INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 28.814427][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 29.054382][ T21] usb 1-1: Using ep0 maxpacket: 32
[ 29.174490][ T21] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 29.184203][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 173, changing to 11
[ 29.195490][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[ 29.208427][ T21] usb 1-1: New USB device found, idVendor=1509, idProduct=9242, bcdDevice=fb.5c
[ 29.217484][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 29.226653][ T21] usb 1-1: config 0 descriptor??
[ 29.266942][ T21] Registered IR keymap rc-rc6-mce
[ 29.314356][ T21] rc_core: Loaded IR protocol module ir-rc6-decoder, but protocol rc-6 still not available
[ 29.324721][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 29.354405][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 29.385095][ T21] rc rc0: Media Center Ed. eHome Infrared Remote Transceiver (1509:9242) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 29.399152][ T21] input: Media Center Ed. eHome Infrared Remote Transceiver (1509:9242) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5
[ 29.416359][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 29.444690][ T21] mceusb 1-1:0.0: send request FAILED! (res=-90)
[ 29.474492][ C1] ==================================================================
[ 29.482733][ C1] BUG: KASAN: slab-out-of-bounds in mceusb_dev_recv+0x1014/0x12e0
[ 29.490514][ C1] Read of size 1 at addr ffff8881d5357880 by task swapper/1/0
[ 29.497938][ C1]
[ 29.500247][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.3.0-rc2+ #25
[ 29.507411][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.517440][ C1] Call Trace:
[ 29.520700][ C1]
[ 29.523529][ C1] dump_stack+0xca/0x13e
[ 29.527764][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.532871][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.537965][ C1] print_address_description+0x6a/0x32c
[ 29.543499][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.548585][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.553670][ C1] __kasan_report.cold+0x1a/0x33
[ 29.558586][ C1] ? ir_raw_event_store_with_filter+0x210/0x580
[ 29.564802][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 29.569893][ C1] kasan_report+0xe/0x12
[ 29.574119][ C1] mceusb_dev_recv+0x1014/0x12e0
[ 29.579054][ C1] ? mceusb_set_timeout+0x110/0x110
[ 29.584246][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 29.589274][ C1] ? _raw_read_unlock+0x1f/0x30
[ 29.594117][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 29.599466][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 29.604644][ C1] dummy_timer+0x120f/0x2fa2
[ 29.609215][ C1] ? lock_acquire+0x127/0x320
[ 29.613871][ C1] ? dummy_udc_probe+0x930/0x930
[ 29.618788][ C1] call_timer_fn+0x179/0x650
[ 29.623355][ C1] ? dummy_udc_probe+0x930/0x930
[ 29.628289][ C1] ? msleep_interruptible+0x130/0x130
[ 29.633638][ C1] ? do_raw_spin_lock+0x11a/0x280
[ 29.638652][ C1] ? _raw_spin_unlock_irq+0x24/0x30
[ 29.643832][ C1] ? dummy_udc_probe+0x930/0x930
[ 29.648752][ C1] run_timer_softirq+0x5cc/0x14b0
[ 29.653756][ C1] ? add_timer+0x7a0/0x7a0
[ 29.658154][ C1] ? ktime_get+0x162/0x1c0
[ 29.662547][ C1] ? lapic_next_event+0x4d/0x80
[ 29.667426][ C1] __do_softirq+0x221/0x912
[ 29.671929][ C1] irq_exit+0x178/0x1a0
[ 29.676063][ C1] smp_apic_timer_interrupt+0x12f/0x500
[ 29.681584][ C1] apic_timer_interrupt+0xf/0x20
[ 29.686497][ C1]
[ 29.689412][ C1] RIP: 0010:default_idle+0x28/0x2e0
[ 29.694584][ C1] Code: 90 90 41 56 41 55 65 44 8b 2d 54 fa 93 7a 41 54 55 53 0f 1f 44 00 00 e8 76 7f d5 fb e9 07 00 00 00 0f 00 2d 6a 9f 54 00 fb f4 <65> 44 8b 2d 30 fa 93 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 29.714176][ C1] RSP: 0018:ffff8881da217dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 29.722564][ C1] RAX: 0000000000000007 RBX: ffff8881da1fb000 RCX: 0000000000000000
