[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.947332][ T6775] IPVS: ftp: loaded support on port[0] = 21
[   56.263400][ T2499] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   56.503302][ T2499] usb 1-1: Using ep0 maxpacket: 8
[   56.623443][ T2499] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=78.22
[   56.632612][ T2499] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.643850][ T2499] usb 1-1: config 0 descriptor??
[   56.903405][ T2499] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0
[   56.924459][ T2499] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 4e:62:2f:4a:5b:8a
[   57.108753][ T2479] usb 1-1: USB disconnect, device number 2
[   57.116055][ T2479] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet
[   57.234904][ T2479] ==================================================================
[   57.243126][ T2479] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xe7
[   57.250220][ T2479] Read of size 8 at addr ffff8880954aa980 by task kworker/1:2/2479
[   57.258090][ T2479] 
[   57.260399][ T2479] CPU: 1 PID: 2479 Comm: kworker/1:2 Not tainted 5.7.0-syzkaller #0
[   57.268358][ T2479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.278398][ T2479] Workqueue: usb_hub_wq hub_event
[   57.283395][ T2479] Call Trace:
[   57.286664][ T2479]  dump_stack+0x188/0x20d
[   57.290974][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.295721][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.300489][ T2479]  print_address_description.constprop.0.cold+0xd3/0x413
[   57.307488][ T2479]  ? usbnet_disconnect+0xf0/0x270
[   57.312493][ T2479]  ? vprintk_func+0x97/0x1a6
[   57.317061][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.321803][ T2479]  kasan_report.cold+0x1f/0x37
[   57.326558][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.331298][ T2479]  ? ax88172a_reset.cold+0x131/0x131
[   57.336558][ T2479]  ax88172a_unbind+0x76/0xe7
[   57.341138][ T2479]  usbnet_disconnect+0x145/0x270
[   57.346059][ T2479]  usb_unbind_interface+0x1bd/0x8a0
[   57.351239][ T2479]  ? __pm_runtime_idle+0xd1/0x320
[   57.356241][ T2479]  ? usb_autoresume_device+0x60/0x60
[   57.361504][ T2479]  device_release_driver_internal+0x432/0x500
[   57.367554][ T2479]  bus_remove_device+0x2dc/0x4a0
[   57.372507][ T2479]  device_del+0x481/0xd30
[   57.376840][ T2479]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   57.382811][ T2479]  ? device_link_remove+0x110/0x110
[   57.388004][ T2479]  ? remove_intf_ep_devs+0x13f/0x1d0
[   57.393278][ T2479]  usb_disable_device+0x211/0x690
[   57.398291][ T2479]  usb_disconnect+0x284/0x8d0
[   57.402953][ T2479]  hub_event+0x17ca/0x38f0
[   57.407369][ T2479]  ? hub_port_debounce+0x260/0x260
[   57.412460][ T2479]  ? __queue_work+0x730/0x1280
[   57.417204][ T2479]  ? debug_smp_processor_id+0x2f/0x185
[   57.422661][ T2479]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   57.429008][ T2479]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   57.434975][ T2479]  process_one_work+0x965/0x16a0
[   57.439906][ T2479]  ? lock_release+0x800/0x800
[   57.444578][ T2479]  ? pwq_dec_nr_in_flight+0x310/0x310
[   57.449939][ T2479]  ? rwlock_bug.part.0+0x90/0x90
[   57.454864][ T2479]  worker_thread+0x96/0xe20
[   57.459353][ T2479]  ? process_one_work+0x16a0/0x16a0
[   57.464529][ T2479]  kthread+0x388/0x470
[   57.468575][ T2479]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   57.474269][ T2479]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   57.480063][ T2479]  ret_from_fork+0x24/0x30
[   57.484466][ T2479] 
[   57.486769][ T2479] Allocated by task 2499:
[   57.491073][ T2479]  save_stack+0x1b/0x40
[   57.495225][ T2479]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   57.500833][ T2479]  kmem_cache_alloc_trace+0x153/0x7d0
[   57.506188][ T2479]  ax88172a_bind+0xa3/0x751
[   57.510665][ T2479]  usbnet_probe+0xb36/0x2600
[   57.515230][ T2479]  usb_probe_interface+0x305/0x7a0
[   57.520318][ T2479]  really_probe+0x281/0x6d0
[   57.524796][ T2479]  driver_probe_device+0x104/0x210
[   57.529907][ T2479]  __device_attach_driver+0x1c2/0x220
[   57.535295][ T2479]  bus_for_each_drv+0x162/0x1e0
