Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 50.195391][ T102] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 50.435344][ T102] usb 1-1: Using ep0 maxpacket: 8 [ 50.555424][ T102] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 50.563671][ T102] usb 1-1: config 0 has no interface number 0 [ 50.569955][ T102] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 50.580988][ T102] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 50.590050][ T102] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.599263][ T102] usb 1-1: config 0 descriptor?? [ 50.640103][ T102] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 50.929487][ T83] usb 1-1: USB disconnect, device number 2 [ 50.935426][ C0] ldusb 1-1:0.28: usb_submit_urb failed (-19) [ 50.942437][ T83] ldusb 1-1:0.28: LD USB Device #0 now disconnected [ 51.131859][ T1722] ldusb: No device or device unplugged -19 executing program [ 51.895426][ T102] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 52.135344][ T102] usb 1-1: Using ep0 maxpacket: 8 [ 52.255441][ T102] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 52.263570][ T102] usb 1-1: config 0 has no interface number 0 [ 52.269703][ T102] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 52.280592][ T102] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 52.289645][ T102] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.298329][ T102] usb 1-1: config 0 descriptor?? [ 52.338169][ T102] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 52.627928][ T102] usb 1-1: USB disconnect, device number 3 [ 52.636160][ T102] ldusb 1-1:0.28: LD USB Device #0 now disconnected [ 52.830350][ T1728] ldusb: No device or device unplugged -19 executing program [ 53.595363][ T83] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 53.835355][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 53.955452][ T83] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 53.963618][ T83] usb 1-1: config 0 has no interface number 0 [ 53.969770][ T83] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 53.980683][ T83] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 53.989759][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.999073][ T83] usb 1-1: config 0 descriptor?? [ 54.039277][ T83] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 54.329205][ T83] usb 1-1: USB disconnect, device number 4 [ 54.345971][ T83] ldusb 1-1:0.28: LD USB Device #0 now disconnected [ 54.535554][ T1734] ldusb: No device or device unplugged -19 executing program [ 55.315355][ T83] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 55.555391][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 55.675443][ T83] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 55.683534][ T83] usb 1-1: config 0 has no interface number 0 [ 55.689672][ T83] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 55.700572][ T83] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 55.709623][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.718872][ T83] usb 1-1: config 0 descriptor?? [ 55.757636][ T83] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 56.048948][ T102] usb 1-1: USB disconnect, device number 5 [ 56.055359][ T1738] ldusb 1-1:0.28: Read buffer overflow, -131386010882048 bytes dropped [ 56.063872][ T1738] ================================================================== [ 56.072001][ T1738] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x124/0x150 [ 56.079558][ T1738] Read of size 2147479552 at addr ffff8881cf7e0008 by task syz-executor992/1738 [ 56.088545][ T1738] [ 56.090879][ T1738] CPU: 1 PID: 1738 Comm: syz-executor992 Not tainted 5.4.0-rc3+ #0 [ 56.098751][ T1738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.108794][ T1738] Call Trace: [ 56.112067][ T1738] dump_stack+0xca/0x13e [ 56.116288][ T1738] ? _copy_to_user+0x124/0x150 [ 56.121035][ T1738] ? _copy_to_user+0x124/0x150 [ 56.125796][ T1738] print_address_description.constprop.0+0x36/0x50 [ 56.132280][ T1738] ? _copy_to_user+0x124/0x150 [ 56.137026][ T1738] ? _copy_to_user+0x124/0x150 [ 56.141773][ T1738] __kasan_report.cold+0x1a/0x33 [ 56.146686][ T1738] ? _copy_to_user+0x124/0x150 [ 56.151438][ T1738] kasan_report+0xe/0x20 [ 56.155676][ T1738] check_memory_region+0x128/0x190 [ 56.160766][ T1738] _copy_to_user+0x124/0x150 [ 56.165336][ T1738] ld_usb_read+0x329/0x760 [ 56.169757][ T1738] ? ld_usb_write+0xa20/0xa20 [ 56.174410][ T1738] ? finish_wait+0x260/0x260 [ 56.179002][ T1738] ? security_file_permission+0x8a/0x370 [ 56.184611][ T1738] ? ld_usb_write+0xa20/0xa20 [ 56.189283][ T1738] __vfs_read+0x76/0x100 [ 56.193513][ T1738] vfs_read+0x1ea/0x430 [ 56.197646][ T1738] ksys_read+0x1e8/0x250 [ 56.201901][ T1738] ? kernel_write+0x120/0x120 [ 56.206568][ T1738] ? hrtimer_nanosleep+0x4f0/0x4f0 [ 56.211665][ T1738] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 56.217367][ T1738] do_syscall_64+0xb7/0x580 [ 56.221865][ T1738] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.227755][ T1738] RIP: 0033:0x44adf9 [ 56.231637][ T1738] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.251223][ T1738] RSP: 002b:00007f1ceda23d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 56.259630][ T1738] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 000000000044adf9 [ 56.267601][ T1738] RDX: 00000000ffffffe9 RSI: 0000000000000000 RDI: 0000000000000004 [ 56.275586][ T1738] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 56.283545][ T1738] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 56.291510][ T1738] R13: 0001002402090100 R14: 000048c920200f11 R15: 08983baa00000112 [ 56.299478][ T1738] [ 56.301783][ T1738] The buggy address belongs to the page: [ 56.307395][ T1738] page:ffffea00073df800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 56.318438][ T1738] flags: 0x200000000010000(head) [ 56.323394][ T1738] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 56.331971][ T1738] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 56.340546][ T1738] page dumped because: kasan: bad access detected [ 56.347624][ T1738] [ 56.349928][ T1738] Memory state around the buggy address: [ 56.355533][ T1738] ffff8881cf7f5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.363571][ T1738] ffff8881cf7f5580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.371610][ T1738] >ffff8881cf7f5600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 56.379644][ T1738] ^ [ 56.383704][ T1738] ffff8881cf7f5680: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 56.391765][ T1738] ffff8881cf7f5700: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 56.399812][ T1738] ================================================================== [ 56.407855][ T1738] Disabling lock debugging due to kernel taint [ 56.414062][ T1738] Kernel panic - not syncing: panic_on_warn set ... [ 56.420646][ T1738] CPU: 1 PID: 1738 Comm: syz-executor992 Tainted: G B 5.4.0-rc3+ #0 [ 56.429903][ T1738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.439932][ T1738] Call Trace: [ 56.443202][ T1738] dump_stack+0xca/0x13e [ 56.447419][ T1738] panic+0x2aa/0x6e1 [ 56.451289][ T1738] ? add_taint.cold+0x16/0x16 [ 56.455945][ T1738] ? _copy_to_user+0x124/0x150 [ 56.460701][ T1738] ? trace_hardirqs_on+0x55/0x1e0 [ 56.465738][ T1738] ? _copy_to_user+0x124/0x150 [ 56.470488][ T1738] end_report+0x43/0x49 [ 56.474624][ T1738] ? _copy_to_user+0x124/0x150 [ 56.479376][ T1738] __kasan_report.cold+0xd/0x33 [ 56.484222][ T1738] ? _copy_to_user+0x124/0x150 [ 56.488974][ T1738] kasan_report+0xe/0x20 [ 56.493205][ T1738] check_memory_region+0x128/0x190 [ 56.498306][ T1738] _copy_to_user+0x124/0x150 [ 56.502875][ T1738] ld_usb_read+0x329/0x760 [ 56.507277][ T1738] ? ld_usb_write+0xa20/0xa20 [ 56.511936][ T1738] ? finish_wait+0x260/0x260 [ 56.516500][ T1738] ? security_file_permission+0x8a/0x370 [ 56.522109][ T1738] ? ld_usb_write+0xa20/0xa20 [ 56.526770][ T1738] __vfs_read+0x76/0x100 [ 56.531004][ T1738] vfs_read+0x1ea/0x430 [ 56.535147][ T1738] ksys_read+0x1e8/0x250 [ 56.539541][ T1738] ? kernel_write+0x120/0x120 [ 56.544194][ T1738] ? hrtimer_nanosleep+0x4f0/0x4f0 [ 56.549283][ T1738] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 56.554983][ T1738] do_syscall_64+0xb7/0x580 [ 56.559476][ T1738] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.565355][ T1738] RIP: 0033:0x44adf9 [ 56.569242][ T1738] Code: e8 bc b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.591627][ T1738] RSP: 002b:00007f1ceda23d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 56.600025][ T1738] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 000000000044adf9 [ 56.608142][ T1738] RDX: 00000000ffffffe9 RSI: 0000000000000000 RDI: 0000000000000004 [ 56.616096][ T1738] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 56.624091][ T1738] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc6c [ 56.632469][ T1738] R13: 0001002402090100 R14: 000048c920200f11 R15: 08983baa00000112 [ 56.641198][ T1738] Kernel Offset: disabled [ 56.645524][ T1738] Rebooting in 86400 seconds..