Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.896016][ T35] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 50.256401][ T35] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 50.267630][ T35] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.277496][ T35] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.40 [ 50.286616][ T35] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.299556][ T35] usb 1-1: config 0 descriptor?? [ 50.778857][ T35] hid-thrustmaster 0003:044F:B65D.0001: unknown main item tag 0x0 [ 50.789332][ T35] hid-thrustmaster 0003:044F:B65D.0001: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0 [ 50.801680][ T35] ================================================================== [ 50.809906][ T35] BUG: KASAN: slab-out-of-bounds in thrustmaster_probe+0x8d5/0xb50 [ 50.817831][ T35] Read of size 1 at addr ffff88807f1a59d2 by task kworker/1:1/35 [ 50.825531][ T35] [ 50.827864][ T35] CPU: 1 PID: 35 Comm: kworker/1:1 Not tainted 5.17.0-rc4-syzkaller-00051-gc5d9ae265b10 #0 [ 50.837875][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.847919][ T35] Workqueue: usb_hub_wq hub_event [ 50.852935][ T35] Call Trace: [ 50.856196][ T35] [ 50.859114][ T35] dump_stack_lvl+0xcd/0x134 [ 50.863697][ T35] print_address_description.constprop.0.cold+0x8d/0x336 [ 50.870715][ T35] ? thrustmaster_probe+0x8d5/0xb50 [ 50.875900][ T35] ? thrustmaster_probe+0x8d5/0xb50 [ 50.881084][ T35] kasan_report.cold+0x83/0xdf [ 50.885846][ T35] ? thrustmaster_probe+0x8d5/0xb50 [ 50.891036][ T35] thrustmaster_probe+0x8d5/0xb50 [ 50.896103][ T35] ? thrustmaster_model_handler+0x370/0x370 [ 50.901985][ T35] ? hid_match_id+0x27a/0x300 [ 50.906658][ T35] ? thrustmaster_model_handler+0x370/0x370 [ 50.912537][ T35] hid_device_probe+0x2bd/0x3f0 [ 50.917387][ T35] ? hid_match_device+0x390/0x390 [ 50.922591][ T35] really_probe+0x245/0xcc0 [ 50.927085][ T35] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 50.933322][ T35] __driver_probe_device+0x338/0x4d0 [ 50.938632][ T35] driver_probe_device+0x4c/0x1a0 [ 50.943654][ T35] __device_attach_driver+0x20b/0x2f0 [ 50.949018][ T35] ? driver_allows_async_probing+0x150/0x150 [ 50.954989][ T35] bus_for_each_drv+0x15f/0x1e0 [ 50.959844][ T35] ? bus_for_each_dev+0x1d0/0x1d0 [ 50.964873][ T35] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 50.970692][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 50.975881][ T35] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 50.981685][ T35] __device_attach+0x228/0x4a0 [ 50.986439][ T35] ? device_driver_attach+0x210/0x210 [ 50.991805][ T35] ? kobject_uevent_env+0x2ac/0x1600 [ 50.997083][ T35] bus_probe_device+0x1e4/0x290 [ 51.001922][ T35] device_add+0xb83/0x1e20 [ 51.006328][ T35] ? up_write+0x148/0x470 [ 51.010650][ T35] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 51.016884][ T35] ? __debugfs_create_file+0x392/0x540 [ 51.022337][ T35] hid_add_device+0x344/0x9d0 [ 51.027004][ T35] ? lockdep_init_map_type+0x21a/0x7f0 [ 51.032458][ T35] ? modalias_show+0x150/0x150 [ 51.037209][ T35] ? lockdep_init_map_type+0x21a/0x7f0 [ 51.042655][ T35] ? __raw_spin_lock_init+0x36/0x110 [ 51.047941][ T35] usbhid_probe+0xbf4/0x1070 [ 51.052542][ T35] usb_probe_interface+0x315/0x7f0 [ 51.057647][ T35] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 51.063105][ T35] really_probe+0x245/0xcc0 [ 