[   57.540120][ T2479]  __device_attach+0x21a/0x360
[   57.544860][ T2479]  bus_probe_device+0x1e4/0x290
[   57.549685][ T2479]  device_add+0x132d/0x1c10
[   57.554163][ T2479]  usb_set_configuration+0xec5/0x1740
[   57.559514][ T2479]  usb_generic_driver_probe+0x9d/0xe0
[   57.564862][ T2479]  usb_probe_device+0xc6/0x1f0
[   57.569599][ T2479]  really_probe+0x281/0x6d0
[   57.574087][ T2479]  driver_probe_device+0x104/0x210
[   57.579173][ T2479]  __device_attach_driver+0x1c2/0x220
[   57.584531][ T2479]  bus_for_each_drv+0x162/0x1e0
[   57.589361][ T2479]  __device_attach+0x21a/0x360
[   57.594107][ T2479]  bus_probe_device+0x1e4/0x290
[   57.598944][ T2479]  device_add+0x132d/0x1c10
[   57.603443][ T2479]  usb_new_device.cold+0x753/0x103d
[   57.608622][ T2479]  hub_event+0x1eca/0x38f0
[   57.613019][ T2479]  process_one_work+0x965/0x16a0
[   57.617934][ T2479]  worker_thread+0x96/0xe20
[   57.622426][ T2479]  kthread+0x388/0x470
[   57.626471][ T2479]  ret_from_fork+0x24/0x30
[   57.630858][ T2479] 
[   57.633165][ T2479] Freed by task 2499:
[   57.637121][ T2479]  save_stack+0x1b/0x40
[   57.641256][ T2479]  __kasan_slab_free+0xf7/0x140
[   57.646088][ T2479]  kfree+0x109/0x2b0
[   57.649962][ T2479]  ax88172a_bind.cold+0xad/0x1df
[   57.654874][ T2479]  usbnet_probe+0xb36/0x2600
[   57.659441][ T2479]  usb_probe_interface+0x305/0x7a0
[   57.664527][ T2479]  really_probe+0x281/0x6d0
[   57.669005][ T2479]  driver_probe_device+0x104/0x210
[   57.674104][ T2479]  __device_attach_driver+0x1c2/0x220
[   57.679449][ T2479]  bus_for_each_drv+0x162/0x1e0
[   57.684285][ T2479]  __device_attach+0x21a/0x360
[   57.689027][ T2479]  bus_probe_device+0x1e4/0x290
[   57.693860][ T2479]  device_add+0x132d/0x1c10
[   57.698344][ T2479]  usb_set_configuration+0xec5/0x1740
[   57.703692][ T2479]  usb_generic_driver_probe+0x9d/0xe0
[   57.709038][ T2479]  usb_probe_device+0xc6/0x1f0
[   57.713777][ T2479]  really_probe+0x281/0x6d0
[   57.718255][ T2479]  driver_probe_device+0x104/0x210
[   57.723341][ T2479]  __device_attach_driver+0x1c2/0x220
[   57.728701][ T2479]  bus_for_each_drv+0x162/0x1e0
[   57.733536][ T2479]  __device_attach+0x21a/0x360
[   57.738275][ T2479]  bus_probe_device+0x1e4/0x290
[   57.743102][ T2479]  device_add+0x132d/0x1c10
[   57.747579][ T2479]  usb_new_device.cold+0x753/0x103d
[   57.752752][ T2479]  hub_event+0x1eca/0x38f0
[   57.757144][ T2479]  process_one_work+0x965/0x16a0
[   57.762055][ T2479]  worker_thread+0x96/0xe20
[   57.766535][ T2479]  kthread+0x388/0x470
[   57.770579][ T2479]  ret_from_fork+0x24/0x30
[   57.774963][ T2479] 
[   57.777270][ T2479] The buggy address belongs to the object at ffff8880954aa980
[   57.777270][ T2479]  which belongs to the cache kmalloc-64 of size 64
[   57.791123][ T2479] The buggy address is located 0 bytes inside of
[   57.791123][ T2479]  64-byte region [ffff8880954aa980, ffff8880954aa9c0)
[   57.804103][ T2479] The buggy address belongs to the page:
[   57.809712][ T2479] page:ffffea0002552a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880954aab80
[   57.820092][ T2479] flags: 0xfffe0000000200(slab)
[   57.824922][ T2479] raw: 00fffe0000000200 ffffea000250c788 ffffea00029902c8 ffff8880aa000380
[   57.833496][ T2479] raw: ffff8880954aab80 ffff8880954aa000 000000010000001b 0000000000000000
[   57.842059][ T2479] page dumped because: kasan: bad access detected
[   57.848446][ T2479] 
[   57.850746][ T2479] Memory state around the buggy address:
[   57.856353][ T2479]  ffff8880954aa880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.864389][ T2479]  ffff8880954aa900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   57.872435][ T2479] >ffff8880954aa980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.880467][ T2479]                    ^
[   57.884512][ T2479]  ffff8880954aaa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   57.892558][ T2479]  ffff8880954aaa80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.900598][ T2479] ==================================================================
[   57.908629][ T2479] Disabling lock debugging due to kernel taint
[   57.916228][ T2479] Kernel panic - not syncing: panic_on_warn set ...
