[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 15.399591][ C1] random: crng init done
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 24.684947][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 24.924923][ T83] usb 1-1: Using ep0 maxpacket: 32
[ 25.045031][ T83] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 25.059571][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 173, changing to 11
[ 25.074893][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 25.095589][ T83] usb 1-1: New USB device found, idVendor=1509, idProduct=9242, bcdDevice=fb.5c
[ 25.108999][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 25.120870][ T83] usb 1-1: config 0 descriptor??
[ 25.167115][ T83] Registered IR keymap rc-rc6-mce
[ 25.214939][ T83] rc_core: Loaded IR protocol module ir-rc6-decoder, but protocol rc-6 still not available
[ 25.227552][ T83] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 25.264989][ T83] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 25.295773][ T83] rc rc0: Media Center Ed. eHome Infrared Remote Transceiver (1509:9242) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 25.316013][ T83] input: Media Center Ed. eHome Infrared Remote Transceiver (1509:9242) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5
[ 25.335951][ T83] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 25.365141][ T83] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 25.375242][ C1] ==================================================================
[ 25.384781][ C1] BUG: KASAN: slab-out-of-bounds in mceusb_dev_recv+0x1028/0x12e0
[ 25.393578][ C1] Read of size 1 at addr ffff8881d5a464c0 by task swapper/1/0
[ 25.403373][ C1]
[ 25.406326][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.3.0-rc7+ #0
[ 25.414379][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 25.426190][ C1] Call Trace:
[ 25.430113][ C1]
[ 25.433932][ C1] dump_stack+0xca/0x13e
[ 25.438691][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 25.443996][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 25.450085][ C1] print_address_description+0x6a/0x32c
[ 25.456580][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 25.461802][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 25.467491][ C1] __kasan_report.cold+0x1a/0x33
[ 25.472418][ C1] ? ir_raw_event_store_with_filter+0x250/0x580
[ 25.479262][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 25.484491][ C1] kasan_report+0xe/0x12
[ 25.489169][ C1] mceusb_dev_recv+0x1028/0x12e0
[ 25.494280][ C1] ? mceusb_set_timeout+0x110/0x110
[ 25.499932][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 25.504959][ C1] ? _raw_read_unlock+0x1f/0x30
[ 25.510053][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 25.515699][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 25.521011][ C1] dummy_timer+0x120f/0x2fa2
[ 25.525751][ C1] ? lock_acquire+0x127/0x320
[ 25.530513][ C1] ? dummy_udc_probe+0x930/0x930
[ 25.535649][ C1] call_timer_fn+0x179/0x650
[ 25.540436][ C1] ? dummy_udc_probe+0x930/0x930
[ 25.545607][ C1] ? msleep_interruptible+0x130/0x130
[ 25.551056][ C1] ? do_raw_spin_lock+0x11a/0x280
[ 25.556289][ C1] ? _raw_spin_unlock_irq+0x24/0x30
[ 25.561593][ C1] ? dummy_udc_probe+0x930/0x930
[ 25.566532][ C1] run_timer_softirq+0x5cc/0x14b0
[ 25.571915][ C1] ? add_timer+0x7a0/0x7a0
[ 25.576332][ C1] ? ktime_get+0x162/0x1c0
[ 25.580959][ C1] ? lapic_next_event+0x4d/0x80
[ 25.586040][ C1] __do_softirq+0x221/0x912
[ 25.590683][ C1] irq_exit+0x178/0x1a0
[ 25.594952][ C1] smp_apic_timer_interrupt+0x12f/0x500
[ 25.600668][ C1] apic_timer_interrupt+0xf/0x20
[ 25.606027][ C1]
[ 25.609180][ C1] RIP: 0010:default_idle+0x28/0x2e0
[ 25.615050][ C1] Code: 90 90 41 56 41 55 65 44 8b 2d 54 d8 93 7a 41 54 55 53 0f 1f 44 00 00 e8 46 49 d5 fb e9 07 00 00 00 0f 00 2d ea 7d 54 00 fb f4 <65> 44 8b 2d 30 d8 93 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 25.635347][ C1] RSP: 0018:ffff8881da217dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 25.644115][ C1] RAX: 0000000000000007 RBX: ffff8881da1fb000 RCX: 0000000000000000
