[LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default
Petr Vorel
pvorel@suse.cz
Thu Apr 16 08:40:51 CEST 2026
Hi all,
[ Cc Mimi and linux-integrity ]
> Hello,
> kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps" on:
> commit: 07d1ee54da4966c1457602dc088a8a43b29254cb ("[PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default")
> url: https://github.com/intel-lab-lkp/linux/commits/Micha-Grzelak/drm-i915-lt-align-xe3plpd-with-VS-PE-Override-layout/20260401-092928
> base: https://gitlab.freedesktop.org/drm/i915/kernel.git for-linux-next
> patch link: https://lore.kernel.org/all/20260331183332.1773886-16-michal.grzelak@intel.com/
> patch subject: [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default
> in testcase: ltp
> version:
> with following parameters:
> test: ima
> config: x86_64-rhel-9.4-ltp
> compiler: gcc-14
> test machine: 22 threads 1 sockets Intel(R) Core(TM) Ultra 9 185H @ 4.5GHz (Meteor Lake) with 32G memory
> (please refer to attached dmesg/kmsg for entire log/backtrace)
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202604150702.d409a2b6-lkp@intel.com
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com
> kern :err : [ 27.966990] [ T399] ==================================================================
> kern :err : [ 27.968126] [ T399] BUG: KASAN: slab-out-of-bounds in parse_vswing_preemph_snps+0x2dd/0x430 [i915]
> kern :err : [ 27.969712] [ T399] Read of size 4 at addr ffff8881eba2c49d by task (udev-worker)/399
> kern :err : [ 27.971135] [ T399] CPU: 4 UID: 0 PID: 399 Comm: (udev-worker) Tainted: G S 7.0.0-rc4-01496-g07d1ee54da49 #1 PREEMPT(lazy)
> kern :err : [ 27.971139] [ T399] Tainted: [S]=CPU_OUT_OF_SPEC
> kern :err : [ 27.971140] [ T399] Hardware name: ASUSTeK COMPUTER INC. NUC14RVS-B/NUC14RVSU9, BIOS RVMTL357.0047.2025.0108.1408 01/08/2025
> kern :err : [ 27.971142] [ T399] Call Trace:
> kern :err : [ 27.971144] [ T399] <TASK>
> kern :err : [ 27.971145] [ T399] dump_stack_lvl+0x47/0x70
> kern :err : [ 27.971152] [ T399] print_address_description+0x88/0x320
> kern :err : [ 27.971156] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915]
> kern :err : [ 27.971355] [ T399] print_report+0x106/0x1f4
> kern :err : [ 27.971357] [ T399] ? __virt_addr_valid+0xc4/0x230
> kern :err : [ 27.971360] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915]
> kern :err : [ 27.971533] [ T399] kasan_report+0xb5/0xf0
> kern :err : [ 27.971537] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915]
> kern :err : [ 27.971704] [ T399] parse_vswing_preemph_snps+0x2dd/0x430 [i915]
> kern :err : [ 27.971868] [ T399] intel_bios_init+0xcc1/0x14b0 [i915]
> kern :err : [ 27.972042] [ T399] ? drm_vblank_init+0x147/0x330 [drm]
> kern :err : [ 27.972105] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915]
> kern :err : [ 27.972295] [ T399] i915_driver_probe+0x209/0x9f0 [i915]
> kern :err : [ 27.972445] [ T399] ? __pfx_mutex_lock+0x10/0x10
