usbcore: registered new interface driver usb-storage usbcore: registered new interface driver ums-realtek usbcore: registered new interface driver usbserial_generic usbserial: USB Serial support registered for generic usbcore: registered new interface driver ch341 usbserial: USB Serial support registered for ch341-uart usbcore: registered new interface driver cp210x usbserial: USB Serial support registered for cp210x usbcore: registered new interface driver ftdi_sio usbserial: USB Serial support registered for FTDI USB Serial Device usbcore: registered new interface driver keyspan usbserial: USB Serial support registered for Keyspan - (without firmware) usbserial: USB Serial support registered for Keyspan 1 port adapter usbserial: USB Serial support registered for Keyspan 2 port adapter usbserial: USB Serial support registered for Keyspan 4 port adapter usbcore: registered new interface driver option usbserial: USB Serial support registered for GSM modem (1-port) usbcore: registered new interface driver oti6858 usbserial: USB Serial support registered for oti6858 usbcore: registered new interface driver pl2303 usbserial: USB Serial support registered for pl2303 usbcore: registered new interface driver qcserial usbserial: USB Serial support registered for Qualcomm USB modem usbcore: registered new interface driver sierra usbserial: USB Serial support registered for Sierra USB modem usbcore: registered new interface driver usb_serial_simple usbserial: USB Serial support registered for carelink usbserial: USB Serial support registered for zio usbserial: USB Serial support registered for funsoft usbserial: USB Serial support registered for flashloader usbserial: USB Serial support registered for google usbserial: USB Serial support registered for libtransistor usbserial: USB Serial support registered for vivopay usbserial: USB Serial support registered for moto_modem usbserial: USB Serial support registered for motorola_tetra usbserial: USB Serial support registered for novatel_gps usbserial: USB Serial support registered for hp4x usbserial: USB Serial support registered for suunto usbserial: USB Serial support registered for siemens_mpi dummy_hcd dummy_hcd.0: USB Host+Gadget Emulator, driver 02 May 2005 dummy_hcd dummy_hcd.0: Dummy host controller dummy_hcd dummy_hcd.0: new USB bus registered, assigned bus number 1 usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.05 usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb1: Product: Dummy host controller usb usb1: Manufacturer: Linux 5.5.0-rc7-next-20200124-syzkaller dummy_hcd usb usb1: SerialNumber: dummy_hcd.0 hub 1-0:1.0: USB hub found hub 1-0:1.0: 1 port detected ================================================================== BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:426 [inline] BUG: KASAN: slab-out-of-bounds in post_usb_notification+0xe5/0x170 drivers/usb/core/devio.c:2771 Read of size 21 at addr ffff88809e495680 by task swapper/0/1 CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.5.0-rc7-next-20200124-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x32 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:641 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 memcpy+0x24/0x50 mm/kasan/common.c:127 memcpy include/linux/string.h:426 [inline] post_usb_notification+0xe5/0x170 drivers/usb/core/devio.c:2771 post_usb_device_notification drivers/usb/core/devio.c:2785 [inline] usbdev_notify+0x2c0/0x4a0 drivers/usb/core/devio.c:2800 notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 __blocking_notifier_call_chain kernel/notifier.c:284 [inline] __blocking_notifier_call_chain kernel/notifier.c:271 [inline] blocking_notifier_call_chain kernel/notifier.c:295 [inline] blocking_notifier_call_chain+0x94/0xb0 kernel/notifier.c:292 usb_notify_add_device+0x22/0x30 drivers/usb/core/notify.c:51 generic_probe+0x8c/0xde drivers/usb/core/generic.c:220 usb_probe_device+0xa0/0xf0 drivers/usb/core/driver.c:266 really_probe+0x291/0x700 drivers/base/dd.c:551 