From: bugzilla-daemon@bugzilla.kernel.org
To: dri-devel@lists.freedesktop.org
Subject: [Bug 205279] New: BUG: KASAN: global-out-of-bounds in read_indirect_azalia_reg+0x69/0x100 [amdgpu]
Date: Sun, 20 Oct 2019 18:11:44 +0000 [thread overview]
Message-ID: <bug-205279-2300@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=205279
Bug ID: 205279
Summary: BUG: KASAN: global-out-of-bounds in
read_indirect_azalia_reg+0x69/0x100 [amdgpu]
Product: Drivers
Version: 2.5
Kernel Version: 5.4.0-rc3+
Hardware: Intel
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Video(DRI - non Intel)
Assignee: drivers_video-dri@kernel-bugs.osdl.org
Reporter: ilkka.prusi@gmail.com
Regression: No
KASAN reported bug.
Note: Bug 205265 - gpio_generic: module verification failed: signature and/or
required key missing - tainting kernel
[ 34.581969]
==================================================================
[ 34.582156] BUG: KASAN: global-out-of-bounds in
read_indirect_azalia_reg+0x69/0x100 [amdgpu]
[ 34.582175] Read of size 4 at addr ffffffffc1c70828 by task
systemd-udevd/465
[ 34.582199] CPU: 1 PID: 465 Comm: systemd-udevd Tainted: G E
5.4.0-rc3+ #3
[ 34.582201] Hardware name: System manufacturer System Product Name/TUF
B450-PLUS GAMING, BIOS 1804 07/29/2019
[ 34.582203] Call Trace:
[ 34.582209] dump_stack+0x9a/0xf0
[ 34.582215] print_address_description.constprop.0+0x1b/0x210
[ 34.582380] ? read_indirect_azalia_reg+0x69/0x100 [amdgpu]
[ 34.582551] ? read_indirect_azalia_reg+0x69/0x100 [amdgpu]
[ 34.582555] __kasan_report.cold+0x1a/0x33
[ 34.582560] ? memmove+0x50/0x50
[ 34.582730] ? read_indirect_azalia_reg+0x69/0x100 [amdgpu]
[ 34.582736] kasan_report+0xe/0x20
[ 34.582907] read_indirect_azalia_reg+0x69/0x100 [amdgpu]
[ 34.583082] dce_aud_endpoint_valid+0xf/0x20 [amdgpu]
[ 34.583250] resource_construct+0x1da/0x520 [amdgpu]
[ 34.583423] ? dc_destroy_resource_pool+0x70/0x70 [amdgpu]
[ 34.583427] ? kasan_unpoison_shadow+0x33/0x40
[ 34.583602] dce120_create_resource_pool+0x9cb/0xba0 [amdgpu]
[ 34.583776] ? dce120_i2c_hw_create+0x80/0x80 [amdgpu]
[ 34.583779] ? kasan_unpoison_shadow+0x33/0x40
[ 34.583782] ? __kasan_kmalloc.constprop.0+0xc2/0xd0
[ 34.583954] dc_create_resource_pool+0xfe/0x230 [amdgpu]
[ 34.584130] dc_create+0x473/0xc80 [amdgpu]
[ 34.584303] ? destruct+0x280/0x280 [amdgpu]
[ 34.584308] ? create_object+0x234/0x560
[ 34.584312] ? _raw_write_unlock_irqrestore+0x59/0x70
[ 34.584318] ? preempt_count_sub+0x43/0x50
[ 34.584322] ? _raw_write_unlock_irqrestore+0x46/0x70
[ 34.584326] ? create_object+0x387/0x560
[ 34.584331] ? kasan_unpoison_shadow+0x33/0x40
[ 34.584334] ? __kasan_kmalloc.constprop.0+0xc2/0xd0
[ 34.584508] amdgpu_dm_init+0x26f/0x330 [amdgpu]
[ 34.584664] ? amdgpu_mm_rreg+0xe0/0x200 [amdgpu]
[ 34.584836] ? dm_resume+0x5e0/0x5e0 [amdgpu]
[ 34.585006] ? vega10_enable_fan_control_feature+0x75/0x90 [amdgpu]
[ 34.585174] ? vega10_fan_ctrl_start_smc_fan_control+0x26/0x40 [amdgpu]
[ 34.585341] ? vega10_start_thermal_controller+0x30c/0x320 [amdgpu]
[ 34.585354] ? memcpy+0x35/0x50
[ 34.585522] ? psm_set_states+0x90/0xb0 [amdgpu]
[ 34.585697] dm_hw_init+0xe/0x20 [amdgpu]
[ 34.585864] amdgpu_device_init.cold+0x2540/0x266f [amdgpu]
[ 34.586023] ? amdgpu_device_has_dc_support+0x30/0x30 [amdgpu]
[ 34.586026] ? _raw_write_unlock_irqrestore+0x59/0x70
[ 34.586031] ? preempt_count_sub+0x43/0x50
[ 34.586035] ? _raw_write_unlock_irqrestore+0x46/0x70
[ 34.586039] ? create_object+0x387/0x560
[ 34.586046] ? kmalloc_order+0x8d/0xa0
[ 34.586204] amdgpu_driver_load_kms+0xd5/0x360 [amdgpu]