[   57.922824][ T2479] CPU: 1 PID: 2479 Comm: kworker/1:2 Tainted: G    B             5.7.0-syzkaller #0
[   57.932183][ T2479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.942236][ T2479] Workqueue: usb_hub_wq hub_event
[   57.947247][ T2479] Call Trace:
[   57.950522][ T2479]  dump_stack+0x188/0x20d
[   57.954827][ T2479]  ? ax88172a_reset.cold+0x117/0x131
[   57.960126][ T2479]  panic+0x2e3/0x75c
[   57.964014][ T2479]  ? add_taint.cold+0x16/0x16
[   57.968700][ T2479]  ? preempt_schedule_common+0x5e/0xc0
[   57.974162][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.978900][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.983634][ T2479]  ? preempt_schedule_thunk+0x16/0x18
[   57.988977][ T2479]  ? trace_hardirqs_on+0x55/0x230
[   57.994019][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   57.998782][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   58.003550][ T2479]  end_report+0x4d/0x53
[   58.007675][ T2479]  kasan_report.cold+0xd/0x37
[   58.012322][ T2479]  ? ax88172a_unbind+0x76/0xe7
[   58.017071][ T2479]  ? ax88172a_reset.cold+0x131/0x131
[   58.022359][ T2479]  ax88172a_unbind+0x76/0xe7
[   58.026922][ T2479]  usbnet_disconnect+0x145/0x270
[   58.031833][ T2479]  usb_unbind_interface+0x1bd/0x8a0
[   58.037026][ T2479]  ? __pm_runtime_idle+0xd1/0x320
[   58.042058][ T2479]  ? usb_autoresume_device+0x60/0x60
[   58.047315][ T2479]  device_release_driver_internal+0x432/0x500
[   58.053356][ T2479]  bus_remove_device+0x2dc/0x4a0
[   58.058263][ T2479]  device_del+0x481/0xd30
[   58.062565][ T2479]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   58.068521][ T2479]  ? device_link_remove+0x110/0x110
[   58.073712][ T2479]  ? remove_intf_ep_devs+0x13f/0x1d0
[   58.078967][ T2479]  usb_disable_device+0x211/0x690
[   58.083960][ T2479]  usb_disconnect+0x284/0x8d0
[   58.088612][ T2479]  hub_event+0x17ca/0x38f0
[   58.093004][ T2479]  ? hub_port_debounce+0x260/0x260
[   58.098100][ T2479]  ? __queue_work+0x730/0x1280
[   58.102832][ T2479]  ? debug_smp_processor_id+0x2f/0x185
[   58.108264][ T2479]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   58.113781][ T2479]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   58.119730][ T2479]  process_one_work+0x965/0x16a0
[   58.124641][ T2479]  ? lock_release+0x800/0x800
[   58.129290][ T2479]  ? pwq_dec_nr_in_flight+0x310/0x310
[   58.134655][ T2479]  ? rwlock_bug.part.0+0x90/0x90
[   58.139565][ T2479]  worker_thread+0x96/0xe20
[   58.144045][ T2479]  ? process_one_work+0x16a0/0x16a0
[   58.149210][ T2479]  kthread+0x388/0x470
[   58.153265][ T2479]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   58.158966][ T2479]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   58.164659][ T2479]  ret_from_fork+0x24/0x30
[   58.170270][ T2479] Kernel Offset: disabled
[   58.174623][ T2479] Rebooting in 86400 seconds..