INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.649386][   T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   33.889371][   T21] usb 1-1: Using ep0 maxpacket: 8
[   34.009423][   T21] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[   34.018294][   T21] usb 1-1: config 0 has no interface number 0
[   34.024481][   T21] usb 1-1: config 0 interface 52 altsetting 28 endpoint 0xB has invalid maxpacket 127, setting to 64
[   34.035826][   T21] usb 1-1: config 0 interface 52 altsetting 28 has an invalid endpoint with address 0x80, skipping
[   34.046672][   T21] usb 1-1: config 0 interface 52 altsetting 28 bulk endpoint 0x1 has invalid maxpacket 1
[   34.056522][   T21] usb 1-1: config 0 interface 52 has no altsetting 0
[   34.299417][   T21] usb 1-1: string descriptor 0 read error: -22
[   34.305692][   T21] usb 1-1: New USB device found, idVendor=1618, idProduct=9116, bcdDevice=c7.11
[   34.314926][   T21] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[   34.324006][   T21] usb 1-1: config 0 descriptor??
[   34.372547][   T21] rsi_91x: rsi_probe: Failed to init usb interface
[   34.380234][   T21] ==================================================================
[   34.388585][   T21] BUG: KASAN: double-free or invalid-free in rsi_91x_deinit+0x270/0x2f0
[   34.396886][   T21] 
[   34.399199][   T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.2.0-rc6+ #13
[   34.406648][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.416779][   T21] Workqueue: usb_hub_wq hub_event
[   34.421778][   T21] Call Trace:
[   34.425048][   T21]  dump_stack+0xca/0x13e
[   34.429283][   T21]  print_address_description+0x67/0x231
[   34.434809][   T21]  ? rsi_91x_deinit+0x270/0x2f0
[   34.439636][   T21]  kasan_report_invalid_free+0x61/0xa0
[   34.445093][   T21]  ? rsi_91x_deinit+0x270/0x2f0
[   34.449922][   T21]  __kasan_slab_free+0x162/0x180
[   34.454848][   T21]  ? rsi_91x_deinit+0x270/0x2f0
[   34.459674][   T21]  kfree+0xd7/0x280
[   34.463551][   T21]  rsi_91x_deinit+0x270/0x2f0
[   34.468741][   T21]  rsi_probe+0xcec/0x15a0
[   34.473051][   T21]  ? rsi_disconnect+0x630/0x630
[   34.477879][   T21]  ? lockdep_hardirqs_on+0x379/0x580
[   34.483140][   T21]  ? __pm_runtime_resume+0x111/0x180
[   34.488403][   T21]  usb_probe_interface+0x305/0x7a0
[   34.493511][   T21]  ? usb_probe_device+0x100/0x100
[   34.498515][   T21]  really_probe+0x281/0x660
[   34.502999][   T21]  driver_probe_device+0x104/0x210
[   34.508349][   T21]  __device_attach_driver+0x1c2/0x220
[   34.513928][   T21]  ? driver_allows_async_probing+0x160/0x160
[   34.521552][   T21]  bus_for_each_drv+0x15c/0x1e0
[   34.526403][   T21]  ? bus_rescan_devices+0x20/0x20
[   34.531412][   T21]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   34.537552][   T21]  ? lockdep_hardirqs_on+0x379/0x580
[   34.542899][   T21]  __device_attach+0x217/0x360
[   34.547646][   T21]  ? device_bind_driver+0xd0/0xd0
[   34.552647][   T21]  ? kobject_uevent_env+0x29e/0x1150
[   34.557909][   T21]  ? kobject_uevent_env+0x2a8/0x1150
[   34.563360][   T21]  bus_probe_device+0x1e4/0x290
[   34.568220][   T21]  ? blocking_notifier_call_chain+0x54/0xa0
[   34.575146][   T21]  device_add+0xae6/0x16f0
