Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.080322][ T23] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 26.440363][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 26.451416][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.461183][ T23] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.40 [ 26.470237][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.481403][ T23] usb 1-1: config 0 descriptor?? [ 26.972604][ T23] hid-thrustmaster 0003:044F:B65D.0001: unknown main item tag 0x0 [ 26.982468][ T23] hid-thrustmaster 0003:044F:B65D.0001: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0 [ 26.994842][ T23] ================================================================== [ 27.003023][ T23] BUG: KASAN: slab-out-of-bounds in thrustmaster_probe+0x8d5/0xb50 [ 27.010920][ T23] Read of size 1 at addr ffff8881178419d2 by task kworker/1:1/23 [ 27.018619][ T23] [ 27.020927][ T23] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 5.17.0-rc4-syzkaller-00063-g9902951f536c #0 [ 27.031003][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.041051][ T23] Workqueue: usb_hub_wq hub_event [ 27.046068][ T23] Call Trace: [ 27.049330][ T23] [ 27.052245][ T23] dump_stack_lvl+0xcd/0x134 [ 27.056844][ T23] print_address_description.constprop.0.cold+0x8d/0x336 [ 27.063852][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.069131][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.074316][ T23] kasan_report.cold+0x83/0xdf [ 27.079066][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.084255][ T23] thrustmaster_probe+0x8d5/0xb50 [ 27.089268][ T23] ? thrustmaster_model_handler+0x370/0x370 [ 27.095152][ T23] ? hid_match_id+0x27a/0x300 [ 27.099823][ T23] ? thrustmaster_model_handler+0x370/0x370 [ 27.105714][ T23] hid_device_probe+0x2bd/0x3f0 [ 27.110558][ T23] ? hid_match_device+0x390/0x390 [ 27.115573][ T23] really_probe+0x245/0xcc0 [ 27.120064][ T23] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 27.126290][ T23] __driver_probe_device+0x338/0x4d0 [ 27.131567][ T23] driver_probe_device+0x4c/0x1a0 [ 27.136575][ T23] __device_attach_driver+0x20b/0x2f0 [ 27.141936][ T23] ? driver_allows_async_probing+0x150/0x150 [ 27.147901][ T23] bus_for_each_drv+0x15f/0x1e0 [ 27.152735][ T23] ? bus_for_each_dev+0x1d0/0x1d0 [ 27.157739][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 27.163534][ T23] ? lockdep_hardirqs_on+0x79/0x100 [ 27.168719][ T23] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 27.174510][ T23] __device_attach+0x228/0x4a0 [ 27.179269][ T23] ? device_driver_attach+0x210/0x210 [ 27.184624][ T23] ? kobject_uevent_env+0x2ac/0x1600 [ 27.189892][ T23] bus_probe_device+0x1e4/0x290 [ 27.194729][ T23] device_add+0xb83/0x1e20 [ 27.199126][ T23] ? up_write+0x148/0x470 [ 27.203437][ T23] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 27.209674][ T23] ? __debugfs_create_file+0x392/0x540 [ 27.215138][ T23] hid_add_device+0x344/0x9d0 [ 27.219812][ T23] ? lockdep_init_map_type+0x21a/0x7f0 [ 27.225256][ T23] ? modalias_show+0x150/0x150 [ 27.230016][ T23] ? lockdep_init_map_type+0x21a/0x7f0 [ 27.235464][ T23] ? __raw_spin_lock_init+0x36/0x110 [ 27.240736][ T23] usbhid_probe+0xbf4/0x1070 [ 27.245309][ T23] usb_probe_interface+0x315/0x7f0 [ 27.250408][ T23] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 27.255781][ T23] really_probe+0x245/0xcc0 [ 27.260272][ T23] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 27.266497][ T23] __driver_probe_device+0x338/0x4d0 [ 27.271770][ T23] driver_probe_device+0x4c/0x1a0 [ 27.276779][ T23] __device_attach_driver+0x20b/0x2f0 [ 27.282133][ T23] ? driver_allows_async_probing+0x150/0x150 [ 27.288098][ T23] bus_for_each_drv+0x15f/0x1e0 [ 27.292932][ T23] ? bus_for_each_dev+0x1d0/0x1d0 [ 27.297941][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 27.303757][ T23] ? lockdep_hardirqs_on+0x79/0x100 [ 27.308955][ T23] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 27.314751][ T23] __device_attach+0x228/0x4a0 [ 27.319500][ T23] ? device_driver_attach+0x210/0x210 [ 27.324859][ T23] ? kobject_uevent_env+0x2ac/0x1600 [ 27.330127][ T23] bus_probe_device+0x1e4/0x290 [ 27.334966][ T23] device_add+0xb83/0x1e20 [ 27.339376][ T23] ? mark_held_locks+0x9f/0xe0 [ 27.344210][ T23] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 27.350433][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 27.356223][ T23] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 27.362448][ T23] usb_set_configuration+0x101e/0x1900 [ 27.367903][ T23] usb_generic_driver_probe+0xba/0x100 [ 27.373346][ T23] usb_probe_device+0xd9/0x2c0 [ 27.378090][ T23] ? usb_driver_release_interface+0x180/0x180 [ 27.384137][ T23] really_probe+0x245/0xcc0 [ 27.388622][ T23] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 27.394847][ T23] __driver_probe_device+0x338/0x4d0 [ 27.400114][ T23] driver_probe_device+0x4c/0x1a0 [ 27.405138][ T23] __device_attach_driver+0x20b/0x2f0 [ 27.410492][ T23] ? driver_allows_async_probing+0x150/0x150 [ 27.416459][ T23] bus_for_each_drv+0x15f/0x1e0 [ 27.421297][ T23] ? bus_for_each_dev+0x1d0/0x1d0 [ 27.426320][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 27.432109][ T23] ? lockdep_hardirqs_on+0x79/0x100 [ 27.437292][ T23] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 27.443080][ T23] __device_attach+0x228/0x4a0 [ 27.447831][ T23] ? device_driver_attach+0x210/0x210 [ 27.453208][ T23] ? kobject_uevent_env+0x2ac/0x1600 [ 27.458477][ T23] bus_probe_device+0x1e4/0x290 [ 27.463324][ T23] device_add+0xb83/0x1e20 [ 27.467736][ T23] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 27.473961][ T23] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 27.480189][ T23] usb_new_device.cold+0x63f/0x108e [ 27.485388][ T23] ? hub_disconnect+0x510/0x510 [ 27.490228][ T23] ? rwlock_bug.part.0+0x90/0x90 [ 27.495161][ T23] ? _raw_spin_unlock_irq+0x1f/0x40 [ 27.500358][ T23] hub_event+0x2585/0x44d0 [ 27.504762][ T23] ? hub_port_debounce+0x3c0/0x3c0 [ 27.509863][ T23] ? lock_release+0x720/0x720 [ 27.514529][ T23] ? lock_downgrade+0x6e0/0x6e0 [ 27.519379][ T23] ? do_raw_spin_lock+0x120/0x2b0 [ 27.524388][ T23] process_one_work+0x9ac/0x1650 [ 27.529310][ T23] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 27.534665][ T23] ? rwlock_bug.part.0+0x90/0x90 [ 27.539583][ T23] ? _raw_spin_lock_irq+0x41/0x50 [ 27.544593][ T23] worker_thread+0x657/0x1110 [ 27.549255][ T23] ? process_one_work+0x1650/0x1650 [ 27.554441][ T23] kthread+0x2ef/0x3a0 [ 27.558500][ T23] ? kthread_complete_and_exit+0x40/0x40 [ 27.564126][ T23] ret_from_fork+0x1f/0x30 [ 27.568526][ T23] [ 27.571527][ T23] [ 27.573834][ T23] Allocated by task 23: [ 27.577964][ T23] kasan_save_stack+0x1e/0x40 [ 27.582627][ T23] __kasan_kmalloc+0x81/0xa0 [ 27.587207][ T23] usb_get_configuration+0x1394/0x3b30 [ 27.592667][ T23] usb_new_device+0x583/0x7d0 [ 27.597330][ T23] hub_event+0x2585/0x44d0 [ 27.601725][ T23] process_one_work+0x9ac/0x1650 [ 27.606643][ T23] worker_thread+0x657/0x1110 [ 27.611299][ T23] kthread+0x2ef/0x3a0 [ 27.615346][ T23] ret_from_fork+0x1f/0x30 [ 27.619750][ T23] [ 27.622053][ T23] The buggy address belongs to the object at ffff888117841980 [ 27.622053][ T23] which belongs to the cache kmalloc-96 of size 96 [ 27.635915][ T23] The buggy address is located 82 bytes inside of [ 27.635915][ T23] 96-byte region [ffff888117841980, ffff8881178419e0) [ 27.649093][ T23] The buggy address belongs to the page: [ 27.654713][ T23] page:ffffea00045e1040 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888117841700 pfn:0x117841 [ 27.666233][ T23] flags: 0x200000000000200(slab|node=0|zone=2) [ 27.672375][ T23] raw: 0200000000000200 0000000000000000 dead000000000001 ffff888100041780 [ 27.680945][ T23] raw: ffff888117841700 000000008020001f 00000001ffffffff 0000000000000000 [ 