[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   42.462648][ T6771] IPVS: ftp: loaded support on port[0] = 21
[   42.777300][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   43.017752][   T12] usb 1-1: Using ep0 maxpacket: 8
[   43.137274][   T12] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=78.22
[   43.146459][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   43.157752][   T12] usb 1-1: config 0 descriptor??
[   43.417673][   T12] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0
[   43.435798][   T12] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, fe:85:59:0e:bd:0a
[   43.621215][   T17] usb 1-1: USB disconnect, device number 2
[   43.628089][   T17] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet
[   43.697819][   T17] ==================================================================
[   43.706026][   T17] BUG: KASAN: use-after-free in ax88172a_unbind+0x6a/0xc0
[   43.713200][   T17] Read of size 8 at addr ffff88809eca9800 by task kworker/1:0/17
[   43.720885][   T17] 
[   43.723195][   T17] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.7.0-syzkaller #0
[   43.730988][   T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.741028][   T17] Workqueue: usb_hub_wq hub_event
[   43.746032][   T17] Call Trace:
[   43.749319][   T17]  dump_stack+0x1e9/0x30e
[   43.753648][   T17]  print_address_description+0x66/0x5a0
[   43.759343][   T17]  ? vprintk_emit+0x342/0x3c0
[   43.764003][   T17]  ? printk+0x62/0x83
[   43.767963][   T17]  ? trace_irq_disable_rcuidle+0x1f/0x1d0
[   43.773745][   T17]  ? vprintk_emit+0x339/0x3c0
[   43.778492][   T17]  kasan_report+0x132/0x1d0
[   43.782975][   T17]  ? ax88172a_unbind+0x6a/0xc0
[   43.787900][   T17]  ax88172a_unbind+0x6a/0xc0
[   43.792626][   T17]  ? ax88172a_bind+0x7f0/0x7f0
[   43.797380][   T17]  usbnet_disconnect+0x14b/0x340
[   43.802303][   T17]  usb_unbind_interface+0x1d2/0x840
[   43.807581][   T17]  ? lockdep_hardirqs_on_prepare+0x425/0x6e0
[   43.813728][   T17]  ? _raw_spin_unlock_irqrestore+0xb4/0xd0
[   43.819514][   T17]  ? usb_driver_release_interface+0x1c0/0x1c0
[   43.825562][   T17]  device_release_driver_internal+0x507/0x7a0
[   43.831613][   T17]  bus_remove_device+0x2eb/0x360
[   43.836732][   T17]  device_del+0x822/0x1160
[   43.841206][   T17]  usb_disable_device+0x3ee/0xc80
[   43.846843][   T17]  usb_disconnect+0x346/0x880
[   43.851696][   T17]  hub_event+0x1c18/0x4cb0
[   43.856123][   T17]  ? rcu_read_lock_sched_held+0x2f/0xa0
[   43.861659][   T17]  process_one_work+0x76e/0xfd0
[   43.866505][   T17]  worker_thread+0xa7f/0x1450
[   43.871503][   T17]  kthread+0x353/0x380
[   43.877809][   T17]  ? rcu_lock_release+0x20/0x20
[   43.883246][   T17]  ? kthread_blkcg+0xd0/0xd0
[   43.887903][   T17]  ret_from_fork+0x24/0x30
[   43.893957][   T17] 
[   43.896373][   T17] Allocated by task 12:
[   43.900887][   T17]  __kasan_kmalloc+0x103/0x140
[   43.913010][   T17]  kmem_cache_alloc_trace+0x234/0x300
[   43.918542][   T17]  ax88172a_bind+0x70/0x7f0
[   43.923211][   T17]  usbnet_probe+0xaba/0x26f0
[   43.928215][   T17]  usb_probe_interface+0x614/0xac0
[   43.938545][   T17]  really_probe+0x761/0xf60
[   43.943502][   T17]  driver_probe_device+0xe6/0x230
[   43.948713][   T17]  bus_for_each_drv+0x108/0x170
[   43.953545][   T17]  __device_attach+0x20c/0x3a0
[   43.958894][   T17]  bus_probe_device+0xb8/0x1f0
[   43.963650][   T17]  device_add+0x1828/0x1ba0
[   43.968241][   T17]  usb_set_configuration+0x19d2/0x1f20
[   43.974063][   T17]  usb_generic_driver_probe+0x82/0x140
[   43.979681][   T17]  usb_probe_device+0x12d/0x1d0
[   43.985160][   T17]  really_probe+0x761/0xf60
[   43.991981][   T17]  driver_probe_device+0xe6/0x230
[   43.996996][   T17]  bus_for_each_drv+0x108/0x170
[   44.002178][   T17]  __device_attach+0x20c/0x3a0
[   44.006916][   T17]  bus_probe_device+0xb8/0x1f0
[   44.011651][   T17]  device_add+0x1828/0x1ba0
[   44.016132][   T17]  usb_new_device+0xcc3/0x1650
[   44.020881][   T17]  hub_event+0x2823/0x4cb0
[   44.025361][   T17]  process_one_work+0x76e/0xfd0
[   44.030189][   T17]  worker_thread+0xa7f/0x1450
[   44.034840][   T17]  kthread+0x353/0x380
[   44.038887][   T17]  ret_from_fork+0x24/0x30
[   44.043274][   T17] 
[   44.045583][   T17] Freed by task 12:
[   44.049392][   T17]  __kasan_slab_free+0x114/0x170
[   44.054356][   T17]  kfree+0x10a/0x220
[   44.058229][   T17]  ax88172a_bind+0x260/0x7f0
[   44.062821][   T17]  usbnet_probe+0xaba/0x26f0
