Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. 2019/06/08 11:42:14 parsed 1 programs 2019/06/08 11:42:16 executed programs: 0 syzkaller login: [ 34.901593][ T1767] cgroup1: Unknown subsys name 'perf_event' [ 34.902378][ T1770] cgroup1: Unknown subsys name 'perf_event' [ 34.912147][ T1767] cgroup1: Unknown subsys name 'net_cls' [ 34.916233][ T1770] cgroup1: Unknown subsys name 'net_cls' [ 34.920655][ T1772] cgroup1: Unknown subsys name 'perf_event' [ 34.930074][ T1774] cgroup1: Unknown subsys name 'perf_event' [ 34.939407][ T1772] cgroup1: Unknown subsys name 'net_cls' [ 34.941031][ T1777] cgroup1: Unknown subsys name 'perf_event' [ 34.950298][ T1779] cgroup1: Unknown subsys name 'perf_event' [ 34.951790][ T1774] cgroup1: Unknown subsys name 'net_cls' [ 34.958125][ T1779] cgroup1: Unknown subsys name 'net_cls' [ 34.963172][ T1777] cgroup1: Unknown subsys name 'net_cls' [ 37.547763][ T107] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 37.568172][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.627774][ T2760] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 37.637842][ T21] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 37.647889][ T2767] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 37.657802][ T2773] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 37.787812][ T107] usb 4-1: Using ep0 maxpacket: 8 [ 37.807816][ T5] usb 1-1: Using ep0 maxpacket: 8 [ 37.867950][ T2760] usb 2-1: Using ep0 maxpacket: 8 [ 37.887767][ T21] usb 5-1: Using ep0 maxpacket: 8 [ 37.887955][ T2767] usb 6-1: Using ep0 maxpacket: 8 [ 37.897944][ T2773] usb 3-1: Using ep0 maxpacket: 8 [ 37.907987][ T107] usb 4-1: config 0 has an invalid interface number: 109 but max is 0 [ 37.916253][ T107] usb 4-1: config 0 has no interface number 0 [ 37.922607][ T107] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=e1.7f [ 37.931715][ T107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.939972][ T5] usb 1-1: config 0 has an invalid interface number: 109 but max is 0 [ 37.948213][ T5] usb 1-1: config 0 has no interface number 0 [ 37.954473][ T5] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=e1.7f [ 37.963597][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.972996][ T107] usb 4-1: config 0 descriptor?? [ 37.979050][ T5] usb 1-1: config 0 descriptor?? [ 37.987988][ T2760] usb 2-1: config 0 has an invalid interface number: 109 but max is 0 [ 37.996215][ T2760] usb 2-1: config 0 has no interface number 0 [ 38.002596][ T2760] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=e1.7f [ 38.011725][ T2760] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.017953][ T21] usb 5-1: config 0 has an invalid interface number: 109 but max is 0 [ 38.019869][ T2773] usb 3-1: config 0 has an invalid interface number: 109 but max is 0 [ 38.027971][ T21] usb 5-1: config 0 has no interface number 0 [ 38.028403][ T21] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=e1.7f [ 38.036177][ T2773] usb 3-1: config 0 has no interface number 0 [ 38.039393][ T5] radio-si470x 1-1:0.109: could not find interrupt in endpoint [ 38.042338][ T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.051445][ T2767] usb 6-1: config 0 has an invalid interface number: 109 but max is 0 [ 38.061902][ T21] usb 5-1: config 0 descriptor?? [ 38.064992][ T2767] usb 6-1: config 0 has no interface number 0 [ 38.072384][ T2773] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=e1.7f [ 38.101249][ T2773] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.109584][ T2760] usb 2-1: config 0 descriptor?? [ 38.115505][ T107] radio-si470x 4-1:0.109: could not find interrupt in endpoint [ 38.123202][ T2767] usb 