* Re: [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default [not found] <20260331183332.1773886-16-michal.grzelak@intel.com> @ 2026-04-15 6:42 ` kernel test robot 2026-04-16 6:40 ` Petr Vorel 0 siblings, 1 reply; 5+ messages in thread From: kernel test robot @ 2026-04-15 6:42 UTC (permalink / raw) To: Michał Grzelak Cc: lkp, intel-gfx, Jani Nikula, oliver.sang, oe-lkp, Michał Grzelak, intel-xe, ltp Hello, kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps" on: commit: 07d1ee54da4966c1457602dc088a8a43b29254cb ("[PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default") url: https://github.com/intel-lab-lkp/linux/commits/Micha-Grzelak/drm-i915-lt-align-xe3plpd-with-VS-PE-Override-layout/20260401-092928 base: https://gitlab.freedesktop.org/drm/i915/kernel.git for-linux-next patch link: https://lore.kernel.org/all/20260331183332.1773886-16-michal.grzelak@intel.com/ patch subject: [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default in testcase: ltp version: with following parameters: test: ima config: x86_64-rhel-9.4-ltp compiler: gcc-14 test machine: 22 threads 1 sockets Intel(R) Core(TM) Ultra 9 185H @ 4.5GHz (Meteor Lake) with 32G memory (please refer to attached dmesg/kmsg for entire log/backtrace) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <oliver.sang@intel.com> | Closes: https://lore.kernel.org/oe-lkp/202604150702.d409a2b6-lkp@intel.com The kernel config and materials to reproduce are available at: https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com kern :err : [ 27.966990] [ T399] ================================================================== kern :err : [ 27.968126] [ T399] BUG: KASAN: slab-out-of-bounds in parse_vswing_preemph_snps+0x2dd/0x430 [i915] kern :err : [ 27.969712] [ T399] Read of size 4 at addr ffff8881eba2c49d by task (udev-worker)/399 kern :err : [ 27.971135] [ T399] CPU: 4 UID: 0 PID: 399 Comm: (udev-worker) Tainted: G S 7.0.0-rc4-01496-g07d1ee54da49 #1 PREEMPT(lazy) kern :err : [ 27.971139] [ T399] Tainted: [S]=CPU_OUT_OF_SPEC kern :err : [ 27.971140] [ T399] Hardware name: ASUSTeK COMPUTER INC. NUC14RVS-B/NUC14RVSU9, BIOS RVMTL357.0047.2025.0108.1408 01/08/2025 kern :err : [ 27.971142] [ T399] Call Trace: kern :err : [ 27.971144] [ T399] <TASK> kern :err : [ 27.971145] [ T399] dump_stack_lvl+0x47/0x70 kern :err : [ 27.971152] [ T399] print_address_description+0x88/0x320 kern :err : [ 27.971156] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] kern :err : [ 27.971355] [ T399] print_report+0x106/0x1f4 kern :err : [ 27.971357] [ T399] ? __virt_addr_valid+0xc4/0x230 kern :err : [ 27.971360] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] kern :err : [ 27.971533] [ T399] kasan_report+0xb5/0xf0 kern :err : [ 27.971537] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] kern :err : [ 27.971704] [ T399] parse_vswing_preemph_snps+0x2dd/0x430 [i915] kern :err : [ 27.971868] [ T399] intel_bios_init+0xcc1/0x14b0 [i915] kern :err : [ 27.972042] [ T399] ? drm_vblank_init+0x147/0x330 [drm] kern :err : [ 27.972105] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] kern :err : [ 27.972295] [ T399] i915_driver_probe+0x209/0x9f0 [i915] kern :err : [ 27.972445] [ T399] ? __pfx_mutex_lock+0x10/0x10 kern :err : [ 27.972450] [ T399] ? mutex_lock+0x91/0xf0 kern :err : [ 27.972451] [ T399] ? __pfx_i915_driver_probe+0x10/0x10 [i915] kern :err : [ 27.972597] [ T399] ? drm_privacy_screen_get+0x2bf/0x370 [drm] kern :err : [ 27.972628] [ T399] ? intel_display_driver_probe_defer+0x41/0x70 [i915] kern :err : [ 27.972814] [ T399] ? i915_pci_probe+0x2ab/0x3b0 [i915] kern :err : [ 27.972963] [ T399] ? __pfx_i915_pci_probe+0x10/0x10 [i915] kern :err : [ 27.973110] [ T399] local_pci_probe+0xdb/0x1b0 kern :err : [ 27.973114] [ T399] pci_call_probe+0x153/0x4f0 kern :err : [ 27.973116] [ T399] ? __pfx_pci_call_probe+0x10/0x10 kern :err : [ 27.973117] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 kern :err : [ 27.973119] [ T399] ? pci_assign_irq+0x80/0x2f0 