[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[   57.930739][ T4842] systemd-udevd (4842) used greatest stack depth: 22656 bytes left
[   57.959531][ T4874] systemd-udevd (4874) used greatest stack depth: 21744 bytes left
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   65.060378][ T2532] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   65.300291][ T2532] usb 1-1: Using ep0 maxpacket: 8
[   65.430510][ T2532] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=78.22
[   65.440311][ T2532] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.455426][ T2532] usb 1-1: config 0 descriptor??
[   65.730554][ T2532] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0
[   65.751781][ T2532] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 06:5f:97:07:13:50
executing program
[   65.934201][ T2532] usb 1-1: USB disconnect, device number 2
[   65.941914][ T2532] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet
[   66.021384][ T2532] ==================================================================
[   66.029722][ T2532] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xe7
[   66.037005][ T2532] Read of size 8 at addr ffff88809add3600 by task kworker/1:14/2532
[   66.045056][ T2532] 
[   66.047469][ T2532] CPU: 1 PID: 2532 Comm: kworker/1:14 Not tainted 5.7.0-rc7-next-20200529-syzkaller #0
[   66.057914][ T2532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.068449][ T2532] Workqueue: usb_hub_wq hub_event
[   66.073463][ T2532] Call Trace:
[   66.076870][ T2532]  dump_stack+0x18f/0x20d
[   66.081488][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.086681][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.091454][ T2532]  print_address_description.constprop.0.cold+0xd3/0x413
[   66.098878][ T2532]  ? usbnet_disconnect+0xf0/0x270
[   66.104073][ T2532]  ? vprintk_func+0x97/0x1a6
[   66.108664][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.113418][ T2532]  kasan_report.cold+0x1f/0x37
[   66.118172][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.123036][ T2532]  ? ax88172a_reset.cold+0x131/0x131
[   66.128417][ T2532]  ax88172a_unbind+0x76/0xe7
[   66.133203][ T2532]  usbnet_disconnect+0x145/0x270
[   66.138142][ T2532]  usb_unbind_interface+0x1bd/0x8a0
[   66.143608][ T2532]  ? __pm_runtime_idle+0xd1/0x320
[   66.148632][ T2532]  ? usb_autoresume_device+0x60/0x60
[   66.153936][ T2532]  device_release_driver_internal+0x432/0x500
[   66.160110][ T2532]  bus_remove_device+0x2dc/0x4a0
[   66.165040][ T2532]  device_del+0x481/0xd30
[   66.169417][ T2532]  ? device_link_add_missing_supplier_links+0x370/0x370
[   66.177839][ T2532]  ? mark_held_locks+0x9f/0xe0
[   66.182846][ T2532]  ? remove_intf_ep_devs+0x13f/0x1d0
[   66.188147][ T2532]  usb_disable_device+0x211/0x690
[   66.193211][ T2532]  usb_disconnect+0x284/0x8d0
[   66.198041][ T2532]  hub_event+0x17ca/0x38f0
[   66.202477][ T2532]  ? hub_port_debounce+0x260/0x260
[   66.207601][ T2532]  ? pwq_unbound_release_workfn+0x10/0x2d0
[   66.213595][ T2532]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   66.219391][ T2532]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   66.225631][ T2532]  process_one_work+0x965/0x1690
[   66.230571][ T2532]  ? lock_release+0x800/0x800
[   66.235753][ T2532]  ? pwq_dec_nr_in_flight+0x310/0x310
[   66.241241][ T2532]  ? rwlock_bug.part.0+0x90/0x90
[   66.246342][ T2532]  worker_thread+0x96/0xe20
[   66.250861][ T2532]  ? process_one_work+0x1690/0x1690
[   66.256233][ T2532]  kthread+0x3b5/0x4a0
[   66.260395][ T2532]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   66.266111][ T2532]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   66.271832][ T2532]  ret_from_fork+0x1f/0x30
[   66.276385][ T2532] 
[   66.278700][ T2532] Allocated by task 2532:
[   66.283116][ T2532]  save_stack+0x1b/0x40
[   66.287704][ T2532]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   66.293857][ T2532]  kmem_cache_alloc_trace+0x153/0x7d0
[   66.299419][ T2532]  ax88172a_bind+0xa3/0x751
[   66.304004][ T2532]  usbnet_probe+0xb36/0x2600
[   66.308855][ T2532]  usb_probe_interface+0x305/0x7a0
[   66.313972][ T2532]  really_probe+0x281/0x6d0
[   66.319016][ T2532]  driver_probe_device+0xfe/0x1d0
[   66.324142][ T2532]  __device_attach_driver+0x1c2/0x220
