INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.253941][   T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   55.493920][   T21] usb 1-1: Using ep0 maxpacket: 8
[   55.614076][   T21] usb 1-1: config 0 has an invalid interface number: 14 but max is 0
[   55.622281][   T21] usb 1-1: config 0 has no interface number 0
[   55.628473][   T21] usb 1-1: New USB device found, idVendor=9022, idProduct=d632, bcdDevice=91.38
[   55.637564][   T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.647103][   T21] usb 1-1: config 0 descriptor??
[   55.685463][   T21] dw2102: su3000_identify_state
[   55.690502][   T21] dvb-usb: found a 'TeVii S632 USB' in warm state.
[   55.697221][   T21] dw2102: su3000_power_ctrl: 1, initialized 0
[   55.703488][   T21] dvb-usb: bulk message failed: -22 (2/0)
[   55.710625][   T21] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   55.734368][   T21] dvbdev: DVB: registering new adapter (TeVii S632 USB)
[   55.741492][   T21] usb 1-1: media controller created
[   55.747042][   T21] dvb-usb: bulk message failed: -22 (6/-2035711240)
[   55.753809][   T21] dw2102: i2c transfer failed.
[   55.758724][   T21] dvb-usb: bulk message failed: -22 (6/-2035711240)
[   55.765358][   T21] dw2102: i2c transfer failed.
[   55.770132][   T21] dvb-usb: bulk message failed: -22 (6/-2035711240)
[   55.776823][   T21] dw2102: i2c transfer failed.
[   55.781611][   T21] dvb-usb: bulk message failed: -22 (6/-2035711240)
[   55.788532][   T21] dw2102: i2c transfer failed.
[   55.793356][   T21] dvb-usb: bulk message failed: -22 (6/-2035711240)
[   55.800057][   T21] dw2102: i2c transfer failed.
[   55.804911][   T21] dvb-usb: bulk message failed: -22 (6/-2035711240)
[   55.811538][   T21] dw2102: i2c transfer failed.
[   55.816388][   T21] dvb-usb: MAC address: 02:02:02:02:02:02
[   55.826035][   T21] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
executing program
[   55.839285][   T21] dvb-usb: bulk message failed: -22 (1/0)
[   55.845131][   T21] dw2102: command 0x51 transfer failed.
[   55.852004][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.858782][   T21] dw2102: i2c transfer failed.
[   55.863627][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.870322][   T21] dw2102: i2c transfer failed.
[   55.875151][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.881846][   T21] dw2102: i2c transfer failed.
[   55.887207][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.893987][   T21] dw2102: i2c transfer failed.
[   55.898788][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.905469][   T21] dw2102: i2c transfer failed.
[   55.910321][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.917008][   T21] dw2102: i2c transfer failed.
[   55.944058][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.950692][   T21] dw2102: i2c transfer failed.
[   55.955622][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.962207][   T21] dw2102: i2c transfer failed.
[   55.967084][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.973665][   T21] dw2102: i2c transfer failed.
[   55.978563][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.985202][   T21] dw2102: i2c transfer failed.
[   55.989985][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   55.996655][   T21] dw2102: i2c transfer failed.
[   56.001433][   T21] dvb-usb: bulk message failed: -22 (5/-2035711240)
[   56.008111][   T21] dw2102: i2c transfer failed.
[   56.013063][   T21] ts2020 0-0060: Montage Technology TS2020 successfully identified
[   56.021604][   T21] dw2102: Attached RS2000/TS2020!
[   56.026907][   T21] usb 1-1: DVB: registering adapter 0 frontend 0 (M88RS2000 DVB-S)...
[   56.035386][   T21] dvbdev: dvb_create_media_entity: media entity 'M88RS2000 DVB-S' registered.
[   56.094464][   T21] Registered IR keymap rc-su3000
[   56.100116][   T21] rc rc0: TeVii S632 USB as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[   56.109456][   T21] input: TeVii S632 USB as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5
[   56.120547][   T21] dvb-usb: schedule remote query interval to 150 msecs.
[   56.127571][   T21] dw2102: su3000_power_ctrl: 0, initialized 1
[   56.133734][   T21] dvb-usb: TeVii S632 USB successfully initialized and connected.