51.067598][ T35] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 51.073831][ T35] __driver_probe_device+0x338/0x4d0 [ 51.079111][ T35] driver_probe_device+0x4c/0x1a0 [ 51.084129][ T35] __device_attach_driver+0x20b/0x2f0 [ 51.089496][ T35] ? driver_allows_async_probing+0x150/0x150 [ 51.095470][ T35] bus_for_each_drv+0x15f/0x1e0 [ 51.100315][ T35] ? bus_for_each_dev+0x1d0/0x1d0 [ 51.105340][ T35] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 51.111139][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 51.116415][ T35] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 51.122215][ T35] __device_attach+0x228/0x4a0 [ 51.126973][ T35] ? device_driver_attach+0x210/0x210 [ 51.132343][ T35] ? kobject_uevent_env+0x2ac/0x1600 [ 51.137623][ T35] bus_probe_device+0x1e4/0x290 [ 51.142473][ T35] device_add+0xb83/0x1e20 [ 51.146881][ T35] ? mark_held_locks+0x9f/0xe0 [ 51.151636][ T35] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 51.157868][ T35] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 51.163673][ T35] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.169996][ T35] usb_set_configuration+0x101e/0x1900 [ 51.175471][ T35] usb_generic_driver_probe+0xba/0x100 [ 51.180923][ T35] usb_probe_device+0xd9/0x2c0 [ 51.185675][ T35] ? usb_driver_release_interface+0x180/0x180 [ 51.191726][ T35] really_probe+0x245/0xcc0 [ 51.196216][ T35] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 51.202464][ T35] __driver_probe_device+0x338/0x4d0 [ 51.207748][ T35] driver_probe_device+0x4c/0x1a0 [ 51.212790][ T35] __device_attach_driver+0x20b/0x2f0 [ 51.218154][ T35] ? driver_allows_async_probing+0x150/0x150 [ 51.224124][ T35] bus_for_each_drv+0x15f/0x1e0 [ 51.228964][ T35] ? bus_for_each_dev+0x1d0/0x1d0 [ 51.233988][ T35] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 51.239788][ T35] ? lockdep_hardirqs_on+0x79/0x100 [ 51.245331][ T35] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 51.251138][ T35] __device_attach+0x228/0x4a0 [ 51.255894][ T35] ? device_driver_attach+0x210/0x210 [ 51.261271][ T35] ? kobject_uevent_env+0x2ac/0x1600 [ 51.266552][ T35] bus_probe_device+0x1e4/0x290 [ 51.271395][ T35] device_add+0xb83/0x1e20 [ 51.275819][ T35] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 51.282065][ T35] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.288301][ T35] usb_new_device.cold+0x63f/0x108e [ 51.293497][ T35] ? hub_disconnect+0x510/0x510 [ 51.298339][ T35] ? rwlock_bug.part.0+0x90/0x90 [ 51.303268][ T35] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.308481][ T35] hub_event+0x2585/0x44d0 [ 51.312908][ T35] ? hub_port_debounce+0x3c0/0x3c0 [ 51.318013][ T35] ? lock_release+0x720/0x720 [ 51.322680][ T35] ? lock_downgrade+0x6e0/0x6e0 [ 51.327537][ T35] ? do_raw_spin_lock+0x120/0x2b0 [ 51.332564][ T35] process_one_work+0x9ac/0x1650 [ 51.337516][ T35] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 51.342900][ T35] ? rwlock_bug.part.0+0x90/0x90 [ 51.347837][ T35] ? _raw_spin_lock_irq+0x41/0x50 [ 51.352870][ T35] worker_thread+0x657/0x1110 [ 51.357560][ T35] ? process_one_work+0x1650/0x1650 [ 51.362760][ T35] kthread+0x2e9/0x3a0 [ 51.366960][ T35] ? kthread_complete_and_exit+0x40/0x40 [ 51.372585][ T35] ret_from_fork+0x1f/0x30 [ 51.377002][ T35] [ 51.380006][ T35] [ 51.382317][ T35] Allocated by task 35: [ 51.386450][ T35] kasan_save_stack+0x1e/0x40 [ 51.391115][ T35] __kasan_kmalloc+0xa9/0xd0 [ 51.395693][ T35] usb_get_configuration+0x1394/0x3b30 [ 51.401140][ T35] usb_new_device+0x583/0x7d0 [ 51.405807][ T35] hub_event+0x2585/0x44d0 [ 51.410220][ T35] process_one_work+0x9ac/0x1650 [ 51.415159][ T35] worker_thread+0x657/0x1110 [ 51.419820][ T35] kthread+0x2e9/0x3a0 [ 51.423878][ T35] ret_from_fork+0x1f/0x30 [ 51.428279][ T35] [ 51.430587][ T35] The buggy address belongs to the object at ffff88807f1a5980 [ 51.430587][ T35] which belongs to the cache kmalloc-96 of size 96 [ 51.444797][ T35] The buggy address is located 82 bytes inside of [ 51.444797][ T35] 96-byte region [ffff88807f1a5980, ffff88807f1a59e0) [ 51.457885][ T35] The buggy address belongs to the page: [ 51.463497][ T35] page:ffffea0001fc6940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f1a5 [ 51.473635][ T35] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 51.481171][ T35] raw: 00fff00000000200 ffffea0000702fc0 dead000000000007 ffff888010c41780 [ 51.489753][ T35] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 51.498314][ T35] page dumped because: kasan: bad access detected [ 51.504709][ T35] page_owner tracks the page as allocated [ 51.510420][ T35] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2966, ts 25259400428, free_ts 25234590946 [ 51.526291][ T35] get_page_from_freelist+0xa72/0x2f50 [ 51.531747][ T35] __alloc_pages+0x1b2/0x500 [ 51.536336][ T35] alloc_pages+0x1aa/0x310 [ 51.540742][ T35] allocate_slab+0x27f/0x3c0 [ 51.545317][ T35] ___slab_alloc+0xbe1/0x12b0 [ 51.549981][ T35] __slab_alloc.constprop.0+0x4d/0xa0 [ 51.555369][ T35] __kmalloc+0x372/0x450 [ 51.559617][ T35] tomoyo_encode2.part.0+0xe9/0x3a0 [ 51.564803][ T35] tomoyo_encode+0x28/0x50 [ 51.569204][ T35] tomoyo_realpath_from_path+0x186/0x620 [ 51.574820][ T35] tomoyo_check_open_permission+0x272/0x380 [ 51.580716][ T35] tomoyo_file_open+0xa3/0xd0 [ 51.585381][ T35] security_file_open+0x45/0xb0 [ 51.590215][ T35] do_dentry_open+0x358/0x1250 [ 51.594963][ T35] path_openat+0x1c9e/0x2940 [ 51.599535][ T35] do_filp_open+0x1aa/0x400 [ 51.604023][ T35] page last free stack trace: [ 51.608688][ T35] free_pcp_prepare+0x374/0x870 [ 51.613543][ T35] free_unref_page+0x19/0x690 [ 51.618203][ T35] qlist_free_all+0x6d/0x160 [ 51.622793][ T35] kasan_quarantine_reduce+0x180/0x200 [ 51.628235][ T35] __kasan_slab_alloc+0xa2/0xc0 [ 51.633074][ T35] kmem_cache_alloc+0x271/0x4b0 [ 51.637996][ T35] getname_flags.part.0+0x50/0x4f0 [ 51.643091][ T35] getname+0x8e/0xd0 [ 51.646970][ T35] do_sys_openat2+0xf5/0x4d0 [ 51.651543][ T35] __x64_sys_openat+0x13f/0x1f0 [ 51.656396][ T35] do_syscall_64+0x35/0xb0 [ 51.660829][ T35] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.666799][ T35] [ 51.669105][ T35] Memory state around the buggy address: [ 51.675152][ T35] ffff88807f1a5880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 51.683196][ T35] ffff88807f1a5900: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 51.691239][ T35] >ffff88807f1a5980: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 51.699287][ T35] ^ [ 51.705951][ T35] ffff88807f1a5a00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.714005][ T35] ffff88807f1a5a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 51.722055][ T35] ================================================================== [ 51.730110][ T35] Disabling