hid-thrustmaster 0003:044F:B65D.0005: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0
==================================================================
BUG: KASAN: stack-out-of-bounds in usb_check_int_endpoints+0x1a4/0x220 drivers/usb/core/usb.c:277
Read of size 1 at addr ffff800097d06511 by task kworker/0:1/10

CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc2-syzkaller-ga64dcfb451e2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: usb_hub_wq hub_event
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x198/0x538 mm/kasan/report.c:489
 kasan_report+0xd8/0x138 mm/kasan/report.c:602
 __asan_report_load1_noabort+0x20/0x2c mm/kasan/report_generic.c:378
 usb_check_int_endpoints+0x1a4/0x220 drivers/usb/core/usb.c:277
 thrustmaster_interrupts drivers/hid/hid-thrustmaster.c:176 [inline]
 thrustmaster_probe+0x3c4/0xa88 drivers/hid/hid-thrustmaster.c:347
 __hid_device_probe drivers/hid/hid-core.c:2713 [inline]
 hid_device_probe+0x340/0x608 drivers/hid/hid-core.c:2750
 really_probe+0x38c/0x8fc drivers/base/dd.c:658
 __driver_probe_device+0x194/0x374 drivers/base/dd.c:800
 driver_probe_device+0x78/0x330 drivers/base/dd.c:830
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:958
 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:462
 __device_attach+0x2b4/0x434 drivers/base/dd.c:1030
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1079
 bus_probe_device+0x178/0x240 drivers/base/bus.c:537
 device_add+0x728/0xa6c drivers/base/core.c:3665
 hid_add_device+0x318/0x4a8 drivers/hid/hid-core.c:2896
 usbhid_probe+0xa18/0xe5c drivers/hid/usbhid/hid-core.c:1431
 usb_probe_interface+0x598/0xa40 drivers/usb/core/driver.c:396
 really_probe+0x38c/0x8fc drivers/base/dd.c:658
 __driver_probe_device+0x194/0x374 drivers/base/dd.c:800
 driver_probe_device+0x78/0x330 drivers/base/dd.c:830
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:958
 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:462
 __device_attach+0x2b4/0x434 drivers/base/dd.c:1030
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1079
 bus_probe_device+0x178/0x240 drivers/base/bus.c:537
 device_add+0x728/0xa6c drivers/base/core.c:3665
 usb_set_configuration+0x15cc/0x1b38 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:250
 usb_probe_device+0x1a4/0x348 drivers/usb/core/driver.c:291
 really_probe+0x38c/0x8fc drivers/base/dd.c:658
 __driver_probe_device+0x194/0x374 drivers/base/dd.c:800
 driver_probe_device+0x78/0x330 drivers/base/dd.c:830
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:958
 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:462
 __device_attach+0x2b4/0x434 drivers/base/dd.c:1030
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1079
 bus_probe_device+0x178/0x240 drivers/base/bus.c:537
 device_add+0x728/0xa6c drivers/base/core.c:3665
 usb_new_device+0x908/0x14ac drivers/usb/core/hub.c:2652
 hub_port_connect drivers/usb/core/hub.c:5523 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5663 [inline]
 port_event drivers/usb/core/hub.c:5823 [inline]
 hub_event+0x2454/0x4280 drivers/usb/core/hub.c:5905
 process_one_work+0x810/0x1638 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3398
 kthread+0x65c/0x7b0 kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862

The buggy address belongs to stack of task kworker/0:1/10
 and is located at offset 49 in frame:
 thrustmaster_probe+0x0/0xa88

This frame has 2 objects:
 [32, 36) 'trans.i'
 [48, 49) 'ep_addr.i'

The buggy address belongs to the virtual mapping at
 [ffff800097d00000, ffff800097d09000) created by:
 copy_process+0x490/0x322c kernel/fork.c:2233

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a44
flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff800097d06400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff800097d06480: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
>ffff800097d06500: 04 f2 01 f3 00 00 00 00 00 00 00 00 00 00 00 00
                         ^
 ffff800097d06580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff800097d06600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
hid-thrustmaster 0003:044F:B65D.0005: setup data couldn't be sent
usb 1-1: USB disconnect, device number 13