BUG: KASAN: vmalloc-out-of-bounds in i801_isr_byte_done drivers/i2c/busses/i2c-i801.c:593 [inline] BUG: KASAN: vmalloc-out-of-bounds in i801_isr drivers/i2c/busses/i2c-i801.c:664 [inline] BUG: KASAN: vmalloc-out-of-bounds in i801_isr+0xb2d/0xbf0 drivers/i2c/busses/i2c-i801.c:645 Write of size 1 at addr ffffc90003557d61 by task udevd/12182 CPU: 1 PID: 12182 Comm: udevd Not tainted 5.9.0-rc3-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x497 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 i801_isr_byte_done drivers/i2c/busses/i2c-i801.c:593 [inline] i801_isr drivers/i2c/busses/i2c-i801.c:664 [inline] i801_isr+0xb2d/0xbf0 drivers/i2c/busses/i2c-i801.c:645 __handle_irq_event_percpu+0x223/0xaa0 kernel/irq/handle.c:156 handle_irq_event_percpu kernel/irq/handle.c:196 [inline] handle_irq_event+0x102/0x285 kernel/irq/handle.c:213 handle_fasteoi_irq+0x22f/0x9f0 kernel/irq/chip.c:714 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0x115/0x1f0 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:572 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:196 Code: 48 89 ef 5d e9 a1 9c 3f 00 5d be 03 00 00 00 e9 96 1d 27 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 48 8b 14 25 c0 fe 01 00 65 8b 05 70 b3 8d 7e a9 00 01 ff 00 48 RSP: 0018:ffffc900016d7840 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 000000000000000b RCX: ffffffff83666ae7 RDX: 0000000000000000 RSI: ffff888022134d00 RDI: 0000000000000005 RBP: ffff888029e73b80 R08: 0000000000000001 R09: ffffffff8cb1c3c7 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 R13: 0000000000000005 R14: dffffc0000000000 R15: 0000000000000000 tomoyo_domain_quota_is_ok+0x31a/0x550 security/tomoyo/util.c:1070 tomoyo_supervisor+0x2d4/0xeb0 security/tomoyo/common.c:2089 tomoyo_audit_path2_log security/tomoyo/file.c:182 [inline] tomoyo_path2_perm+0x4b3/0x600 security/tomoyo/file.c:943 tomoyo_path_rename+0xd2/0x130 security/tomoyo/tomoyo.c:279 security_path_rename+0x1b5/0x2e0 security/security.c:1135 do_renameat2+0x481/0xbf0 fs/namei.c:4452 __do_sys_rename fs/namei.c:4502 [inline] __se_sys_rename fs/namei.c:4500 [inline] __x64_sys_rename+0x5d/0x80 fs/namei.c:4500 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f70a2058527 Code: 32 00 64 83 38 15 74 07 b8 ff ff ff ff 5b c3 48 89 df e8 1c c1 07 00 85 c0 75 ed 31 c0 eb d3 90 90 90 90 b8 52 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 f8 32 00 31 d2 48 29 c2 64 RSP: 002b:00007ffc6bc57ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 RAX: ffffffffffffffda RBX: 0000000001e267b0 RCX: 00007f70a2058527 RDX: 0000000001e267c0 RSI: 00007ffc6bc57be0 RDI: 00007ffc6bc57fe0 RBP: 0000000001e25fd0 R08: 00007f70a29cb7a0 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000001e26860 R13: 0000000001e16250 R14: 00007ffc6bc57be0 R15: 0000000000000000 Memory state around the buggy address: ffffc90003557c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90003557c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90003557d00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90003557d80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90003557e00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================