INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 54.778122][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 55.018107][ T22] usb 1-1: Using ep0 maxpacket: 32
[ 55.138184][ T22] usb 1-1: config 0 has an invalid interface number: 14 but max is 0
[ 55.146334][ T22] usb 1-1: config 0 has no interface number 0
[ 55.152539][ T22] usb 1-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=84.04
[ 55.161737][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 55.171047][ T22] usb 1-1: config 0 descriptor??
[ 55.210032][ T22] technisat-usb2: could not set alternate setting to 0
[ 55.398144][ T22] technisat-usb2: firmware version: 77.96
[ 55.403974][ T22] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state.
[ 56.449340][ T22] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 56.478379][ T22] dvbdev: DVB: registering new adapter (Technisat SkyStar USB HD (DVB-S/S2))
[ 56.487560][ T22] usb 1-1: media controller created
[ 56.493143][ T22] technisat-usb2: i2c-error: out failed 53 = -22
[ 56.499770][ T22] dvb-usb: MAC address reading failed.
[ 56.509259][ T22] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 56.523091][ T22] technisat-usb2: i2c-error: out failed 68 = -22
[ 57.048138][ T22] dvb-usb: no frontend was attached by 'Technisat SkyStar USB HD (DVB-S/S2)'
[ 57.057247][ T22] Registered IR keymap rc-technisat-usb2
[ 57.098139][ T22] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available
[ 57.108823][ T22] rc rc0: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[ 57.119955][ T22] input: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5
[ 57.132263][ T22] dvb-usb: schedule remote query interval to 100 msecs.
[ 57.698183][ T22] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully initialized and connected.
[ 57.788260][ T108] ==================================================================
[ 57.796522][ T108] BUG: KASAN: slab-out-of-bounds in technisat_usb2_rc_query+0x5f5/0x650
[ 57.804942][ T108] Read of size 1 at addr ffff8881d4cf0728 by task kworker/1:2/108
[ 57.812725][ T108]
[ 57.815054][ T108] CPU: 1 PID: 108 Comm: kworker/1:2 Not tainted 5.2.0-rc1+ #10
[ 57.822615][ T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.832800][ T108] Workqueue: events dvb_usb_read_remote_control
[ 57.839068][ T108] Call Trace:
[ 57.842349][ T108] dump_stack+0xca/0x13e
[ 57.846619][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 57.852239][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 57.857860][ T108] print_address_description+0x67/0x231
[ 57.863403][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 57.869126][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 57.874787][ T108] __kasan_report.cold+0x1a/0x32
[ 57.879774][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 57.885392][ T108] kasan_report+0xe/0x20
[ 57.889824][ T108] technisat_usb2_rc_query+0x5f5/0x650
[ 57.895381][ T108] ? technisat_usb2_power_ctrl+0xc0/0xc0
[ 57.901249][ T108] dvb_usb_read_remote_control+0xdb/0x1b0
[ 57.906964][ T108] process_one_work+0x905/0x1570
[ 57.911948][ T108] ? pwq_dec_nr_in_flight+0x310/0x310
[ 57.917359][ T108] ? do_raw_spin_lock+0x11a/0x280
[ 57.922387][ T108] worker_thread+0x96/0xe20
[ 57.926892][ T108] ? process_one_work+0x1570/0x1570
[ 57.932069][ T108] kthread+0x30b/0x410
[ 57.936116][ T108] ? kthread_park+0x1a0/0x1a0
[ 57.940785][ T108] ret_from_fork+0x24/0x30
[ 57.945185][ T108]
[ 57.947497][ T108] Allocated by task 22:
[ 57.951649][ T108] save_stack+0x1b/0x80
[ 57.955959][ T108] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 57.961767][ T108] dvb_usb_device_init.cold+0x463/0x11b0
[ 57.967381][ T108] technisat_usb2_probe+0x7d/0x2c0
[ 57.972479][ T108] usb_probe_interface+0x305/0x7a0
[ 57.977572][ T108] really_probe+0x281/0x660
[ 57.982146][ T108] driver_probe_device+0x104/0x210
[ 57.987251][ T108] __device_attach_driver+0x1c2/0x220
[ 57.992608][ T108] bus_for_each_drv+0x15c/0x1e0
[ 57.997447][ T108] __device_attach+0x217/0x360
[ 58.002187][ T108] bus_probe_device+0x1e4/0x290
[ 58.007015][ T108] device_add+0xae6/0x16f0
[ 58.011416][ T108] usb_set_configuration+0xdf6/0x1670
[ 58.016776][ T108] generic_probe+0x9d/0xd5
[ 58.021172][ T108] usb_probe_device+0x99/0x100
[ 58.025912][ T108] really_probe+0x281/0x660
[ 58.030387][ T108] driver_probe_device+0x104/0x210
[ 58.035514][ T108] __device_attach_driver+0x1c2/0x220
[ 58.040869][ T108] bus_for_each_drv+0x15c/0x1e0
[ 58.046263][ T108] __device_attach+0x217/0x360
[ 58.051067][ T108] bus_probe_device+0x1e4/0x290
[ 58.055905][ T108] device_add+0xae6/0x16f0
[ 58.060314][ T108] usb_new_device.cold+0x8c1/0x1016
