Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. 2019/05/14 16:16:29 parsed 1 programs 2019/05/14 16:16:31 executed programs: 0 syzkaller login: [ 50.526069][ T4643] e cgroup1: Unknown subsys name 'perf_event' [ 50.532886][ T4643] e cgroup1: Unknown subsys name 'net_cls' [ 51.379718][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 51.619726][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 51.739765][ T12] usb 1-1: config 0 has an invalid interface number: 205 but max is 0 [ 51.748087][ T12] usb 1-1: config 0 has no interface number 0 [ 51.754240][ T12] usb 1-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=de.42 [ 51.763277][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.772643][ T12] usb 1-1: config 0 descriptor?? [ 51.821905][ T12] technisat-usb2: could not set alternate setting to 0 [ 52.009774][ T12] technisat-usb2: firmware version: 124.164 [ 52.015857][ T12] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state. [ 52.581387][ T12] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 52.610046][ T12] dvbdev: DVB: registering new adapter (Technisat SkyStar USB HD (DVB-S/S2)) [ 52.619139][ T12] technisat-usb2: i2c-error: out failed 53 = -22 [ 52.625732][ T12] dvb-usb: MAC address reading failed. [ 52.635056][ T12] technisat-usb2: i2c-error: out failed 68 = -22 [ 53.159768][ T12] dvb-usb: no frontend was attached by 'Technisat SkyStar USB HD (DVB-S/S2)' [ 53.168955][ T12] Registered IR keymap rc-technisat-usb2 [ 53.209729][ T12] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available [ 53.220451][ T12] rc rc0: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 53.231508][ T12] input: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5 [ 53.244296][ T12] dvb-usb: schedule remote query interval to 100 msecs. [ 54.289740][ T12] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully initialized and connected. [ 54.379845][ T2529] ================================================================== [ 54.388045][ T2529] BUG: KASAN: slab-out-of-bounds in technisat_usb2_rc_query+0x5f5/0x650 [ 54.396351][ T2529] Read of size 1 at addr ffff8881d8b36868 by task kworker/0:2/2529 [ 54.404216][ T2529] [ 54.406536][ T2529] CPU: 0 PID: 2529 Comm: kworker/0:2 Not tainted 5.1.0-rc3+ #7 [ 54.414116][ T2529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.424186][ T2529] Workqueue: events dvb_usb_read_remote_control [ 54.430491][ T2529] Call Trace: [ 54.433962][ T2529] dump_stack+0xca/0x13e [ 54.438200][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.443816][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.449446][ T2529] print_address_description+0x67/0x231 [ 54.454972][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.460597][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.466225][ T2529] kasan_report.cold+0x1a/0x35 [ 54.470975][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.476579][ T2529] technisat_usb2_rc_query+0x5f5/0x650 [ 54.482028][ T2529] ? technisat_usb2_power_ctrl+0xc0/0xc0 [ 54.487657][ T2529] dvb_usb_read_remote_control+0xe0/0x1c0 [ 54.493405][ T2529] process_one_work+0x90a/0x1580 [ 54.498338][ T2529] ? wq_pool_ids_show+0x300/0x300 [ 54.503340][ T2529] ? do_raw_spin_lock+0x11a/0x280 [ 54.508340][ T2529] worker_thread+0x96/0xe20 [ 54.512819][ T2529] ? process_one_work+0x1580/0x1580 [ 54.517997][ T2529] kthread+0x30e/0x420 [ 54.522065][ T2529] ? kthread_park+0x1a0/0x1a0 [ 54.526721][ T2529] ret_from_fork+0x3a/0x50 [ 54.531118][ T2529] [ 54.533426][ T2529] Allocated by task 12: [ 54.537569][ T2529] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 54.543177][ T2529] dvb_usb_device_init.cold+0x463/0x11ae [ 54.548782][ T2529] technisat_usb2_probe+0x7d/0x2c0 [ 54.553893][ T2529] usb_probe_interface+0x30d/0x7b0 [ 54.559012][ T2529] really_probe+0x296/0x680 [ 54.563511][ T2529] driver_probe_device+0xf9/0x200 [ 54.568516][ T2529] __device_attach_driver+0x1c4/0x230 [ 54.573871][ T2529] bus_for_each_drv+0x15e/0x1e0 [ 54.578694][ T2529] __device_attach+0x21e/0x360 [ 54.583432][ T2529] bus_probe_device+0x1ec/0x2a0 [ 54.588255][ T2529] device_add+0xaf4/0x1700 [ 54.592665][ T2529] usb_set_configuration+0xdf2/0x1670 [ 54.598031][ T2529] generic_probe+0x9d/0xd5 [ 54.602426][ T2529] usb_probe_device+0xa8/0x110 [ 54.607169][ T2529] really_probe+0x296/0x680 [ 54.611652][ T2529] driver_probe_device+0xf9/0x200 [ 54.616665][ T2529] __device_attach_driver+0x1c4/0x230 [ 54.622016][ T2529] bus_for_each_drv+0x15e/0x1e0 [ 54.626852][ T2529] __device_attach+0x21e/0x360 [ 54.631590][ T2529] bus_probe_device+0x1ec/0x2a0 [ 54.636412][ T2529] device_add+0xaf4/0x1700 [ 54.640801][ T2529] usb_new_device.cold+0x8b8/0x1030 [ 54.646053][ T2529] hub_event+0x1ac9/0x35a0 [ 54.650470][ T2529] process_one_work+0x90a/0x1580 [ 54.655390][ T2529] worker_thread+0x96/0xe20 [ 54.659868][ T2529] kthread+0x30e/0x420 [ 54.663925][ T2529] ret_from_fork+0x3a/0x50 [ 54.668426][ T2529] [ 54.670742][ T2529] Freed by task 1: [ 54.674446][ T2529] __kasan_slab_free+0x130/0x180 [ 54.679355][ T2529] kfree+0xd7/0x290 [ 54.683151][ T2529] krealloc+0x78/0xc0 [ 54.687179][ T2529] add_sysfs_param.isra.0+0xc8/0x930 [ 54.692451][ T2529] param_sysfs_init+0x35f/0x430 [ 54.697286][ T2529] do_one_initcall+0xd9/0x585 [ 54.701943][ T2529] kernel_init_freeable+0x4b4/0x5a1 [ 54.707139][ T2529] kernel_init+0xd/0x1bf [ 54.711414][ T2529] ret_from_fork+0x3a/0x50 [ 54.715806][ T2529] [ 54.718122][ T2529] The buggy address belongs to the object at ffff8881d8b36780 [ 54.718122][ T2529] which belongs to the cache kmalloc-256 of size 256 [ 54.732162][ T2529] The buggy address is located 232 bytes inside of [ 54.732162][ T2529] 256-byte region [ffff8881d8b36780, ffff8881d8b36880) [ 54.745417][ T2529] The buggy address belongs to the page: [ 54.751025][ T2529] page:ffffea000762cd80 count:1 mapcount:0 mapping:ffff8881dac02e00 index:0x0 [ 54.759852][ T2529] flags: 0x200000000000200(slab) [ 54.764768][ T2529] raw: 0200000000000200 dead000000000100 dead000000000200 ffff8881dac02e00 [ 54.773327][ T2529] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 54.781889][ T2529] page dumped because: kasan: bad access detected [ 54.788283][ T2529] [ 54.790590][ T2529] Memory state around the buggy address: [ 54.796245][ T2529] ffff8881d8b36700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 54.804295][ T2529] ffff8881d8b36780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.812334][ T2529] >ffff8881d8b36800: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 54.820370][ T2529] ^ [ 54.827796][ T2529] ffff8881d8b36880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 54.835838][ T2529] ffff8881d8b36900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.843896][ T2529] ================================================================== [ 54.851948][ T2529] Disabling lock debugging due to kernel taint [ 54.858329][ T2529] Kernel panic - not syncing: panic_on_warn set ... [ 54.864922][ T2529] CPU: 0 PID: 2529 Comm: kworker/0:2 Tainted: G B 5.1.0-rc3+ #7 [ 54.873835][ T2529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.883882][ T2529] Workqueue: events dvb_usb_read_remote_control [ 54.890100][ T2529] Call Trace: [ 54.893367][ T2529] dump_stack+0xca/0x13e [ 54.897589][ T2529] panic+0x292/0x5e1 [ 54.901463][ T2529] ? __warn_printk+0xf3/0xf3 [ 54.906040][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.911651][ T2529] ? trace_hardirqs_on+0x55/0x1c0 [ 54.916653][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.922313][ T2529] end_report+0x43/0x49 [ 54.926461][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.932071][ T2529] kasan_report.cold+0xd/0x35 [ 54.936733][ T2529] ? technisat_usb2_rc_query+0x5f5/0x650 [ 54.945604][ T2529] technisat_usb2_rc_query+0x5f5/0x650 [ 54.955404][ T2529] ? technisat_usb2_power_ctrl+0xc0/0xc0 [ 54.961012][ T2529] dvb_usb_read_remote_control+0xe0/0x1c0 [ 54.966715][ T2529] process_one_work+0x90a/0x1580 [ 54.968160][ T4814] usb-fuzzer-gadget dummy_udc.0: unregistering UDC driver [USB fuzzer] [ 54.971636][ T2529] ? wq_pool_ids_show+0x300/0x300 [ 54.971647][ T2529] ? do_raw_spin_lock+0x11a/0x280 [ 54.971662][ T2529] worker_thread+0x96/0xe20 [ 54.980116][ T4814] dummy_hcd dummy_hcd.0: port status 0x00010100 has changes [ 54.984877][ T2529] ? process_one_work+0x1580/0x1580 [ 54.990305][ T1488] dummy_hcd dummy_hcd.0: port status 0x00010100 has changes [ 54.994342][ T2529] kthread+0x30e/0x420 [ 54.994356][ T2529] ? kthread_park+0x1a0/0x1a0 [ 55.003089][ T1488] usb 1-1: USB disconnect, device number 2 [ 55.007029][ T2529] ret_from_fork+0x3a/0x50 [ 55.014844][ T2529] Kernel Offset: disabled [ 55.038144][ T2529] Rebooting in 86400 seconds..