BUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 [nct6775_core] (kernel 6.8-rc5, amd64)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings!

With KASAN enabled I get this dmesg at boot with kernel v6.8-rc5 on my Ryzen 5950X amd64 box (ASRock B550M Pro4 mainboard):

[...]
nct6775: Found NCT6798D or compatible chip at 0x2e:0x290
BTRFS info (device nvme0n1p7: state M): use lzo compression, level 0
loop: module loaded
==================================================================
BUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 [nct6775_core]
systemd-journald[867]: Collecting audit messages is disabled.
Read of size 2 at addr ffffffffc0863104 by task systemd-modules/868

CPU: 23 PID: 868 Comm: systemd-modules Not tainted 6.8.0-rc5-Zen3 #3
Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS P3.40 01/18/2024
systemd[1]: Mounted dev-hugepages.mount.
Call Trace:
 <TASK>
 dump_stack_lvl+0x37/0x52
 print_report+0x17e/0x505
 ? nct6775_reg_read+0x14b/0x264 [nct6775]
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? nct6775_probe+0x5654/0x6fe9 [nct6775_core]
 kasan_report+0xb9/0xe4
 ? nct6775_probe+0x5654/0x6fe9 [nct6775_core]
 nct6775_probe+0x5654/0x6fe9 [nct6775_core]
 ? show_tsi_temp+0xa7/0xa7 [nct6775_core]
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? add_dr+0x77/0x11f
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? do_raw_spin_unlock+0x5d/0x1b6
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? nct6775_platform_probe+0xec/0x2e8 [nct6775]
 platform_probe+0xe0/0x153
 really_probe+0x28a/0x57b
 ? driver_probe_device+0xc7/0xc7
 __driver_probe_device+0x20b/0x265
 ? driver_probe_device+0xc7/0xc7
 driver_probe_device+0x45/0xc7
 __device_attach_driver+0x15e/0x1b4
 bus_for_each_drv+0x12c/0x15c
 ? __cond_resched+0x58/0x63
 ? bus_rescan_devices+0x14/0x14
 ? _raw_spin_unlock_irqrestore+0xd/0x1e
 ? srso_alias_return_thunk+0x5/0xfbef5
 __device_attach+0x19a/0x241
 ? device_driver_attach+0x95/0x95
 ? do_raw_spin_unlock+0x5d/0x1b6
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? srso_alias_return_thunk+0x5/0xfbef5
 bus_probe_device+0x7d/0x14e
 device_add+0x5e9/0xf93
 ? get_device_parent+0x336/0x336
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? __insert_resource+0x2d/0x302
 platform_device_add+0x33b/0x456
 sensors_nct6775_platform_init+0x87b/0x1000 [nct6775]
 ? 0xffffffffc0887000
 ? superio_wmi_exit+0x9/0x9 [nct6775]
 ? superio_outb+0x4c/0x4c [nct6775]
 ? superio_inb+0x43/0x43 [nct6775]
 ? superio_exit+0x49/0x49 [nct6775]
 ? nct6775_asuswmi_read+0xc6/0xc6 [nct6775]
 ? 0xffffffffc0887000
 do_one_initcall+0xf4/0x2a1
 ? efi_enabled.constprop.0+0x50/0x50
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? local_clock_noinstr+0xc/0xa8
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? kasan_unpoison+0x3c/0x47
 do_init_module+0x272/0x5a2
 ? kfree+0xc8/0x14f
 load_module+0x3529/0x386d
 ? module_frob_arch_sections+0x16/0x16
 ? __vmalloc_node+0xa9/0xc8
 ? mode_strip_umask.isra.0+0x73/0x73
 ? init_module_from_file+0xc4/0xfb
 ? srso_alias_return_thunk+0x5/0xfbef5
 init_module_from_file+0xc4/0xfb
 ? __do_sys_init_module+0x19f/0x19f
 ? srso_alias_return_thunk+0x5/0xfbef5
 ? do_raw_spin_unlock+0x5d/0x1b6
 __do_sys_finit_module+0x2b8/0x468
 ? init_module_from_file+0xfb/0xfb
 do_syscall_64+0x84/0xee
 entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7f3a1a92d479
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 87 89 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffe6900a178 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055ee345bd630 RCX: 00007f3a1a92d479
RDX: 0000000000000000 RSI: 00007f3a1ad6f70f RDI: 0000000000000008
RBP: 0000000000000000 R08: 00007f3a1a9f6b20 R09: fffffffffffffe98
R10: 0000000000000050 R11: 0000000000000246 R12: 0000000000020000
R13: 00007f3a1ad6f70f R14: 000055ee345bd320 R15: 0000000000000000
 </TASK>

The buggy address belongs to the variable:
 _sub_I_65535_1+0x10f60/0xe5c [nct6775_core]

Memory state around the buggy address:
 ffffffffc0863000: 00 00 00 00 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
 ffffffffc0863080: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
>ffffffffc0863100: 04 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
                   ^
 ffffffffc0863180: 04 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9
 ffffffffc0863200: 00 06 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9
==================================================================
Disabling lock debugging due to kernel taint
[...]


Some data about the machine:
 # inxi -bz
System:
  Kernel: 6.8.0-rc5-Zen3 arch: x86_64 bits: 64 Console: pty pts/0
    Distro: Gentoo Base System release 2.14
Machine:
  Type: Desktop Mobo: ASRock model: B550M Pro4 serial: <filter> UEFI: American
    Megatrends LLC. v: P3.40 date: 01/18/2024
CPU:
  Info: 16-core AMD Ryzen 9 5950X [MT MCP] speed (MHz): avg: 779
    min/max: 550/5084
Graphics:
  Device-1: AMD RV370 [Radeon X300/X550/X1050 Series] driver: N/A
  Device-2: AMD Navi 22 [Radeon RX 6700/6700 XT/6750 XT / 6800M/6850M XT]
    driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.11 driver: X: loaded: amdgpu
    unloaded: fbdev,modesetting,radeon dri: radeonsi gpu: amdgpu
    resolution: <missing: xdpyinfo/xrandr> resolution: 3840x2160
  API: OpenGL v: 4.5 vendor: mesa v: 24.0.1 renderer: llvmpipe (LLVM 17.0.6
    256 bits)
Network:
  Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    driver: r8169

Full dmesg + kernel .config attached.

Regards,
Erhard

Attachment: dmesg_68-rc5_zen3_v01
Description: Binary data

Attachment: config_68-rc5_zen3+
Description: Binary data

[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]
  Powered by Linux