INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 27.774625][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 28.014571][ T21] usb 1-1: Using ep0 maxpacket: 32
[ 28.134716][ T21] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 28.144682][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 173, changing to 11
[ 28.155843][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 28.168755][ T21] usb 1-1: New USB device found, idVendor=1509, idProduct=9242, bcdDevice=fb.5c
[ 28.177811][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 28.187479][ T21] usb 1-1: config 0 descriptor??
[ 28.226712][ T21] Registered IR keymap rc-rc6-mce
[ 28.274538][ T21] rc_core: Loaded IR protocol module ir-rc6-decoder, but protocol rc-6 still not available
[ 28.284939][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 28.314688][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 28.345519][ T21] rc rc0: Media Center Ed. eHome Infrared Remote Transceiver (1509:9242) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 28.359761][ T21] input: Media Center Ed. eHome Infrared Remote Transceiver (1509:9242) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5
[ 28.376068][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 28.404641][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 28.444657][ C1] mceusb 1-1:0.0: short-range (0x2) receiver active
[ 28.451627][ C1] ==================================================================
[ 28.459750][ C1] BUG: KASAN: slab-out-of-bounds in mceusb_dev_recv+0x1014/0x12e0
[ 28.467535][ C1] Read of size 1 at addr ffff8881d6ada380 by task swapper/1/0
[ 28.474961][ C1]
[ 28.477270][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.3.0-rc4+ #26
[ 28.484439][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 28.494479][ C1] Call Trace:
[ 28.497754][ C1]
[ 28.500593][ C1] dump_stack+0xca/0x13e
[ 28.504814][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 28.509901][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 28.514989][ C1] print_address_description+0x6a/0x32c
[ 28.520545][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 28.525633][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 28.530720][ C1] __kasan_report.cold+0x1a/0x33
[ 28.535631][ C1] ? ir_raw_event_store_with_filter+0x1c0/0x580
[ 28.541842][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 28.546928][ C1] kasan_report+0xe/0x12
[ 28.551144][ C1] mceusb_dev_recv+0x1014/0x12e0
[ 28.556059][ C1] ? mceusb_set_timeout+0x110/0x110
[ 28.561231][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 28.566234][ C1] ? _raw_read_unlock+0x1f/0x30
[ 28.571061][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 28.576409][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 28.581587][ C1] dummy_timer+0x120f/0x2fa2
[ 28.586158][ C1] ? lock_acquire+0x127/0x320
[ 28.590831][ C1] ? dummy_udc_probe+0x930/0x930
[ 28.595773][ C1] call_timer_fn+0x179/0x650
[ 28.600339][ C1] ? dummy_udc_probe+0x930/0x930
[ 28.605255][ C1] ? msleep_interruptible+0x130/0x130
[ 28.610605][ C1] ? do_raw_spin_lock+0x11a/0x280
[ 28.615608][ C1] ? _raw_spin_unlock_irq+0x24/0x30
[ 28.620779][ C1] ? dummy_udc_probe+0x930/0x930
[ 28.625711][ C1] run_timer_softirq+0x5cc/0x14b0
[ 28.630723][ C1] ? add_timer+0x7a0/0x7a0
[ 28.635134][ C1] ? ktime_get+0x162/0x1c0
[ 28.639529][ C1] ? lapic_next_event+0x4d/0x80
[ 28.644371][ C1] __do_softirq+0x221/0x912
[ 28.648855][ C1] irq_exit+0x178/0x1a0
[ 28.652987][ C1] smp_apic_timer_interrupt+0x12f/0x500
[ 28.658523][ C1] apic_timer_interrupt+0xf/0x20
[ 28.663432][ C1]
[ 28.666378][ C1] RIP: 0010:default_idle+0x28/0x2e0
[ 28.671554][ C1] Code: 90 90 41 56 41 55 65 44 8b 2d 64 ea 93 7a 41 54 55 53 0f 1f 44 00 00 e8 96 5b d5 fb e9 07 00 00 00 0f 00 2d 7a 8f 54 00 fb f4 <65> 44 8b 2d 40 ea 93 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 28.691168][ C1] RSP: 0018:ffff8881da217dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 28.699735][ C1] RAX: 0000000000000007 RBX: ffff8881da1fb000 RCX: 0000000000000000
