[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.244' (ECDSA) to the list of known hosts.
syzkaller login: [   64.308956][   T29] audit: type=1400 audit(1592597989.487:8): avc:  denied  { execmem } for  pid=6803 comm="syz-executor178" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   64.341077][ T6804] IPVS: ftp: loaded support on port[0] = 21
executing program
[   64.662346][ T3411] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   64.902262][ T3411] usb 1-1: Using ep0 maxpacket: 8
[   65.022392][ T3411] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=78.22
[   65.031833][ T3411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.043549][ T3411] usb 1-1: config 0 descriptor??
[   65.302475][ T3411] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0
[   65.324086][ T3411] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, be:7b:16:40:5a:65
[   65.507626][ T3411] usb 1-1: USB disconnect, device number 2
[   65.515044][ T3411] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet
[   65.579623][ T3411] ==================================================================
[   65.587910][ T3411] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xe7
[   65.595015][ T3411] Read of size 8 at addr ffff8880a46b8300 by task kworker/0:9/3411
[   65.602888][ T3411] 
[   65.605202][ T3411] CPU: 0 PID: 3411 Comm: kworker/0:9 Not tainted 5.7.0-syzkaller #0
[   65.613165][ T3411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.623206][ T3411] Workqueue: usb_hub_wq hub_event
[   65.628205][ T3411] Call Trace:
[   65.631495][ T3411]  dump_stack+0x188/0x20d
[   65.635837][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   65.640588][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   65.645335][ T3411]  print_address_description.constprop.0.cold+0xd3/0x413
[   65.652336][ T3411]  ? usbnet_disconnect+0xf0/0x270
[   65.657354][ T3411]  ? vprintk_func+0x97/0x1a6
[   65.661938][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   65.666775][ T3411]  kasan_report.cold+0x1f/0x37
[   65.671610][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   65.676376][ T3411]  ? ax88172a_reset.cold+0x131/0x131
[   65.681649][ T3411]  ax88172a_unbind+0x76/0xe7
[   65.686428][ T3411]  usbnet_disconnect+0x145/0x270
[   65.691357][ T3411]  usb_unbind_interface+0x1bd/0x8a0
[   65.696579][ T3411]  ? __pm_runtime_idle+0xd1/0x320
[   65.701759][ T3411]  ? usb_autoresume_device+0x60/0x60
[   65.707566][ T3411]  device_release_driver_internal+0x432/0x500
[   65.713619][ T3411]  bus_remove_device+0x2dc/0x4a0
[   65.718543][ T3411]  device_del+0x481/0xd30
[   65.722979][ T3411]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   65.728956][ T3411]  ? device_link_remove+0x110/0x110
[   65.734140][ T3411]  ? remove_intf_ep_devs+0x13f/0x1d0
[   65.740394][ T3411]  usb_disable_device+0x211/0x690
[   65.745463][ T3411]  usb_disconnect+0x284/0x8d0
[   65.750265][ T3411]  hub_event+0x17ca/0x38f0
[   65.754803][ T3411]  ? hub_port_debounce+0x260/0x260
[   65.759994][ T3411]  ? __queue_work+0x730/0x1280
[   65.764754][ T3411]  ? debug_smp_processor_id+0x2f/0x185
[   65.771178][ T3411]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.776723][ T3411]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.782692][ T3411]  process_one_work+0x965/0x16a0
[   65.788227][ T3411]  ? lock_release+0x800/0x800
[   65.792887][ T3411]  ? pwq_dec_nr_in_flight+0x310/0x310
[   65.798349][ T3411]  ? rwlock_bug.part.0+0x90/0x90
[   65.803275][ T3411]  worker_thread+0x96/0xe20
[   65.807959][ T3411]  ? process_one_work+0x16a0/0x16a0
[   65.813926][ T3411]  kthread+0x388/0x470
[   65.817975][ T3411]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   65.823695][ T3411]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   65.829428][ T3411]  ret_from_fork+0x24/0x30
[   65.833836][ T3411] 
[   65.836172][ T3411] Allocated by task 3411:
[   65.840499][ T3411]  save_stack+0x1b/0x40
[   65.844650][ T3411]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.850799][ T3411]  kmem_cache_alloc_trace+0x153/0x7d0
[   65.856153][ T3411]  ax88172a_bind+0xa3/0x751
[   65.860653][ T3411]  usbnet_probe+0xb36/0x2600
[   65.865327][ T3411]  usb_probe_interface+0x305/0x7a0
[   65.870432][ T3411]  really_probe+0x281/0x6d0
[   65.874916][ T3411]  driver_probe_device+0x104/0x210