> kern :err : [ 27.972450] [ T399] ? mutex_lock+0x91/0xf0
> kern :err : [ 27.972451] [ T399] ? __pfx_i915_driver_probe+0x10/0x10 [i915]
> kern :err : [ 27.972597] [ T399] ? drm_privacy_screen_get+0x2bf/0x370 [drm]
> kern :err : [ 27.972628] [ T399] ? intel_display_driver_probe_defer+0x41/0x70 [i915]
> kern :err : [ 27.972814] [ T399] ? i915_pci_probe+0x2ab/0x3b0 [i915]
> kern :err : [ 27.972963] [ T399] ? __pfx_i915_pci_probe+0x10/0x10 [i915]
> kern :err : [ 27.973110] [ T399] local_pci_probe+0xdb/0x1b0
> kern :err : [ 27.973114] [ T399] pci_call_probe+0x153/0x4f0
> kern :err : [ 27.973116] [ T399] ? __pfx_pci_call_probe+0x10/0x10
> kern :err : [ 27.973117] [ T399] ? __pfx__raw_spin_lock+0x10/0x10
> kern :err : [ 27.973119] [ T399] ? pci_assign_irq+0x80/0x2f0
> kern :err : [ 27.973121] [ T399] ? pci_match_device+0x38d/0x6b0
> kern :err : [ 27.973123] [ T399] ? kernfs_create_link+0x164/0x230
> kern :err : [ 27.973127] [ T399] pci_device_probe+0x173/0x2f0
> kern :err : [ 27.973128] [ T399] call_driver_probe+0x62/0x1f0
> kern :err : [ 27.973132] [ T399] really_probe+0x197/0x770
> kern :err : [ 27.973134] [ T399] __driver_probe_device+0x18c/0x3b0
> kern :err : [ 27.973137] [ T399] driver_probe_device+0x4a/0x130
> kern :err : [ 27.973139] [ T399] __driver_attach+0x18c/0x4f0
> kern :err : [ 27.973141] [ T399] ? __pfx___driver_attach+0x10/0x10
> kern :err : [ 27.973143] [ T399] bus_for_each_dev+0xef/0x170
> kern :err : [ 27.973145] [ T399] ? kasan_unpoison+0x40/0x70
> kern :err : [ 27.973147] [ T399] ? __pfx_bus_for_each_dev+0x10/0x10
> kern :err : [ 27.973149] [ T399] ? __kasan_slab_alloc+0x2f/0x70
> kern :err : [ 27.973152] [ T399] ? klist_add_tail+0x132/0x270
> kern :err : [ 27.973154] [ T399] bus_add_driver+0x2a7/0x4f0
> kern :err : [ 27.973156] [ T399] driver_register+0x1a1/0x370
> kern :err : [ 27.973158] [ T399] i915_init+0x57/0x160 [i915]
> kern :err : [ 27.973307] [ T399] ? __pfx_i915_init+0x10/0x10 [i915]
> kern :err : [ 27.973453] [ T399] do_one_initcall+0x8d/0x3f0
> kern :err : [ 27.973455] [ T399] ? __pfx_do_one_initcall+0x10/0x10
> kern :err : [ 27.973457] [ T399] ? kasan_unpoison+0x3b/0x70
> kern :err : [ 27.973458] [ T399] ? kasan_unpoison+0x40/0x70
> kern :err : [ 27.973460] [ T399] do_init_module+0x281/0x830
> kern :err : [ 27.973463] [ T399] ? __pfx_do_init_module+0x10/0x10
> kern :err : [ 27.973464] [ T399] ? kfree+0x195/0x430
> kern :err : [ 27.973467] [ T399] load_module+0x173d/0x2070
> kern :err : [ 27.973469] [ T399] ? ima_post_read_file+0x18f/0x230
I'm surprised, but indeed it's could be triggered by IMA.
Looking at full dmesg [1] I'm surprised that this is triggered before tests are
actually run and there is no IMA specific kernel command line parameter. That
means that error is not related to any LTP test.
Is it always reproducible or just a random glitch?
ima_post_read_file() is a part of IMA core therefore issue might be not related
to any config, but just FYI kernel config [2].
