UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c:1295:22
This is a follow-up for bug 1953008, which only happens when patches for USB4 alt mode were applied.
This is found on HP Lockheed16 and will disable one of the tbt port.
Source tree available in https://git.launchpad.net/~vicamo/+git/ubuntu-kernel/tree/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c?h=bug-1953008/amdgpu-yellow-carp-support-usb4-altmode/jammy&id=243857296edd341e5054cc50732b3af3432eaaf6#n1295
1263 static struct stream_encoder *dcn31_stream_encoder_create( 1264 enum engine_id eng_id, 1265 struct dc_context *ctx) 1266 { ... 1293 dcn30_dio_stream_encoder_construct(enc1, ctx, ctx->dc_bios, 1294 eng_id, vpg, afmt, 1295 &stream_enc_regs[eng_id], 1296 &se_shift, &se_mask);
[ 5.557065] [drm] amdgpu kernel modesetting enabled. [ 5.562748] amdgpu: Virtual CRAT table created for CPU [ 5.562769] amdgpu: Topology: Add CPU node [ 5.563048] checking generic (320000000 8ca000) vs hw (320000000 10000000) [ 5.563053] fb0: switching to amdgpu from EFI VGA [ 5.563274] Console: switching to colour dummy device 80x25 [ 5.563386] amdgpu 0000:64:00.0: vgaarb: deactivate vga console [ 5.563768] [drm] initializing kernel modesetting (YELLOW_CARP 0x1002:0x1681 0x103C:0x8990 0xD5). [ 5.563791] amdgpu 0000:64:00.0: amdgpu: Trusted Memory Zone (TMZ) feature disabled as experimental (default) [ 5.563968] [drm] register mmio base: 0xA4800000 [ 5.563969] [drm] register mmio size: 524288 [ 5.563976] [drm] PCIE atomic ops is not supported [ 5.565481] [drm] add ip block number 0 <nv_common> [ 5.565483] [drm] add ip block number 1 <gmc_v10_0> [ 5.565484] [drm] add ip block number 2 <navi10_ih> [ 5.565485] [drm] add ip block number 3 <psp> [ 5.565486] [drm] add ip block number 4 <smu> [ 5.565487] [drm] add ip block number 5 <gfx_v10_0> [ 5.565488] [drm] add ip block number 6 <sdma_v5_2> [ 5.565490] [drm] add ip block number 7 <dm> [ 5.565491] [drm] add ip block number 8 <vcn_v3_0> [ 5.565492] [drm] add ip block number 9 <jpeg_v3_0> [ 5.565512] amdgpu 0000:64:00.0: amdgpu: Fetched VBIOS from VFCT [ 5.565515] amdgpu: ATOM BIOS: 113-REMBRANDT-032 [ 5.565529] [drm] VCN(0) decode is enabled in VM mode [ 5.565530] [drm] VCN(0) encode is enabled in VM mode [ 5.565532] [drm] JPEG decode is enabled in VM mode [ 5.565570] [drm] vm size is 262144 GB, 4 levels, block size is 9-bit, fragment size is 9-bit [ 5.565576] amdgpu 0000:64:00.0: amdgpu: VRAM: 512M 0x000000F400000000 - 0x000000F41FFFFFFF (512M used) [ 5.565579] amdgpu 0000:64:00.0: amdgpu: GART: 512M 0x0000000000000000 - 0x000000001FFFFFFF [ 5.565580] amdgpu 0000:64:00.0: amdgpu: AGP: 267419648M 0x000000F800000000 - 0x0000FFFFFFFFFFFF [ 5.565589] [drm] Detected VRAM RAM=512M, BAR=512M [ 5.565590] [drm] RAM width 64bits DDR5 [ 5.565640] [drm] amdgpu: 512M of VRAM memory ready [ 5.565642] [drm] amdgpu: 3072M of GTT memory ready. [ 5.565658] [drm] GART: num cpu pages 131072, num gpu pages 131072 [ 5.566076] [drm] PCIE GART of 512M enabled (table at 0x000000F4008CA000). [ 5.567973] amdgpu 0000:64:00.0: amdgpu: PSP runtime database doesn't exist [ 5.573492] [drm] use_doorbell