[ 25.652143][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da1fb844
[ 25.660365][ C1] RBP: ffffed103b43f600 R08: ffff8881da1fb000 R09: 0000000000000000
[ 25.669162][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 25.677562][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 25.686204][ C1] ? default_idle+0x1a/0x2e0
[ 25.690788][ C1] do_idle+0x3c2/0x4f0
[ 25.694988][ C1] ? __wake_up_common+0x352/0x640
[ 25.700241][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 25.705957][ C1] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 25.711945][ C1] ? lockdep_hardirqs_on+0x379/0x580
[ 25.717574][ C1] cpu_startup_entry+0x14/0x20
[ 25.722611][ C1] start_secondary+0x297/0x340
[ 25.727626][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 25.733636][ C1] secondary_startup_64+0xa4/0xb0
[ 25.739020][ C1]
[ 25.741457][ C1] Allocated by task 83:
[ 25.745694][ C1] save_stack+0x1b/0x80
[ 25.750012][ C1] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 25.755848][ C1] hcd_buffer_alloc+0x1ed/0x290
[ 25.760934][ C1] usb_alloc_coherent+0x5d/0x80
[ 25.766615][ C1] mceusb_dev_probe+0x714/0x2f20
[ 25.771994][ C1] usb_probe_interface+0x305/0x7a0
[ 25.777194][ C1] really_probe+0x281/0x6d0
[ 25.782383][ C1] driver_probe_device+0x101/0x1b0
[ 25.788060][ C1] __device_attach_driver+0x1c2/0x220
[ 25.794795][ C1] bus_for_each_drv+0x162/0x1e0
[ 25.800100][ C1] __device_attach+0x217/0x360
[ 25.805326][ C1] bus_probe_device+0x1e4/0x290
[ 25.810585][ C1] device_add+0xae6/0x16f0
[ 25.815352][ C1] usb_set_configuration+0xdf6/0x1670
[ 25.821090][ C1] generic_probe+0x9d/0xd5
[ 25.825595][ C1] usb_probe_device+0x99/0x100
[ 25.830695][ C1] really_probe+0x281/0x6d0
[ 25.835203][ C1] driver_probe_device+0x101/0x1b0
[ 25.840525][ C1] __device_attach_driver+0x1c2/0x220
[ 25.845994][ C1] bus_for_each_drv+0x162/0x1e0
[ 25.851106][ C1] __device_attach+0x217/0x360
[ 25.856048][ C1] bus_probe_device+0x1e4/0x290
[ 25.861512][ C1] device_add+0xae6/0x16f0
[ 25.865982][ C1] usb_new_device.cold+0x6a4/0xe79
[ 25.871820][ C1] hub_event+0x1b5c/0x3640
[ 25.876420][ C1] process_one_work+0x92b/0x1530
[ 25.881522][ C1] worker_thread+0x96/0xe20
[ 25.886464][ C1] kthread+0x318/0x420
[ 25.890966][ C1] ret_from_fork+0x24/0x30
[ 25.895817][ C1]
[ 25.898332][ C1] Freed by task 1:
[ 25.902335][ C1] save_stack+0x1b/0x80
[ 25.906595][ C1] __kasan_slab_free+0x130/0x180
[ 25.911914][ C1] kfree+0xe4/0x2f0
[ 25.916025][ C1] scsi_probe_and_add_lun+0x2815/0x2cd0
[ 25.921679][ C1] __scsi_scan_target+0x273/0xc30
[ 25.926783][ C1] scsi_scan_channel.part.0+0x126/0x1a0
[ 25.932574][ C1] scsi_scan_host_selected+0x2bb/0x3f0
[ 25.938412][ C1] do_scsi_scan_host+0x1e8/0x260
[ 25.943513][ C1] scsi_scan_host+0x37c/0x440
[ 25.948699][ C1] virtscsi_probe+0x9b7/0xbb5
[ 25.953532][ C1] virtio_dev_probe+0x463/0x710
[ 25.959182][ C1] really_probe+0x281/0x6d0
[ 25.964072][ C1] driver_probe_device+0x101/0x1b0
[ 25.969614][ C1] device_driver_attach+0x108/0x140
[ 25.974822][ C1] __driver_attach+0xda/0x240
[ 25.979616][ C1] bus_for_each_dev+0x14b/0x1d0
[ 25.984627][ C1] bus_add_driver+0x457/0x5a0
[ 25.989833][ C1] driver_register+0x1c4/0x330
[ 25.994692][ C1] init+0xa1/0x115
[ 25.998609][ C1] do_one_initcall+0xf0/0x614
[ 26.003662][ C1] kernel_init_freeable+0x4a9/0x596
[ 26.008941][ C1] kernel_init+0xd/0x1bf
[ 26.013179][ C1] ret_from_fork+0x24/0x30
[ 26.017721][ C1]
[ 26.020129][ C1] The buggy address belongs to the object at ffff8881d5a463c0
[ 26.020129][ C1] which belongs to the cache kmalloc-256 of size 256
[ 26.036068][ C1] The buggy address is located 0 bytes to the right of
[ 26.036068][ C1] 256-byte region [ffff8881d5a463c0, ffff8881d5a464c0)
[ 26.050066][ C1] The buggy address belongs to the page:
[ 26.056560][ C1] page:ffffea0007569180 refcount:1 mapcount:0 mapping:ffff8881da002780 index:0x0
[ 26.066219][ C1] flags: 0x200000000000200(slab)
[ 26.071317][ C1] raw: 0200000000000200 ffffea000757fb00 0000000200000002 ffff8881da002780
[ 26.080227][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 26.089878][ C1] page dumped because: kasan: bad access detected