6-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=e1.7f [ 38.132347][ T2767] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.140432][ T5] radio-si470x: probe of 1-1:0.109 failed with error -5 [ 38.143375][ T21] radio-si470x 5-1:0.109: could not find interrupt in endpoint [ 38.149423][ T2760] radio-si470x 2-1:0.109: could not find interrupt in endpoint [ 38.163678][ T107] radio-si470x: probe of 4-1:0.109 failed with error -5 [ 38.171044][ T2760] radio-si470x: probe of 2-1:0.109 failed with error -5 [ 38.174290][ T21] radio-si470x: probe of 5-1:0.109 failed with error -5 [ 38.179968][ T2767] usb 6-1: config 0 descriptor?? [ 38.194406][ T2773] usb 3-1: config 0 descriptor?? [ 38.217942][ T5] radio-raremono 1-1:0.109: Thanko's Raremono connected: (10C4:818A) [ 38.239979][ T2767] radio-si470x 6-1:0.109: could not find interrupt in endpoint [ 38.247850][ T107] radio-raremono 4-1:0.109: Thanko's Raremono connected: (10C4:818A) [ 38.257661][ T2773] radio-si470x 3-1:0.109: could not find interrupt in endpoint [ 38.265448][ T5] radio-raremono 1-1:0.109: raremono_cmd_main failed (-71) [ 38.272813][ T2767] radio-si470x: probe of 6-1:0.109 failed with error -5 [ 38.279864][ T2773] radio-si470x: probe of 3-1:0.109 failed with error -5 [ 38.288188][ T5] radio-raremono 1-1:0.109: V4L2 device registered as radio0 [ 38.296591][ T5] usb 1-1: USB disconnect, device number 2 [ 38.303321][ T5] radio-raremono 1-1:0.109: Thanko's Raremono disconnected [ 38.310640][ T107] radio-raremono 4-1:0.109: raremono_cmd_main failed (-71) [ 38.320194][ T2785] ================================================================== [ 38.322106][ T107] radio-raremono 4-1:0.109: V4L2 device registered as radio1 [ 38.328336][ T2785] BUG: KASAN: use-after-free in v4l2_release+0x319/0x390 [ 38.328350][ T2785] Read of size 8 at addr ffff8881d96012e0 by task v4l_id/2785 [ 38.328353][ T2785] [ 38.328366][ T2785] CPU: 1 PID: 2785 Comm: v4l_id Not tainted 5.2.0-rc1+ #10 [ 38.328372][ T2785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.328383][ T2785] Call Trace: [ 38.342758][ T2785] dump_stack+0xca/0x13e [ 38.351093][ T107] usb 4-1: USB disconnect, device number 2 [ 38.352562][ T2785] ? v4l2_release+0x319/0x390 [ 38.359974][ T107] radio-raremono 4-1:0.109: Thanko's Raremono disconnected [ 38.369802][ T2785] ? v4l2_release+0x319/0x390 [ 38.369818][ T2785] print_address_description+0x67/0x231 [ 38.369830][ T2785] ? v4l2_release+0x319/0x390 [ 38.369852][ T2785] ? v4l2_release+0x319/0x390 [ 38.369863][ T2785] __kasan_report.cold+0x1a/0x32 [ 38.369886][ T2785] ? v4l2_release+0x319/0x390 [ 38.369897][ T2785] kasan_report+0xe/0x20 [ 38.369908][ T2785] v4l2_release+0x319/0x390 [ 38.369918][ T2785] ? dev_debug_store+0x100/0x100 [ 38.369929][ T2785] __fput+0x2d7/0x790 [ 38.369940][ T2785] task_work_run+0x13f/0x1c0 [ 38.369951][ T2785] exit_to_usermode_loop+0x1c5/0x1f0 [ 38.369961][ T2785] do_syscall_64+0x43f/0x560 [ 38.369973][ T2785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.369988][ T2785] RIP: 0033:0x7f14f8b562b0 [ 38.427858][ T2773] radio-raremono 3-1:0.109: Thanko's Raremono connected: (10C4:818A) [ 38.428474][ T2785] Code: 40 75 0b 31 c0 48 83 c4 08 e9 0c ff ff ff 48 8d 3d c5 32 08 00 e8 c0 07 02 00 83 3d 45 a3 2b 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ce 8a 01 00 48 89 04 24 [ 38.451654][ T2785] RSP: 002b:00007fff82457468 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 38.451667][ T2785] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f14f8b562b0 [ 38.451674][ T2785] RDX: 0000000000000013 RSI: 0000000080685600 RDI: 0000000000000003 [ 38.451688][ T2785] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 