T12] ? rwlock_bug.part.0+0x90/0x90 [ 25.767748][ T12] worker_thread+0x96/0xe10 [ 25.772248][ T12] ? process_one_work+0x1620/0x1620 [ 25.777445][ T12] kthread+0x352/0x460 [ 25.781518][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 25.786884][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 25.792268][ T12] ret_from_fork+0x1f/0x30 [ 25.796683][ T12] [ 25.798995][ T12] Allocated by task 12: [ 25.803182][ T12] save_stack+0x1b/0x40 [ 25.807365][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.812991][ T12] ax88172a_bind+0xa4/0x856 [ 25.817497][ T12] usbnet_probe+0xb47/0x2700 [ 25.822097][ T12] usb_probe_interface+0x310/0x800 [ 25.827211][ T12] really_probe+0x290/0xac0 [ 25.831703][ T12] driver_probe_device+0x26b/0x3d0 [ 25.836822][ T12] __device_attach_driver+0x1d1/0x290 [ 25.842198][ T12] bus_for_each_drv+0x162/0x1e0 [ 25.847050][ T12] __device_attach+0x21a/0x390 [ 25.851805][ T12] bus_probe_device+0x1e4/0x290 [ 25.856643][ T12] device_add+0xb2b/0x1940 [ 25.861050][ T12] usb_set_configuration+0xed4/0x1850 [ 25.866440][ T12] usb_generic_driver_probe+0x9d/0xe0 [ 25.871830][ T12] usb_probe_device+0xd9/0x230 [ 25.876604][ T12] really_probe+0x290/0xac0 [ 25.881113][ T12] driver_probe_device+0x26b/0x3d0 [ 25.886209][ T12] __device_attach_driver+0x1d1/0x290 [ 25.891584][ T12] bus_for_each_drv+0x162/0x1e0 [ 25.896450][ T12] __device_attach+0x21a/0x390 [ 25.901216][ T12] bus_probe_device+0x1e4/0x290 [ 25.906055][ T12] device_add+0xb2b/0x1940 [ 25.910497][ T12] usb_new_device.cold+0x5a2/0xfd9 [ 25.915630][ T12] hub_event+0x226d/0x43c0 [ 25.920037][ T12] process_one_work+0x965/0x1620 [ 25.924991][ T12] worker_thread+0x96/0xe10 [ 25.929499][ T12] kthread+0x352/0x460 [ 25.933552][ T12] ret_from_fork+0x1f/0x30 [ 25.937964][ T12] [ 25.940296][ T12] Freed by task 12: [ 25.944113][ T12] save_stack+0x1b/0x40 [ 25.948257][ T12] __kasan_slab_free+0x117/0x160 [ 25.953200][ T12] kfree+0xd5/0x300 [ 25.956998][ T12] ax88172a_bind.cold+0x49/0x1d0 [ 25.961943][ T12] usbnet_probe+0xb47/0x2700 [ 25.966518][ T12] usb_probe_interface+0x310/0x800 [ 25.971638][ T12] really_probe+0x290/0xac0 [ 25.976127][ T12] driver_probe_device+0x26b/0x3d0 [ 25.981235][ T12] __device_attach_driver+0x1d1/0x290 [ 25.986623][ T12] bus_for_each_drv+0x162/0x1e0 [ 25.991459][ T12] __device_attach+0x21a/0x390 [ 25.996238][ T12] bus_probe_device+0x1e4/0x290 [ 26.001099][ T12] device_add+0xb2b/0x1940 [ 26.005535][ T12] usb_set_configuration+0xed4/0x1850 [ 26.010901][ T12] usb_generic_driver_probe+0x9d/0xe0 [ 26.016279][ T12] usb_probe_device+0xd9/0x230 [ 26.021056][ T12] really_probe+0x290/0xac0 [ 26.025556][ T12] driver_probe_device+0x26b/0x3d0 [ 26.030675][ T12] __device_attach_driver+0x1d1/0x290 [ 26.036056][ T12] bus_for_each_drv+0x162/0x1e0 [ 26.040910][ T12] __device_attach+0x21a/0x390 [ 26.045678][ T12] bus_probe_device+0x1e4/0x290 [ 26.050530][ T12] device_add+0xb2b/0x1940 [ 26.054940][ T12] usb_new_device.cold+0x5a2/0xfd9 [ 26.060042][ T12] hub_event+0x226d/0x43c0 [ 26.064451][ T12] process_one_work+0x965/0x1620 [ 26.069398][ T12] worker_thread+0x96/0xe10 [ 26.073887][ T12] kthread+0x352/0x460 [ 26.077958][ T12] ret_from_fork+0x1f/0x30 [ 26.082376][ T12] [ 26.084688][ T12] The buggy address belongs to the object at ffff8881cb73b100 [ 26.084688][ T12] which belongs to the cache kmalloc-64 of size 64 [ 26.098552][ T12] The buggy address is located 0 bytes inside of [ 26.098552][ T12] 64-byte region [ffff8881cb73b100, ffff8881cb73b140) [ 