[[0;32m  OK  [0m] Reached target Network.
         Starting OpenBSD Secure Shell server...
         Starting Permit User Sessions...
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[   12.502702][    C1] random: crng init done
[   12.503489][    C1] random: 7 urandom warning(s) missed due to ratelimiting
Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts.
executing program
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[   21.430122][   T22] audit: type=1400 audit(1592591638.596:8): avc:  denied  { execmem } for  pid=340 comm="syz-executor048" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (15s / 1min 30s)[   21.705802][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   21.957378][   T12] usb 1-1: Using ep0 maxpacket: 8
[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0[   22.078167][   T12] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=78.22
.device (16s / 1[   22.087877][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
min 30s)[   22.098052][   T12] usb 1-1: config 0 descriptor??
[   22.349796][   T12] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0
[   22.360933][   T12] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 56:e5:76:48:89:61
executing program
[   22.551590][   T12] usb 1-1: USB disconnect, device number 2
[   22.557600][   T12] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet
[   22.611408][   T12] ==================================================================
[   22.619475][   T12] BUG: KASAN: use-after-free in ax88172a_unbind+0x6a/0xc0
[   22.626551][   T12] Read of size 8 at addr ffff8881ce38a500 by task kworker/0:1/12
[   22.634226][   T12] 
[   22.636524][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.47-syzkaller-00290-g5eb96e454e88 #0
[   22.646110][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.656157][   T12] Workqueue: usb_hub_wq hub_event
[   22.661145][   T12] Call Trace:
[   22.664402][   T12]  dump_stack+0x14a/0x1ce
[   22.668695][   T12]  ? show_regs_print_info+0x12/0x12
[   22.673859][   T12]  ? printk+0xd2/0x114
[   22.677911][   T12]  print_address_description+0x93/0x620
[   22.683421][   T12]  ? _raw_spin_lock+0x170/0x170
[   22.688249][   T12]  __kasan_report+0x16d/0x1e0
[   22.692914][   T12]  ? ax88172a_unbind+0x6a/0xc0
[   22.697660][   T12]  kasan_report+0x34/0x60
[   22.701966][   T12]  ax88172a_unbind+0x6a/0xc0
[   22.706562][   T12]  ? ax88172a_bind+0x980/0x980
[   22.711296][   T12]  usbnet_disconnect+0x14e/0x340
[   22.716214][   T12]  usb_unbind_interface+0x1d8/0x850
[   22.716222][   T12]  ? usb_driver_release_interface+0x1b0/0x1b0
[   22.716234][   T12]  device_release_driver_internal+0x515/0x7b0
[   22.733485][   T12]  bus_remove_device+0x2e7/0x350
[   22.738400][   T12]  device_del+0x7bc/0x1200
[   22.742824][   T12]  ? kill_device+0xc0/0xc0
[   22.747224][   T12]  usb_disable_device+0x3fe/0xc90
[   22.752228][   T12]  usb_disconnect+0x341/0x880
[   22.756885][   T12]  hub_event+0x1c6c/0x4fa0
[   22.761281][   T12]  ? _raw_spin_lock+0xa1/0x170
[   22.766025][   T12]  ? led_work+0x530/0x530
[   22.770370][   T12]  ? __x64_sys_getcpu+0xa0/0xd0
[   22.775236][   T12]  ? _raw_spin_lock_irq+0xa2/0x180
[   22.780343][   T12]  ? read_word_at_a_time+0xe/0x20
[   22.785342][   T12]  ? strscpy+0xa6/0x260
[   22.789467][   T12]  process_one_work+0x777/0xf90
[   22.794303][   T12]  worker_thread+0xa8f/0x1430
[   22.798961][   T12]  kthread+0x2df/0x300
[   22.803001][   T12]  ? process_one_work+0xf90/0xf90
[   22.807998][   T12]  ? kthread_destroy_worker+0x280/0x280
[   22.813529][   T12]  ret_from_fork+0x1f/0x30
[   22.817912][   T12] 
[   22.820213][   T12] Allocated by task 12:
[   22.824338][   T12]  __kasan_kmalloc+0x12c/0x1c0
[   22.829070][   T12]  kmem_cache_alloc_trace+0xc3/0x280
[   22.834324][   T12]  ax88172a_bind+0xc7/0x980
[   22.838810][   T12]  usbnet_probe+0xa9f/0x2770
[   22.843372][   T12]  usb_probe_interface+0x631/0xad0
[   22.848459][   T12]  really_probe+0x764/0xf70
[   22.852934][   T12]  driver_probe_device+0xe6/0x230
[   22.857930][   T12]  bus_for_each_drv+0x17a/0x200
[   22.862783][   T12]  __device_attach+0x27b/0x420