[   56.142712][   T21] usb 1-1: USB disconnect, device number 2
[   56.149372][   T21] ==================================================================
[   56.157525][   T21] BUG: KASAN: use-after-free in dvb_usb_device_exit+0xb6/0xc0
[   56.164990][   T21] Read of size 8 at addr ffff8881d3d536d0 by task kworker/1:1/21
[   56.172698][   T21] 
[   56.175017][   T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.2.0-rc1+ #10
[   56.182460][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.192534][   T21] Workqueue: usb_hub_wq hub_event
[   56.197557][   T21] Call Trace:
[   56.201098][   T21]  dump_stack+0xca/0x13e
[   56.205354][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.210460][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.215563][   T21]  print_address_description+0x67/0x231
[   56.221108][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.226215][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.231332][   T21]  __kasan_report.cold+0x1a/0x32
[   56.236373][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.241491][   T21]  kasan_report+0xe/0x20
[   56.245739][   T21]  dvb_usb_device_exit+0xb6/0xc0
[   56.250681][   T21]  usb_unbind_interface+0x1bd/0x8a0
[   56.255887][   T21]  ? usb_autoresume_device+0x60/0x60
[   56.261178][   T21]  device_release_driver_internal+0x404/0x4c0
[   56.267245][   T21]  bus_remove_device+0x2dc/0x4a0
[   56.272188][   T21]  device_del+0x460/0xb80
[   56.276522][   T21]  ? __device_links_no_driver+0x240/0x240
[   56.282255][   T21]  ? lockdep_hardirqs_on+0x379/0x580
[   56.287644][   T21]  ? remove_intf_ep_devs+0x13f/0x1d0
[   56.292940][   T21]  usb_disable_device+0x211/0x690
[   56.297977][   T21]  usb_disconnect+0x284/0x830
[   56.302787][   T21]  hub_event+0x1409/0x3590
[   56.307208][   T21]  ? hub_port_debounce+0x260/0x260
[   56.312318][   T21]  process_one_work+0x905/0x1570
[   56.317259][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   56.322680][   T21]  ? do_raw_spin_lock+0x11a/0x280
[   56.327707][   T21]  worker_thread+0x7ab/0xe20
[   56.332368][   T21]  ? process_one_work+0x1570/0x1570
[   56.337567][   T21]  kthread+0x30b/0x410
[   56.341627][   T21]  ? kthread_park+0x1a0/0x1a0
[   56.346340][   T21]  ret_from_fork+0x24/0x30
[   56.350763][   T21] 
[   56.353075][   T21] Allocated by task 21:
[   56.357228][   T21]  save_stack+0x1b/0x80
[   56.361386][   T21]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   56.367033][   T21]  __kmalloc_track_caller+0xe2/0x2b0
[   56.372588][   T21]  kmemdup+0x23/0x50
[   56.376513][   T21]  dw2102_probe+0x627/0xc40
[   56.381017][   T21]  usb_probe_interface+0x305/0x7a0
[   56.386118][   T21]  really_probe+0x281/0x660
[   56.390724][   T21]  driver_probe_device+0x104/0x210
[   56.395934][   T21]  __device_attach_driver+0x1c2/0x220
[   56.401295][   T21]  bus_for_each_drv+0x15c/0x1e0
[   56.406139][   T21]  __device_attach+0x217/0x360
[   56.410889][   T21]  bus_probe_device+0x1e4/0x290
[   56.415771][   T21]  device_add+0xae6/0x16f0
[   56.420301][   T21]  usb_set_configuration+0xdf6/0x1670
[   56.425663][   T21]  generic_probe+0x9d/0xd5
[   56.430074][   T21]  usb_probe_device+0x99/0x100
[   56.434827][   T21]  really_probe+0x281/0x660
[   56.439420][   T21]  driver_probe_device+0x104/0x210
[   56.444518][   T21]  __device_attach_driver+0x1c2/0x220
[   56.449874][   T21]  bus_for_each_drv+0x15c/0x1e0
[   56.454712][   T21]  __device_attach+0x217/0x360
[   56.459583][   T21]  bus_probe_device+0x1e4/0x290
[   56.464440][   T21]  device_add+0xae6/0x16f0
[   56.468863][   T21]  usb_new_device.cold+0x8c1/0x1016
[   56.474045][   T21]  hub_event+0x1ada/0x3590
[   56.478853][   T21]  process_one_work+0x905/0x1570
[   56.483782][   T21]  worker_thread+0x96/0xe20
[   56.488270][   T21]  kthread+0x30b/0x410
[   56.492394][   T21]  ret_from_fork+0x24/0x30
[   56.496799][   T21] 
[   56.499115][   T21] Freed by task 21:
[   56.502945][   T21]  save_stack+0x1b/0x80
[   56.507094][   T21]  __kasan_slab_free+0x130/0x180
[   56.512015][   T21]  kfree+0xd7/0x280
[   56.515810][   T21]  dw2102_probe+0x871/0xc40
[   56.520307][   T21]  usb_probe_interface+0x305/0x7a0
[   56.525443][   T21]  really_probe+0x281/0x660
[   56.529929][   T21]  driver_probe_device+0x104/0x210
[   56.535028][   T21]  __device_attach_driver+0x1c2/0x220
[   56.540444][   T21]  bus_for_each_drv+0x15c/0x1e0
[   56.545294][   T21]  __device_attach+0x217/0x360
[   56.550040][   T21]  bus_probe_device+0x1e4/0x290
[   56.554873][   T21]  device_add+0xae6/0x16f0