[   65.880023][ T3411]  __device_attach_driver+0x1c2/0x220
[   65.885478][ T3411]  bus_for_each_drv+0x162/0x1e0
[   65.890321][ T3411]  __device_attach+0x21a/0x360
[   65.895086][ T3411]  bus_probe_device+0x1e4/0x290
[   65.900012][ T3411]  device_add+0x132d/0x1c10
[   65.904513][ T3411]  usb_set_configuration+0xec5/0x1740
[   65.910480][ T3411]  usb_generic_driver_probe+0x9d/0xe0
[   65.915946][ T3411]  usb_probe_device+0xc6/0x1f0
[   65.920704][ T3411]  really_probe+0x281/0x6d0
[   65.925212][ T3411]  driver_probe_device+0x104/0x210
[   65.930305][ T3411]  __device_attach_driver+0x1c2/0x220
[   65.935656][ T3411]  bus_for_each_drv+0x162/0x1e0
[   65.940487][ T3411]  __device_attach+0x21a/0x360
[   65.945335][ T3411]  bus_probe_device+0x1e4/0x290
[   65.950179][ T3411]  device_add+0x132d/0x1c10
[   65.954802][ T3411]  usb_new_device.cold+0x753/0x103d
[   65.960080][ T3411]  hub_event+0x1eca/0x38f0
[   65.964490][ T3411]  process_one_work+0x965/0x16a0
[   65.969422][ T3411]  worker_thread+0x96/0xe20
[   65.973928][ T3411]  kthread+0x388/0x470
[   65.977976][ T3411]  ret_from_fork+0x24/0x30
[   65.982366][ T3411] 
[   65.984678][ T3411] Freed by task 3411:
[   65.988657][ T3411]  save_stack+0x1b/0x40
[   65.992880][ T3411]  __kasan_slab_free+0xf7/0x140
[   65.997712][ T3411]  kfree+0x109/0x2b0
[   66.001599][ T3411]  ax88172a_bind.cold+0xad/0x1df
[   66.006628][ T3411]  usbnet_probe+0xb36/0x2600
[   66.011213][ T3411]  usb_probe_interface+0x305/0x7a0
[   66.016324][ T3411]  really_probe+0x281/0x6d0
[   66.020806][ T3411]  driver_probe_device+0x104/0x210
[   66.025903][ T3411]  __device_attach_driver+0x1c2/0x220
[   66.031259][ T3411]  bus_for_each_drv+0x162/0x1e0
[   66.037838][ T3411]  __device_attach+0x21a/0x360
[   66.042596][ T3411]  bus_probe_device+0x1e4/0x290
[   66.047451][ T3411]  device_add+0x132d/0x1c10
[   66.051936][ T3411]  usb_set_configuration+0xec5/0x1740
[   66.057304][ T3411]  usb_generic_driver_probe+0x9d/0xe0
[   66.062668][ T3411]  usb_probe_device+0xc6/0x1f0
[   66.068750][ T3411]  really_probe+0x281/0x6d0
[   66.073248][ T3411]  driver_probe_device+0x104/0x210
[   66.078337][ T3411]  __device_attach_driver+0x1c2/0x220
[   66.083687][ T3411]  bus_for_each_drv+0x162/0x1e0
[   66.088517][ T3411]  __device_attach+0x21a/0x360
[   66.093276][ T3411]  bus_probe_device+0x1e4/0x290
[   66.098119][ T3411]  device_add+0x132d/0x1c10
[   66.102619][ T3411]  usb_new_device.cold+0x753/0x103d
[   66.107811][ T3411]  hub_event+0x1eca/0x38f0
[   66.112399][ T3411]  process_one_work+0x965/0x16a0
[   66.117322][ T3411]  worker_thread+0x96/0xe20
[   66.121816][ T3411]  kthread+0x388/0x470
[   66.125893][ T3411]  ret_from_fork+0x24/0x30
[   66.130303][ T3411] 
[   66.132621][ T3411] The buggy address belongs to the object at ffff8880a46b8300
[   66.132621][ T3411]  which belongs to the cache kmalloc-64 of size 64
[   66.146582][ T3411] The buggy address is located 0 bytes inside of
[   66.146582][ T3411]  64-byte region [ffff8880a46b8300, ffff8880a46b8340)
[   66.159581][ T3411] The buggy address belongs to the page:
[   66.165230][ T3411] page:ffffea000291ae00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a46b8500
[   66.175616][ T3411] flags: 0xfffe0000000200(slab)
[   66.180449][ T3411] raw: 00fffe0000000200 ffffea000238ee88 ffffea000291acc8 ffff8880aa000380
[   66.189031][ T3411] raw: ffff8880a46b8500 ffff8880a46b8000 000000010000001b 0000000000000000
[   66.197604][ T3411] page dumped because: kasan: bad access detected
[   66.203991][ T3411] 
[   66.206309][ T3411] Memory state around the buggy address:
[   66.211922][ T3411]  ffff8880a46b8200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   66.219961][ T3411]  ffff8880a46b8280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   66.228166][ T3411] >ffff8880a46b8300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   66.236475][ T3411]                    ^
[   66.240549][ T3411]  ffff8880a46b8380: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc
[   66.248602][ T3411]  ffff8880a46b8400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   66.256745][ T3411] ==================================================================
[   66.264782][ T3411] Disabling lock debugging due to kernel taint
[   66.272880][ T3411] Kernel panic - not syncing: panic_on_warn set ...
