Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 163.627336][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 163.627343][ T17] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 163.627654][ T101] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 163.635013][ T22] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 163.643079][ T5] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 163.665569][ T1736] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 163.867279][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 163.897287][ T17] usb 2-1: Using ep0 maxpacket: 8 [ 163.902486][ T22] usb 6-1: Using ep0 maxpacket: 8 [ 163.917368][ T1736] usb 5-1: Using ep0 maxpacket: 8 [ 163.922603][ T101] usb 4-1: Using ep0 maxpacket: 8 [ 163.927690][ T5] usb 3-1: Using ep0 maxpacket: 8 [ 164.007466][ T12] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 164.015805][ T12] usb 1-1: config 0 descriptor has 1 excess byte, ignoring [ 164.017511][ T17] usb 2-1: config 0 has an invalid interface number: 28 but max is 0 [ 164.023132][ T12] usb 1-1: config 0 has no interface number 0 [ 164.031215][ T17] usb 2-1: config 0 descriptor has 1 excess byte, ignoring [ 164.038361][ T12] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 164.044425][ T17] usb 2-1: config 0 has no interface number 0 [ 164.055616][ T12] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 164.061701][ T22] usb 6-1: config 0 has an invalid interface number: 28 but max is 0 [ 164.070678][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.078662][ T22] usb 6-1: config 0 descriptor has 1 excess byte, ignoring [ 164.086830][ T1736] usb 5-1: config 0 has an invalid interface number: 28 but max is 0 [ 164.093817][ T22] usb 6-1: config 0 has no interface number 0 [ 164.094003][ T22] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 164.101939][ T1736] usb 5-1: config 0 descriptor has 1 excess byte, ignoring [ 164.101951][ T1736] usb 5-1: config 0 has no interface number 0 [ 164.102000][ T5] usb 3-1: config 0 has an invalid interface number: 28 but max is 0 [ 164.108075][ T22] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 164.108088][ T22] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.108239][ T17] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 164.119217][ T5] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 164.119229][ T5] usb 3-1: config 0 has no interface number 0 [ 164.119277][ T101] usb 4-1: config 0 has an invalid interface number: 28 but max is 0 [ 164.119295][ T101] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 164.126476][ T17] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 164.132550][ T101] usb 4-1: config 0 has no interface number 0 [ 164.140707][ T17] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.152786][ T1736] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 164.159857][ T22] usb 6-1: config 0 descriptor?? [ 164.168904][ T1736] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 164.168918][ T1736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.172770][ T5] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 164.181671][ T17] usb 2-1: config 0 descriptor?? [ 164.182405][ T5] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 164.221799][ T22] ldusb 6-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 164.231955][ T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.233166][ T101] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 164.240337][ T17] ldusb 2-1:0.28: LD USB Device #1 now attached to major 180 minor 1 [ 164.246173][ T101] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 164.323677][ T101] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.332348][ T12] usb 1-1: config 0 descriptor?? [ 164.340265][ T1736] usb 5-1: config 0 descriptor?? [ 164.346028][ T5] usb 3-1: config 0 descriptor?? [ 164.351895][ T101] usb 4-1: config 0 descriptor?? [ 164.380825][ T12] ldusb 1-1:0.28: LD USB Device #2 now attached to major 180 minor 2 [ 164.392982][ T5] ldusb 3-1:0.28: LD USB Device #3 now attached to major 180 minor 3 [ 164.402052][ T1736] ldusb 5-1:0.28: LD USB Device #4 now attached to major 180 minor 4 [ 164.411018][ T101] ldusb 4-1:0.28: LD USB Device #5 now attached to major 180 minor 5 executing program executing program executing program executing program [ 168.356102][ T101] usb 1-1: USB disconnect, device number 2 [ 168.359509][ T17] usb 4-1: USB disconnect, device number 2 [ 168.367111][ T1736] usb 2-1: USB disconnect, device number 2 [ 168.374877][ T5] usb 5-1: USB disconnect, device number 2 [ 168.380853][ T12] usb 3-1: USB disconnect, device number 2 [ 168.388547][ T12] ldusb 3-1:0.28: LD USB Device #3 now disconnected [ 168.398558][ T5] ldusb 5-1:0.28: LD USB Device #4 now disconnected executing program executing program [ 168.401032][ T17] ldusb 4-1:0.28: LD USB Device #5 now disconnected [ 168.405596][ T101] ldusb 1-1:0.28: LD USB Device #2 now disconnected [ 168.419029][ T1736] ldusb 2-1:0.28: LD USB Device #1 now disconnected [ 168.440194][ T22] usb 6-1: USB disconnect, device number 2 [ 168.449088][ T22] ldusb 6-1:0.28: LD USB Device #0 now disconnected [ 168.777314][ T12] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 168.784992][ T101] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 168.792516][ T5] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 168.797288][ T17] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 168.800091][ T1736] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 168.807565][ T22] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 169.017393][ T12] usb 3-1: Using ep0 maxpacket: 8 [ 169.047277][ T1736] usb 2-1: Using ep0 maxpacket: 8 [ 169.052444][ T101] usb 1-1: Using ep0 maxpacket: 8 [ 169.057620][ T5] usb 5-1: Using ep0 maxpacket: 8 [ 169.067277][ T17] usb 4-1: Using ep0 maxpacket: 8 [ 169.072489][ T22] usb 6-1: Using ep0 maxpacket: 8 [ 169.137447][ T12] usb 3-1: config 0 has an invalid interface number: 28 but max is 0 [ 169.145629][ T12] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 169.152966][ T12] usb 3-1: config 0 has no interface number 0 [ 169.159252][ T12] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 169.170455][ T12] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 169.179588][ T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.187649][ T1736] usb 2-1: config 0 has an invalid interface number: 28 but max is 0 [ 169.195720][ T1736] usb 2-1: config 0 descriptor has 1 excess byte, ignoring [ 169.203099][ T1736] usb 2-1: config 0 has no interface number 0 [ 169.207383][ T17] usb 4-1: config 0 has an invalid interface number: 28 but max is 0 [ 169.209261][ T5] usb 5-1: config 0 has an invalid interface number: 28 but max is 0 [ 169.217328][ T17] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 169.225377][ T5] usb 5-1: config 0 descriptor has 1 excess byte, ignoring [ 169.232573][ T17] usb 4-1: config 0 has no interface number 0 [ 169.239809][ T5] usb 5-1: config 0 has no interface number 0 [ 169.246034][ T22] usb 6-1: config 0 has an invalid interface number: 28 but max is 0 [ 169.251920][ T101] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 169.259968][ T22] usb 6-1: config 0 descriptor has 1 excess byte, ignoring [ 169.268033][ T101] usb 1-1: config 0 descriptor has 1 excess byte, ignoring [ 169.268045][ T101] usb 1-1: config 0 has no interface number 0 [ 169.275216][ T22] usb 6-1: config 0 has no interface number 0 [ 169.282611][ T1736] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 169.290334][ T17] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 169.294615][ T1736] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 169.305783][ T17] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 169.316850][ T1736] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.325868][ T17] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.335490][ T101] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 169.343493][ T22] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 169.350922][ T101] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 169.350936][ T101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.362062][ T22] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 169.362076][ T22] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.373542][ T12] usb 3-1: config 0 descriptor?? [ 169.383593][ T22] usb 6-1: config 0 descriptor?? [ 169.393482][ T5] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 248, changing to 11 [ 169.403347][ T17] usb 4-1: config 0 descriptor?? [ 169.407618][ T5] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 169.442979][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.451933][ T1736] usb 2-1: config 0 descriptor?? [ 169.458521][ T101] usb 1-1: config 0 descriptor?? [ 169.461331][ T17] ldusb 4-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 169.464028][ T5] usb 5-1: config 0 descriptor?? [ 169.479803][ T22] ldusb 6-1:0.28: LD USB Device #1 now attached to major 180 minor 1 [ 169.493837][ T12] ldusb 3-1:0.28: LD USB Device #2 now attached to major 180 minor 2 [ 169.506038][ T101] ldusb 1-1:0.28: LD USB Device #3 now attached to major 180 minor 3 [ 169.515088][ T1736] ldusb 2-1:0.28: LD USB Device #4 now attached to major 180 minor 4 [ 169.525872][ T5] ldusb 5-1:0.28: LD USB Device #5 now attached to major 180 minor 5 executing program executing program executing program executing program [ 173.364601][ T22] usb 5-1: USB disconnect, device number 3 [ 173.370523][ T5] usb 2-1: USB disconnect, device number 3 [ 173.383290][ T12] usb 1-1: USB disconnect, device number 3 [ 173.384850][ T17] usb 3-1: USB disconnect, device number 3 [ 173.398810][ T5] ldusb 2-1:0.28: LD USB Device #4 now disconnected [ 173.398815][ T22] ldusb 5-1:0.28: LD USB Device #5 now disconnected executing program [ 173.400001][ T1739] usb 4-1: USB disconnect, device