[ 29.730512][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da1fb844
[ 29.738461][ C1] RBP: ffffed103b43f600 R08: ffff8881da1fb000 R09: 0000000000000000
[ 29.746612][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 29.754572][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 29.762529][ C1] ? default_idle+0x1a/0x2e0
[ 29.767098][ C1] do_idle+0x3c2/0x4f0
[ 29.771144][ C1] ? __wake_up_common+0x147/0x640
[ 29.776146][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 29.781148][ C1] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 29.786931][ C1] ? lockdep_hardirqs_on+0x379/0x580
[ 29.792211][ C1] cpu_startup_entry+0x14/0x20
[ 29.796960][ C1] start_secondary+0x297/0x340
[ 29.801700][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 29.807134][ C1] secondary_startup_64+0xa4/0xb0
[ 29.812129][ C1]
[ 29.814433][ C1] Allocated by task 21:
[ 29.818593][ C1] save_stack+0x1b/0x80
[ 29.822722][ C1] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 29.828327][ C1] hcd_buffer_alloc+0x1ca/0x290
[ 29.833167][ C1] usb_alloc_coherent+0x5d/0x80
[ 29.837991][ C1] mceusb_dev_probe+0x714/0x2f20
[ 29.842899][ C1] usb_probe_interface+0x305/0x7a0
[ 29.847985][ C1] really_probe+0x281/0x650
[ 29.852459][ C1] driver_probe_device+0x101/0x1b0
[ 29.857554][ C1] __device_attach_driver+0x1c2/0x220
[ 29.862904][ C1] bus_for_each_drv+0x15c/0x1e0
[ 29.867731][ C1] __device_attach+0x217/0x360
[ 29.872469][ C1] bus_probe_device+0x1e4/0x290
[ 29.877293][ C1] device_add+0xae6/0x16f0
[ 29.881682][ C1] usb_set_configuration+0xdf6/0x1670
[ 29.887026][ C1] generic_probe+0x9d/0xd5
[ 29.891434][ C1] usb_probe_device+0x99/0x100
[ 29.896174][ C1] really_probe+0x281/0x650
[ 29.900651][ C1] driver_probe_device+0x101/0x1b0
[ 29.905737][ C1] __device_attach_driver+0x1c2/0x220
[ 29.911080][ C1] bus_for_each_drv+0x15c/0x1e0
[ 29.915907][ C1] __device_attach+0x217/0x360
[ 29.920645][ C1] bus_probe_device+0x1e4/0x290
[ 29.925468][ C1] device_add+0xae6/0x16f0
[ 29.929860][ C1] usb_new_device.cold+0x6a4/0xe79
[ 29.934985][ C1] hub_event+0x1b5c/0x3640
[ 29.939377][ C1] process_one_work+0x92b/0x1530
[ 29.944297][ C1] worker_thread+0x96/0xe20
[ 29.948781][ C1] kthread+0x318/0x420
[ 29.952840][ C1] ret_from_fork+0x24/0x30
[ 29.957227][ C1]
[ 29.959626][ C1] Freed by task 1:
[ 29.963332][ C1] save_stack+0x1b/0x80
[ 29.967479][ C1] __kasan_slab_free+0x130/0x180
[ 29.972395][ C1] kfree+0xe4/0x2f0
[ 29.976180][ C1] public_key_verify_signature+0x874/0xc40
[ 29.981957][ C1] x509_check_for_self_signed+0x33c/0x560
[ 29.987666][ C1] x509_cert_parse+0x61e/0x8a0
[ 29.992414][ C1] x509_key_preparse+0x61/0x8e0
[ 29.997239][ C1] asymmetric_key_preparse+0xab/0x110
[ 30.002596][ C1] key_create_or_update+0x32e/0xb30
[ 30.007782][ C1] regulatory_init_db+0x29b/0x45b
[ 30.012780][ C1] do_one_initcall+0xf0/0x614
[ 30.017432][ C1] kernel_init_freeable+0x4a9/0x596
[ 30.022607][ C1] kernel_init+0xd/0x1bf
[ 30.026823][ C1] ret_from_fork+0x24/0x30
[ 30.031217][ C1]
[ 30.033530][ C1] The buggy address belongs to the object at ffff8881d5357780
[ 30.033530][ C1] which belongs to the cache kmalloc-256 of size 256
[ 30.047571][ C1] The buggy address is located 0 bytes to the right of
[ 30.047571][ C1] 256-byte region [ffff8881d5357780, ffff8881d5357880)
[ 30.061169][ C1] The buggy address belongs to the page:
[ 30.066789][ C1] page:ffffea000754d5c0 refcount:1 mapcount:0 mapping:ffff8881da002780 index:0x0
[ 30.075878][ C1] flags: 0x200000000000200(slab)
[ 30.080795][ C1] raw: 0200000000000200 ffffea000754cac0 0000000500000005 ffff8881da002780
[ 30.089355][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 30.097911][ C1] page dumped because: kasan: bad access detected
[ 30.104302][ C1]
[ 30.106607][ C1] Memory state around the buggy address:
[ 30.112211][ C1] ffff8881d5357780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.120246][ C1] ffff8881d5357800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.128281][ C1] >ffff8881d5357880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 30.136314][ C1] ^
[ 30.140352][ C1] ffff8881d5357900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.148387][ C1] ffff8881d5357980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 30.156433][ C1] ==================================================================
[ 30.164475][ C1] Disabling lock debugging due to kernel taint
[ 30.170597][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 30.177157][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.3.0-rc2+ #25
[ 30.185728][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.195764][ C1] Call Trace:
[ 30.199021][ C1]
[ 30.201849][ C1] dump_stack+0xca/0x13e
[ 30.206065][ C1] panic+0x2a3/0x6da
[ 30.209946][ C1] ? add_taint.cold+0x16/0x16
[ 30.214596][ C1] ? print_shadow_for_address+0xb8/0x114
[ 30.220203][ C1] ? trace_hardirqs_off+0x50/0x1d0
[ 30.225286][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 30.230368][ C1] end_report+0x43/0x49
[ 30.234497][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 30.239588][ C1] __kasan_report.cold+0xd/0x33
[ 30.244414][ C1] ? ir_raw_event_store_with_filter+0x210/0x580
[ 30.250623][ C1] ? mceusb_dev_recv+0x1014/0x12e0
[ 30.255716][ C1] kasan_report+0xe/0x12
[ 30.259931][ C1] mceusb_dev_recv+0x1014/0x12e0
[ 30.264838][ C1] ? mceusb_set_timeout+0x110/0x110
[ 30.270007][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 30.275094][ C1] ? _raw_read_unlock+0x1f/0x30
[ 30.279920][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 30.285263][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 30.290447][ C1] dummy_timer+0x120f/0x2fa2
[ 30.295010][ C1] ? lock_acquire+0x127/0x320
[ 30.299656][ C1] ? dummy_udc_probe+0x930/0x930
[ 30.304601][ C1] call_timer_fn+0x179/0x650
[ 30.309166][ C1] ? dummy_udc_probe+0x930/0x930
[ 30.314071][ C1] ? msleep_interruptible+0x130/0x130
[ 30.319413][ C1] ? do_raw_spin_lock+0x11a/0x280
[ 30.324414][ C1] ? _raw_spin_unlock_irq+0x24/0x30
[ 30.329597][ C1] ? dummy_udc_probe+0x930/0x930
[ 30.334507][ C1] run_timer_softirq+0x5cc/0x14b0
[ 30.339521][ C1] ? add_timer+0x7a0/0x7a0
[ 30.343911][ C1] ? ktime_get+0x162/0x1c0
[ 30.348302][ C1] ? lapic_next_event+0x4d/0x80
[ 30.353122][ C1] __do_softirq+0x221/0x912
[ 30.357597][ C1] irq_exit+0x178/0x1a0
[ 30.361737][ C1] smp_apic_timer_interrupt+0x12f/0x500
[ 30.367254][ C1] apic_timer_interrupt+0xf/0x20
[ 30.372173][ C1]
[ 30.375104][ C1] RIP: 0010:default_idle+0x28/0x2e0
[ 30.380276][ C1] Code: 90 90 41 56 41 55 65 44 8b 2d 54 fa 93 7a 41 54 55 53 0f 1f 44 00 00 e8 76 7f d5 fb e9 07 00 00 00 0f 00 2d 6a 9f 54 00 fb f4 <65> 44 8b 2d 30 fa 93 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 30.399955][ C1] RSP: 0018:ffff8881da217dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 30.408515][ C1] RAX: 0000000000000007 RBX: ffff8881da1fb000 RCX: 0000000000000000
[ 30.416478][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da1fb844
[ 30.424437][ C1] RBP: ffffed103b43f600 R08: ffff8881da1fb000 R09: 0000000000000000
[ 30.432395][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 30.440348][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[ 30.448303][ C1] ? default_idle+0x1a/0x2e0
[ 30.452868][ C1] do_idle+0x3c2/0x4f0
[ 30.456914][ C1] ? __wake_up_common+0x147/0x640
[ 30.461927][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 30.466927][ C1] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 30.472708][ C1] ? lockdep_hardirqs_on+0x379/0x580
[ 30.477980][ C1] cpu_startup_entry+0x14/0x20
[ 30.482714][ C1] start_secondary+0x297/0x340
[ 30.487450][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 30.492896][ C1] secondary_startup_64+0xa4/0xb0
[ 30.498215][ C1] Kernel Offset: disabled
[ 30.502524][ C1] Rebooting in 86400 seconds..