27.689518][ T23] page dumped because: kasan: bad access detected [ 27.695906][ T23] page_owner tracks the page as allocated [ 27.701596][ T23] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 1178, ts 8247299528, free_ts 0 [ 27.716519][ T23] get_page_from_freelist+0x122d/0x2940 [ 27.722058][ T23] __alloc_pages+0x1b2/0x500 [ 27.726633][ T23] alloc_pages+0x1aa/0x310 [ 27.731029][ T23] allocate_slab+0x27f/0x3e0 [ 27.735604][ T23] ___slab_alloc+0xc12/0x1450 [ 27.740266][ T23] __slab_alloc.constprop.0+0x4d/0xa0 [ 27.745631][ T23] __kmalloc+0x364/0x420 [ 27.749854][ T23] tomoyo_encode2.part.0+0xe9/0x3a0 [ 27.755037][ T23] tomoyo_encode+0x28/0x50 [ 27.759433][ T23] tomoyo_realpath_from_path+0x186/0x620 [ 27.765051][ T23] tomoyo_check_open_permission+0x272/0x380 [ 27.770928][ T23] tomoyo_file_open+0xa3/0xd0 [ 27.775590][ T23] security_file_open+0x45/0xb0 [ 27.780423][ T23] do_dentry_open+0x353/0x1110 [ 27.785170][ T23] path_openat+0x1c9e/0x2940 [ 27.789740][ T23] do_filp_open+0x1aa/0x400 [ 27.794223][ T23] page_owner free stack trace missing [ 27.799564][ T23] [ 27.801865][ T23] Memory state around the buggy address: [ 27.807475][ T23] ffff888117841880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 27.815514][ T23] ffff888117841900: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 27.823561][ T23] >ffff888117841980: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 27.831599][ T23] ^ [ 27.838247][ T23] ffff888117841a00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 27.846286][ T23] ffff888117841a80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 27.854328][ T23] ================================================================== [ 27.863083][ T23] Disabling lock debugging due to kernel taint [ 27.869270][ T23] Kernel panic - not syncing: panic_on_warn set ... [ 27.875856][ T23] CPU: 1 PID: 23 Comm: kworker/1:1 Tainted: G B 5.17.0-rc4-syzkaller-00063-g9902951f536c #0 [ 27.887222][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.897274][ T23] Workqueue: usb_hub_wq hub_event [ 27.902305][ T23] Call Trace: [ 27.905591][ T23] [ 27.908513][ T23] dump_stack_lvl+0xcd/0x134 [ 27.913114][ T23] panic+0x2b0/0x6dd [ 27.917007][ T23] ? __warn_printk+0xf3/0xf3 [ 27.921606][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.926808][ T23] ? trace_hardirqs_on+0x38/0x1c0 [ 27.932283][ T23] ? trace_hardirqs_on+0x51/0x1c0 [ 27.937302][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.942498][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.947691][ T23] end_report.cold+0x63/0x6f [ 27.952279][ T23] kasan_report.cold+0x71/0xdf [ 27.957032][ T23] ? thrustmaster_probe+0x8d5/0xb50 [ 27.962224][ T23] thrustmaster_probe+0x8d5/0xb50 [ 27.967240][ T23] ? thrustmaster_model_handler+0x370/0x370 [ 27.973125][ T23] ? hid_match_id+0x27a/0x300 [ 27.977795][ T23] ? thrustmaster_model_handler+0x370/0x370 [ 27.983681][ T23] hid_device_probe+0x2bd/0x3f0 [ 27.988522][ T23] ? hid_match_device+0x390/0x390 [ 27.993533][ T23] really_probe+0x245/0xcc0 [ 27.998050][ T23] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 28.004278][ T23] __driver_probe_device+0x338/0x4d0 [ 28.009553][ T23] driver_probe_device+0x4c/0x1a0 [ 28.014564][ T23] __device_attach_driver+0x20b/0x2f0 [ 28.019937][ T23] ? driver_allows_async_probing+0x150/0x150 [ 28.025914][ T23] bus_for_each_drv+0x15f/0x1e0 [ 28.030750][ T23] ? bus_for_each_dev+0x1d0/0x1d0 [ 28.035759][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 28.041554][ T23] ? lockdep_hardirqs_on+0x79/0x100 [ 28.046745][ T23] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 28.052653][ T23] __device_attach+0x228/0x4a0 [ 28.057433][ T23] ? device_driver_attach+0x210/0x210 [ 28.062810][ T23] ? kobject_uevent_env+0x2ac/0x1600 [ 28.068088][ T23] bus_probe_device+0x1e4/0x290 [ 28.072950][ T23] device_add+0xb83/0x1e20 [ 28.077367][ T23] ? up_write+0x148/0x470 [ 28.082296][ T23] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 28.088527][ T23] ? __debugfs_create_file+0x392/0x540 [ 28.093980][ T23] hid_add_device+0x344/0x9d0 [ 28.098650][ T23] ? lockdep_init_map_type+0x21a/0x7f0 [ 28.104097][ T23] ? modalias_show+0x150/0x150 [ 28.108848][ T23] ? lockdep_init_map_type+0x21a/0x7f0 [ 28.114310][ T23] ? __raw_spin_lock_init+0x36/0x110 [ 28.119587][ T23] usbhid_probe+0xbf4/0x1070 [ 28.124165][ T23] usb_probe_interface+0x315/0x7f0 [ 28.129268][ T23] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 28.134631][ T23] really_probe+0x245/0xcc0 [ 28.139123][ T23] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 28.145356][ T23] __driver_probe_device+0x338/0x4d0 [ 28.150627][ T23] driver_probe_device+0x4c/0x1a0 [ 28.155640][ T23] __device_attach_driver+0x20b/0x2f0 [ 28.160999][ T23] ? driver_allows_async_probing+0x150/0x150 [ 28.166965][ T23] bus_for_each_drv+0x15f/0x1e0 [ 28.171804][ T23] ? bus_for_each_dev+0x1d0/0x1d0 [ 28.176812][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 28.182611][ T23] ? lockdep_hardirqs_on+0x79/0x100 [ 28.187800][ T23] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 28.193597][ T23] __device_attach+0x228/0x4a0 [ 28.198349][ T23] ? device_driver_attach+0x210/0x210 [ 28.203706][ T23] ? kobject_uevent_env+0x2ac/0x1600 [ 28.208980][ T23] bus_probe_device+0x1e4/0x290 [ 28.213818][ T23] device_add+0xb83/0x1e20 [ 28.218221][ T23] ? mark_held_locks+0x9f/0xe0 [ 28.222975][ T23] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 28.229202][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 28.235266][ T23] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 28.241494][ T23] usb_set_configuration+0x101e/0x1900 [ 28.246945][ T23] usb_generic_driver_probe+0xba/0x100 [ 28.252394][ T23] usb_probe_device+0xd9/0x2c0 [ 28.257141][ T23] ? usb_driver_release_interface+0x180/0x180 [ 28.263201][ T23] really_probe+0x245/0xcc0 [ 28.267695][ T23] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 28.273922][ T23] __driver_probe_device+0x338/0x4d0 [ 28.279200][ T23] driver_probe_device+0x4c/0x1a0 [ 28.284251][ T23] __device_attach_driver+0x20b/0x2f0 [ 28.289627][ T23] ? driver_allows_async_probing+0x150/0x150 [ 28.295597][ T23] bus_for_each_drv+0x15f/0x1e0 [ 28.300446][ T23] ? bus_for_each_dev+0x1d0/0x1d0 [ 28.305454][ T23] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 28.311251][ T23] ? lockdep_hardirqs_on+0x79/0x100 [ 28.316438][ T23] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 28.322237][ T23] __device_attach+0x228/0x4a0 [ 28.327085][ T23] ? device_driver_attach+0x210/0x210 [ 28.332443][ T23] ? kobject_uevent_env+0x2ac/0x1600 [ 28.337714][ T23] bus_probe_device+0x1e4/0x290 [ 28.342558][ T23] device_add+0xb83/0x1e20 [ 28.346963][ T23] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 28.353191][ T23] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 28.359419][ T23] usb_new_device.cold+0x63f/0x108e [ 28.364604][ T23] ? hub_disconnect+0x510/0x510 [ 28.369443][ T23] ? rwlock_bug.part.0+0x90/0x90 [ 28.374367][ T23] ? _raw_spin_unlock_irq+0x1f/0x40 [ 28.379554][ T23] hub_event+0x2585/0x44d0 [ 28.383975][ T23] ? hub_port_debounce+0x3c0/0x3c0 [ 28.389094][ T23] ? lock_release+0x720/0x720 [ 28.393758][ T23] ? lock_downgrade+0x6e0/0x6e0 [ 28.398609][ T23] ? do_raw_spin_lock+0x120/0x2b0 [ 28.403631][ T23] process_one_work+0x9ac/0x1650 [ 28.408556][ T23] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 28.413931][ T23] ? rwlock_bug.part.0+0x90/0x90 [ 28.418856][ T23] ? _raw_spin_lock_irq+0x41/0x50 [ 28.423871][ T23] worker_thread+0x657/0x1110 [ 28.428538][ T23] ? process_one_work+0x1650/0x1650 [ 28.433725][ T23] kthread+0x2ef/0x3a0 [ 28.437777][ T23] ? kthread_complete_and_exit+0x40/0x40 [ 28.443399][ T23] ret_from_fork+0x1f/0x30 [ 28.447806][ T23] [ 28.450986][ T23] Kernel Offset: disabled [ 28.455295][ T23] Rebooting in 86400 seconds..