Kind regards,
Petr
[1] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/kmsg.xz
[2] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/config-7.0.0-rc4-01496-g07d1ee54da49
> kern :err : [ 27.973474] [ T399] ? __pfx_load_module+0x10/0x10
> kern :err : [ 27.973476] [ T399] ? security_kernel_post_read_file+0x35/0xf0
> kern :err : [ 27.973479] [ T399] ? __pfx_kernel_read_file+0x10/0x10
> kern :err : [ 27.973483] [ T399] ? __pfx_current_time+0x10/0x10
> kern :err : [ 27.973486] [ T399] ? init_module_from_file+0x157/0x1b0
> kern :err : [ 27.973487] [ T399] init_module_from_file+0x157/0x1b0
> kern :err : [ 27.973489] [ T399] ? __pfx_init_module_from_file+0x10/0x10
> kern :err : [ 27.973491] [ T399] ? touch_atime+0x1bc/0x4f0
> kern :err : [ 27.973493] [ T399] ? _raw_spin_lock+0x80/0xf0
> kern :err : [ 27.973494] [ T399] ? __pfx__raw_spin_lock+0x10/0x10
> kern :err : [ 27.973496] [ T399] ? __pfx_filemap_read+0x10/0x10
> kern :err : [ 27.973498] [ T399] ? do_sys_openat2+0xeb/0x170
> kern :err : [ 27.973501] [ T399] idempotent_init_module+0x21c/0x770
> kern :err : [ 27.973503] [ T399] ? __pfx_idempotent_init_module+0x10/0x10
> kern :err : [ 27.973505] [ T399] ? fdget+0x54/0x3b0
> kern :err : [ 27.973506] [ T399] ? security_capable+0x35/0xf0
> kern :err : [ 27.973509] [ T399] __x64_sys_finit_module+0xca/0x170
> kern :err : [ 27.973511] [ T399] do_syscall_64+0x108/0x5b0
> kern :err : [ 27.973513] [ T399] ? vfs_read+0x3be/0x9b0
> kern :err : [ 27.973514] [ T399] ? vfs_read+0x3be/0x9b0
> kern :err : [ 27.973516] [ T399] ? __pfx_vfs_read+0x10/0x10
> kern :err : [ 27.973517] [ T399] ? __pfx__raw_spin_lock+0x10/0x10
> kern :err : [ 27.973519] [ T399] ? fdget+0x54/0x3b0
> kern :err : [ 27.973520] [ T399] ? __pfx___seccomp_filter+0x10/0x10
> kern :err : [ 27.973523] [ T399] ? __x64_sys_pread64+0x18d/0x1f0
> kern :err : [ 27.973525] [ T399] ? __pfx___x64_sys_pread64+0x10/0x10
> kern :err : [ 27.973526] [ T399] ? fdget+0x54/0x3b0
> kern :err : [ 27.973528] [ T399] ? security_capable+0x35/0xf0
> kern :err : [ 27.973530] [ T399] ? do_syscall_64+0x140/0x5b0
> kern :err : [ 27.973531] [ T399] ? arch_exit_to_user_mode_prepare+0x9e/0xf0
> kern :err : [ 27.973533] [ T399] ? do_syscall_64+0x140/0x5b0
> kern :err : [ 27.973534] [ T399] ? __x64_sys_openat+0x104/0x1f0
> kern :err : [ 27.973536] [ T399] ? __pfx___x64_sys_openat+0x10/0x10
> kern :err : [ 27.973538] [ T399] ? do_syscall_64+0x140/0x5b0
> kern :err : [ 27.973540] [ T399] ? do_syscall_64+0x140/0x5b0
> kern :err : [ 27.973541] [ T399] ? irqentry_exit+0x76/0x4f0
> kern :err : [ 27.973544] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e
> kern :err : [ 27.973546] [ T399] RIP: 0033:0x7f3689aa8779
> kern :err : [ 27.973549] [ T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 67 76 0d 00 f7 d8 64 89 01 48
> kern :err : [ 27.973551] [ T399] RSP: 002b:00007ffca3326338 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> kern :err : [ 27.973555] [ T399] RAX: ffffffffffffffda RBX: 000055c94afdd3e0 RCX: 00007f3689aa8779
> kern :err : [ 27.973556] [ T399] RDX: 0000000000000000 RSI: 00007f36882ae44d RDI: 0000000000000053
> kern :err : [ 27.973557] [ T399] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055c94af65b30
> kern :err : [ 27.973558] [ T399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36882ae44d
> kern :err : [ 27.973559] [ T399] R13: 0000000000020000 R14: 000055c94afb65f0 R15: 0000000000000000
> kern :err : [ 27.973561] [ T399] </TASK>
> kern :err : [ 28.051757] [ T399] Allocated by task 399:
> kern :warn : [ 28.052350] [ T399] kasan_save_stack+0x1e/0x70
> kern :warn : [ 28.053001] [ T399] kasan_save_track+0x10/0x30
> kern :warn : [ 28.053646] [ T399] __kasan_kmalloc+0x8b/0xb0
> kern :warn : [ 28.054278] [ T399] __kmalloc_noprof+0x1d8/0x5f0
> kern :warn : [ 28.054944] [ T399] init_bdb_block+0x128/0xc30 [i915]