26.111560][ T12] The buggy address belongs to the page: [ 26.117208][ T12] page:ffffea00072dcec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 26.126432][ T12] flags: 0x200000000000200(slab) [ 26.131385][ T12] raw: 0200000000000200 ffffea0007629280 0000001700000003 ffff8881da003180 [ 26.140048][ T12] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 26.148614][ T12] page dumped because: kasan: bad access detected [ 26.155023][ T12] [ 26.157333][ T12] Memory state around the buggy address: [ 26.162971][ T12] ffff8881cb73b000: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.171024][ T12] ffff8881cb73b080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.179120][ T12] >ffff8881cb73b100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.187187][ T12] ^ [ 26.191246][ T12] ffff8881cb73b180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.199406][ T12] ffff8881cb73b200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.207550][ T12] ================================================================== [ 26.215612][ T12] Disabling lock debugging due to kernel taint [ 26.221963][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 26.228593][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 26.238161][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.248239][ T12] Workqueue: usb_hub_wq hub_event [ 26.253264][ T12] Call Trace: [ 26.256540][ T12] dump_stack+0xf6/0x16e [ 26.260788][ T12] ? ax88172a_unbind+0x75/0xf5 [ 26.265861][ T12] panic+0x2aa/0x6e1 [ 26.269804][ T12] ? __warn_printk+0xf3/0xf3 [ 26.274378][ T12] ? ax88172a_unbind+0x76/0xf5 [ 26.279149][ T12] ? trace_hardirqs_on+0x55/0x200 [ 26.284160][ T12] ? ax88172a_unbind+0x76/0xf5 [ 26.288928][ T12] ? ax88172a_unbind+0x76/0xf5 [ 26.293696][ T12] end_report+0x4d/0x53 [ 26.297867][ T12] kasan_report.cold+0x72/0x7c [ 26.302754][ T12] ? ax88172a_unbind+0x76/0xf5 [ 26.307505][ T12] ? ax88172a_bind.cold+0x1d0/0x1d0 [ 26.312687][ T12] ax88172a_unbind+0x76/0xf5 [ 26.317255][ T12] usbnet_disconnect+0x145/0x270 [ 26.322195][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 26.327395][ T12] ? __pm_runtime_idle+0xd1/0x300 [ 26.332431][ T12] ? usb_autoresume_device+0x60/0x60 [ 26.337705][ T12] device_release_driver_internal+0x432/0x500 [ 26.343895][ T12] bus_remove_device+0x2eb/0x5a0 [ 26.348876][ T12] device_del+0x481/0xd30 [ 26.353196][ T12] ? device_create_with_groups+0x120/0x120 [ 26.359008][ T12] ? mark_held_locks+0x9f/0xe0 [ 26.363772][ T12] ? remove_intf_ep_devs+0x13f/0x1d0 [ 26.369067][ T12] usb_disable_device+0x23d/0x790 [ 26.374224][ T12] usb_disconnect+0x293/0x900 [ 26.378994][ T12] hub_event+0x1abf/0x43c0 [ 26.383425][ T12] ? hub_port_debounce+0x350/0x350 [ 26.388538][ T12] ? put_unbound_pool+0x170/0x760 [ 26.393553][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 26.399095][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 26.404395][ T12] process_one_work+0x965/0x1620 [ 26.409323][ T12] ? lock_release+0x710/0x710 [ 26.414028][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 26.419404][ T12] ? rwlock_bug.part.0+0x90/0x90 [ 26.424349][ T12] worker_thread+0x96/0xe10 [ 26.428862][ T12] ? process_one_work+0x1620/0x1620 [ 26.434057][ T12] kthread+0x352/0x460 [ 26.438149][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 26.443514][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 26.449021][ T12] ret_from_fork+0x1f/0x30 [ 26.454098][ T12] Kernel Offset: disabled [ 26.458450][ T12] Rebooting in 86400 seconds..