38.451694][ T2785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 38.451700][ T2785] R13: 00007fff824575c0 R14: 0000000000000000 R15: 0000000000000000 [ 38.462200][ T2785] [ 38.462207][ T2785] Allocated by task 5: [ 38.474692][ T2785] save_stack+0x1b/0x80 [ 38.495151][ T2773] radio-raremono 3-1:0.109: raremono_cmd_main failed (-71) [ 38.502750][ T2785] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 38.502763][ T2785] __kmalloc_node_track_caller+0xee/0x370 [ 38.502773][ T2785] devm_kmalloc+0x87/0x190 [ 38.502784][ T2785] usb_raremono_probe+0x2f/0x231 [ 38.502803][ T2785] usb_probe_interface+0x305/0x7a0 [ 38.516859][ T2773] radio-raremono 3-1:0.109: V4L2 device registered as radio1 [ 38.518778][ T2785] really_probe+0x281/0x660 [ 38.518791][ T2785] driver_probe_device+0x104/0x210 [ 38.518803][ T2785] __device_attach_driver+0x1c2/0x220 [ 38.518820][ T2785] bus_for_each_drv+0x15c/0x1e0 [ 38.534766][ T2785] __device_attach+0x217/0x360 [ 38.545855][ T2773] usb 3-1: USB disconnect, device number 2 [ 38.549099][ T2785] bus_probe_device+0x1e4/0x290 [ 38.549110][ T2785] device_add+0xae6/0x16f0 [ 38.549121][ T2785] usb_set_configuration+0xdf6/0x1670 [ 38.549131][ T2785] generic_probe+0x9d/0xd5 [ 38.549141][ T2785] usb_probe_device+0x99/0x100 [ 38.549151][ T2785] really_probe+0x281/0x660 [ 38.549169][ T2785] driver_probe_device+0x104/0x210 [ 38.553556][ T2773] radio-raremono 3-1:0.109: Thanko's Raremono disconnected [ 38.560495][ T2785] __device_attach_driver+0x1c2/0x220 [ 38.560506][ T2785] bus_for_each_drv+0x15c/0x1e0 [ 38.560521][ T2785] __device_attach+0x217/0x360 [ 38.560531][ T2785] bus_probe_device+0x1e4/0x290 [ 38.560539][ T2785] device_add+0xae6/0x16f0 [ 38.560551][ T2785] usb_new_device.cold+0x8c1/0x1016 [ 38.560566][ T2785] hub_event+0x1ada/0x3590 [ 38.594173][ T2785] process_one_work+0x905/0x1570 [ 38.594186][ T2785] worker_thread+0x96/0xe20 [ 38.594203][ T2785] kthread+0x30b/0x410 [ 38.594212][ T2785] ret_from_fork+0x24/0x30 [ 38.603832][ T2785] [ 38.603839][ T2785] Freed by task 5: [ 38.603854][ T2785] save_stack+0x1b/0x80 [ 38.603872][ T2785] __kasan_slab_free+0x130/0x180 [ 38.731524][ T2785] kfree+0xd7/0x280 [ 38.735311][ T2785] release_nodes+0x4a1/0x910 [ 38.739875][ T2785] devres_release_all+0x74/0xc3 [ 38.744741][ T2785] device_release_driver_internal+0x21b/0x4c0 [ 38.748040][ T2760] radio-raremono 2-1:0.109: this is not Thanko's Raremono. [ 38.750869][ T2785] bus_remove_device+0x2dc/0x4a0 [ 38.750885][ T2785] device_del+0x460/0xb80 [ 38.758368][ T2760] usbhid 2-1:0.109: couldn't find an input interrupt endpoint [ 38.762992][ T2785] usb_disable_device+0x211/0x690 [ 38.763004][ T2785] usb_disconnect+0x284/0x830 [ 38.763013][ T2785] hub_event+0x1409/0x3590 [ 38.763033][ T2785] process_one_work+0x905/0x1570 [ 38.774800][ T2785] worker_thread+0x7ab/0xe20 [ 38.774812][ T2785] kthread+0x30b/0x410 [ 38.774830][ T2785] ret_from_fork+0x24/0x30 [ 38.806767][ T2785] [ 38.809076][ T2785] The buggy address belongs to the object at ffff8881d9601100 [ 38.809076][ T2785] which belongs to the cache kmalloc-4k of size 4096 [ 38.823100][ T2785] The buggy address is located 480 bytes inside of [ 38.823100][ T2785] 4096-byte region [ffff8881d9601100, ffff8881d9602100) [ 38.836443][ T2785] The buggy address belongs to the page: [ 38.842055][ T2785] page:ffffea0007658000 refcount:1 mapcount:0 mapping:ffff8881dac02600 index:0x0 compound_mapcount: 0 [ 38.847829][ T2767] radio-raremono 6-1:0.109: this is not Thanko's Raremono. [ 38.852961][ T2785] flags: 0x200000000010200(slab|head) [ 38.852979][ T2785] raw: 0200000000010200 dead000000000100 dead000000000200 ffff8881dac02600 [ 38.853000][ T2785] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 38.860456][ T2767] usbhid 6-1:0.109: couldn't find an input interrupt endpoint [ 38.865543][ T2785] page dumped because: kasan: bad access detected [ 38.865547][ T2785] [ 38.865551][ T2785] Memory state around the buggy address: [ 38.865562][ T2785] ffff8881d9601180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.865578][ T2785] ffff8881d9601200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.920487][ T2785] >ffff8881d9601280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.928528][ T2785] ^ [ 38.935725][ T2785] ffff8881d9601300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.943783][ T2785] ffff8881d9601380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.951814][ T2785] ================================================================== [ 38.959847][ T2785] Disabling lock debugging due to kernel taint [ 38.966222][ T2785] Kernel panic - not syncing: panic_on_warn set ... [ 38.966856][ T2746] udc dummy_udc.3: registering UDC driver [USB fuzzer] [ 38.972824][ T2785] CPU: 1 PID: 2785 Comm: v4l_id Tainted: G B 5.2.0-rc1+ #10 [ 38.972832][ T2785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.972835][ T2785] Call Trace: [ 38.972854][ T2785] dump_stack+0xca/0x13e [ 38.972866][ T2785] panic+0x292/0x6c9 [ 38.972883][ T2785] ? __warn_printk+0xf3/0xf3 [ 38.979971][ T2746] dummy_hcd dummy_hcd.3: port status 0x00010101 has changes [ 38.988316][ T2785] ? v4l2_release+0x319/0x390 [ 38.998444][ T2767] usb usb4: dummy_bus_resume [ 39.001628][ T2785] ? trace_hardirqs_on+0x55/0x1c0 [ 39.005913][ T2767] dummy_hcd dummy_hcd.3: port status 0x00010101 has changes [ 39.009721][ T2785] ? v4l2_release+0x319/0x390 [ 39.016886][ T2751] udc dummy_udc.0: registering UDC driver [USB fuzzer] [ 39.021549][ T2785] ? dev_debug_store+0x100/0x100 [ 39.021562][ T2785] end_report+0x43/0x49 [ 39.021571][ T2785] ? v4l2_release+0x319/0x390 [ 39.021581][ T2785] __kasan_report.cold+0xd/0x32 [ 39.021589][ T2785] ? v4l2_release+0x319/0x390 [ 39.021606][ T2785] kasan_report+0xe/0x20 [ 39.027487][ T2751] dummy_hcd dummy_hcd.0: port status 0x00010101 has changes [ 39.030853][ T2785] v4l2_release+0x319/0x390 [ 39.036972][ T2776] udc dummy_udc.2: registering UDC driver [USB fuzzer] [ 39.043131][ T2785] ? dev_debug_store+0x100/0x100 [ 39.043142][ T2785] __fput+0x2d7/0x790 [ 39.043164][ T2785] task_work_run+0x13f/0x1c0 [ 39.043175][ T2785] exit_to_usermode_loop+0x1c5/0x1f0 [ 39.043185][ T2785] do_syscall_64+0x43f/0x560 [ 39.043201][ T2785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.049259][ T2760] usb usb1: dummy_bus_resume [ 39.054690][ T2785] RIP: 0033:0x7f14f8b562b0 [ 39.054704][ T2785] Code: 40 75 0b 31 c0 48 83 c4 08 e9 0c ff ff ff 48 8d 3d c5 32 08 00 e8 c0 07 02 00 83 3d 45 a3 2b 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ce 8a 01 00 48 89 04 24 [ 39.054711][ T2785] RSP: 002b:00007fff82457468 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 39.054721][ T2785] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f14f8b562b0 [ 39.054735][ T2785] RDX: 0000000000000013 RSI: 0000000080685600 RDI: 0000000000000003 [ 39.060153][ T2776] dummy_hcd dummy_hcd.2: port status 0x00010101 has changes [ 39.063804][ T2785] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 39.068843][ T2760] dummy_hcd dummy_hcd.0: port status 0x00010101 has changes [ 39.073302][ T2785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000400884 [ 39.080178][ T2773] usb usb3: dummy_bus_resume [ 39.082182][ T2785] R13: 00007fff824575c0 R14: 0000000000000000 R15: 0000000000000000 [ 39.082506][ T2785] Kernel Offset: disabled [ 39.229999][ T2785] Rebooting in 86400 seconds..