> kern :warn : [ 28.055915] [ T399] intel_bios_init+0x4de/0x14b0 [i915]
> kern :warn : [ 28.056854] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915]
> kern :warn : [ 28.057984] [ T399] i915_driver_probe+0x209/0x9f0 [i915]
> kern :warn : [ 28.058917] [ T399] local_pci_probe+0xdb/0x1b0
> kern :warn : [ 28.059565] [ T399] pci_call_probe+0x153/0x4f0
> kern :warn : [ 28.060210] [ T399] pci_device_probe+0x173/0x2f0
> kern :warn : [ 28.060878] [ T399] call_driver_probe+0x62/0x1f0
> kern :warn : [ 28.061547] [ T399] really_probe+0x197/0x770
> kern :warn : [ 28.062168] [ T399] __driver_probe_device+0x18c/0x3b0
> kern :warn : [ 28.062894] [ T399] driver_probe_device+0x4a/0x130
> kern :warn : [ 28.063587] [ T399] __driver_attach+0x18c/0x4f0
> kern :warn : [ 28.064243] [ T399] bus_for_each_dev+0xef/0x170
> kern :warn : [ 28.064898] [ T399] bus_add_driver+0x2a7/0x4f0
> kern :warn : [ 28.065543] [ T399] driver_register+0x1a1/0x370
> kern :warn : [ 28.066202] [ T399] i915_init+0x57/0x160 [i915]
> kern :warn : [ 28.067030] [ T399] do_one_initcall+0x8d/0x3f0
> kern :warn : [ 28.067677] [ T399] do_init_module+0x281/0x830
> kern :warn : [ 28.068320] [ T399] load_module+0x173d/0x2070
> kern :warn : [ 28.068951] [ T399] init_module_from_file+0x157/0x1b0
> kern :warn : [ 28.069678] [ T399] idempotent_init_module+0x21c/0x770
> kern :warn : [ 28.070417] [ T399] __x64_sys_finit_module+0xca/0x170
> kern :warn : [ 28.071143] [ T399] do_syscall_64+0x108/0x5b0
> kern :warn : [ 28.071777] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e
> kern :err : [ 28.072915] [ T399] The buggy address belongs to the object at ffff8881eba2c000
> which belongs to the cache kmalloc-2k of size 2048
> kern :err : [ 28.074832] [ T399] The buggy address is located 0 bytes to the right of
> allocated 1181-byte region [ffff8881eba2c000, ffff8881eba2c49d)
> kern :err : [ 28.077135] [ T399] The buggy address belongs to the physical page:
> kern :warn : [ 28.078017] [ T399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eba28
> kern :warn : [ 28.079226] [ T399] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
> kern :warn : [ 28.080389] [ T399] flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff)
> kern :warn : [ 28.081460] [ T399] page_type: f5(slab)
> kern :warn : [ 28.082008] [ T399] raw: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122
> kern :warn : [ 28.083180] [ T399] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
> kern :warn : [ 28.084355] [ T399] head: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122
> kern :warn : [ 28.085541] [ T399] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
> kern :warn : [ 28.086725] [ T399] head: 0017ffffc0000003 ffffea0007ae8a01 00000000ffffffff 00000000ffffffff
> kern :warn : [ 28.087909] [ T399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
> kern :warn : [ 28.089093] [ T399] page dumped because: kasan: bad access detected
> kern :err : [ 28.090297] [ T399] Memory state around the buggy address:
> kern :err : [ 28.091073] [ T399] ffff8881eba2c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> kern :err : [ 28.092175] [ T399] ffff8881eba2c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> kern :err : [ 28.093276] [ T399] >ffff8881eba2c480: 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc fc
> kern :err : [ 28.094376] [ T399] ^
> kern :err : [ 28.095041] [ T399] ffff8881eba2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> kern :err : [ 28.096145] [ T399] ffff8881eba2c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> kern :err : [ 28.097247] [ T399] ==================================================================
> kern :warn : [ 28.098668] [ T399] Disabling lock debugging due to kernel taint
More information about the ltp
mailing list