[ 58.065497][ T108] hub_event+0x1ada/0x3590
[ 58.069943][ T108] process_one_work+0x905/0x1570
[ 58.074872][ T108] worker_thread+0x96/0xe20
[ 58.079353][ T108] kthread+0x30b/0x410
[ 58.083399][ T108] ret_from_fork+0x24/0x30
[ 58.087791][ T108]
[ 58.090106][ T108] Freed by task 1:
[ 58.093856][ T108] save_stack+0x1b/0x80
[ 58.098092][ T108] __kasan_slab_free+0x130/0x180
[ 58.103016][ T108] kfree+0xd7/0x280
[ 58.106813][ T108] blk_mq_exit_sched+0x1e5/0x2c0
[ 58.111730][ T108] elevator_exit+0x6b/0xa0
[ 58.116142][ T108] blk_exit_queue+0x60/0xe0
[ 58.120787][ T108] blk_cleanup_queue+0xe5/0x160
[ 58.125638][ T108] __scsi_remove_device+0x102/0x3c0
[ 58.130820][ T108] scsi_probe_and_add_lun+0x1cff/0x2cd0
[ 58.136343][ T108] __scsi_scan_target+0x273/0xc30
[ 58.141347][ T108] scsi_scan_channel.part.0+0x126/0x1a0
[ 58.146873][ T108] scsi_scan_host_selected+0x2bb/0x3f0
[ 58.152352][ T108] do_scsi_scan_host+0x1e8/0x260
[ 58.157279][ T108] scsi_scan_host+0x37c/0x440
[ 58.161952][ T108] virtscsi_probe+0x9b5/0xbb3
[ 58.166617][ T108] virtio_dev_probe+0x463/0x710
[ 58.171458][ T108] really_probe+0x281/0x660
[ 58.175941][ T108] driver_probe_device+0x104/0x210
[ 58.181040][ T108] device_driver_attach+0x108/0x140
[ 58.186217][ T108] __driver_attach+0xda/0x240
[ 58.190884][ T108] bus_for_each_dev+0x14b/0x1d0
[ 58.195842][ T108] bus_add_driver+0x44e/0x5a0
[ 58.200514][ T108] driver_register+0x1c4/0x320
[ 58.205264][ T108] init+0xa1/0x115
[ 58.208970][ T108] do_one_initcall+0xd7/0x5a4
[ 58.213634][ T108] kernel_init_freeable+0x4ae/0x59b
[ 58.218818][ T108] kernel_init+0xd/0x1bf
[ 58.223049][ T108] ret_from_fork+0x24/0x30
[ 58.227436][ T108]
[ 58.229742][ T108] The buggy address belongs to the object at ffff8881d4cf0640
[ 58.229742][ T108] which belongs to the cache kmalloc-256 of size 256
[ 58.243791][ T108] The buggy address is located 232 bytes inside of
[ 58.243791][ T108] 256-byte region [ffff8881d4cf0640, ffff8881d4cf0740)
[ 58.257066][ T108] The buggy address belongs to the page:
[ 58.262736][ T108] page:ffffea0007533c00 refcount:1 mapcount:0 mapping:ffff8881dac02e00 index:0x0
[ 58.271840][ T108] flags: 0x200000000000200(slab)
[ 58.276768][ T108] raw: 0200000000000200 ffffea000754dc00 0000000900000009 ffff8881dac02e00
[ 58.285350][ T108] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 58.293930][ T108] page dumped because: kasan: bad access detected
[ 58.300324][ T108]
[ 58.302679][ T108] Memory state around the buggy address:
[ 58.308320][ T108] ffff8881d4cf0600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 58.316477][ T108] ffff8881d4cf0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.324570][ T108] >ffff8881d4cf0700: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 58.332621][ T108] ^
[ 58.337978][ T108] ffff8881d4cf0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.346028][ T108] ffff8881d4cf0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.354185][ T108] ==================================================================
[ 58.362246][ T108] Disabling lock debugging due to kernel taint
[ 58.368508][ T108] Kernel panic - not syncing: panic_on_warn set ...
[ 58.375089][ T108] CPU: 1 PID: 108 Comm: kworker/1:2 Tainted: G B 5.2.0-rc1+ #10
[ 58.384073][ T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 58.394248][ T108] Workqueue: events dvb_usb_read_remote_control
[ 58.400464][ T108] Call Trace:
[ 58.403733][ T108] dump_stack+0xca/0x13e
[ 58.407960][ T108] panic+0x292/0x6c9
[ 58.412015][ T108] ? __warn_printk+0xf3/0xf3
[ 58.416608][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 58.422263][ T108] ? trace_hardirqs_on+0x55/0x1c0
[ 58.427272][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 58.432886][ T108] end_report+0x43/0x49
[ 58.437019][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 58.442641][ T108] __kasan_report.cold+0xd/0x32
[ 58.447472][ T108] ? technisat_usb2_rc_query+0x5f5/0x650
[ 58.453085][ T108] kasan_report+0xe/0x20
[ 58.457310][ T108] technisat_usb2_rc_query+0x5f5/0x650
[ 58.462750][ T108] ? technisat_usb2_power_ctrl+0xc0/0xc0
[ 58.468361][ T108] dvb_usb_read_remote_control+0xdb/0x1b0
[ 58.474061][ T108] process_one_work+0x905/0x1570
[ 58.478976][ T108] ? pwq_dec_nr_in_flight+0x310/0x310
[ 58.484332][ T108] ? do_raw_spin_lock+0x11a/0x280
[ 58.489332][ T108] worker_thread+0x96/0xe20
[ 58.493816][ T108] ? process_one_work+0x1570/0x1570
[ 58.498997][ T108] kthread+0x30b/0x410
[ 58.503268][ T108] ? kthread_park+0x1a0/0x1a0
[ 58.507923][ T108] ret_from_fork+0x24/0x30
[ 58.512683][ T108] Kernel Offset: disabled
[ 58.517010][ T108] Rebooting in 86400 seconds..