being set to: [true] [ 5.574279] [drm] Loading DMUB firmware via PSP: version=0x0400000D [ 5.574727] [drm] Found VCN firmware Version ENC: 1.14 DEC: 2 VEP: 0 Revision: 3 [ 5.574733] amdgpu 0000:64:00.0: amdgpu: Will use PSP to load VCN firmware [ 5.599344] [drm] reserve 0xa00000 from 0xf41f400000 for PSP TMR [ 5.625250] usb 3-2.4: reset high-speed USB device number 4 using xhci_hcd [ 5.644351] intel_rapl_common: Found RAPL domain package [ 5.644356] intel_rapl_common: Found RAPL domain core [ 5.665305] amdgpu 0000:64:00.0: amdgpu: RAS: optional ras ta ucode is not available [ 5.671557] amdgpu 0000:64:00.0: amdgpu: RAP: optional rap ta ucode is not available [ 5.671562] amdgpu 0000:64:00.0: amdgpu: SECUREDISPLAY: securedisplay ta ucode is not available [ 5.671649] amdgpu 0000:64:00.0: amdgpu: smu fw reported version = 0x04450800 (1093.8.0) [ 5.674717] amdgpu 0000:64:00.0: amdgpu: SMU is initialized successfully! [ 5.675088] [drm] kiq ring mec 2 pipe 1 q 0 [ 5.675818] ================================================================================ [ 5.675825] UBSAN: array-index-out-of-bounds in /tmp/kernel-vicamo-0a7e41cfca68-YnVV/build/drivers/gpu/drm/amd/amdgpu/../display/dc/dcn31/dcn31_resource.c:1295:22 [ 5.675829] index 6 is out of range for type 'dcn10_stream_enc_registers [5]' [ 5.675831] CPU: 5 PID: 431 Comm: systemd-udevd Not tainted 5.15.0-2016-generic #16~20.04.1+lp1953008.4 [ 5.675834] Hardware name: HP HP EliteBook 865 G9 Notebook PC/8990, BIOS U82 Ver. 80.13.00 10/14/2021 [ 5.675835] Call Trace: [ 5.675837] <TASK> [ 5.675839] dump_stack_lvl+0x4a/0x5f [ 5.675848] dump_stack+0x10/0x12 [ 5.675849] ubsan_epilogue+0x9/0x45 [ 5.675851] __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 5.675853] dcn31_stream_encoder_create+0x1b8/0x230 [amdgpu] [ 5.676031] resource_construct+0x1a3/0x500 [amdgpu] [ 5.676164] dcn31_resource_construct+0xf4b/0x15e0 [amdgpu] [ 5.676404] dcn31_create_resource_pool+0x41/0x90 [amdgpu] [ 5.676531] dc_create_resource_pool+0xc9/0x240 [amdgpu] [ 5.676842] dc_construct+0x1d9/0x500 [amdgpu] [ 5.677020] ? kmalloc_order+0x83/0xc0 [ 5.677025] dc_create+0x46/0x140 [amdgpu] [ 5.677194] amdgpu_dm_init+0x1ba/0x250 [amdgpu] [ 5.677341] ? complete+0x3f/0x50 [ 5.677345] ? drm_sched_entity_init+0x113/0x1c0 [gpu_sched] [ 5.677349] dm_hw_init+0x13/0x30 [amdgpu] [ 5.677474] amdgpu_device_ip_init+0x5dc/0x6b7 [amdgpu] [ 5.677612] amdgpu_device_init.cold+0x70c/0xc48 [amdgpu] [ 5.677740] ? pci_read_config_word+0x27/0x40 [ 5.677745] amdgpu_driver_load_kms+0x6d/0x320 [amdgpu] [ 5.677836] amdgpu_pci_probe+0x11e/0x1a0 [amdgpu] [ 5.677924] local_pci_probe+0x4b/0x90 [ 5.677927] pci_device_probe+0x182/0x1f0 [ 5.677928] really_probe.part.0+0xcb/0x370 [ 5.677932] really_probe+0x40/0x80 [ 5.677933] __driver_probe_device+0x115/0x190 [ 5.677934] driver_probe_device+0x23/0xa0 [ 5.677935] __driver_attach+0xbd/0x160 [ 5.677936] ? __device_attach_driver+0x110/0x110 [ 5.677937] bus_for_each_dev+0x7e/0xc0 [ 5.677940] driver_attach+0x1e/0x20 [ 5.677941] bus_add_driver+0x161/0x200 [ 5.677942] driver_register+0x74/0xd0 [ 5.677943] __pci_register_driver+0x68/0x70 [ 5.677944] amdgpu_init+0x7c/0x1000 [amdgpu] [ 5.678034] ? 