[Bug 100375] forced EDID's can cause a amdgpu to null ptr deref

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Mar 24 10:36:39 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=100375

            Bug ID: 100375
           Summary: forced EDID's can cause a amdgpu to null ptr deref
           Product: DRI
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: DRM/AMDgpu
          Assignee: dri-devel at lists.freedesktop.org
          Reporter: funfunctor at folklore1984.net

[  307.570505] [drm] Got external EDID base block and 0 extensions from
"edid/768x384.bin" for connector "VGA-1"
[  445.605230] [drm:drm_edid_block_valid] *ERROR* EDID checksum is invalid,
remainder is 60
[  445.605232] Raw EDID:
[  445.605235]          00 ff ff ff ff ff ff 00 39 f6 05 04 16 07 02 00
[  445.605236]          10 17 01 03 81 1e 17 b4 ea c1 e5 a3 57 4e 9c 23
[  445.605237]          1d 50 54 21 08 00 01 01 01 01 01 01 01 01 01 01
[  445.605238]          01 01 01 07 01 01 91 26 4f ff ff ff ff ff ff ff
[  445.605239]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.605240]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.605240]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.605241]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.606369] [drm:amdgpu_connector_dvi_detect [amdgpu]] *ERROR* HDMI-A-1:
probed a monitor but no|invalid EDID