[   22.867526][   T12]  bus_probe_device+0xbb/0x200
[   22.872253][   T12]  device_add+0x13db/0x17c0
[   22.876723][   T12]  usb_set_configuration+0x197f/0x1f00
[   22.882147][   T12]  generic_probe+0x82/0x140
[   22.886617][   T12]  really_probe+0x764/0xf70
[   22.891086][   T12]  driver_probe_device+0xe6/0x230
[   22.896090][   T12]  bus_for_each_drv+0x17a/0x200
[   22.900961][   T12]  __device_attach+0x27b/0x420
[   22.905702][   T12]  bus_probe_device+0xbb/0x200
[   22.910442][   T12]  device_add+0x13db/0x17c0
[   22.914929][   T12]  usb_new_device+0xda7/0x1710
[   22.919663][   T12]  hub_event+0x2963/0x4fa0
[   22.924062][   T12]  process_one_work+0x777/0xf90
[   22.928885][   T12]  worker_thread+0xa8f/0x1430
[   22.933531][   T12]  kthread+0x2df/0x300
[   22.937567][   T12]  ret_from_fork+0x1f/0x30
[   22.942301][   T12] 
[   22.944610][   T12] Freed by task 12:
[   22.948388][   T12]  __kasan_slab_free+0x181/0x230
[   22.953294][   T12]  slab_free_freelist_hook+0xd0/0x150
[   22.958693][   T12]  kfree+0x12b/0x600
[   22.962557][   T12]  ax88172a_bind+0x844/0x980
[   22.967116][   T12]  usbnet_probe+0xa9f/0x2770
[   22.971674][   T12]  usb_probe_interface+0x631/0xad0
[   22.976768][   T12]  really_probe+0x764/0xf70
[   22.981250][   T12]  driver_probe_device+0xe6/0x230
[   22.986241][   T12]  bus_for_each_drv+0x17a/0x200
[   22.991068][   T12]  __device_attach+0x27b/0x420
[   22.995801][   T12]  bus_probe_device+0xbb/0x200
[   23.000542][   T12]  device_add+0x13db/0x17c0
[   23.005010][   T12]  usb_set_configuration+0x197f/0x1f00
[   23.010435][   T12]  generic_probe+0x82/0x140
[   23.014950][   T12]  really_probe+0x764/0xf70
[   23.019436][   T12]  driver_probe_device+0xe6/0x230
[   23.024450][   T12]  bus_for_each_drv+0x17a/0x200
[   23.029271][   T12]  __device_attach+0x27b/0x420
[   23.034017][   T12]  bus_probe_device+0xbb/0x200
[   23.038749][   T12]  device_add+0x13db/0x17c0
[   23.043219][   T12]  usb_new_device+0xda7/0x1710
[   23.048054][   T12]  hub_event+0x2963/0x4fa0
[   23.052437][   T12]  process_one_work+0x777/0xf90
[   23.057616][   T12]  worker_thread+0xa8f/0x1430
[   23.062268][   T12]  kthread+0x2df/0x300
[   23.066305][   T12]  ret_from_fork+0x1f/0x30
[   23.070684][   T12] 
[   23.072982][   T12] The buggy address belongs to the object at ffff8881ce38a500
[   23.072982][   T12]  which belongs to the cache kmalloc-64 of size 64
[   23.086838][   T12] The buggy address is located 0 bytes inside of
[   23.086838][   T12]  64-byte region [ffff8881ce38a500, ffff8881ce38a540)
[   23.099815][   T12] The buggy address belongs to the page:
[   23.105416][   T12] page:ffffea000738e280 refcount:1 mapcount:0 mapping:ffff8881da803180 index:0xffff8881ce38ac80
[   23.115808][   T12] flags: 0x8000000000000200(slab)
[   23.120802][   T12] raw: 8000000000000200 ffffea000738e1c0 0000000700000007 ffff8881da803180
[   23.129355][   T12] raw: ffff8881ce38ac80 0000000080200010 00000001ffffffff 0000000000000000
[   23.137902][   T12] page dumped because: kasan: bad access detected
[   23.144278][   T12] 
[   23.146576][   T12] Memory state around the buggy address:
[   23.152185][   T12]  ffff8881ce38a400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.160214][   T12]  ffff8881ce38a480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.168244][   T12] >ffff8881ce38a500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.176271][   T12]                    ^
[   23.180307][   T12]  ffff8881ce38a580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.188335][   T12]  ffff8881ce38a600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.196383][   T12] ==================================================================
[   23.204408][   T12] Disabling lock debugging due to kernel taint
[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (16s / 1min 30s)[   23.224062][   T12] asix 1-1:0.0 eth1 (unregistered): deregistering mdio bus m/dummy_hcd.0/usb1/1-1/1-1:0.0/net/eth1
[   23.234816][   T12] ------------[ cut here ]------------
[   23.240243][   T12] kernel BUG at drivers/net/phy/mdio_bus.c:456!
