==================================================================
BUG: KASAN: slab-out-of-bounds in memset include/linux/fortify-string.h:209 [inline]
BUG: KASAN: slab-out-of-bounds in vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:226 [inline]
BUG: KASAN: slab-out-of-bounds in vmk80xx_auto_attach+0x136e/0x19c0 drivers/comedi/drivers/vmk80xx.c:818
Write of size 296 at addr ffff888148048600 by task kworker/1:3/3651

CPU: 1 PID: 3651 Comm: kworker/1:3 Not tainted 5.17.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255
 __kasan_report mm/kasan/report.c:442 [inline]
 kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
 memset+0x20/0x40 mm/kasan/shadow.c:44
 memset include/linux/fortify-string.h:209 [inline]
 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:226 [inline]
 vmk80xx_auto_attach+0x136e/0x19c0 drivers/comedi/drivers/vmk80xx.c:818
 comedi_auto_config+0x138/0x1e0 drivers/comedi/drivers.c:1066
 usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x1c2/0xb60 drivers/base/dd.c:596
 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
 driver_probe_device+0x44/0x110 drivers/base/dd.c:782
 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899
 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
 __device_attach+0x1db/0x410 drivers/base/dd.c:970
 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
 device_add+0xa57/0x1b80 drivers/base/core.c:3405
 usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
 usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x1c2/0xb60 drivers/base/dd.c:596
 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
 driver_probe_device+0x44/0x110 drivers/base/dd.c:782
 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899
 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
 __device_attach+0x1db/0x410 drivers/base/dd.c:970
 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
 device_add+0xa57/0x1b80 drivers/base/core.c:3405
 usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5358 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
 port_event drivers/usb/core/hub.c:5660 [inline]
 hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
 process_one_work+0x879/0x1410 kernel/workqueue.c:2307
 worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
 kthread+0x299/0x340 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Allocated by task 3651:
 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:436 [inline]
 ____kasan_kmalloc mm/kasan/common.c:515 [inline]
 ____kasan_kmalloc mm/kasan/common.c:474 [inline]
 __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524
 kmalloc include/linux/slab.h:586 [inline]
 kzalloc include/linux/slab.h:715 [inline]
 vmk80xx_alloc_usb_buffers drivers/comedi/drivers/vmk80xx.c:688 [inline]
 vmk80xx_auto_attach+0x782/0x19c0 drivers/comedi/drivers/vmk80xx.c:811
 comedi_auto_config+0x138/0x1e0 drivers/comedi/drivers.c:1066
 usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x1c2/0xb60 drivers/base/dd.c:596
 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
 driver_probe_device+0x44/0x110 drivers/base/dd.c:782
 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899
 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
 __device_attach+0x1db/0x410 drivers/base/dd.c:970
 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
 device_add+0xa57/0x1b80 drivers/base/core.c:3405
 usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
 usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x1c2/0xb60 drivers/base/dd.c:596
 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
 driver_probe_device+0x44/0x110 drivers/base/dd.c:782
 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899
 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
 __device_attach+0x1db/0x410 drivers/base/dd.c:970
 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
 device_add+0xa57/0x1b80 drivers/base/core.c:3405
 usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5358 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
 port_event drivers/usb/core/hub.c:5660 [inline]
 hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
 process_one_work+0x879/0x1410 kernel/workqueue.c:2307
 worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
 kthread+0x299/0x340 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

The buggy address belongs to the object at ffff888148048600
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes inside of
 64-byte region [ffff888148048600, ffff888148048640)
The buggy address belongs to the page:
page:ffffea0005201200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x148048
flags: 0x57ff00000000200(slab|node=1|zone=2|lastcpupid=0x7ff)
raw: 057ff00000000200 ffffea000502f240 dead000000000005 ffff88800fc41640
raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 3991070578, free_ts 0
 prep_new_page mm/page_alloc.c:2434 [inline]
 get_page_from_freelist+0xa6f/0x2f10 mm/page_alloc.c:4165
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389
 alloc_page_interleave+0xf/0x1c0 mm/mempolicy.c:2116
 alloc_slab_page mm/slub.c:1799 [inline]
 allocate_slab mm/slub.c:1944 [inline]
 new_slab+0x28a/0x3b0 mm/slub.c:2004
 ___slab_alloc+0x87e/0xe80 mm/slub.c:3018
 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3105
 slab_alloc_node mm/slub.c:3196 [inline]
 slab_alloc mm/slub.c:3238 [inline]
 __kmalloc+0x2fb/0x340 mm/slub.c:4420
 kmalloc include/linux/slab.h:586 [inline]
 kzalloc include/linux/slab.h:715 [inline]
 kobject_get_path+0x9a/0x1f0 lib/kobject.c:179
 kobject_uevent_env+0x1eb/0x1250 lib/kobject_uevent.c:529
 device_add+0x9fe/0x1b80 drivers/base/core.c:3386
 device_create_groups_vargs+0x1c4/0x230 drivers/base/core.c:4062
 device_create+0xa1/0xd0 drivers/base/core.c:4104
 mon_bin_add+0x7e/0x120 drivers/usb/mon/mon_bin.c:1359
 mon_bus_init+0x184/0x300 drivers/usb/mon/mon_main.c:302
 mon_bus_add drivers/usb/mon/mon_main.c:199 [inline]
 mon_notify+0x286/0x3c0 drivers/usb/mon/mon_main.c:230
 notifier_call_chain+0x94/0x170 kernel/notifier.c:84
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888148048500: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc
 ffff888148048580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff888148048600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
                                           ^
 ffff888148048680: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
 ffff888148048700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
==================================================================