[   34.579546][   T21]  ? uevent_store+0x50/0x50
[   34.584035][   T21]  usb_set_configuration+0xdf6/0x1670
[   34.589388][   T21]  generic_probe+0x9d/0xd5
[   34.593785][   T21]  usb_probe_device+0x99/0x100
[   34.598527][   T21]  ? usb_suspend+0x620/0x620
[   34.603097][   T21]  really_probe+0x281/0x660
[   34.607580][   T21]  driver_probe_device+0x104/0x210
[   34.612671][   T21]  __device_attach_driver+0x1c2/0x220
[   34.618023][   T21]  ? driver_allows_async_probing+0x160/0x160
[   34.623978][   T21]  bus_for_each_drv+0x15c/0x1e0
[   34.628896][   T21]  ? bus_rescan_devices+0x20/0x20
[   34.633903][   T21]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   34.639693][   T21]  ? lockdep_hardirqs_on+0x379/0x580
[   34.644955][   T21]  __device_attach+0x217/0x360
[   34.649696][   T21]  ? device_bind_driver+0xd0/0xd0
[   34.654702][   T21]  ? kobject_uevent_env+0x29e/0x1150
[   34.659962][   T21]  ? kobject_uevent_env+0x2a8/0x1150
[   34.665223][   T21]  bus_probe_device+0x1e4/0x290
[   34.670148][   T21]  ? blocking_notifier_call_chain+0x54/0xa0
[   34.676017][   T21]  device_add+0xae6/0x16f0
[   34.680412][   T21]  ? uevent_store+0x50/0x50
[   34.685027][   T21]  usb_new_device.cold+0x8c1/0x1016
[   34.690213][   T21]  ? usb_port_suspend+0xa40/0xa40
[   34.695224][   T21]  ? mark_held_locks+0x9f/0xe0
[   34.699995][   T21]  ? _raw_spin_unlock_irq+0x24/0x30
[   34.705180][   T21]  hub_event+0x1ada/0x3590
[   34.709580][   T21]  ? hub_port_debounce+0x260/0x260
[   34.714759][   T21]  process_one_work+0x905/0x1570
[   34.720458][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   34.725811][   T21]  ? do_raw_spin_lock+0x11a/0x280
[   34.730813][   T21]  worker_thread+0x96/0xe20
[   34.735294][   T21]  ? process_one_work+0x1570/0x1570
[   34.740474][   T21]  kthread+0x30b/0x410
[   34.744520][   T21]  ? kthread_park+0x1a0/0x1a0
[   34.749174][   T21]  ret_from_fork+0x24/0x30
[   34.753565][   T21] 
[   34.755871][   T21] Allocated by task 21:
[   34.760004][   T21]  save_stack+0x1b/0x80
[   34.764136][   T21]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   34.770527][   T21]  rsi_probe+0x11a/0x15a0
[   34.776135][   T21]  usb_probe_interface+0x305/0x7a0
[   34.781225][   T21]  really_probe+0x281/0x660
[   34.786316][   T21]  driver_probe_device+0x104/0x210
[   34.791403][   T21]  __device_attach_driver+0x1c2/0x220
[   34.796946][   T21]  bus_for_each_drv+0x15c/0x1e0
[   34.801943][   T21]  __device_attach+0x217/0x360
[   34.806948][   T21]  bus_probe_device+0x1e4/0x290
[   34.812207][   T21]  device_add+0xae6/0x16f0
[   34.816597][   T21]  usb_set_configuration+0xdf6/0x1670
[   34.822119][   T21]  generic_probe+0x9d/0xd5
[   34.826512][   T21]  usb_probe_device+0x99/0x100
[   34.831365][   T21]  really_probe+0x281/0x660
[   34.835847][   T21]  driver_probe_device+0x104/0x210
[   34.841020][   T21]  __device_attach_driver+0x1c2/0x220
[   34.846373][   T21]  bus_for_each_drv+0x15c/0x1e0
[   34.851201][   T21]  __device_attach+0x217/0x360
[   34.855947][   T21]  bus_probe_device+0x1e4/0x290
[   34.860774][   T21]  device_add+0xae6/0x16f0
[   34.865188][   T21]  usb_new_device.cold+0x8c1/0x1016
[   34.870367][   T21]  hub_event+0x1ada/0x3590