[   23.247125][   T12] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   23.253522][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.4.47-syzkaller-00290-g5eb96e454e88 #0
[   23.264512][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.274560][   T12] Workqueue: usb_hub_wq hub_event
[   23.279571][   T12] RIP: 0010:mdiobus_unregister+0x1da/0x1e0
[   23.285347][   T12] Code: f4 fe e9 80 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 94 fe ff ff 4c 89 ff e8 e0 db f4 fe e9 87 fe ff ff e8 16 b0 c6 fe <0f> 0b 0f 1f 40 00 41 57 41 56 41 55 41 54 53 49 89 ff 49 bc 00 00
[   23.305272][   T12] RSP: 0018:ffff8881da9df620 EFLAGS: 00010293
[   23.311304][   T12] RAX: ffffffff827b4caa RBX: 00000000725f7261 RCX: ffff8881da9b9f00
[   23.319267][   T12] RDX: 0000000000000000 RSI: 00000000725f7261 RDI: 0000000000000002
[   23.327217][   T12] RBP: 1ffff11039c715c3 R08: ffffffff827b4b16 R09: ffffed103b705df0
[   23.335167][   T12] R10: ffffed103b705df0 R11: 0000000000000000 R12: dffffc0000000000
[   23.343107][   T12] R13: dffffc0000000000 R14: ffff8881ce38ad80 R15: ffff8881ce38ae18
[   23.351049][   T12] FS:  0000000000000000(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
[   23.359958][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.366507][   T12] CR2: 00007f814ae93000 CR3: 00000001d36cb002 CR4: 00000000001606f0
[   23.374453][   T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.382494][   T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.390431][   T12] Call Trace:
[   23.393692][   T12]  ax88172a_unbind+0x99/0xc0
[   23.398251][   T12]  ? ax88172a_bind+0x980/0x980
[   23.402990][   T12]  usbnet_disconnect+0x14e/0x340
[   23.407894][   T12]  usb_unbind_interface+0x1d8/0x850
[   23.413059][   T12]  ? usb_driver_release_interface+0x1b0/0x1b0
[   23.419105][   T12]  device_release_driver_internal+0x515/0x7b0
[   23.425139][   T12]  bus_remove_device+0x2e7/0x350
[   23.430044][   T12]  device_del+0x7bc/0x1200
[   23.434448][   T12]  ? kill_device+0xc0/0xc0
[   23.438835][   T12]  usb_disable_device+0x3fe/0xc90
[   23.443828][   T12]  usb_disconnect+0x341/0x880
[   23.448473][   T12]  hub_event+0x1c6c/0x4fa0
[   23.452881][   T12]  ? _raw_spin_lock+0xa1/0x170
[   23.458135][   T12]  ? led_work+0x530/0x530
[   23.462433][   T12]  ? __x64_sys_getcpu+0xa0/0xd0
[   23.467257][   T12]  ? _raw_spin_lock_irq+0xa2/0x180
[   23.472335][   T12]  ? read_word_at_a_time+0xe/0x20
[   23.477327][   T12]  ? strscpy+0xa6/0x260
[   23.481447][   T12]  process_one_work+0x777/0xf90
[   23.486278][   T12]  worker_thread+0xa8f/0x1430
[   23.490926][   T12]  kthread+0x2df/0x300
[   23.494959][   T12]  ? process_one_work+0xf90/0xf90
[   23.499965][   T12]  ? kthread_destroy_worker+0x280/0x280
[   23.505567][   T12]  ret_from_fork+0x1f/0x30
[   23.509949][   T12] Modules linked in:
[   23.519419][   T12] ---[ end trace 100ac8b1bcd3041d ]---
[   23.524876][   T12] RIP: 0010:mdiobus_unregister+0x1da/0x1e0
[   23.531267][   T12] Code: f4 fe e9 80 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 94 fe ff ff 4c 89 ff e8 e0 db f4 fe e9 87 fe ff ff e8 16 b0 c6 fe <0f> 0b 0f 1f 40 00 41 57 41 56 41 55 41 54 53 49 89 ff 49 bc 00 00
[   23.551135][   T12] RSP: 0018:ffff8881da9df620 EFLAGS: 00010293
[   23.557455][   T12] RAX: ffffffff827b4caa RBX: 00000000725f7261 RCX: ffff8881da9b9f00
[   23.565423][   T12] RDX: 0000000000000000 RSI: 00000000725f7261 RDI: 0000000000000002
[   23.573854][   T12] RBP: 1ffff11039c715c3 R08: ffffffff827b4b16 R09: ffffed103b705df0
[   23.582151][   T12] R10: ffffed103b705df0 R11: 0000000000000000 R12: dffffc0000000000
[   23.590387][   T12] R13: dffffc0000000000 R14: ffff8881ce38ad80 R15: ffff8881ce38ae18
[   23.598597][   T12] FS:  0000000000000000(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
[   23.607782][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.614365][   T12] CR2: 00007f814ae99000 CR3: 00000001d36cb002 CR4: 00000000001606f0
[   23.622684][   T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.630882][   T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.639073][   T12] Kernel panic - not syncing: Fatal exception
[   23.645537][   T12] Kernel Offset: disabled
[   23.649839][   T12] Rebooting in 86400 seconds..