0xffffffffc1b97000 [ 5.678035] do_one_initcall+0x48/0x1d0 [ 5.678039] ? __cond_resched+0x19/0x30 [ 5.678042] ? kmem_cache_alloc_trace+0x15a/0x420 [ 5.678046] do_init_module+0x62/0x250 [ 5.678049] load_module+0x1320/0x15b0 [ 5.678051] __do_sys_finit_module+0xbf/0x120 [ 5.678053] ? __do_sys_finit_module+0xbf/0x120 [ 5.678055] __x64_sys_finit_module+0x1a/0x20 [ 5.678056] do_syscall_64+0x5c/0xc0 [ 5.678058] ? __x64_sys_mmap+0x33/0x40 [ 5.678061] ? do_syscall_64+0x69/0xc0 [ 5.678062] ? syscall_exit_to_user_mode+0x27/0x50 [ 5.678063] ? __x64_sys_openat+0x20/0x30 [ 5.678066] ? do_syscall_64+0x69/0xc0 [ 5.678067] ? do_syscall_64+0x69/0xc0 [ 5.678068] ? syscall_exit_to_user_mode+0x27/0x50 [ 5.678069] ? __x64_sys_openat+0x20/0x30 [ 5.678071] ? do_syscall_64+0x69/0xc0 [ 5.678072] ? sysvec_reschedule_ipi+0x78/0xe0 [ 5.678073] ? asm_sysvec_reschedule_ipi+0xa/0x20 [ 5.678075] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 5.678077] RIP: 0033:0x7f6489ced89d [ 5.678081] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48 [ 5.678083] RSP: 002b:00007ffdae903db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 5.678086] RAX: ffffffffffffffda RBX: 000055c103bc1030 RCX: 00007f6489ced89d [ 5.678087] RDX: 0000000000000000 RSI: 00007f6489bcaded RDI: 000000000000001a [ 5.678087] RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000000 [ 5.678088] R10: 000000000000001a R11: 0000000000000246 R12: 00007f6489bcaded [ 5.678089] R13: 0000000000000000 R14: 000055c103bedae0 R15: 000055c103bc1030 [ 5.678090] </TASK> [ 5.678091] ================================================================================
UBSAN: array-index- out-of- bounds in drivers/ gpu/drm/ amd/display/ dc/dcn31/ dcn31_resource. c:1295: 22
This is a follow-up for bug 1953008, which only happens when patches for USB4 alt mode were applied.
This is found on HP Lockheed16 and will disable one of the tbt port.
Source tree available in https:/ /git.launchpad. net/~vicamo/ +git/ubuntu- kernel/ tree/drivers/ gpu/drm/ amd/display/ dc/dcn31/ dcn31_resource. c?h=bug- 1953008/ amdgpu- yellow- carp-support- usb4-altmode/ jammy&id= 243857296edd341 e5054cc50732b3a f3432eaaf6# n1295
1263 static struct stream_encoder *dcn31_ stream_ encoder_ create( stream_ encoder_ construct( enc1, ctx, ctx->dc_bios, enc_regs[ eng_id] ,
1264 enum engine_id eng_id,
1265 struct dc_context *ctx)
1266 {
...
1293 dcn30_dio_
1294 eng_id, vpg, afmt,
1295 &stream_
1296 &se_shift, &se_mask);
[ 5.557065] [drm] amdgpu kernel modesetting enabled. 000). ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= === out-of- bounds in /tmp/kernel- vicamo- 0a7e41cfca68- YnVV/build/ drivers/ gpu/drm/ amd/amdgpu/ ../display/ dc/dcn31/ dcn31_resource. c:1295: 22 stream_ enc_registers [5]' 04.1+lp1953008. 