Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 152.091493][ T5] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 152.091502][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 152.091878][ T102] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 152.114518][ T1736] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 152.122174][ T1735] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 152.129722][ T12] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 152.331531][ T5] usb 5-1: Using ep0 maxpacket: 8 [ 152.351394][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 152.361426][ T1735] usb 4-1: Using ep0 maxpacket: 8 [ 152.371497][ T1736] usb 2-1: Using ep0 maxpacket: 8 [ 152.376602][ T12] usb 6-1: Using ep0 maxpacket: 8 [ 152.381780][ T102] usb 3-1: Using ep0 maxpacket: 8 [ 152.462020][ T5] usb 5-1: config 0 has an invalid interface number: 28 but max is 0 [ 152.470352][ T5] usb 5-1: config 0 has no interface number 0 [ 152.476730][ T5] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.487700][ T5] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 152.491530][ T83] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 152.496876][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.504810][ T83] usb 1-1: config 0 has no interface number 0 [ 152.512858][ T1735] usb 4-1: config 0 has an invalid interface number: 28 but max is 0 [ 152.520107][ T83] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.526943][ T1735] usb 4-1: config 0 has no interface number 0 [ 152.527032][ T1735] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.537848][ T83] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 152.537860][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.540723][ T83] usb 1-1: config 0 descriptor?? [ 152.544096][ T1735] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 152.544111][ T1735] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.544168][ T102] usb 3-1: config 0 has an invalid interface number: 28 but max is 0 [ 152.602100][ T102] usb 3-1: config 0 has no interface number 0 [ 152.608221][ T12] usb 6-1: config 0 has an invalid interface number: 28 but max is 0 [ 152.610748][ T83] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 152.616367][ T12] usb 6-1: config 0 has no interface number 0 [ 152.616428][ T1736] usb 2-1: config 0 has an invalid interface number: 28 but max is 0 [ 152.638936][ T1736] usb 2-1: config 0 has no interface number 0 [ 152.645695][ T12] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.656951][ T12] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 152.666209][ T12] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.675558][ T5] usb 5-1: config 0 descriptor?? [ 152.680861][ T1735] usb 4-1: config 0 descriptor?? [ 152.686056][ T1736] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.697204][ T1736] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 152.706349][ T1736] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.716469][ T5] ldusb 5-1:0.28: LD USB Device #1 now attached to major 180 minor 1 [ 152.728935][ T102] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.740003][ T102] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 152.749126][ T102] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.757464][ T12] usb 6-1: config 0 descriptor?? [ 152.762783][ T1735] ldusb 4-1:0.28: LD USB Device #2 now attached to major 180 minor 2 [ 152.771741][ T1736] usb 2-1: config 0 descriptor?? [ 152.779553][ T102] usb 3-1: config 0 descriptor?? [ 152.815449][ T1736] ldusb 2-1:0.28: LD USB Device #3 now attached to major 180 minor 3 [ 152.826509][ T12] ldusb 6-1:0.28: LD USB Device #4 now attached to major 180 minor 4 [ 152.839471][ T102] ldusb 3-1:0.28: LD USB Device #5 now attached to major 180 minor 5 executing program executing program [ 156.825223][ T83] usb 5-1: USB disconnect, device number 2 [ 156.829342][ T102] usb 6-1: USB disconnect, device number 2 [ 156.836210][ T17] usb 4-1: USB disconnect, device number 2 [ 156.841850][ T1736] usb 1-1: USB disconnect, device number 2 [ 156.851447][ C0] ldusb 1-1:0.28: usb_submit_urb failed (-19) [ 156.856854][ T1747] usb 3-1: USB disconnect, device number 2 [ 156.858086][ T1737] ldusb 1-1:0.28: Read buffer overflow, -131383859965943 bytes dropped executing program [ 156.863975][ T83] ldusb 5-1:0.28: LD USB Device #1 now disconnected [ 156.872159][ T1737] ================================================================== [ 156.887487][ T1737] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x124/0x150 [ 156.894947][ T1737] Read of size 102391 at addr ffff8881cfb40008 by task syz-executor372/1737 [ 156.896387][ T17] ldusb 4-1:0.28: LD USB Device #2 now disconnected [ 156.903608][ T1737] [ 156.903625][ T1737] CPU: 0 PID: 1737 Comm: syz-executor372 Not tainted 5.4.0-rc3+ #0 executing program executing program [ 156.903638][ T1737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.903643][ T1737] Call Trace: [ 156.903664][ T1737] dump_stack+0xca/0x13e [ 156.903678][ T1737] ? _copy_to_user+0x124/0x150 [ 156.903688][ T1737] ? _copy_to_user+0x124/0x150 [ 156.903701][ T1737] print_address_description.constprop.0+0x36/0x50 [ 156.903718][ T1737] ? _copy_to_user+0x124/0x150 [ 156.903734][ T1737] ? _copy_to_user+0x124/0x150 [ 156.913766][ T1747] ldusb 3-1:0.28: LD USB Device #5 now disconnected [ 156.920542][ T1737] __kasan_report.cold+0x1a/0x33 [ 156.920558][ T1737] ? _copy_to_user+0x124/0x150 [ 156.920568][ T1737] kasan_report+0xe/0x20 [ 156.920579][ T1737] check_memory_region+0x128/0x190 [ 156.920590][ T1737] _copy_to_user+0x124/0x150 [ 156.920609][ T1737] ld_usb_read+0x329/0x760 [ 156.998802][ T1737] ? ld_usb_write+0xa20/0xa20 [ 157.003464][ T1737] ? finish_wait+0x260/0x260 [ 157.008036][ T1737] ? security_file_permission+0x8a/0x370 [ 157.013655][ T1737] ? ld_usb_write+0xa20/0xa20 [ 157.018319][ T1737] __vfs_read+0x76/0x100 [ 157.022652][ T1737] vfs_read+0x1ea/0x430 [ 157.026839][ T1737] ksys_read+0x1e8/0x250 [ 157.032449][ T1737] ? kernel_write+0x120/0x120 [ 157.039959][ T1737] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 157.047664][ T1737] do_syscall_64+0xb7/0x580 [ 157.054106][ T1737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 157.066345][ T1737] RIP: 0033:0x4421d9 [ 157.074991][ T1737] Code: e8 7c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 157.111105][ T1737] RSP: 002b:00007ffc08eb0888 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 157.122229][ T1737] RAX: ffffffffffffffda RBX: 00007ffc08eb0ae0 RCX: 00000000004421d9 [ 157.130678][ T1737] RDX: 0000000000018ff7 RSI: 0000000020000a80 RDI: 0000000000000004 [ 157.138981][ T1737] RBP: 0000000000000000 R08: 000000000000000f R09: 0000000000402eb0 [ 157.146954][ T1737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.155156][ T1737] R13: 0000000000402eb0 R14: 0000000000000000 R15: 0000000000000000 [ 157.163122][ T1737] [ 157.165449][ T1737] The buggy address belongs to the page: [ 157.171182][ T1737] page:ffffea00073ed000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 157.182112][ T1737] flags: 0x200000000010000(head) [ 157.187039][ T1737] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 157.195613][ T1737] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 157.204184][ T1737] page dumped because: kasan: bad access detected [ 157.210828][ T1737] [ 157.213311][ T1737] Memory state around the buggy address: [ 157.219624][ T1737] ffff8881cfb55500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 157.227827][ T1737] ffff8881cfb55580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 157.236010][ T1737] >ffff8881cfb55600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.244072][ T1737] ^ [ 157.248461][ T1737] ffff8881cfb55680: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.256518][ T1737] ffff8881cfb55700: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.264563][ T1737] ================================================================== [ 157.272612][ T1737] Disabling lock debugging due to kernel taint [ 157.278964][ T1737] Kernel panic - not syncing: panic_on_warn set ... [ 157.285572][ T1737] CPU: 0 PID: 1737 Comm: syz-executor372 Tainted: G B 5.4.0-rc3+ #0 [ 157.294838][ T1737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.301408][ T17] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 157.304880][ T1737] Call Trace: [ 157.304908][ T1737] dump_stack+0xca/0x13e [ 157.304926][ T1737] panic+0x2aa/0x6e1 [ 157.312436][ T1747] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 157.316140][ T1737] ? add_taint.cold+0x16/0x16 [ 157.336592][ T1737] ? _copy_to_user+0x124/0x150 [ 157.341347][ T1737] ? trace_hardirqs_on+0x55/0x1e0 [ 157.341388][ T83] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 157.346390][ T1737] ? _copy_to_user+0x124/0x150 [ 157.346400][ T1737] end_report+0x43/0x49 [ 157.346412][ T1737] ? _copy_to_user+0x124/0x150 [ 157.346421][ T1737] __kasan_report.cold+0xd/0x33 [ 157.346430][ T1737] ? _copy_to_user+0x124/0x150 [ 157.346445][ T1737] kasan_report+0xe/0x20 [ 157.381505][ T1737] check_memory_region+0x128/0x190 [ 157.386737][ T1737] _copy_to_user+0x124/0x150 [ 157.391444][ T1737] ld_usb_read+0x329/0x760 [ 157.395862][ T1737] ? ld_usb_write+0xa20/0xa20 [ 157.400799][ T1737] ? finish_wait+0x260/0x260 [ 157.405384][ T1737] ? security_file_permission+0x8a/0x370 [ 157.411006][ T1737] ? ld_usb_write+0xa20/0xa20 [ 157.415667][ T1737] __vfs_read+0x76/0x100 [ 157.419905][ T1737] vfs_read+0x1ea/0x430 [ 157.424048][ T1737] ksys_read+0x1e8/0x250 [ 157.428273][ T1737] ? kernel_write+0x120/0x120 [ 157.432933][ T1737] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 157.438639][ T1737] do_syscall_64+0xb7/0x580 [ 157.443128][ T1737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 157.449004][ T1737] RIP: 0033:0x4421d9 [ 157.452880][ T1737] Code: e8 7c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 157.472482][ T1737] RSP: 002b:00007ffc08eb0888 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 157.480885][ T1737] RAX: ffffffffffffffda RBX: 00007ffc08eb0ae0 RCX: 00000000004421d9 [ 157.488843][ T1737] RDX: 0000000000018ff7 RSI: 0000000020000a80 RDI: 0000000000000004 [ 157.496803][ T1737] RBP: 0000000000000000 R08: 000000000000000f R09: 0000000000402eb0 [ 157.504769][ T1737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.512725][ T1737] R13: 0000000000402eb0 R14: 0000000000000000 R15: 0000000000000000 [ 157.521647][ T1737] Kernel Offset: disabled [ 157.526108][ T1737] Rebooting in 86400 seconds..