dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully initialized and connected. usb 1-1: new low-speed USB device number 2 using dummy_hcd usb 4-1: new low-speed USB device number 2 using dummy_hcd usb 5-1: new low-speed USB device number 2 using dummy_hcd ================================================================== BUG: KASAN: slab-out-of-bounds in technisat_usb2_get_ir drivers/media/usb/dvb-usb/technisat-usb2.c:664 [inline] BUG: KASAN: slab-out-of-bounds in technisat_usb2_rc_query+0x5fa/0x660 drivers/media/usb/dvb-usb/technisat-usb2.c:679 Read of size 1 at addr ffff88809bf73d68 by task kworker/0:1/7 CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.2.0-rc6-g7829a89 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events dvb_usb_read_remote_control Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe8/0x16e lib/dump_stack.c:113 print_address_description+0x6c/0x236 mm/kasan/report.c:188 __kasan_report.cold+0x1a/0x39 mm/kasan/report.c:317 kasan_report+0xe/0x20 mm/kasan/common.c:614 technisat_usb2_get_ir drivers/media/usb/dvb-usb/technisat-usb2.c:664 [inline] technisat_usb2_rc_query+0x5fa/0x660 drivers/media/usb/dvb-usb/technisat-usb2.c:679 dvb_usb_read_remote_control drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:115 [inline] dvb_usb_read_remote_control+0xe5/0x1c0 drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:92 process_one_work+0x90f/0x1580 kernel/workqueue.c:2269 worker_thread+0x9b/0xe20 kernel/workqueue.c:2415 kthread+0x315/0x420 kernel/kthread.c:255 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Allocated by task 7: save_stack+0x1b/0x80 mm/kasan/common.c:71 set_track mm/kasan/common.c:79 [inline] __kasan_kmalloc mm/kasan/common.c:489 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:462 dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:149 [inline] dvb_usb_device_init.cold+0x317/0x10b3 drivers/media/usb/dvb-usb/dvb-usb-init.c:274 technisat_usb2_probe+0x82/0x2d0 drivers/media/usb/dvb-usb/technisat-usb2.c:763 usb_probe_interface+0x31b/0x810 drivers/usb/core/driver.c:361 really_probe+0x2cb/0xaf0 drivers/base/dd.c:509 driver_probe_device+0x228/0x360 drivers/base/dd.c:670 __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:777 bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454 __device_attach+0x21c/0x390 drivers/base/dd.c:843 bus_probe_device+0x1eb/0x2a0 drivers/base/bus.c:514 device_add+0xac4/0x16d0 drivers/base/core.c:2111 usb_set_configuration+0xdfb/0x1750 drivers/usb/core/message.c:2023 generic_probe+0xa2/0xda drivers/usb/core/generic.c:210 usb_probe_device+0xba/0x150 drivers/usb/core/driver.c:266 really_probe+0x2cb/0xaf0 drivers/base/dd.c:509 driver_probe_device+0x228/0x360 drivers/base/dd.c:670 __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:777 bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454 __device_attach+0x21c/0x390 drivers/base/dd.c:843 bus_probe_device+0x1eb/0x2a0 drivers/base/bus.c:514 device_add+0xac4/0x16d0 drivers/base/core.c:2111 usb_new_device.cold+0x540/0xcb7 drivers/usb/core/hub.c:2534 hub_port_connect drivers/usb/core/hub.c:5089 [inline] hub_port_connect_change drivers/usb/core/hub.c:5204 [inline] port_event drivers/usb/core/hub.c:5350 [inline] hub_event+0x1398/0x3b00 drivers/usb/core/hub.c:5432 process_one_work+0x90f/0x1580 kernel/workqueue.c:2269 worker_thread+0x9b/0xe20 kernel/workqueue.c:2415 kthread+0x315/0x420 kernel/kthread.c:255 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Freed by task 4333: save_stack+0x1b/0x80 mm/kasan/common.c:71 set_track mm/kasan/common.c:79 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:451 slab_free_hook mm/slub.c:1421 [inline] slab_free_freelist_hook+0x5e/0x140 mm/slub.c:1448 slab_free mm/slub.c:2994 [inline] kfree+0xce/0x280 mm/slub.c:3949 do_new_mount fs/namespace.c:2795 [inline] do_mount+0x6a7/0x1ab0 fs/namespace.c:3111 ksys_mount+0xdc/0x150 fs/namespace.c:3320 __do_sys_mount fs/namespace.c:3334 [inline] __se_sys_mount fs/namespace.c:3331 [inline] __x64_sys_mount+0xbf/0x160 fs/namespace.c:3331 do_syscall_64+0xcf/0x560 arch/x86/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff88809bf73c80 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 232 bytes inside of 256-byte region [ffff88809bf73c80, ffff88809bf73d80) The buggy address belongs to the page: page:ffffea00026fdcc0 refcount:1 mapcount:0 mapping:ffff8880a8c02e00 index:0x0 flags: 0xfff00000000200(slab) raw: 00fff00000000200 0000000000000000 0000000100000001 ffff8880a8c02e00 raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88809bf73c00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88809bf73c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88809bf73d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc ^ ffff88809bf73d80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff88809bf73e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================