[   44.067395][   T17]  usb_probe_interface+0x614/0xac0
[   44.072522][   T17]  really_probe+0x761/0xf60
[   44.077015][   T17]  driver_probe_device+0xe6/0x230
[   44.082029][   T17]  bus_for_each_drv+0x108/0x170
[   44.086862][   T17]  __device_attach+0x20c/0x3a0
[   44.091614][   T17]  bus_probe_device+0xb8/0x1f0
[   44.096353][   T17]  device_add+0x1828/0x1ba0
[   44.100832][   T17]  usb_set_configuration+0x19d2/0x1f20
[   44.106267][   T17]  usb_generic_driver_probe+0x82/0x140
[   44.112930][   T17]  usb_probe_device+0x12d/0x1d0
[   44.117767][   T17]  really_probe+0x761/0xf60
[   44.122243][   T17]  driver_probe_device+0xe6/0x230
[   44.127243][   T17]  bus_for_each_drv+0x108/0x170
[   44.132067][   T17]  __device_attach+0x20c/0x3a0
[   44.136805][   T17]  bus_probe_device+0xb8/0x1f0
[   44.141542][   T17]  device_add+0x1828/0x1ba0
[   44.146021][   T17]  usb_new_device+0xcc3/0x1650
[   44.150869][   T17]  hub_event+0x2823/0x4cb0
[   44.155261][   T17]  process_one_work+0x76e/0xfd0
[   44.160171][   T17]  worker_thread+0xa7f/0x1450
[   44.164821][   T17]  kthread+0x353/0x380
[   44.168866][   T17]  ret_from_fork+0x24/0x30
[   44.173255][   T17] 
[   44.175561][   T17] The buggy address belongs to the object at ffff88809eca9800
[   44.175561][   T17]  which belongs to the cache kmalloc-64 of size 64
[   44.189768][   T17] The buggy address is located 0 bytes inside of
[   44.189768][   T17]  64-byte region [ffff88809eca9800, ffff88809eca9840)
[   44.202750][   T17] The buggy address belongs to the page:
[   44.208363][   T17] page:ffffea00027b2a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88809eca9b00
[   44.218752][   T17] flags: 0xfffe0000000200(slab)
[   44.223676][   T17] raw: 00fffe0000000200 ffffea00025c8248 ffffea00027e9988 ffff8880aa400380
[   44.232334][   T17] raw: ffff88809eca9b00 ffff88809eca9000 000000010000001e 0000000000000000
[   44.240888][   T17] page dumped because: kasan: bad access detected
[   44.247281][   T17] 
[   44.249595][   T17] Memory state around the buggy address:
[   44.255286][   T17]  ffff88809eca9700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   44.263322][   T17]  ffff88809eca9780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   44.271357][   T17] >ffff88809eca9800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   44.279389][   T17]                    ^
[   44.283519][   T17]  ffff88809eca9880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   44.291710][   T17]  ffff88809eca9900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   44.299750][   T17] ==================================================================
[   44.307883][   T17] Disabling lock debugging due to kernel taint
[   44.316425][   T17] Kernel panic - not syncing: panic_on_warn set ...
[   44.316438][   T17] CPU: 1 PID: 17 Comm: kworker/1:0 Tainted: G    B             5.7.0-syzkaller #0
[   44.316443][   T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.316468][   T17] Workqueue: usb_hub_wq hub_event
[   44.316474][   T17] Call Trace:
[   44.316487][   T17]  dump_stack+0x1e9/0x30e
[   44.316499][   T17]  panic+0x264/0x7a0
[   44.316509][   T17]  ? trace_hardirqs_on+0x30/0x80
[   44.316521][   T17]  kasan_report+0x1c9/0x1d0
[   44.316532][   T17]  ? ax88172a_unbind+0x6a/0xc0
[   44.316542][   T17]  ax88172a_unbind+0x6a/0xc0
[   44.316549][   T17]  ? ax88172a_bind+0x7f0/0x7f0
[   44.316558][   T17]  usbnet_disconnect+0x14b/0x340
[   44.316570][   T17]  usb_unbind_interface+0x1d2/0x840
[   44.316580][   T17]  ? lockdep_hardirqs_on_prepare+0x425/0x6e0
[   44.316593][   T17]  ? _raw_spin_unlock_irqrestore+0xb4/0xd0
[   44.316604][   T17]  ? usb_driver_release_interface+0x1c0/0x1c0
[   44.316613][   T17]  device_release_driver_internal+0x507/0x7a0
[   44.316624][   T17]  bus_remove_device+0x2eb/0x360
[   44.316636][   T17]  device_del+0x822/0x1160
[   44.316654][   T17]  usb_disable_device+0x3ee/0xc80
[   44.316667][   T17]  usb_disconnect+0x346/0x880
[   44.316677][   T17]  hub_event+0x1c18/0x4cb0
[   44.316703][   T17]  ? rcu_read_lock_sched_held+0x2f/0xa0
[   44.316714][   T17]  process_one_work+0x76e/0xfd0
[   44.316731][   T17]  worker_thread+0xa7f/0x1450
[   44.316750][   T17]  kthread+0x353/0x380
[   44.316763][   T17]  ? rcu_lock_release+0x20/0x20
[   44.316770][   T17]  ? kthread_blkcg+0xd0/0xd0
[   44.316779][   T17]  ret_from_fork+0x24/0x30
[   44.318172][   T17] Kernel Offset: disabled
[   44.480173][   T17] Rebooting in 86400 seconds..