Greeting, FYI, we noticed the following commit (built with gcc-11): commit: 5c7b9167ddf89d2d845e09bfcdc9f677340b6a5c ("i2c: i801: convert to use common P2SB accessor") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master in testcase: xfstests version: xfstests-x86_64-c1144bf-1_20220711 with following parameters: disk: 4HDD fs: ext4 fs2: smbv3 test: generic-group-06 ucode: 0xec test-description: xfstests is a regression test suite for xfs and other files ystems. test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git on test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz with 16G memory caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 4.557195][ T1] BUG: KASAN: use-after-free in string (lib/vsprintf.c:643 lib/vsprintf.c:725) [ 4.557201][ T1] Read of size 1 at addr ffff8881093f73e0 by task swapper/0/1 [ 4.557204][ T1] [ 4.557205][ T1] CPU: 7 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc1-00006-g5c7b9167ddf8 #1 [ 4.557209][ T1] Hardware name: HP HP Z240 SFF Workstation/802E, BIOS N51 Ver. 01.63 10/05/2017 [ 4.557210][ T1] Call Trace: [ 4.557212][ T1] [ 4.557214][ T1] ? string (lib/vsprintf.c:643 lib/vsprintf.c:725) [ 4.557217][ T1] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) [ 4.557221][ T1] print_address_description+0x1f/0x200 [ 4.557226][ T1] ? string (lib/vsprintf.c:643 lib/vsprintf.c:725) [ 4.557228][ T1] print_report.cold (mm/kasan/report.c:430) [ 4.557232][ T1] ? kernfs_create_link (fs/kernfs/symlink.c:39) [ 4.557236][ T1] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 4.557239][ T1] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) [ 4.557243][ T1] ? string (lib/vsprintf.c:643 lib/vsprintf.c:725) [ 4.557246][ T1] string (lib/vsprintf.c:643 lib/vsprintf.c:725) [ 4.557249][ T1] ? ip6_addr_string_sa (lib/vsprintf.c:721) [ 4.557252][ T1] ? pinctrl_bind_pins (drivers/base/pinctrl.c:94) [ 4.557255][ T1] ? __fprop_add_percpu_max (lib/idr.c:35) [ 4.557259][ T1] vsnprintf (lib/vsprintf.c:2733) [ 4.557263][ T1] ? pointer (lib/vsprintf.c:2714) [ 4.557265][ T1] ? idr_alloc_cyclic (lib/idr.c:126) [ 4.557269][ T1] ? idr_alloc (lib/idr.c:118) [ 4.557271][ T1] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154) [ 4.557274][ T1] devm_kvasprintf (drivers/base/devres.c:1004) [ 4.557277][ T1] ? devm_kmemdup (drivers/base/devres.c:995) [ 4.557280][ T1] ? __cond_resched (kernel/sched/core.c:8217) [ 4.557284][ T1] devm_kasprintf (drivers/base/devres.c:1026) [ 4.557287][ T1] ? devm_kvasprintf (drivers/base/devres.c:1026) [ 4.557290][ T1] ? _raw_read_unlock_irqrestore (kernel/locking/spinlock.c:161) [ 4.557293][ T1] ? __kmalloc_node_track_caller (mm/slub.c:3216 mm/slub.c:4950) [ 4.557295][ T1] ? iTCO_wdt_probe (include/linux/device.h:209 drivers/watchdog/iTCO_wdt.c:472) [ 4.557299][ T1] ? add_dr (include/linux/list.h:69 (discriminator 2) include/linux/list.h:102 (discriminator 2) drivers/base/devres.c:131 (discriminator 2)) [ 4.557302][ T1] __devm_ioremap_resource (lib/devres.c:156) [ 4.557306][ T1] iTCO_wdt_probe (drivers/watchdog/iTCO_wdt.c:509) [ 4.557311][ T1] platform_probe (drivers/base/platform.c:1400) [ 4.557315][ T1] really_probe (drivers/base/dd.c:555 drivers/base/dd.c:634) [ 4.557320][ T1] __driver_probe_device (drivers/base/dd.c:764) [ 4.557324][ T1] driver_probe_device (drivers/base/dd.c:794) [ 4.557327][ T1] __driver_attach (drivers/base/dd.c:1164) [ 4.557331][ T1] ? __device_attach_driver (drivers/base/dd.c:1116) [ 4.557334][ T1] bus_for_each_dev (drivers/base/bus.c:301) [ 4.557337][ T1] ? subsys_dev_iter_exit (drivers/base/bus.c:290) [ 4.557341][ T1] ? klist_add_tail (include/linux/list.h:69 