I've been testing some vfs patches (multigrain timestamps) on my personal desktop with a 6.10.0-rc5-ish kernel, and have hit a number of warnings in the amdgpu driver, including a UBSAN warning that looks like a potential array overrun: [ 8.772608] ------------[ cut here ]------------ [ 8.772609] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/bios/bios_parser2.c:680:23 [ 8.772612] index 8 is out of range for type 'atom_gpio_pin_assignment [8]' [ 8.772614] CPU: 13 PID: 508 Comm: (udev-worker) Not tainted 6.10.0-rc5-00292-gb3efd5c27332 #35 [ 8.772616] Hardware name: Micro-Star International Co., Ltd. MS-7E27/PRO B650M-P (MS-7E27), BIOS 1.A0 06/07/2024 [ 8.772618] Call Trace: [ 8.772620] <TASK> [ 8.772621] dump_stack_lvl+0x5d/0x80 [ 8.772629] ubsan_epilogue+0x5/0x30 [ 8.772633] __ubsan_handle_out_of_bounds.cold+0x46/0x4b [ 8.772636] bios_parser_get_gpio_pin_info+0x11c/0x150 [amdgpu] [ 8.773016] link_get_hpd_gpio+0x7e/0xd0 [amdgpu] [ 8.773205] construct_phy+0x26d/0xd40 [amdgpu] [ 8.773355] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.773370] ? link_create+0x210/0x250 [amdgpu] [ 8.773493] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.773495] link_create+0x210/0x250 [amdgpu] [ 8.773610] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.773612] create_links+0x151/0x530 [amdgpu] [ 8.773759] dc_create+0x401/0x7b0 [amdgpu] [ 8.773883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.773886] amdgpu_dm_init.isra.0+0x32f/0x22d0 [amdgpu] [ 8.774045] ? irq_work_queue+0x2d/0x50 [ 8.774048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774050] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774052] ? vprintk_emit+0x176/0x2a0 [ 8.774056] ? dev_vprintk_emit+0x181/0x1b0 [ 8.774063] dm_hw_init+0x12/0x30 [amdgpu] [ 8.774187] amdgpu_device_init.cold+0x1c43/0x1f90 [amdgpu] [ 8.774373] amdgpu_driver_load_kms+0x19/0x70 [amdgpu] [ 8.774507] amdgpu_pci_probe+0x1a7/0x4b0 [amdgpu] [ 8.774631] local_pci_probe+0x42/0x90 [ 8.774635] pci_device_probe+0xc1/0x2a0 [ 8.774638] really_probe+0xdb/0x340 [ 8.774642] ? pm_runtime_barrier+0x54/0x90 [ 8.774644] ? __pfx___driver_attach+0x10/0x10 [ 8.774646] __driver_probe_device+0x78/0x110 [ 8.774648] driver_probe_device+0x1f/0xa0 [ 8.774650] __driver_attach+0xba/0x1c0 [ 8.774652] bus_for_each_dev+0x8c/0xe0 [ 8.774655] bus_add_driver+0x142/0x220 [ 8.774657] driver_register+0x72/0xd0 [ 8.774660] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 8.774779] do_one_initcall+0x58/0x310 [ 8.774784] do_init_module+0x90/0x250 [ 8.774787] init_module_from_file+0x86/0xc0 [ 8.774791] idempotent_init_module+0x121/0x2b0 [ 8.774794] __x64_sys_finit_module+0x5e/0xb0 [ 8.774796] do_syscall_64+0x82/0x160 [ 8.774799] ? __pfx_page_put_link+0x10/0x10 [ 8.774804] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774806] ? do_sys_openat2+0x9c/0xe0 [ 8.774809] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774810] ? syscall_exit_to_user_mode+0x72/0x220 [ 8.774813] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774815] ? do_syscall_64+0x8e/0x160 [ 8.774816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774818] ? __seccomp_filter+0x303/0x520 [ 8.774820] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774824] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774825] ? syscall_exit_to_user_mode+0x72/0x220 [ 8.774827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774829] ? do_syscall_64+0x8e/0x160 [ 8.774830] ? do_syscall_64+0x8e/0x160 [ 8.774831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 8.774835] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.774837] RIP: 0033:0x7fa5f44391bd [ 8.774848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2b cc 0c 00 f7 d8 64 89 01 48 [ 8.774850] RSP: 002b:00007fff5d55a5a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 8.774852] RAX: ffffffffffffffda RBX: 0000555b3bfe6a50 RCX: 00007fa5f44391bd [ 8.774854] RDX: 0000000000000000 RSI: 00007fa5f455507d RDI: 000000000000002c [ 8.774855] RBP: 00007fff5d55a660 R08: 0000000000000001 R09: 00007fff5d55a5f0 [ 8.774855] R10: 0000000000000050 R11: 0000000000000246 R12: 00007fa5f455507d [ 8.774856] R13: 0000000000020000 R14: 0000555b3bfebb30 R15: 0000555b3bff63d0 [ 8.774859] </TASK> [ 8.774864] ---[ end trace ]--- It looks like "count" probably needs to be clamped to ARRAY_SIZE(header->gpio_pin) in bios_parser_get_gpio_pin_info ? dmesg is attached. There are couple of other warnings in there too after the UBSAN one, but this one looks the most worrisome. -- Jeff Layton <jlayton@xxxxxxxxxx>
Attachment:
amd-warnings-dmesg.out.gz
Description: application/gzip