[ 26.097516][ C1]
[ 26.100013][ C1] Memory state around the buggy address:
[ 26.106596][ C1] ffff8881d5a46380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 26.115354][ C1] ffff8881d5a46400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.124224][ C1] >ffff8881d5a46480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 26.132788][ C1] ^
[ 26.139791][ C1] ffff8881d5a46500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.148678][ C1] ffff8881d5a46580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.158679][ C1] ==================================================================
[ 26.167051][ C1] Disabling lock debugging due to kernel taint
[ 26.173832][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 26.180868][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.3.0-rc7+ #0
[ 26.190878][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.204103][ C1] Call Trace:
[ 26.208207][ C1]
[ 26.211589][ C1] dump_stack+0xca/0x13e
[ 26.216076][ C1] panic+0x2a3/0x6da
[ 26.220658][ C1] ? add_taint.cold+0x16/0x16
[ 26.227078][ C1] ? print_shadow_for_address+0xb8/0x114
[ 26.234511][ C1] ? trace_hardirqs_off+0x50/0x1d0
[ 26.242071][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 26.250295][ C1] end_report+0x43/0x49
[ 26.256872][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 26.263550][ C1] __kasan_report.cold+0xd/0x33
[ 26.271011][ C1] ? ir_raw_event_store_with_filter+0x250/0x580
[ 26.281139][ C1] ? mceusb_dev_recv+0x1028/0x12e0
[ 26.289242][ C1] kasan_report+0xe/0x12
[ 26.294214][ C1] mceusb_dev_recv+0x1028/0x12e0
[ 26.304240][ C1] ? mceusb_set_timeout+0x110/0x110
[ 26.315108][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 26.325915][ C1] ? _raw_read_unlock+0x1f/0x30
[ 26.335910][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 26.345989][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 26.352374][ C1] dummy_timer+0x120f/0x2fa2
[ 26.358779][ C1] ? lock_acquire+0x127/0x320
[ 26.364930][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.371063][ C1] call_timer_fn+0x179/0x650
[ 26.376136][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.381724][ C1] ? msleep_interruptible+0x130/0x130
[ 26.387511][ C1] ? do_raw_spin_lock+0x11a/0x280
[ 26.392932][ C1] ? _raw_spin_unlock_irq+0x24/0x30
[ 26.398805][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.404487][ C1] run_timer_softirq+0x5cc/0x14b0
[ 26.409948][ C1] ? add_timer+0x7a0/0x7a0
[ 26.414835][ C1] ? ktime_get+0x162/0x1c0
[ 26.419880][ C1] ? lapic_next_event+0x4d/0x80
[ 26.425317][ C1] __do_softirq+0x221/0x912
[ 26.430374][ C1] irq_exit+0x178/0x1a0
[ 26.434965][ C1] smp_apic_timer_interrupt+0x12f/0x500
[ 26.440864][ C1] apic_timer_interrupt+0xf/0x20
[ 26.446090][ C1]
[ 26.449196][ C1] RIP: 0010:default_idle+0x28/0x2e0
[ 26.455551][ C1] Code: 90 90 41 56 41 55 65 44 8b 2d 54 d8 93 7a 41 54 55 53 0f 1f 44 00 00 e8 46 49 d5 fb e9 07 00 00 00 0f 00 2d ea 7d 54 00 fb f4 <65> 44 8b 2d 30 d8 93 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 26.477555][ C1] RSP: 0018:ffff8881da217dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 26.486332][ C1] RAX: 0000000000000007 RBX: ffff8881da1fb000 RCX: 0000000000000000
[ 26.494433][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da1fb844
[ 26.502899][ C1] RBP: ffffed103b43f600 R08: ffff8881da1fb000 R09: 0000000000000000
[ 26.511275][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 26.519446][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 26.528306][ C1] ? default_idle+0x1a/0x2e0
[ 26.533339][ C1] do_idle+0x3c2/0x4f0
[ 26.537856][ C1] ? __wake_up_common+0x352/0x640
[ 26.543284][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 26.548394][ C1] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 26.554611][ C1] ? lockdep_hardirqs_on+0x379/0x580
[ 26.559912][ C1] cpu_startup_entry+0x14/0x20
[ 26.565058][ C1] start_secondary+0x297/0x340
[ 26.570137][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 26.576074][ C1] secondary_startup_64+0xa4/0xb0
[ 26.582659][ C1] Kernel Offset: disabled
[ 26.587294][ C1] Rebooting in 86400 seconds..