INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.56' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 25.024809][ T12] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 25.024816][ T78] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.025119][ T101] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.045325][ T1740] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.047827][ T5] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.055548][ T17] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 25.264770][ T78] usb 1-1: Using ep0 maxpacket: 8 [ 25.284784][ T12] usb 3-1: Using ep0 maxpacket: 8 [ 25.295077][ T101] usb 4-1: Using ep0 maxpacket: 8 [ 25.300269][ T5] usb 2-1: Using ep0 maxpacket: 8 [ 25.314898][ T1740] usb 5-1: Using ep0 maxpacket: 8 [ 25.320560][ T17] usb 6-1: Using ep0 maxpacket: 8 [ 25.404949][ T12] usb 3-1: config 0 has an invalid interface number: 28 but max is 0 [ 25.404957][ T78] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 25.405018][ T12] usb 3-1: config 0 has no interface number 0 [ 25.414256][ T78] usb 1-1: config 0 has no interface number 0 [ 25.422504][ T101] usb 4-1: config 0 has an invalid interface number: 28 but max is 0 [ 25.428846][ T78] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 25.434536][ T101] usb 4-1: config 0 has no interface number 0 [ 25.434920][ T5] usb 2-1: config 0 has an invalid interface number: 28 but max is 0 [ 25.442683][ T78] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 25.453512][ T5] usb 2-1: config 0 has no interface number 0 [ 25.453817][ T101] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 25.459775][ T78] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.468136][ T78] usb 1-1: config 0 descriptor?? [ 25.476976][ T101] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 25.476991][ T101] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.477048][ T12] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 25.477070][ T12] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 25.477083][ T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.477643][ T5] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 25.483501][ T1740] usb 5-1: config 0 has an invalid interface number: 28 but max is 0 [ 25.494186][ T5] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 25.494202][ T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.502202][ T1740] usb 5-1: config 0 has no interface number 0 [ 25.507858][ T12] usb 3-1: config 0 descriptor?? [ 25.516229][ T17] usb 6-1: config 0 has an invalid interface number: 28 but max is 0 [ 25.525379][ T101] usb 4-1: config 0 descriptor?? [ 25.535223][ T17] usb 6-1: config 0 has no interface number 0 [ 25.542225][ T17] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 25.545879][ T5] usb 2-1: config 0 descriptor?? [ 25.552402][ T17] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 25.594025][ T12] ldusb 3-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 25.594366][ T17] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.605248][ T5] ldusb 2-1:0.28: LD USB Device #1 now attached to major 180 minor 1 [ 25.612583][ T1740] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 25.619545][ T101] ldusb 4-1:0.28: LD USB Device #2 now attached to major 180 minor 2 [ 25.629427][ T1740] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 25.629440][ T1740] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.677553][ T78] ldusb 1-1:0.28: LD USB Device #3 now attached to major 180 minor 3 [ 25.712794][ T17] usb 6-1: config 0 descriptor?? [ 25.718215][ T1740] usb 5-1: config 0 descriptor?? [ 25.768402][ T1740] ldusb 5-1:0.28: LD USB Device #4 now attached to major 180 minor 4 [ 25.777587][ T17] ldusb 6-1:0.28: LD USB Device #5 now attached to major 180 minor 5 [ 25.832904][ T101] usb 3-1: USB disconnect, device number 2 [ 25.839180][ C0] ldusb 3-1:0.28: usb_submit_urb failed (-19) [ 25.840542][ T1740] usb 4-1: USB disconnect, device number 2 [ 25.849240][ T5] usb 2-1: USB disconnect, device number 2 [ 25.851298][ T1739] ldusb 3-1:0.28: Read buffer overflow, 6479787397507913715 bytes dropped [ 25.865989][ T1739] ================================================================== [ 25.874256][ T1739] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x124/0x150 [ 25.881695][ T1739] Read of size 2147479552 at addr ffff8881c7640008 by task syz-executor892/1739 [ 25.890694][ T1739] [ 25.893043][ T1739] CPU: 1 PID: 1739 Comm: syz-executor892 Not tainted 5.4.0-rc3+ #0 [ 25.895367][ T12] usb 1-1: USB disconnect, device number 2 [ 25.900911][ T1739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.900923][ T1739] Call Trace: [ 25.900945][ T1739] dump_stack+0xca/0x13e [ 25.900959][ T1739] ? _copy_to_user+0x124/0x150 [ 25.900973][ T1739] ? _copy_to_user+0x124/0x150 [ 25.933940][ T1739] print_address_description.constprop.0+0x36/0x50 [ 25.940436][ T1739] ? _copy_to_user+0x124/0x150 [ 25.945641][ T1739] ? _copy_to_user+0x124/0x150 [ 25.950500][ T1739] __kasan_report.cold+0x1a/0x33 [ 25.955439][ T1739] ? _copy_to_user+0x124/0x150 [ 25.960186][ T1739] kasan_report+0xe/0x20 [ 25.964506][ T1739] check_memory_region+0x128/0x190 [ 25.966197][ T1745] usb 6-1: USB disconnect, device number 2 [ 25.969717][ T1739] _copy_to_user+0x124/0x150 [ 25.980081][ T1739] ld_usb_read+0x329/0x760 [ 25.983453][ T1758] usb 5-1: USB disconnect, device number 2 [ 25.984500][ T1739] ? ld_usb_write+0xa20/0xa20 [ 25.984512][ T1739] ? finish_wait+0x260/0x260 [ 25.984526][ T1739] ? security_file_permission+0x8a/0x370 [ 25.984541][ T1739] ? ld_usb_write+0xa20/0xa20 [ 25.984552][ T1739] __vfs_read+0x76/0x100 [ 25.984566][ T1739] vfs_read+0x1ea/0x430 [ 26.018281][ T1739] ksys_read+0x1e8/0x250 [ 26.022521][ T1739] ? kernel_write+0x120/0x120 [ 26.027197][ T1739] ? hrtimer_nanosleep+0x4f0/0x4f0 [ 26.032317][ T1739] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 26.038051][ T1739] do_syscall_64+0xb7/0x580 [ 26.042568][ T1739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.048451][ T1739] RIP: 0033:0x446ef9 [ 26.052332][ T1739] Code: e8 ec e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 26.071929][ T1739] RSP: 002b:00007f20d4ae3d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 26.080331][ T1739] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446ef9 [ 26.088296][ T1739] RDX: 00000000fffffc92 RSI: 0000000020000080 RDI: 0000000000000004 [ 26.096259][ T1739] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 26.104231][ T1739] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 26.112370][ T1739] R13: 0001002402090100 R14: 000048c920200f11 R15: 08983baa00000112 [ 26.120334][ T1739] [ 26.122645][ T1739] The buggy address belongs to the page: [ 26.128449][ T1739] page:ffffea00071d9000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 26.139367][ T1739] flags: 0x200000000010000(head) [ 26.144286][ T1739] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 26.152962][ T1739] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.161526][ T1739] page dumped because: kasan: bad access detected [ 26.167923][ T1739] [ 26.170243][ T1739] Memory state around the buggy address: [ 26.175860][ T1739] ffff8881c7655500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.184024][ T1739] ffff8881c7655580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.192128][ T1739] >ffff8881c7655600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.200189][ T1739] ^ [ 26.204247][ T1739] ffff8881c7655680: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.212299][ T1739] ffff8881c7655700: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.220347][ T1739] ================================================================== [ 26.228393][ T1739] Disabling lock debugging due to kernel taint [ 26.234683][ T1739] Kernel panic - not syncing: panic_on_warn set ... [ 26.241379][ T1739] CPU: 1 PID: 1739 Comm: syz-executor892 Tainted: G B 5.4.0-rc3+ #0 [ 26.250652][ T1739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.260686][ T1739] Call Trace: [ 26.263965][ T1739] dump_stack+0xca/0x13e [ 26.268278][ T1739] panic+0x2aa/0x6e1 [ 26.272153][ T1739] ? add_taint.cold+0x16/0x16 [ 26.276835][ T1739] ? _copy_to_user+0x124/0x150 [ 26.281585][ T1739] ? trace_hardirqs_on+0x55/0x1e0 [ 26.286597][ T1739] ? _copy_to_user+0x124/0x150 [ 26.291364][ T1739] end_report+0x43/0x49 [ 26.295516][ T1739] ? _copy_to_user+0x124/0x150 [ 26.300258][ T1739] __kasan_report.cold+0xd/0x33 [ 26.305089][ T1739] ? _copy_to_user+0x124/0x150 [ 26.309828][ T1739] kasan_report+0xe/0x20 [ 26.314051][ T1739] check_memory_region+0x128/0x190 [ 26.319228][ T1739] _copy_to_user+0x124/0x150 [ 26.323808][ T1739] ld_usb_read+0x329/0x760 [ 26.328205][ T1739] ? ld_usb_write+0xa20/0xa20 [ 26.332860][ T1739] ? finish_wait+0x260/0x260 [ 26.337436][ T1739] ? security_file_permission+0x8a/0x370 [ 26.343065][ T1739] ? ld_usb_write+0xa20/0xa20 [ 26.347725][ T1739] __vfs_read+0x76/0x100 [ 26.351955][ T1739] vfs_read+0x1ea/0x430 [ 26.356108][ T1739] ksys_read+0x1e8/0x250 [ 26.360329][ T1739] ? kernel_write+0x120/0x120 [ 26.364990][ T1739] ? hrtimer_nanosleep+0x4f0/0x4f0 [ 26.370090][ T1739] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 26.375788][ T1739] do_syscall_64+0xb7/0x580 [ 26.380276][ T1739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.386152][ T1739] RIP: 0033:0x446ef9 [ 26.390024][ T1739] Code: e8 ec e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 26.409606][ T1739] RSP: 002b:00007f20d4ae3d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 26.418010][ T1739] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446ef9 [ 26.425974][ T1739] RDX: 00000000fffffc92 RSI: 0000000020000080 RDI: 0000000000000004 [ 26.433967][ T1739] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 26.441918][ T1739] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 26.449903][ T1739] R13: 0001002402090100 R14: 000048c920200f11 R15: 08983baa00000112 [ 26.458679][ T1739] Kernel Offset: disabled [ 26.462992][ T1739] Rebooting in 86400 seconds..