4 lvl+0x4a/ 0x5f 0x10/0x12 0x9/0x45 handle_ out_of_ bounds. cold+0x44/ 0x49 encoder_ create+ 0x1b8/0x230 [amdgpu] construct+ 0x1a3/0x500 [amdgpu] construct+ 0xf4b/0x15e0 [amdgpu] resource_ pool+0x41/ 0x90 [amdgpu] resource_ pool+0xc9/ 0x240 [amdgpu] 0x1d9/0x500 [amdgpu] order+0x83/ 0xc0 0x46/0x140 [amdgpu] dm_init+ 0x1ba/0x250 [amdgpu] entity_ init+0x113/ 0x1c0 [gpu_sched] 0x13/0x30 [amdgpu] device_ ip_init+ 0x5dc/0x6b7 [amdgpu] device_ init.cold+ 0x70c/0xc48 [amdgpu] config_ word+0x27/ 0x40 driver_ load_kms+ 0x6d/0x320 [amdgpu] pci_probe+ 0x11e/0x1a0 [amdgpu] probe+0x4b/ 0x90 probe+0x182/ 0x1f0 probe.part. 0+0xcb/ 0x370 probe+0x40/ 0x80 probe_device+ 0x115/0x190 probe_device+ 0x23/0xa0 attach+ 0xbd/0x160 attach_ driver+ 0x110/0x110 each_dev+ 0x7e/0xc0 attach+ 0x1e/0x20 driver+ 0x161/0x200 register+ 0x74/0xd0 driver+ 0x68/0x70 init+0x7c/ 0x1000 [amdgpu] initcall+ 0x48/0x1d0 resched+ 0x19/0x30 alloc_trace+ 0x15a/0x420 module+ 0x62/0x250 0x1320/ 0x15b0 finit_module+ 0xbf/0x120 finit_module+ 0xbf/0x120 finit_module+ 0x1a/0x20 64+0x5c/ 0xc0 mmap+0x33/ 0x40 64+0x69/ 0xc0 exit_to_ user_mode+ 0x27/0x50 openat+ 0x20/0x30 64+0x69/ 0xc0 64+0x69/ 0xc0 exit_to_ user_mode+ 0x27/0x50 openat+ 0x20/0x30 64+0x69/ 0xc0 reschedule_ ipi+0x78/ 0xe0 reschedule_ ipi+0xa/ 0x20 64_after_ hwframe+ 0x44/0xae 903db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ===
[ 5.562748] amdgpu: Virtual CRAT table created for CPU
[ 5.562769] amdgpu: Topology: Add CPU node
[ 5.563048] checking generic (320000000 8ca000) vs hw (320000000 10000000)
[ 5.563053] fb0: switching to amdgpu from EFI VGA
[ 5.563274] Console: switching to colour dummy device 80x25
[ 5.563386] amdgpu 0000:64:00.0: vgaarb: deactivate vga console
[ 5.563768] [drm] initializing kernel modesetting (YELLOW_CARP 0x1002:0x1681 0x103C:0x8990 0xD5).
[ 5.563791] amdgpu 0000:64:00.0: amdgpu: Trusted Memory Zone (TMZ) feature disabled as experimental (default)
[ 5.563968] [drm] register mmio base: 0xA4800000
[ 5.563969] [drm] register mmio size: 524288
[ 5.563976] [drm] PCIE atomic ops is not supported
[ 5.565481] [drm] add ip block number 0 <nv_common>
[ 5.565483] [drm] add ip block number 1 <gmc_v10_0>
[ 5.565484] [drm] add ip block number 2 <navi10_ih>
[ 5.565485] [drm] add ip block number 3 <psp>
[ 5.565486] [drm] add ip block number 4 <smu>
[ 5.565487] [drm] add ip block number 5 <gfx_v10_0>
[ 5.565488] [drm] add ip block number 6 <sdma_v5_2>
[ 5.565490] [drm] add ip block number 7 <dm>
[ 5.565491] [drm] add ip block number 8 <vcn_v3_0>
[ 5.565492] [drm] add ip block number 9 <jpeg_v3_0>
[ 5.565512] amdgpu 0000:64:00.0: amdgpu: Fetched VBIOS from VFCT
[ 5.565515] amdgpu: ATOM BIOS: 113-REMBRANDT-032
[ 5.565529] [drm] VCN(0) decode is enabled in VM mode
[ 5.565530] [drm] VCN(0) encode is enabled in VM mode
[ 5.565532] [drm] JPEG decode is enabled in VM mode
[ 5.565570] [drm] vm size is 262144 GB, 4 levels, block size is 9-bit, fragment size is 9-bit
[ 5.565576] amdgpu 0000:64:00.0: amdgpu: VRAM: 512M 0x000000F400000000 - 0x000000F41FFFFFFF (512M used)
[ 5.565579] amdgpu 0000:64:00.0: amdgpu: GART: 512M 0x0000000000000000 - 0x000000001FFFFFFF
[ 5.565580] amdgpu 0000:64:00.0: amdgpu: AGP: 267419648M 0x000000F800000000 - 0x0000FFFFFFFFFFFF
[ 5.565589] [drm] Detected VRAM RAM=512M, BAR=512M
[ 5.565590] [drm] RAM width 64bits DDR5
[ 5.565640] [drm] amdgpu: 512M of VRAM memory ready
[ 5.565642] [drm] amdgpu: 3072M of GTT memory ready.