[   34.874764][   T21]  process_one_work+0x905/0x1570
[   34.879679][   T21]  worker_thread+0x96/0xe20
[   34.884333][   T21]  kthread+0x30b/0x410
[   34.888378][   T21]  ret_from_fork+0x24/0x30
[   34.892764][   T21] 
[   34.895070][   T21] Freed by task 21:
[   34.901200][   T21]  save_stack+0x1b/0x80
[   34.905526][   T21]  __kasan_slab_free+0x130/0x180
[   34.910615][   T21]  kfree+0xd7/0x280
[   34.915728][   T21]  rsi_probe+0xdfd/0x15a0
[   34.920123][   T21]  usb_probe_interface+0x305/0x7a0
[   34.925332][   T21]  really_probe+0x281/0x660
[   34.929825][   T21]  driver_probe_device+0x104/0x210
[   34.934917][   T21]  __device_attach_driver+0x1c2/0x220
[   34.940691][   T21]  bus_for_each_drv+0x15c/0x1e0
[   34.946302][   T21]  __device_attach+0x217/0x360
[   34.951042][   T21]  bus_probe_device+0x1e4/0x290
[   34.955869][   T21]  device_add+0xae6/0x16f0
[   34.960275][   T21]  usb_set_configuration+0xdf6/0x1670
[   34.965623][   T21]  generic_probe+0x9d/0xd5
[   34.970017][   T21]  usb_probe_device+0x99/0x100
[   34.974756][   T21]  really_probe+0x281/0x660
[   34.979255][   T21]  driver_probe_device+0x104/0x210
[   34.985842][   T21]  __device_attach_driver+0x1c2/0x220
[   34.991192][   T21]  bus_for_each_drv+0x15c/0x1e0
[   34.996103][   T21]  __device_attach+0x217/0x360
[   35.000850][   T21]  bus_probe_device+0x1e4/0x290
[   35.005681][   T21]  device_add+0xae6/0x16f0
[   35.010074][   T21]  usb_new_device.cold+0x8c1/0x1016
[   35.015246][   T21]  hub_event+0x1ada/0x3590
[   35.019638][   T21]  process_one_work+0x905/0x1570
[   35.024549][   T21]  worker_thread+0x96/0xe20
[   35.029041][   T21]  kthread+0x30b/0x410
[   35.033084][   T21]  ret_from_fork+0x24/0x30
[   35.037480][   T21] 
[   35.039792][   T21] The buggy address belongs to the object at ffff8881cf4a7b80
[   35.039792][   T21]  which belongs to the cache kmalloc-512 of size 512
[   35.053836][   T21] The buggy address is located 0 bytes inside of
[   35.053836][   T21]  512-byte region [ffff8881cf4a7b80, ffff8881cf4a7d80)
[   35.066916][   T21] The buggy address belongs to the page:
[   35.072525][   T21] page:ffffea00073d2980 refcount:1 mapcount:0 mapping:ffff8881dac02c00 index:0x0 compound_mapcount: 0
[   35.083432][   T21] flags: 0x200000000010200(slab|head)
[   35.090763][   T21] raw: 0200000000010200 ffffea00073d2880 0000000900000009 ffff8881dac02c00
[   35.099326][   T21] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   35.107904][   T21] page dumped because: kasan: bad access detected
[   35.114288][   T21] 
[   35.116681][   T21] Memory state around the buggy address:
[   35.122290][   T21]  ffff8881cf4a7a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.130329][   T21]  ffff8881cf4a7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.138366][   T21] >ffff8881cf4a7b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.146401][   T21]                    ^
[   35.150460][   T21]  ffff8881cf4a7c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.158495][   T21]  ffff8881cf4a7c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.166544][   T21] ==================================================================
[   35.174594][   T21