 # reboot

INIT: Sending processes the KILL signal
[  521.758143] BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
[  521.765999] IP: [<ffffffff8116984d>] set_root+0x1d/0xa0
[  521.771242] PGD 0 [  521.773080] 
[  521.774580] Oops: 0000 [#1] SMP
[  521.777717] Modules linked in: amdgpu blackmagic_io(PO) ttm backlight
hid_sony led_class
[  521.785920] CPU: 2 PID: 3694 Comm: hyperflow-engin Tainted: P           O   
4.9.6-gentoo-r1 #1
[  521.794610] Hardware name: BIOSTAR Group A68N-5200/A68N-5200, BIOS 4.6.5
09/03/2015
[  521.802255] task: ffff880225698c40 task.stack: ffffc90000db8000
[  521.808165] RIP: 0010:[<ffffffff8116984d>]  [<ffffffff8116984d>]
set_root+0x1d/0xa0
[  521.815828] RSP: 0018:ffffc90000dbb688  EFLAGS: 00010202
[  521.821133] RAX: ffff880225698c40 RBX: ffffc90000dbb7c0 RCX:
ffff880225a63400
[  521.828256] RDX: ffffffff81c56e48 RSI: 0000000000000041 RDI:
ffffc90000dbb7c0
[  521.835381] RBP: ffffc90000dbb698 R08: 000000000001a980 R09:
ffff880225a63400
[  521.842505] R10: ffff880225a80026 R11: 0000000000000010 R12:
0000000000000000
[  521.849630] R13: ffff880225a8201c R14: 0000000000000001 R15:
ffff880218826d80
[  521.856755] FS:  00007fc3f57fa700(0000) GS:ffff88022ed00000(0000)
knlGS:0000000000000000
[  521.864834] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  521.870571] CR2: 0000000000000008 CR3: 0000000001a08000 CR4:
00000000000406e0
[  521.877694] Stack:
[  521.879706]  ffffc90000dbb7c0 0000000000000041 ffffc90000dbb6d8
ffffffff81169b89
[  521.887160]  ffff880220ead600 ffff880225a82000 ffffc90000dbb7c0
ffffc90000dbb8cc
[  521.894612]  0000000000000001 ffff880218826d80 ffffc90000dbb7b0
ffffffff8116c28a
[  521.902067] Call Trace:
[  521.904515]  [<ffffffff81169b89>] path_init+0x1e9/0x330
[  521.909740]  [<ffffffff8116c28a>] path_openat+0x6a/0x1480
[  521.915141]  [<ffffffff81079bdd>] ? default_wake_function+0xd/0x10
[  521.921319]  [<ffffffff8108cddd>] ? __wake_up_common+0x4d/0x80
[  521.927145]  [<ffffffff8116f189>] do_filp_open+0x79/0xd0
[  521.932467]  [<ffffffff8134f298>] ? acpi_driver_match_device+0x3d/0x5d
[  521.938991]  [<ffffffff813d67c4>] ? platform_match+0x24/0xa0
[  521.944644]  [<ffffffff81602d71>] ? klist_next+0x21/0xf0
[  521.949957]  [<ffffffff8115e5df>] file_open_name+0xdf/0x100
[  521.955529]  [<ffffffff8115e62e>] filp_open+0x2e/0x50
[  521.960573]  [<ffffffff81165561>] kernel_read_file_from_path+0x31/0x70
[  521.967092]  [<ffffffff813dffaf>] _request_firmware+0x2ef/0x5a0
[  521.973002]  [<ffffffff813e0292>] request_firmware+0x32/0x50
[  521.978654]  [<ffffffff813a9604>] drm_load_edid_firmware+0x264/0x500
[  521.985001]  [<ffffffff8139e2fc>]
drm_helper_probe_single_connector_modes+0x14c/0x4d0
[  521.992826]  [<ffffffff813aa618>]
drm_fb_helper_probe_connector_modes.isra.7+0x48/0x70
[  522.000738]  [<ffffffff813ac154>] drm_fb_helper_hotplug_event+0x94/0xd0
[  522.007343]  [<ffffffff813ac34c>]
drm_fb_helper_restore_fbdev_mode_unlocked+0x1bc/0x2a0
[  522.015381]  [<ffffffffa00efa50>] ? amdgpu_driver_postclose_kms+0x90/0xd0
[amdgpu]
[  522.022965]  [<ffffffffa01023d5>] amdgpu_fbdev_restore_mode+0x15/0x40
[amdgpu]
[  522.030199]  [<ffffffffa00ef8dd>] amdgpu_driver_lastclose_kms+0xd/0x10
[amdgpu]
[  522.037505]  [<ffffffff813b0286>] drm_lastclose+0x36/0xf0
[  522.042895]  [<ffffffff813b05e5>] drm_release+0x2a5/0x360
[  522.048288]  [<ffffffff81160f7a>] __fput+0xda/0x1e0
[  522.053167]  [<ffffffff811610b9>] ____fput+0x9/0x10
[  522.058039]  [<ffffffff8106e929>] task_work_run+0x79/0xa0
[  522.063438]  [<ffffffff8105731a>] do_exit+0x34a/0xaa0
[  522.068533]  [<ffffffffa00749ed>] ? _ZN10IOWorkLoop8openGateEv+0xd/0x10
[blackmagic_io]
[  522.076524]  [<ffffffff810588d0>] do_group_exit+0x40/0xa0
[  522.081916]  [<ffffffff81062812>] get_signal+0x272/0x5e0
[  522.087246]  [<ffffffffa004093e>] ?
_ZN15UserClientClass21getFlushedInputFramesEPcPj+0x1e/0x20 [blackmagic_io]
[  522.097233]  [<ffffffff8101bfd3>] do_signal+0x23/0x5b0
[  522.102395]  [<ffffffffa003683a>] ?
_ZN20UserClientClassLinux5ioctlEjm+0x8a/0xa0 [blackmagic_io]
[  522.111193]  [<ffffffffa002d34c>] ? bmio_client_ioctl+0xc/0x10
[blackmagic_io]
[  522.118424]  [<ffffffffa0070af5>] ? __do_global_dtors_aux+0x145/0x540
[blackmagic_io]
[  522.126251]  [<ffffffff81171fab>] ? do_vfs_ioctl+0x8b/0x5a0
[  522.131823]  [<ffffffff810ab5c5>] ? ktime_get_ts64+0x45/0xf0
[  522.137474]  [<ffffffff8100222e>] exit_to_usermode_loop+0x4e/0x80
[  522.143566]  [<ffffffff81002673>] syscall_return_slowpath+0x43/0x50
[  522.149827]  [<ffffffff81608e1f>] entry_SYSCALL_64_fastpath+0x92/0x94
[  522.156264] Code: 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 55 65 48 8b 04
25 40 c4 00 00 48 89 e5 41 54 53 f6 47 38 40 4c 8b a0 68 05 00 00 74 39 <41> 8b
4c 24 08 f6 c1 01 75 6d 49 8b 54 24 20 4
9 8b 44 24 18 48 
[  522.176216] RIP  [<ffffffff8116984d>] set_root+0x1d/0xa0
[  522.181536]  RSP <ffffc90000dbb688>
[  522.185022] CR2: 0000000000000008
[  522.188333] ---[ end trace d57bf884cf6f4e4c ]---
[  522.192944] Fixing recursive fault but reboot is needed!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20170324/5981d3b7/attachment-0001.html>

More information about the dri-devel mailing list