driver_probe_device+0x110/0x220 drivers/base/dd.c:724 __device_attach_driver+0x1c9/0x230 drivers/base/dd.c:831 bus_for_each_drv+0x172/0x1f0 drivers/base/bus.c:431 __device_attach+0x237/0x390 drivers/base/dd.c:897 device_initial_probe+0x1b/0x20 drivers/base/dd.c:944 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:491 device_add+0x14fe/0x1d00 drivers/base/core.c:2487 usb_new_device.cold+0x74c/0x1063 drivers/usb/core/hub.c:2539 register_root_hub drivers/usb/core/hcd.c:1008 [inline] usb_add_hcd.cold+0x10f8/0x1496 drivers/usb/core/hcd.c:2790 dummy_hcd_probe+0x1ae/0x32c drivers/usb/gadget/udc/dummy_hcd.c:2639 platform_drv_probe+0x8d/0x140 drivers/base/platform.c:727 really_probe+0x291/0x700 drivers/base/dd.c:551 driver_probe_device+0x110/0x220 drivers/base/dd.c:724 __device_attach_driver+0x1c9/0x230 drivers/base/dd.c:831 bus_for_each_drv+0x172/0x1f0 drivers/base/bus.c:431 __device_attach+0x237/0x390 drivers/base/dd.c:897 device_initial_probe+0x1b/0x20 drivers/base/dd.c:944 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:491 device_add+0x14fe/0x1d00 drivers/base/core.c:2487 platform_device_add+0x34e/0x6c0 drivers/base/platform.c:564 init+0x534/0xab8 arch/x86/crypto/chacha_glue.c:293 do_one_initcall+0x120/0x820 init/main.c:1109 do_initcall_level init/main.c:1182 [inline] do_initcalls init/main.c:1198 [inline] do_basic_setup init/main.c:1218 [inline] kernel_init_freeable+0x522/0x5d0 init/main.c:1402 kernel_init+0x12/0x1bf init/main.c:1309 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 1: save_stack+0x23/0x90 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] __kasan_kmalloc mm/kasan/common.c:515 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:488 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:529 __do_kmalloc mm/slab.c:3656 [inline] __kmalloc_track_caller+0x15f/0x760 mm/slab.c:3671 kvasprintf+0xc8/0x170 lib/kasprintf.c:25 kvasprintf_const+0x65/0x190 lib/kasprintf.c:49 kobject_set_name_vargs+0x5b/0x150 lib/kobject.c:289 dev_set_name+0xbb/0xf0 drivers/base/core.c:2265 usb_alloc_dev+0xcc4/0xf86 drivers/usb/core/usb.c:641 usb_add_hcd.cold+0x3c1/0x1496 drivers/usb/core/hcd.c:2697 dummy_hcd_probe+0x1ae/0x32c drivers/usb/gadget/udc/dummy_hcd.c:2639 platform_drv_probe+0x8d/0x140 drivers/base/platform.c:727 really_probe+0x291/0x700 drivers/base/dd.c:551 driver_probe_device+0x110/0x220 drivers/base/dd.c:724 __device_attach_driver+0x1c9/0x230 drivers/base/dd.c:831 bus_for_each_drv+0x172/0x1f0 drivers/base/bus.c:431 __device_attach+0x237/0x390 drivers/base/dd.c:897 device_initial_probe+0x1b/0x20 drivers/base/dd.c:944 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:491 device_add+0x14fe/0x1d00 drivers/base/core.c:2487 platform_device_add+0x34e/0x6c0 drivers/base/platform.c:564 init+0x534/0xab8 arch/x86/crypto/chacha_glue.c:293 do_one_initcall+0x120/0x820 init/main.c:1109 do_initcall_level init/main.c:1182 [inline] do_initcalls init/main.c:1198 [inline] do_basic_setup init/main.c:1218 [inline] kernel_init_freeable+0x522/0x5d0 init/main.c:1402 kernel_init+0x12/0x1bf init/main.c:1309 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff88809e495680 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 0 bytes inside of 32-byte region [ffff88809e495680, ffff88809e4956a0) The buggy address belongs to the page: page:ffffea0002792540 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809e495fc1 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea00027901c8 ffffea0002848ec8 ffff8880aa4001c0 raw: ffff88809e495fc1 ffff88809e495000 000000010000003f 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88809e495580: fb fb fb fb fc fc fc fc 00 00 00 01 fc fc fc fc ffff88809e495600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc >ffff88809e495680: 05 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc ^ ffff88809e495700: 00 fc fc fc fc fc fc fc 00 04 fc fc fc fc fc fc ffff88809e495780: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc ==================================================================