number 3 [ 173.406434][ T12] ldusb 1-1:0.28: LD USB Device #3 now disconnected [ 173.413614][ T17] ldusb 3-1:0.28: LD USB Device #2 now disconnected [ 173.418108][ C1] ldusb 4-1:0.28: usb_submit_urb failed (-19) [ 173.438114][ T1754] ldusb 4-1:0.28: Read buffer overflow, 1863950463890137282 bytes dropped [ 173.446792][ T1754] usercopy: Kernel memory exposure attempt detected from process stack (offset 0, size 2147479552)! [ 173.457633][ T1754] ------------[ cut here ]------------ [ 173.463086][ T1754] kernel BUG at mm/usercopy.c:99! [ 173.468234][ T1754] invalid opcode: 0000 [#1] SMP KASAN [ 173.473714][ T1754] CPU: 1 PID: 1754 Comm: syz-executor165 Not tainted 5.4.0-rc3+ #0 [ 173.481584][ T1754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.491635][ T1754] RIP: 0010:usercopy_abort+0xb9/0xbb [ 173.496904][ T1754] Code: e8 32 51 d6 ff 49 89 d9 4d 89 e8 4c 89 e1 41 56 48 89 ee 48 c7 c7 40 d9 cd 85 ff 74 24 08 41 57 48 8b 54 24 20 e8 46 e3 c0 ff <0f> 0b e8 06 51 d6 ff e8 31 8b fd ff 8b 54 24 04 49 89 d8 4c 89 e1 [ 173.516488][ T1754] RSP: 0018:ffff8881cedefc58 EFLAGS: 00010282 [ 173.522531][ T1754] RAX: 0000000000000061 RBX: ffffffff85cdd660 RCX: 0000000000000000 [ 173.530481][ T1754] RDX: 0000000000000000 RSI: ffffffff8128bcbd RDI: ffffed1039dbdf7d [ 173.538443][ T1754] RBP: ffffffff85cdd820 R08: 0000000000000061 R09: fffffbfff11b23b5 [ 173.546398][ T1754] R10: fffffbfff11b23b4 R11: ffffffff88d91da7 R12: ffffffff85cdda40 [ 173.554349][ T1754] R13: ffffffff85cdd660 R14: 000000007ffff000 R15: ffffffff85cdd660 [ 173.562301][ T1754] FS: 00000000025d4940(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 173.571383][ T1754] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 173.577945][ T1754] CR2: 00007fb1f2c60000 CR3: 00000001cff65000 CR4: 00000000001406e0 [ 173.585894][ T1754] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 173.593861][ T1754] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 173.601814][ T1754] Call Trace: [ 173.605101][ T1754] __check_object_size.cold+0x91/0xbb [ 173.610461][ T1754] ? ld_usb_read+0x2f1/0x760 [ 173.615051][ T1754] ld_usb_read+0x31a/0x760 [ 173.619443][ T1754] ? ld_usb_write+0xa20/0xa20 [ 173.624097][ T1754] ? finish_wait+0x260/0x260 [ 173.628788][ T1754] ? security_file_permission+0x8a/0x370 [ 173.634795][ T1754] ? ld_usb_write+0xa20/0xa20 [ 173.639452][ T1754] __vfs_read+0x76/0x100 [ 173.643673][ T1754] vfs_read+0x1ea/0x430 [ 173.647842][ T1754] ksys_read+0x1e8/0x250 [ 173.652063][ T1754] ? kernel_write+0x120/0x120 [ 173.656732][ T1754] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 173.662428][ T1754] do_syscall_64+0xb7/0x580 [ 173.666913][ T1754] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.672784][ T1754] RIP: 0033:0x441d49 [ 173.677091][ T1754] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.697037][ T1754] RSP: 002b:00007ffed1ac2f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 173.705441][ T1754] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441d49 [ 173.713392][ T1754] RDX: 00000000ffffff7d RSI: 0000000020000080 RDI: 0000000000000004 [ 173.721344][ T1754] RBP: 0000000000027e08 R08: 000000000000000f R09: 0000000000402b30 [ 173.729298][ T1754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402aa0 [ 173.737267][ T1754] R13: 0000000000402b30 R14: 0000000000000000 R15: 0000000000000000 [ 173.745217][ T1754] Modules linked in: [ 173.749138][ T1754] ---[ end trace d633d40edc75aaf7 ]--- [ 173.754593][ T1754] RIP: 0010:usercopy_abort+0xb9/0xbb [ 173.759901][ T1754] Code: e8 32 51 d6 ff 49 89 d9 4d 89 e8 4c 89 e1 41 56 48 89 ee 48 c7 c7 40 d9 cd 85 ff 74 24 08 41 57 48 8b 54 24 20 e8 46 e3 c0 ff <0f> 0b e8 06 51 d6 ff e8 31 8b fd ff 8b 54 24 04 49 89 d8 4c 89 e1 [ 173.777280][ T5] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 173.779516][ T1754] RSP: 0018:ffff8881cedefc58 EFLAGS: 00010282 [ 173.787468][ T12] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 173.793065][ T1754] RAX: 0000000000000061 RBX: ffffffff85cdd660 RCX: 0000000000000000 [ 173.793075][ T1754] RDX: 0000000000000000 RSI: ffffffff8128bcbd RDI: ffffed1039dbdf7d [ 173.816610][ T1754] RBP: ffffffff85cdd820 R08: 0000000000000061 R09: fffffbfff11b23b5 [ 173.824701][ T1754] R10: fffffbfff11b23b4 R11: ffffffff88d91da7 R12: ffffffff85cdda40 [ 173.832690][ T1754] R13: ffffffff85cdd660 R14: 000000007ffff000 R15: ffffffff85cdd660 [ 173.840708][ T1754] FS: 00000000025d4940(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 173.849665][ T1754] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 173.856249][ T1754] CR2: 00007fb1f2c60000 CR3: 00000001cff65000 CR4: 00000000001406e0 [ 173.864226][ T1754] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 173.872213][ T1754] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 173.880194][ T1754] Kernel panic - not syncing: Fatal exception [ 173.886882][ T1754] Kernel Offset: disabled [ 173.891203][ T1754] Rebooting in 86400 seconds..