[   66.329643][ T2532]  bus_for_each_drv+0x162/0x1e0
[   66.334488][ T2532]  __device_attach+0x21a/0x360
[   66.339241][ T2532]  bus_probe_device+0x1e4/0x290
[   66.344082][ T2532]  device_add+0xaf1/0x1900
[   66.348487][ T2532]  usb_set_configuration+0xec5/0x1740
[   66.354083][ T2532]  usb_generic_driver_probe+0x9d/0xe0
[   66.359665][ T2532]  usb_probe_device+0xc6/0x1f0
[   66.364594][ T2532]  really_probe+0x281/0x6d0
[   66.369093][ T2532]  driver_probe_device+0xfe/0x1d0
[   66.374118][ T2532]  __device_attach_driver+0x1c2/0x220
[   66.379492][ T2532]  bus_for_each_drv+0x162/0x1e0
[   66.384549][ T2532]  __device_attach+0x21a/0x360
[   66.389651][ T2532]  bus_probe_device+0x1e4/0x290
[   66.394683][ T2532]  device_add+0xaf1/0x1900
[   66.399151][ T2532]  usb_new_device.cold+0x753/0x103d
[   66.404465][ T2532]  hub_event+0x1eca/0x38f0
[   66.408910][ T2532]  process_one_work+0x965/0x1690
[   66.415018][ T2532]  worker_thread+0x96/0xe20
[   66.419685][ T2532]  kthread+0x3b5/0x4a0
[   66.424029][ T2532]  ret_from_fork+0x1f/0x30
[   66.428658][ T2532] 
[   66.432505][ T2532] Freed by task 2532:
[   66.436487][ T2532]  save_stack+0x1b/0x40
[   66.440756][ T2532]  __kasan_slab_free+0xf7/0x140
[   66.445929][ T2532]  kfree+0x109/0x2b0
[   66.450137][ T2532]  ax88172a_bind.cold+0xad/0x1df
[   66.455288][ T2532]  usbnet_probe+0xb36/0x2600
[   66.460403][ T2532]  usb_probe_interface+0x305/0x7a0
[   66.465869][ T2532]  really_probe+0x281/0x6d0
[   66.470483][ T2532]  driver_probe_device+0xfe/0x1d0
[   66.475556][ T2532]  __device_attach_driver+0x1c2/0x220
[   66.481951][ T2532]  bus_for_each_drv+0x162/0x1e0
[   66.487677][ T2532]  __device_attach+0x21a/0x360
[   66.492541][ T2532]  bus_probe_device+0x1e4/0x290
[   66.497733][ T2532]  device_add+0xaf1/0x1900
[   66.502416][ T2532]  usb_set_configuration+0xec5/0x1740
[   66.507783][ T2532]  usb_generic_driver_probe+0x9d/0xe0
[   66.513244][ T2532]  usb_probe_device+0xc6/0x1f0
[   66.518256][ T2532]  really_probe+0x281/0x6d0
[   66.523162][ T2532]  driver_probe_device+0xfe/0x1d0
[   66.528786][ T2532]  __device_attach_driver+0x1c2/0x220
[   66.534147][ T2532]  bus_for_each_drv+0x162/0x1e0
[   66.539086][ T2532]  __device_attach+0x21a/0x360
[   66.543837][ T2532]  bus_probe_device+0x1e4/0x290
[   66.548701][ T2532]  device_add+0xaf1/0x1900
[   66.553271][ T2532]  usb_new_device.cold+0x753/0x103d
[   66.558805][ T2532]  hub_event+0x1eca/0x38f0
[   66.563230][ T2532]  process_one_work+0x965/0x1690
[   66.568256][ T2532]  worker_thread+0x96/0xe20
[   66.572772][ T2532]  kthread+0x3b5/0x4a0
[   66.576922][ T2532]  ret_from_fork+0x1f/0x30
[   66.582252][ T2532] 
[   66.584584][ T2532] The buggy address belongs to the object at ffff88809add3600
[   66.584584][ T2532]  which belongs to the cache kmalloc-64 of size 64
[   66.598665][ T2532] The buggy address is located 0 bytes inside of
[   66.598665][ T2532]  64-byte region [ffff88809add3600, ffff88809add3640)
[   66.611977][ T2532] The buggy address belongs to the page:
[   66.617987][ T2532] page:ffffea00026b74c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   66.627092][ T2532] flags: 0xfffe0000000200(slab)
[   66.632126][ T2532] raw: 00fffe0000000200 ffffea000275e908 ffffea0002a2a088 ffff8880aa000380
[   66.641070][ T2532] raw: 0000000000000000 ffff88809add3000 0000000100000020 0000000000000000
[   66.649822][ T2532] page dumped because: kasan: bad access detected
[   66.656368][ T2532] 
[   66.658683][ T2532] Memory state around the buggy address:
[   66.664424][ T2532]  ffff88809add3500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   66.672544][ T2532]  ffff88809add3580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   66.681348][ T2532] >ffff88809add3600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   66.689627][ T2532]                    ^
[   66.693962][ T2532]  ffff88809add3680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   66.702917][ T2532]  ffff88809add3700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   66.710972][ T2532] ==================================================================
[   66.719633][ T2532] Disabling lock debugging due to kernel taint
[   66.728248][ T2532] Kernel panic - not syncing: panic_on_warn set ...