[ 28.707682][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da1fb844
[ 28.715639][ C1] RBP: ffffed103b43f600 R08: ffff8881da1fb000 R09: 0000000000000000
[ 28.723587][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 28.731534][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 28.739513][ C1] ? default_idle+0x1a/0x2e0
[ 28.744080][ C1] do_idle+0x3c2/0x4f0
[ 28.748125][ C1] ? __wake_up_common+0x147/0x640
[ 28.753123][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 28.758140][ C1] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 28.763946][ C1] ? lockdep_hardirqs_on+0x379/0x580
[ 28.769205][ C1] cpu_startup_entry+0x14/0x20
[ 28.773941][ C1] start_secondary+0x297/0x340
[ 28.778692][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 28.784124][ C1] secondary_startup_64+0xa4/0xb0
[ 28.789145][ C1]
[ 28.791469][ C1] Allocated by task 21:
[ 28.795622][ C1] save_stack+0x1b/0x80
[ 28.799772][ C1] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 28.805434][ C1] hcd_buffer_alloc+0x1ca/0x290
[ 28.810259][ C1] usb_alloc_coherent+0x5d/0x80
[ 28.815083][ C1] mceusb_dev_probe+0x714/0x2f20
[ 28.819991][ C1] usb_probe_interface+0x305/0x7a0
[ 28.825082][ C1] really_probe+0x281/0x6d0
[ 28.829587][ C1] driver_probe_device+0x101/0x1b0
[ 28.834677][ C1] __device_attach_driver+0x1c2/0x220
[ 28.840021][ C1] bus_for_each_drv+0x162/0x1e0
[ 28.844845][ C1] __device_attach+0x217/0x360
[ 28.849582][ C1] bus_probe_device+0x1e4/0x290
[ 28.854404][ C1] device_add+0xae6/0x16f0
[ 28.858824][ C1] usb_set_configuration+0xdf6/0x1670
[ 28.864171][ C1] generic_probe+0x9d/0xd5
[ 28.868589][ C1] usb_probe_device+0x99/0x100
[ 28.873328][ C1] really_probe+0x281/0x6d0
[ 28.877815][ C1] driver_probe_device+0x101/0x1b0
[ 28.882899][ C1] __device_attach_driver+0x1c2/0x220
[ 28.888243][ C1] bus_for_each_drv+0x162/0x1e0
[ 28.893071][ C1] __device_attach+0x217/0x360
[ 28.897816][ C1] bus_probe_device+0x1e4/0x290
[ 28.902639][ C1] device_add+0xae6/0x16f0
[ 28.907047][ C1] usb_new_device.cold+0x6a4/0xe79
[ 28.912138][ C1] hub_event+0x1b5c/0x3640
[ 28.916532][ C1] process_one_work+0x92b/0x1530
[ 28.921447][ C1] worker_thread+0x96/0xe20
[ 28.925941][ C1] kthread+0x318/0x420
[ 28.930005][ C1] ret_from_fork+0x24/0x30
[ 28.934394][ C1]
[ 28.936703][ C1] Freed by task 1:
[ 28.940401][ C1] save_stack+0x1b/0x80
[ 28.945069][ C1] __kasan_slab_free+0x130/0x180
[ 28.949983][ C1] kfree+0xe4/0x2f0
[ 28.953783][ C1] scsi_probe_and_add_lun+0x2815/0x2cd0
[ 28.959322][ C1] __scsi_scan_target+0x273/0xc30
[ 28.964322][ C1] scsi_scan_channel.part.0+0x126/0x1a0
[ 28.969853][ C1] scsi_scan_host_selected+0x2bb/0x3f0
[ 28.975284][ C1] do_scsi_scan_host+0x1e8/0x260
[ 28.980191][ C1] scsi_scan_host+0x37c/0x440
[ 28.984848][ C1] virtscsi_probe+0x9b7/0xbb5
[ 28.989511][ C1] virtio_dev_probe+0x463/0x710
[ 28.994334][ C1] really_probe+0x281/0x6d0
[ 28.998819][ C1] driver_probe_device+0x101/0x1b0
[ 29.003902][ C1] device_driver_attach+0x108/0x140
[ 29.009096][ C1] __driver_attach+0xda/0x240
[ 29.013750][ C1] bus_for_each_dev+0x14b/0x1d0
[ 29.018573][ C1] bus_add_driver+0x457/0x5a0
[ 29.023241][ C1] driver_register+0x1c4/0x330
[ 29.027985][ C1] init+0xa1/0x115
[ 29.031681][ C1] do_one_initcall+0xf0/0x614
[ 29.036359][ C1] kernel_init_freeable+0x4a9/0x596
[ 29.041530][ C1] kernel_init+0xd/0x1bf
[ 29.045754][ C1] ret_from_fork+0x24/0x30
[ 29.050139][ C1]
[ 29.052447][ C1] The buggy address belongs to the object at ffff8881d6ada280
[ 29.052447][ C1] which belongs to the cache kmalloc-256 of size 256
[ 29.066474][ C1] The buggy address is located 0 bytes to the right of
[ 29.066474][ C1] 256-byte region [ffff8881d6ada280, ffff8881d6ada380)
[ 29.080158][ C1] The buggy address belongs to the page:
[ 29.085786][ C1] page:ffffea00075ab680 refcount:1 mapcount:0 mapping:ffff8881da002780 index:0x0
[ 29.094872][ C1] flags: 0x200000000000200(slab)
[ 29.099787][ C1] raw: 0200000000000200 ffffea00075a9500 0000000700000007 ffff8881da002780
[ 29.108344][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 29.117009][ C1] page dumped because: kasan: bad access detected