include/linux/list.h:102 lib/klist.c:104 lib/klist.c:137) [ 4.557344][ T1] bus_add_driver (drivers/base/bus.c:618) [ 4.557348][ T1] driver_register (drivers/base/driver.c:240) [ 4.557350][ T1] ? esb_driver_init (drivers/watchdog/iTCO_wdt.c:651) [ 4.557354][ T1] do_one_initcall (init/main.c:1295) [ 4.557358][ T1] ? trace_event_raw_event_initcall_level (init/main.c:1286) [ 4.557361][ T1] ? parse_one (kernel/params.c:170) [ 4.557365][ T1] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142) [ 4.557370][ T1] do_initcalls (init/main.c:1367 init/main.c:1384) [ 4.557374][ T1] kernel_init_freeable (init/main.c:1614) [ 4.557378][ T1] ? console_on_rootfs (init/main.c:1581) [ 4.557381][ T1] ? usleep_range_state (kernel/time/timer.c:1897) [ 4.557385][ T1] ? _raw_spin_lock_bh (kernel/locking/spinlock.c:169) [ 4.557388][ T1] ? rest_init (init/main.c:1491) [ 4.557392][ T1] ? rest_init (init/main.c:1491) [ 4.557395][ T1] kernel_init (init/main.c:1501) [ 4.557398][ T1] ret_from_fork (arch/x86/entry/entry_64.S:308) [ 4.557402][ T1] [ 4.557403][ T1] [ 4.557404][ T1] Allocated by task 0: [ 4.557406][ T1] (stack is not available) [ 4.557406][ T1] [ 4.557407][ T1] Freed by task 1: [ 4.557409][ T1] kasan_save_stack (mm/kasan/common.c:39) [ 4.557412][ T1] kasan_set_track (mm/kasan/common.c:45) [ 4.557414][ T1] kasan_set_free_info (mm/kasan/generic.c:372) [ 4.557417][ T1] __kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328 mm/kasan/common.c:374) [ 4.557420][ T1] kfree (mm/slub.c:1753 mm/slub.c:3507 mm/slub.c:4555) [ 4.557422][ T1] kobject_cleanup (lib/kobject.c:683) [ 4.557425][ T1] p2sb_bar (drivers/platform/x86/intel/p2sb.c:120) [ 4.557429][ T1] i801_add_tco (drivers/i2c/busses/i2c-i801.c:1495 drivers/i2c/busses/i2c-i801.c:1552) [ 4.557431][ T1] i801_probe.cold (drivers/i2c/busses/i2c-i801.c:1749 (discriminator 4)) [ 4.557433][ T1] local_pci_probe (drivers/pci/pci-driver.c:324) [ 4.557435][ T1] pci_call_probe (drivers/pci/pci-driver.c:392) [ 4.557437][ T1] pci_device_probe (drivers/pci/pci-driver.c:461) [ 4.557439][ T1] really_probe (drivers/base/dd.c:555 drivers/base/dd.c:634) [ 4.557442][ T1] __driver_probe_device (drivers/base/dd.c:764) [ 4.557445][ T1] driver_probe_device (drivers/base/dd.c:794) [ 4.557448][ T1] __driver_attach (drivers/base/dd.c:1164) [ 4.557451][ T1] bus_for_each_dev (drivers/base/bus.c:301) [ 4.557453][ T1] bus_add_driver (drivers/base/bus.c:618) [ 4.557456][ T1] driver_register (drivers/base/driver.c:240) [ 4.557458][ T1] i2c_i801_init (drivers/i2c/busses/i2c-i801.c:1842) [ 4.557460][ T1] do_one_initcall (init/main.c:1295) [ 4.557463][ T1] do_initcalls (init/main.c:1367 init/main.c:1384) [ 4.557466][ T1] kernel_init_freeable (init/main.c:1614) [ 4.557469][ T1] kernel_init (init/main.c:1501) [ 4.557471][ T1] ret_from_fork (arch/x86/entry/entry_64.S:308) [ 4.557474][ T1] [ 4.557474][ T1] The buggy address belongs to the object at ffff8881093f73e0 [ 4.557474][ T1] which belongs to the cache kmalloc-16 of size 16 [ 4.557477][ T1] The buggy address is located 0 bytes inside of [ 4.557477][ T1] 16-byte region [ffff8881093f73e0, ffff8881093f73f0) [ 4.557479][ T1] [ 4.557480][ T1] The buggy address belongs to the physical page: [ 4.557481][ T1] page:00000000bf10f767 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1093f7 [ 4.557502][ T1] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests sudo bin/lkp install job.yaml # job file is attached in this email bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run sudo bin/lkp run generated-yaml-file # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://01.org/lkp