iMX8MP BSP 6.1.1 array index out of bounds

HI,

When running kasan on NXP BSP 6.1.1-1.0.0 on iMX8MP we get the following error:

[ 3.763243] ==================================================================
[ 3.770511] BUG: KASAN: slab-out-of-bounds in imx_blk_ctrl_probe+0x22c/0x710
[ 3.777621] Write of size 8 at addr ffff0000d7029a58 by task kworker/u8:1/49
[ 3.784694]
[ 3.786201] CPU: 2 PID: 49 Comm: kworker/u8:1 Not tainted 6.1.1+g29549c7073bf #15
[ 3.793713] Hardware name: NXP i.MX8MPlus Blackbird board (DT)
[ 3.799567] Workqueue: events_unbound deferred_probe_work_func
[ 3.805452] Call trace:
[ 3.807912] dump_backtrace+0xdc/0x130
[ 3.811700] show_stack+0x18/0x40
[ 3.815054] dump_stack_lvl+0x64/0x80
[ 3.818755] print_report+0x188/0x48c
[ 3.822449] kasan_report+0xb8/0x100
[ 3.826054] __asan_store8+0x80/0xa4
[ 3.829660] imx_blk_ctrl_probe+0x22c/0x710
[ 3.833882] platform_probe+0x8c/0xf0
[ 3.837582] really_probe+0x114/0x5bc
[ 3.841276] __driver_probe_device+0xbc/0x220
[ 3.845674] driver_probe_device+0x5c/0x150
[ 3.849893] __device_attach_driver+0xec/0x1a0
[ 3.854371] bus_for_each_drv+0xf0/0x15c
[ 3.858326] __device_attach+0x114/0x280
[ 3.862281] device_initial_probe+0x14/0x20
[ 3.866498] bus_probe_device+0xe8/0xfc
[ 3.870366] deferred_probe_work_func+0xf4/0x150
[ 3.875019] process_one_work+0x398/0x5e0
[ 3.879066] worker_thread+0x3c8/0x6a0
[ 3.882843] kthread+0x188/0x190
[ 3.886099] ret_from_fork+0x10/0x20
[ 3.889706]
[ 3.891208] Allocated by task 49:
[ 3.895223]
[ 3.896728] The buggy address belongs to the object at ffff0000d7029800
[ 3.896728] which belongs to the cache kmalloc-1k of size 1024
[ 3.909272] The buggy address is located 600 bytes inside of
[ 3.909272] 1024-byte region [ffff0000d7029800, ffff0000d7029c00)
[ 3.921123]
[ 3.922627] The buggy address belongs to the physical page:
[ 3.928217] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117028
[ 3.937640] head:(____ptrval____) order:3 compound_mapcount:0 compound_pincount:0
[ 3.945144] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
[ 3.952500] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000d0002780
[ 3.960271] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3.968035] page dumped because: kasan: bad access detected
[ 3.973622]
[ 3.975121] Memory state around the buggy address:
[ 3.979929] ffff0000d7029900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3.987176] ffff0000d7029980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3.994421] >ffff0000d7029a00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 4.001660] ^
[ 4.007771] ffff0000d7029a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4.015015] ffff0000d7029b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4.022255] ==================================================================

This seem to be caused by the commit 4a9a20d77156545d6c25fe60cb598355210880cf (https://github.com/nxp-imx/linux-imx.git) "MLK-23680-1: clk: imx: clk-audiomix: remove sdma root clock" where these lines are removed:

include/dt-bindings/clock/imx8mp-clock.h:

#define IMX8MP_CLK_AUDIO_BLK_CTRL_SDMA2_ROOT 26

drivers/clk/imx/clk-imx8mp.c b/drivers/clk/imx/clk-imx8mp.c:
IMX_BLK_CTRL_CLK_GATE("sdma2_root_clk", IMX8MP_CLK_AUDIO_BLK_CTRL_SDMA2_ROOT, 0, 26, "audio_ahb_root"),

After this change the array imx8mp_audio_blk_ctrl_hws (drivers/clk/imx/clk-imx8mp.c) has decreased the the size from 58 to 57, but since the value of the defines IMX8MP_CLK_AUDIO_BLK_CTRL_.... after IMX8MP_CLK_AUDIO_BLK_CTRL_SDMA2_ROOT hasn't been renumbered, the ".id" number from 27 to 58 are one too big.
Since the function imx_blk_ctrl_register_clock_controller (drivers/clk/imx/clk-blk-ctrl.c) uses the ".id" for index in the allocated array (hws[hw->id] = tmp;), 58 will be out of bounds.

Can you confirm that the defines IMX8MP_CLK_AUDIO_BLK_CTRL_.... after IMX8MP_CLK_AUDIO_BLK_CTRL_SDMA2_ROOT should be renumbered as done in the attached patch?