[ 29.123397][ C1]
[ 29.125714][ C1] Memory state around the buggy address:
[ 29.131325][ C1] ffff8881d6ada280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.139360][ C1] ffff8881d6ada300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.147395][ C1] >ffff8881d6ada380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 29.155427][ C1] ^
[ 29.159495][ C1] ffff8881d6ada400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.167538][ C1] ffff8881d6ada480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 29.175594][ C1] ==================================================================
[ 29.183633][ C1] Disabling lock debugging due to kernel taint
[ 29.189852][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 29.196424][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.3.0-rc4+ #26
[ 29.204989][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.215018][ C1] Call Trace:
[ 29.218280][ C1]
[ 29.221117][ C1] dump_stack+0xca/0x13e
[ 29.225355][ C1] panic+0x2a3/0x6da
[ 29.229226][ C1] ? add_taint.cold+0x16/0x16
[ 29.233897][ C1] ? print_shadow_for_address+0xb8/0x114
[ 29.239509][ C1] ? trace_hardirqs_off+0x50/0x1d0
[ 29.244608][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.249725][ C1] end_report+0x43/0x49
[ 29.253856][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.258937][ C1] __kasan_report.cold+0xd/0x33
[ 29.263764][ C1] ? ir_raw_event_store_with_filter+0x1c0/0x580
[ 29.269972][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.275057][ C1] kasan_report+0xe/0x12
[ 29.279272][ C1] mceusb_dev_recv+0x1014/0x12e0
[ 29.284182][ C1] ? mceusb_set_timeout+0x110/0x110
[ 29.289353][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 29.294350][ C1] ? _raw_read_unlock+0x1f/0x30
[ 29.299197][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 29.304551][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 29.309748][ C1] dummy_timer+0x120f/0x2fa2
[ 29.314338][ C1] ? lock_acquire+0x127/0x320
[ 29.318991][ C1] ? dummy_udc_probe+0x930/0x930
[ 29.323919][ C1] call_timer_fn+0x179/0x650
[ 29.328482][ C1] ? dummy_udc_probe+0x930/0x930
[ 29.333399][ C1] ? msleep_interruptible+0x130/0x130
[ 29.338760][ C1] ? do_raw_spin_lock+0x11a/0x280
[ 29.343762][ C1] ? _raw_spin_unlock_irq+0x24/0x30
[ 29.348946][ C1] ? dummy_udc_probe+0x930/0x930
[ 29.353854][ C1] run_timer_softirq+0x5cc/0x14b0
[ 29.358870][ C1] ? add_timer+0x7a0/0x7a0
[ 29.363260][ C1] ? ktime_get+0x162/0x1c0
[ 29.367647][ C1] ? lapic_next_event+0x4d/0x80
[ 29.372470][ C1] __do_softirq+0x221/0x912
[ 29.376951][ C1] irq_exit+0x178/0x1a0
[ 29.381096][ C1] smp_apic_timer_interrupt+0x12f/0x500
[ 29.386616][ C1] apic_timer_interrupt+0xf/0x20
[ 29.391523][ C1]
[ 29.394440][ C1] RIP: 0010:default_idle+0x28/0x2e0
[ 29.399637][ C1] Code: 90 90 41 56 41 55 65 44 8b 2d 64 ea 93 7a 41 54 55 53 0f 1f 44 00 00 e8 96 5b d5 fb e9 07 00 00 00 0f 00 2d 7a 8f 54 00 fb f4 <65> 44 8b 2d 40 ea 93 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 29.419213][ C1] RSP: 0018:ffff8881da217dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 29.427604][ C1] RAX: 0000000000000007 RBX: ffff8881da1fb000 RCX: 0000000000000000
[ 29.435551][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da1fb844
[ 29.443493][ C1] RBP: ffffed103b43f600 R08: ffff8881da1fb000 R09: 0000000000000000
[ 29.451438][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 29.459396][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 29.467356][ C1] ? default_idle+0x1a/0x2e0
[ 29.471922][ C1] do_idle+0x3c2/0x4f0
[ 29.475972][ C1] ? __wake_up_common+0x147/0x640
[ 29.480971][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 29.485971][ C1] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 29.491750][ C1] ? lockdep_hardirqs_on+0x379/0x580
[ 29.497028][ C1] cpu_startup_entry+0x14/0x20
[ 29.501781][ C1] start_secondary+0x297/0x340
[ 29.506530][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 29.511962][ C1] secondary_startup_64+0xa4/0xb0
[ 29.517702][ C1] Kernel Offset: disabled
[ 29.522015][ C1] Rebooting in 86400 seconds..