Uhm, probably I have found something.

In amdgpu_atombios_crtc_powergate_init() we are declaring

ENABLE_DISP_POWER_GATING_PARAMETERS_V2_1 args;

so that args is basically a 32byte struct. We are passing down this struct to
amdgpu_atom_execute_table() casting it to (uint32_t *). This address is then
assigned to (uint32_t *) ectx.ps in amdgpu_atom_execute_table_locked().

At a certain point during the execution of the code in the table with index =
75, atom_put_dst() is called with argument ATOM_ARG_PS and index == 1. So we
are doing:

ctx->ps[idx] = cpu_to_le32(val);

but being idx == 1, we are accessing over the boundaries of args, so triggering
the stack corruption.

Is this analysis correct and if it is how can we fix this?