[   56.559282][   T21]  usb_set_configuration+0xdf6/0x1670
[   56.564671][   T21]  generic_probe+0x9d/0xd5
[   56.569075][   T21]  usb_probe_device+0x99/0x100
[   56.573821][   T21]  really_probe+0x281/0x660
[   56.578301][   T21]  driver_probe_device+0x104/0x210
[   56.583584][   T21]  __device_attach_driver+0x1c2/0x220
[   56.588947][   T21]  bus_for_each_drv+0x15c/0x1e0
[   56.593784][   T21]  __device_attach+0x217/0x360
[   56.598533][   T21]  bus_probe_device+0x1e4/0x290
[   56.603366][   T21]  device_add+0xae6/0x16f0
[   56.607768][   T21]  usb_new_device.cold+0x8c1/0x1016
[   56.612949][   T21]  hub_event+0x1ada/0x3590
[   56.617353][   T21]  process_one_work+0x905/0x1570
[   56.622273][   T21]  worker_thread+0x96/0xe20
[   56.626763][   T21]  kthread+0x30b/0x410
[   56.630923][   T21]  ret_from_fork+0x24/0x30
[   56.635315][   T21] 
[   56.637631][   T21] The buggy address belongs to the object at ffff8881d3d53300
[   56.637631][   T21]  which belongs to the cache kmalloc-4k of size 4096
[   56.651672][   T21] The buggy address is located 976 bytes inside of
[   56.651672][   T21]  4096-byte region [ffff8881d3d53300, ffff8881d3d54300)
[   56.665017][   T21] The buggy address belongs to the page:
[   56.670686][   T21] page:ffffea00074f5400 refcount:1 mapcount:0 mapping:ffff8881dac02600 index:0x0 compound_mapcount: 0
[   56.681786][   T21] flags: 0x200000000010200(slab|head)
[   56.687153][   T21] raw: 0200000000010200 dead000000000100 dead000000000200 ffff8881dac02600
[   56.695719][   T21] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[   56.704323][   T21] page dumped because: kasan: bad access detected
[   56.710763][   T21] 
[   56.713079][   T21] Memory state around the buggy address:
[   56.718699][   T21]  ffff8881d3d53580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.726748][   T21]  ffff8881d3d53600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.734800][   T21] >ffff8881d3d53680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.742842][   T21]                                                  ^
[   56.749502][   T21]  ffff8881d3d53700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.757550][   T21]  ffff8881d3d53780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.765599][   T21] ==================================================================
[   56.773647][   T21] Disabling lock debugging due to kernel taint
[   56.779907][   T21] Kernel panic - not syncing: panic_on_warn set ...
[   56.786488][   T21] CPU: 1 PID: 21 Comm: kworker/1:1 Tainted: G    B             5.2.0-rc1+ #10
[   56.795306][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.805472][   T21] Workqueue: usb_hub_wq hub_event
[   56.810473][   T21] Call Trace:
[   56.813755][   T21]  dump_stack+0xca/0x13e
[   56.818152][   T21]  panic+0x292/0x6c9
[   56.822020][   T21]  ? __warn_printk+0xf3/0xf3
[   56.826592][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.831684][   T21]  ? trace_hardirqs_on+0x55/0x1c0
[   56.836743][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.841843][   T21]  end_report+0x43/0x49
[   56.845988][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.851120][   T21]  __kasan_report.cold+0xd/0x32
[   56.855967][   T21]  ? dvb_usb_device_exit+0xb6/0xc0
[   56.861065][   T21]  kasan_report+0xe/0x20
[   56.865291][   T21]  dvb_usb_device_exit+0xb6/0xc0
[   56.870211][   T21]  usb_unbind_interface+0x1bd/0x8a0
[   56.875385][   T21]  ? usb_autoresume_device+0x60/0x60
[   56.880647][   T21]  device_release_driver_internal+0x404/0x4c0
[   56.886690][   T21]  bus_remove_device+0x2dc/0x4a0
[   56.891713][   T21]  device_del+0x460/0xb80
[   56.896024][   T21]  ? __device_links_no_driver+0x240/0x240
[   56.901903][   T21]  ? lockdep_hardirqs_on+0x379/0x580
[   56.907176][   T21]  ? remove_intf_ep_devs+0x13f/0x1d0
[   56.912446][   T21]  usb_disable_device+0x211/0x690
[   56.917461][   T21]  usb_disconnect+0x284/0x830
[   56.922123][   T21]  hub_event+0x1409/0x3590
[   56.926564][   T21]  ? hub_port_debounce+0x260/0x260
[   56.931665][   T21]  process_one_work+0x905/0x1570
[   56.936588][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   56.941945][   T21]  ? do_raw_spin_lock+0x11a/0x280
[   56.946959][   T21]  worker_thread+0x7ab/0xe20
[   56.951699][   T21]  ? process_one_work+0x1570/0x1570
[   56.956961][   T21]  kthread+0x30b/0x410
[   56.961126][   T21]  ? kthread_park+0x1a0/0x1a0
[   56.965787][   T21]  ret_from_fork+0x24/0x30
[   56.970512][   T21] Kernel Offset: disabled
[   56.974851][   T21] Rebooting in 86400 seconds..