[ 34.586359] ? amdgpu_register_gpu_instance+0xd0/0xd0 [amdgpu]
[ 34.586363] ? __kasan_slab_free+0x141/0x170
[ 34.586396] drm_dev_register+0x1d8/0x220 [drm]
[ 34.586553] amdgpu_pci_probe+0x128/0x190 [amdgpu]
[ 34.586707] ? amdgpu_pmops_runtime_idle+0xe0/0xe0 [amdgpu]
[ 34.586712] local_pci_probe+0x74/0xc0
[ 34.586717] pci_device_probe+0x1ee/0x2f0
[ 34.586721] ? pci_device_remove+0x1a0/0x1a0
[ 34.586728] ? sysfs_do_create_link_sd.isra.0+0x74/0xd0
[ 34.586736] really_probe+0x184/0x530
[ 34.586743] driver_probe_device+0x119/0x180
[ 34.586748] device_driver_attach+0x87/0x90
[ 34.586752] ? device_driver_attach+0x90/0x90
[ 34.586755] __driver_attach+0xb0/0x1a0
[ 34.586760] ? device_driver_attach+0x90/0x90
[ 34.586763] bus_for_each_dev+0xe9/0x140
[ 34.586767] ? subsys_dev_iter_exit+0x10/0x10
[ 34.586771] ? __list_add_valid+0x2f/0x60
[ 34.586779] bus_add_driver+0x22c/0x2e0
[ 34.586786] driver_register+0xd8/0x160
[ 34.586790] ? 0xffffffffc1218000
[ 34.586795] do_one_initcall+0xd4/0x384
[ 34.586799] ? perf_trace_initcall_level+0x250/0x250
[ 34.586803] ? _raw_write_unlock_irqrestore+0x46/0x70
[ 34.586806] ? create_object+0x387/0x560
[ 34.586811] ? kasan_unpoison_shadow+0x33/0x40
[ 34.586814] ? kasan_unpoison_shadow+0x33/0x40
[ 34.586822] do_init_module+0xfd/0x380
[ 34.586829] load_module+0x3dc1/0x4160
[ 34.586854] ? module_frob_arch_sections+0x20/0x20
[ 34.586860] ? kernel_read+0x9b/0xc0
[ 34.586866] ? kernel_read_file+0x187/0x330
[ 34.586871] ? remove_arg_zero+0x2b0/0x2b0
[ 34.586875] ? __seccomp_filter+0x12a/0x9d0
[ 34.586888] ? __do_sys_finit_module+0x121/0x1b0
[ 34.586891] __do_sys_finit_module+0x121/0x1b0
[ 34.586895] ? __ia32_sys_init_module+0x40/0x40
[ 34.586900] ? randomize_stack_top+0x80/0x80
[ 34.586916] ? trace_hardirqs_off_caller+0x2f/0x130
[ 34.586919] ? do_syscall_64+0x14/0x1e0
[ 34.586926] do_syscall_64+0x72/0x1e0
[ 34.586931] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 34.586933] RIP: 0033:0x7fe4e28940c9
[ 34.586937] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89
f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 97 3d 0c 00 f7 d8 64 89 01 48
[ 34.586939] RSP: 002b:00007ffde7f9bd48 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 34.586942] RAX: ffffffffffffffda RBX: 00005631cd3b1620 RCX:
00007fe4e28940c9
[ 34.586945] RDX: 0000000000000000 RSI: 00007fe4e2797cad RDI:
0000000000000013
[ 34.586947] RBP: 0000000000020000 R08: 0000000000000000 R09:
00005631cd399e48
[ 34.586949] R10: 0000000000000013 R11: 0000000000000246 R12:
00007fe4e2797cad
[ 34.586951] R13: 0000000000000000 R14: 00005631cd3a2ab0 R15:
00005631cd3b1620
[ 34.586968] The buggy address belongs to the variable:
[ 34.587136] audio_regs+0x108/0xffffffffffeed8e0 [amdgpu]
[ 34.587155] Memory state around the buggy address:
[ 34.587169] ffffffffc1c70700: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00
00
[ 34.587186] ffffffffc1c70780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ 34.587204] >ffffffffc1c70800: 00 00 00 00 00 fa fa fa fa fa fa fa 00 00 00
00
[ 34.587221] ^
[ 34.587233] ffffffffc1c70880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ 34.587251] ffffffffc1c70900: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00
00
[ 34.587268]
==================================================================
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
reply other threads:[~2019-10-20 18:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-205279-2300@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.