[ 5.565658] [drm] GART: num cpu pages 131072, num gpu pages 131072
[ 5.566076] [drm] PCIE GART of 512M enabled (table at 0x000000F4008CA
[ 5.567973] amdgpu 0000:64:00.0: amdgpu: PSP runtime database doesn't exist
[ 5.573492] [drm] use_doorbell being set to: [true]
[ 5.574279] [drm] Loading DMUB firmware via PSP: version=0x0400000D
[ 5.574727] [drm] Found VCN firmware Version ENC: 1.14 DEC: 2 VEP: 0 Revision: 3
[ 5.574733] amdgpu 0000:64:00.0: amdgpu: Will use PSP to load VCN firmware
[ 5.599344] [drm] reserve 0xa00000 from 0xf41f400000 for PSP TMR
[ 5.625250] usb 3-2.4: reset high-speed USB device number 4 using xhci_hcd
[ 5.644351] intel_rapl_common: Found RAPL domain package
[ 5.644356] intel_rapl_common: Found RAPL domain core
[ 5.665305] amdgpu 0000:64:00.0: amdgpu: RAS: optional ras ta ucode is not available
[ 5.671557] amdgpu 0000:64:00.0: amdgpu: RAP: optional rap ta ucode is not available
[ 5.671562] amdgpu 0000:64:00.0: amdgpu: SECUREDISPLAY: securedisplay ta ucode is not available
[ 5.671649] amdgpu 0000:64:00.0: amdgpu: smu fw reported version = 0x04450800 (1093.8.0)
[ 5.674717] amdgpu 0000:64:00.0: amdgpu: SMU is initialized successfully!
[ 5.675088] [drm] kiq ring mec 2 pipe 1 q 0
[ 5.675818] =======
[ 5.675825] UBSAN: array-index-
[ 5.675829] index 6 is out of range for type 'dcn10_
[ 5.675831] CPU: 5 PID: 431 Comm: systemd-udevd Not tainted 5.15.0-2016-generic #16~20.
[ 5.675834] Hardware name: HP HP EliteBook 865 G9 Notebook PC/8990, BIOS U82 Ver. 80.13.00 10/14/2021
[ 5.675835] Call Trace:
[ 5.675837] <TASK>
[ 5.675839] dump_stack_
[ 5.675848] dump_stack+
[ 5.675849] ubsan_epilogue+
[ 5.675851] __ubsan_
[ 5.675853] dcn31_stream_
[ 5.676031] resource_
[ 5.676164] dcn31_resource_
[ 5.676404] dcn31_create_
[ 5.676531] dc_create_
[ 5.676842] dc_construct+
[ 5.677020] ? kmalloc_
[ 5.677025] dc_create+
[ 5.677194] amdgpu_
[ 5.677341] ? complete+0x3f/0x50
[ 5.677345] ? drm_sched_
[ 5.677349] dm_hw_init+
[ 5.677474] amdgpu_
[ 5.677612] amdgpu_
[ 5.677740] ? pci_read_
[ 5.677745] amdgpu_
[ 5.677836] amdgpu_
[ 5.677924] local_pci_
[ 5.677927] pci_device_
[ 5.677928] really_
[ 5.677932] really_
[ 5.677933] __driver_
[ 5.677934] driver_
[ 5.677935] __driver_
[ 5.677936] ? __device_
[ 5.677937] bus_for_
[ 5.677940] driver_
[ 5.677941] bus_add_
[ 5.677942] driver_
[ 5.677943] __pci_register_
[ 5.677944] amdgpu_
[ 5.678034] ? 0xffffffffc1b97000
[ 5.678035] do_one_
[ 5.678039] ? __cond_
[ 5.678042] ? kmem_cache_
[ 5.678046] do_init_
[ 5.678049] load_module+
[ 5.678051] __do_sys_
[ 5.678053] ? __do_sys_
[ 5.678055] __x64_sys_
[ 5.678056] do_syscall_
[ 5.678058] ? __x64_sys_
[ 5.678061] ? do_syscall_
[ 5.678062] ? syscall_
[ 5.678063] ? __x64_sys_
[ 5.678066] ? do_syscall_
[ 5.678067] ? do_syscall_
[ 5.678068] ? syscall_
[ 5.678069] ? __x64_sys_
[ 5.678071] ? do_syscall_
[ 5.678072] ? sysvec_
[ 5.678073] ? asm_sysvec_
[ 5.678075] entry_SYSCALL_
[ 5.678077] RIP: 0033:0x7f6489ced89d
[ 5.678081] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48
[ 5.678083] RSP: 002b:00007ffdae
[ 5.678086] RAX: ffffffffffffffda RBX: 000055c103bc1030 RCX: 00007f6489ced89d
[ 5.678087] RDX: 0000000000000000 RSI: 00007f6489bcaded RDI: 000000000000001a
[ 5.678087] RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000000
[ 5.678088] R10: 000000000000001a R11: 0000000000000246 R12: 00007f6489bcaded
[ 5.678089] R13: 0000000000000000 R14: 000055c103bedae0 R15: 000055c103bc1030
[ 5.678090] </TASK>
[ 5.678091] =======