INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 54.778122][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 55.018107][ T22] usb 1-1: Using ep0 maxpacket: 32 [ 55.138184][ T22] usb 1-1: config 0 has an invalid interface number: 14 but max is 0 [ 55.146334][ T22] usb 1-1: config 0 has no interface number 0 [ 55.152539][ T22] usb 1-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=84.04 [ 55.161737][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.171047][ T22] usb 1-1: config 0 descriptor?? [ 55.210032][ T22] technisat-usb2: could not set alternate setting to 0 [ 55.398144][ T22] technisat-usb2: firmware version: 77.96 [ 55.403974][ T22] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state. [ 56.449340][ T22] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 56.478379][ T22] dvbdev: DVB: registering new adapter (Technisat SkyStar USB HD (DVB-S/S2)) [ 56.487560][ T22] usb 1-1: media controller created [ 56.493143][ T22] technisat-usb2: i2c-error: out failed 53 = -22 [ 56.499770][ T22] dvb-usb: MAC address reading failed. [ 56.509259][ T22] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 56.523091][ T22] technisat-usb2: i2c-error: out failed 68 = -22 [ 57.048138][ T22] dvb-usb: no frontend was attached by 'Technisat SkyStar USB HD (DVB-S/S2)' [ 57.057247][ T22] Registered IR keymap rc-technisat-usb2 [ 57.098139][ T22] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available [ 57.108823][ T22] rc rc0: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 57.119955][ T22] input: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5 [ 57.132263][ T22] dvb-usb: schedule remote query interval to 100 msecs. [ 57.698183][ T22] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully initialized and connected. [ 57.788260][ T108] ================================================================== [ 57.796522][ T108] BUG: KASAN: slab-out-of-bounds in technisat_usb2_rc_query+0x5f5/0x650 [ 57.804942][ T108] Read of size 1 at addr ffff8881d4cf0728 by task kworker/1:2/108 [ 57.812725][ T108] [ 57.815054][ T108] CPU: 1 PID: 108 Comm: kworker/1:2 Not tainted 5.2.0-rc1+ #10 [ 57.822615][ T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.832800][ T108] Workqueue: events dvb_usb_read_remote_control [ 57.839068][ T108] Call Trace: [ 57.842349][ T108] dump_stack+0xca/0x13e [ 57.846619][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 57.852239][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 57.857860][ T108] print_address_description+0x67/0x231 [ 57.863403][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 57.869126][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 57.874787][ T108] __kasan_report.cold+0x1a/0x32 [ 57.879774][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 57.885392][ T108] kasan_report+0xe/0x20 [ 57.889824][ T108] technisat_usb2_rc_query+0x5f5/0x650 [ 57.895381][ T108] ? technisat_usb2_power_ctrl+0xc0/0xc0 [ 57.901249][ T108] dvb_usb_read_remote_control+0xdb/0x1b0 [ 57.906964][ T108] process_one_work+0x905/0x1570 [ 57.911948][ T108] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.917359][ T108] ? do_raw_spin_lock+0x11a/0x280 [ 57.922387][ T108] worker_thread+0x96/0xe20 [ 57.926892][ T108] ? process_one_work+0x1570/0x1570 [ 57.932069][ T108] kthread+0x30b/0x410 [ 57.936116][ T108] ? kthread_park+0x1a0/0x1a0 [ 57.940785][ T108] ret_from_fork+0x24/0x30 [ 57.945185][ T108] [ 57.947497][ T108] Allocated by task 22: [ 57.951649][ T108] save_stack+0x1b/0x80 [ 57.955959][ T108] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 57.961767][ T108] dvb_usb_device_init.cold+0x463/0x11b0 [ 57.967381][ T108] technisat_usb2_probe+0x7d/0x2c0 [ 57.972479][ T108] usb_probe_interface+0x305/0x7a0 [ 57.977572][ T108] really_probe+0x281/0x660 [ 57.982146][ T108] driver_probe_device+0x104/0x210 [ 57.987251][ T108] __device_attach_driver+0x1c2/0x220 [ 57.992608][ T108] bus_for_each_drv+0x15c/0x1e0 [ 57.997447][ T108] __device_attach+0x217/0x360 [ 58.002187][ T108] bus_probe_device+0x1e4/0x290 [ 58.007015][ T108] device_add+0xae6/0x16f0 [ 58.011416][ T108] usb_set_configuration+0xdf6/0x1670 [ 58.016776][ T108] generic_probe+0x9d/0xd5 [ 58.021172][ T108] usb_probe_device+0x99/0x100 [ 58.025912][ T108] really_probe+0x281/0x660 [ 58.030387][ T108] driver_probe_device+0x104/0x210 [ 58.035514][ T108] __device_attach_driver+0x1c2/0x220 [ 58.040869][ T108] bus_for_each_drv+0x15c/0x1e0 [ 58.046263][ T108] __device_attach+0x217/0x360 [ 58.051067][ T108] bus_probe_device+0x1e4/0x290 [ 58.055905][ T108] device_add+0xae6/0x16f0 [ 58.060314][ T108] usb_new_device.cold+0x8c1/0x1016 [ 58.065497][ T108] hub_event+0x1ada/0x3590 [ 58.069943][ T108] process_one_work+0x905/0x1570 [ 58.074872][ T108] worker_thread+0x96/0xe20 [ 58.079353][ T108] kthread+0x30b/0x410 [ 58.083399][ T108] ret_from_fork+0x24/0x30 [ 58.087791][ T108] [ 58.090106][ T108] Freed by task 1: [ 58.093856][ T108] save_stack+0x1b/0x80 [ 58.098092][ T108] __kasan_slab_free+0x130/0x180 [ 58.103016][ T108] kfree+0xd7/0x280 [ 58.106813][ T108] blk_mq_exit_sched+0x1e5/0x2c0 [ 58.111730][ T108] elevator_exit+0x6b/0xa0 [ 58.116142][ T108] blk_exit_queue+0x60/0xe0 [ 58.120787][ T108] blk_cleanup_queue+0xe5/0x160 [ 58.125638][ T108] __scsi_remove_device+0x102/0x3c0 [ 58.130820][ T108] scsi_probe_and_add_lun+0x1cff/0x2cd0 [ 58.136343][ T108] __scsi_scan_target+0x273/0xc30 [ 58.141347][ T108] scsi_scan_channel.part.0+0x126/0x1a0 [ 58.146873][ T108] scsi_scan_host_selected+0x2bb/0x3f0 [ 58.152352][ T108] do_scsi_scan_host+0x1e8/0x260 [ 58.157279][ T108] scsi_scan_host+0x37c/0x440 [ 58.161952][ T108] virtscsi_probe+0x9b5/0xbb3 [ 58.166617][ T108] virtio_dev_probe+0x463/0x710 [ 58.171458][ T108] really_probe+0x281/0x660 [ 58.175941][ T108] driver_probe_device+0x104/0x210 [ 58.181040][ T108] device_driver_attach+0x108/0x140 [ 58.186217][ T108] __driver_attach+0xda/0x240 [ 58.190884][ T108] bus_for_each_dev+0x14b/0x1d0 [ 58.195842][ T108] bus_add_driver+0x44e/0x5a0 [ 58.200514][ T108] driver_register+0x1c4/0x320 [ 58.205264][ T108] init+0xa1/0x115 [ 58.208970][ T108] do_one_initcall+0xd7/0x5a4 [ 58.213634][ T108] kernel_init_freeable+0x4ae/0x59b [ 58.218818][ T108] kernel_init+0xd/0x1bf [ 58.223049][ T108] ret_from_fork+0x24/0x30 [ 58.227436][ T108] [ 58.229742][ T108] The buggy address belongs to the object at ffff8881d4cf0640 [ 58.229742][ T108] which belongs to the cache kmalloc-256 of size 256 [ 58.243791][ T108] The buggy address is located 232 bytes inside of [ 58.243791][ T108] 256-byte region [ffff8881d4cf0640, ffff8881d4cf0740) [ 58.257066][ T108] The buggy address belongs to the page: [ 58.262736][ T108] page:ffffea0007533c00 refcount:1 mapcount:0 mapping:ffff8881dac02e00 index:0x0 [ 58.271840][ T108] flags: 0x200000000000200(slab) [ 58.276768][ T108] raw: 0200000000000200 ffffea000754dc00 0000000900000009 ffff8881dac02e00 [ 58.285350][ T108] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 58.293930][ T108] page dumped because: kasan: bad access detected [ 58.300324][ T108] [ 58.302679][ T108] Memory state around the buggy address: [ 58.308320][ T108] ffff8881d4cf0600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 58.316477][ T108] ffff8881d4cf0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.324570][ T108] >ffff8881d4cf0700: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 58.332621][ T108] ^ [ 58.337978][ T108] ffff8881d4cf0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.346028][ T108] ffff8881d4cf0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.354185][ T108] ================================================================== [ 58.362246][ T108] Disabling lock debugging due to kernel taint [ 58.368508][ T108] Kernel panic - not syncing: panic_on_warn set ... [ 58.375089][ T108] CPU: 1 PID: 108 Comm: kworker/1:2 Tainted: G B 5.2.0-rc1+ #10 [ 58.384073][ T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.394248][ T108] Workqueue: events dvb_usb_read_remote_control [ 58.400464][ T108] Call Trace: [ 58.403733][ T108] dump_stack+0xca/0x13e [ 58.407960][ T108] panic+0x292/0x6c9 [ 58.412015][ T108] ? __warn_printk+0xf3/0xf3 [ 58.416608][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 58.422263][ T108] ? trace_hardirqs_on+0x55/0x1c0 [ 58.427272][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 58.432886][ T108] end_report+0x43/0x49 [ 58.437019][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 58.442641][ T108] __kasan_report.cold+0xd/0x32 [ 58.447472][ T108] ? technisat_usb2_rc_query+0x5f5/0x650 [ 58.453085][ T108] kasan_report+0xe/0x20 [ 58.457310][ T108] technisat_usb2_rc_query+0x5f5/0x650 [ 58.462750][ T108] ? technisat_usb2_power_ctrl+0xc0/0xc0 [ 58.468361][ T108] dvb_usb_read_remote_control+0xdb/0x1b0 [ 58.474061][ T108] process_one_work+0x905/0x1570 [ 58.478976][ T108] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.484332][ T108] ? do_raw_spin_lock+0x11a/0x280 [ 58.489332][ T108] worker_thread+0x96/0xe20 [ 58.493816][ T108] ? process_one_work+0x1570/0x1570 [ 58.498997][ T108] kthread+0x30b/0x410 [ 58.503268][ T108] ? kthread_park+0x1a0/0x1a0 [ 58.507923][ T108] ret_from_fork+0x24/0x30 [ 58.512683][ T108] Kernel Offset: disabled [ 58.517010][ T108] Rebooting in 86400 seconds..