[   66.279576][ T3411] CPU: 0 PID: 3411 Comm: kworker/0:9 Tainted: G    B             5.7.0-syzkaller #0
[   66.289052][ T3411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.299109][ T3411] Workqueue: usb_hub_wq hub_event
[   66.305086][ T3411] Call Trace:
[   66.308378][ T3411]  dump_stack+0x188/0x20d
[   66.312793][ T3411]  ? ax88172a_reset.cold+0x117/0x131
[   66.318052][ T3411]  panic+0x2e3/0x75c
[   66.322458][ T3411]  ? add_taint.cold+0x16/0x16
[   66.327120][ T3411]  ? preempt_schedule_common+0x5e/0xc0
[   66.332563][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   66.337315][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   66.342058][ T3411]  ? preempt_schedule_thunk+0x16/0x18
[   66.347413][ T3411]  ? trace_hardirqs_on+0x55/0x230
[   66.352440][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   66.357189][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   66.361931][ T3411]  end_report+0x4d/0x53
[   66.366099][ T3411]  kasan_report.cold+0xd/0x37
[   66.370837][ T3411]  ? ax88172a_unbind+0x76/0xe7
[   66.375574][ T3411]  ? ax88172a_reset.cold+0x131/0x131
[   66.380975][ T3411]  ax88172a_unbind+0x76/0xe7
[   66.385656][ T3411]  usbnet_disconnect+0x145/0x270
[   66.390585][ T3411]  usb_unbind_interface+0x1bd/0x8a0
[   66.395795][ T3411]  ? __pm_runtime_idle+0xd1/0x320
[   66.400816][ T3411]  ? usb_autoresume_device+0x60/0x60
[   66.406090][ T3411]  device_release_driver_internal+0x432/0x500
[   66.412155][ T3411]  bus_remove_device+0x2dc/0x4a0
[   66.417087][ T3411]  device_del+0x481/0xd30
[   66.421403][ T3411]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   66.427390][ T3411]  ? device_link_remove+0x110/0x110
[   66.432669][ T3411]  ? remove_intf_ep_devs+0x13f/0x1d0
[   66.438057][ T3411]  usb_disable_device+0x211/0x690
[   66.443084][ T3411]  usb_disconnect+0x284/0x8d0
[   66.448173][ T3411]  hub_event+0x17ca/0x38f0
[   66.452571][ T3411]  ? hub_port_debounce+0x260/0x260
[   66.457781][ T3411]  ? __queue_work+0x730/0x1280
[   66.462666][ T3411]  ? debug_smp_processor_id+0x2f/0x185
[   66.468124][ T3411]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   66.473649][ T3411]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   66.479624][ T3411]  process_one_work+0x965/0x16a0
[   66.484731][ T3411]  ? lock_release+0x800/0x800
[   66.489384][ T3411]  ? pwq_dec_nr_in_flight+0x310/0x310
[   66.494746][ T3411]  ? rwlock_bug.part.0+0x90/0x90
[   66.499657][ T3411]  worker_thread+0x96/0xe20
[   66.504250][ T3411]  ? process_one_work+0x16a0/0x16a0
[   66.509432][ T3411]  kthread+0x388/0x470
[   66.513478][ T3411]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   66.519356][ T3411]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   66.525089][ T3411]  ret_from_fork+0x24/0x30
[   66.530973][ T3411] Kernel Offset: disabled
[   66.535397][ T3411] Rebooting in 86400 seconds..