[   66.734953][ T2532] CPU: 1 PID: 2532 Comm: kworker/1:14 Tainted: G    B             5.7.0-rc7-next-20200529-syzkaller #0
[   66.746270][ T2532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.756992][ T2532] Workqueue: usb_hub_wq hub_event
[   66.762100][ T2532] Call Trace:
[   66.765668][ T2532]  dump_stack+0x18f/0x20d
[   66.770473][ T2532]  ? ax88172a_unbind+0x56/0xe7
[   66.775236][ T2532]  panic+0x2e3/0x75c
[   66.779145][ T2532]  ? __warn_printk+0xf3/0xf3
[   66.783894][ T2532]  ? preempt_schedule_common+0x5e/0xc0
[   66.789397][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.794159][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.799300][ T2532]  ? preempt_schedule_thunk+0x16/0x18
[   66.804785][ T2532]  ? trace_hardirqs_on+0x55/0x220
[   66.809808][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.814659][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.819520][ T2532]  end_report+0x4d/0x53
[   66.823690][ T2532]  kasan_report.cold+0xd/0x37
[   66.828572][ T2532]  ? ax88172a_unbind+0x76/0xe7
[   66.833425][ T2532]  ? ax88172a_reset.cold+0x131/0x131
[   66.838709][ T2532]  ax88172a_unbind+0x76/0xe7
[   66.843476][ T2532]  usbnet_disconnect+0x145/0x270
[   66.848843][ T2532]  usb_unbind_interface+0x1bd/0x8a0
[   66.854039][ T2532]  ? __pm_runtime_idle+0xd1/0x320
[   66.859255][ T2532]  ? usb_autoresume_device+0x60/0x60
[   66.864532][ T2532]  device_release_driver_internal+0x432/0x500
[   66.870683][ T2532]  bus_remove_device+0x2dc/0x4a0
[   66.875736][ T2532]  device_del+0x481/0xd30
[   66.880448][ T2532]  ? device_link_add_missing_supplier_links+0x370/0x370
[   66.887379][ T2532]  ? mark_held_locks+0x9f/0xe0
[   66.892175][ T2532]  ? remove_intf_ep_devs+0x13f/0x1d0
[   66.898396][ T2532]  usb_disable_device+0x211/0x690
[   66.903468][ T2532]  usb_disconnect+0x284/0x8d0
[   66.908242][ T2532]  hub_event+0x17ca/0x38f0
[   66.912666][ T2532]  ? hub_port_debounce+0x260/0x260
[   66.917787][ T2532]  ? pwq_unbound_release_workfn+0x10/0x2d0
[   66.923771][ T2532]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   66.929421][ T2532]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   66.935389][ T2532]  process_one_work+0x965/0x1690
[   66.940421][ T2532]  ? lock_release+0x800/0x800
[   66.945615][ T2532]  ? pwq_dec_nr_in_flight+0x310/0x310
[   66.950975][ T2532]  ? rwlock_bug.part.0+0x90/0x90
[   66.955905][ T2532]  worker_thread+0x96/0xe20
[   66.960488][ T2532]  ? process_one_work+0x1690/0x1690
[   66.965835][ T2532]  kthread+0x3b5/0x4a0
[   66.970190][ T2532]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   66.975988][ T2532]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   66.981887][ T2532]  ret_from_fork+0x1f/0x30
[   66.988291][ T2532] Kernel Offset: disabled
[   66.992851][ T2532] Rebooting in 86400 seconds..