kern :err : [ 27.973121] [ T399] ? pci_match_device+0x38d/0x6b0 kern :err : [ 27.973123] [ T399] ? kernfs_create_link+0x164/0x230 kern :err : [ 27.973127] [ T399] pci_device_probe+0x173/0x2f0 kern :err : [ 27.973128] [ T399] call_driver_probe+0x62/0x1f0 kern :err : [ 27.973132] [ T399] really_probe+0x197/0x770 kern :err : [ 27.973134] [ T399] __driver_probe_device+0x18c/0x3b0 kern :err : [ 27.973137] [ T399] driver_probe_device+0x4a/0x130 kern :err : [ 27.973139] [ T399] __driver_attach+0x18c/0x4f0 kern :err : [ 27.973141] [ T399] ? __pfx___driver_attach+0x10/0x10 kern :err : [ 27.973143] [ T399] bus_for_each_dev+0xef/0x170 kern :err : [ 27.973145] [ T399] ? kasan_unpoison+0x40/0x70 kern :err : [ 27.973147] [ T399] ? __pfx_bus_for_each_dev+0x10/0x10 kern :err : [ 27.973149] [ T399] ? __kasan_slab_alloc+0x2f/0x70 kern :err : [ 27.973152] [ T399] ? klist_add_tail+0x132/0x270 kern :err : [ 27.973154] [ T399] bus_add_driver+0x2a7/0x4f0 kern :err : [ 27.973156] [ T399] driver_register+0x1a1/0x370 kern :err : [ 27.973158] [ T399] i915_init+0x57/0x160 [i915] kern :err : [ 27.973307] [ T399] ? __pfx_i915_init+0x10/0x10 [i915] kern :err : [ 27.973453] [ T399] do_one_initcall+0x8d/0x3f0 kern :err : [ 27.973455] [ T399] ? __pfx_do_one_initcall+0x10/0x10 kern :err : [ 27.973457] [ T399] ? kasan_unpoison+0x3b/0x70 kern :err : [ 27.973458] [ T399] ? kasan_unpoison+0x40/0x70 kern :err : [ 27.973460] [ T399] do_init_module+0x281/0x830 kern :err : [ 27.973463] [ T399] ? __pfx_do_init_module+0x10/0x10 kern :err : [ 27.973464] [ T399] ? kfree+0x195/0x430 kern :err : [ 27.973467] [ T399] load_module+0x173d/0x2070 kern :err : [ 27.973469] [ T399] ? ima_post_read_file+0x18f/0x230 kern :err : [ 27.973474] [ T399] ? __pfx_load_module+0x10/0x10 kern :err : [ 27.973476] [ T399] ? security_kernel_post_read_file+0x35/0xf0 kern :err : [ 27.973479] [ T399] ? __pfx_kernel_read_file+0x10/0x10 kern :err : [ 27.973483] [ T399] ? __pfx_current_time+0x10/0x10 kern :err : [ 27.973486] [ T399] ? init_module_from_file+0x157/0x1b0 kern :err : [ 27.973487] [ T399] init_module_from_file+0x157/0x1b0 kern :err : [ 27.973489] [ T399] ? __pfx_init_module_from_file+0x10/0x10 kern :err : [ 27.973491] [ T399] ? touch_atime+0x1bc/0x4f0 kern :err : [ 27.973493] [ T399] ? _raw_spin_lock+0x80/0xf0 kern :err : [ 27.973494] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 kern :err : [ 27.973496] [ T399] ? __pfx_filemap_read+0x10/0x10 kern :err : [ 27.973498] [ T399] ? do_sys_openat2+0xeb/0x170 kern :err : [ 27.973501] [ T399] idempotent_init_module+0x21c/0x770 kern :err : [ 27.973503] [ T399] ? __pfx_idempotent_init_module+0x10/0x10 kern :err : [ 27.973505] [ T399] ? fdget+0x54/0x3b0 kern :err : [ 27.973506] [ T399] ? security_capable+0x35/0xf0 kern :err : [ 27.973509] [ T399] __x64_sys_finit_module+0xca/0x170 kern :err : [ 27.973511] [ T399] do_syscall_64+0x108/0x5b0 kern :err : [ 27.973513] [ T399] ? vfs_read+0x3be/0x9b0 kern :err : [ 27.973514] [ T399] ? vfs_read+0x3be/0x9b0 kern :err : [ 27.973516] [ T399] ? __pfx_vfs_read+0x10/0x10 kern :err : [ 27.973517] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 kern :err : [ 27.973519] [ T399] ? fdget+0x54/0x3b0 kern :err : [ 27.973520] [ T399] ? __pfx___seccomp_filter+0x10/0x10 kern :err : [ 27.973523] [ T399] ? __x64_sys_pread64+0x18d/0x1f0 kern :err : [ 27.973525] [ T399] ? __pfx___x64_sys_pread64+0x10/0x10 kern :err : [ 27.973526] [ T399] ? fdget+0x54/0x3b0 kern :err : [ 27.973528] [ T399] ? security_capable+0x35/0xf0 kern :err : [ 27.973530] [ T399] ? do_syscall_64+0x140/0x5b0 kern :err : [ 27.973531] [ T399] ? arch_exit_to_user_mode_prepare+0x9e/0xf0 kern :err : [ 27.973533] [ T399] ? do_syscall_64+0x140/0x5b0 kern :err : [ 27.973534] [ T399] ? __x64_sys_openat+0x104/0x1f0 kern :err : [ 27.973536] [ T399] ? __pfx___x64_sys_openat+0x10/0x10 kern :err : [ 27.973538] [ T399] ? do_syscall_64+0x140/0x5b0 kern :err : [ 27.973540] [ T399] ? do_syscall_64+0x140/0x5b0 kern :err : [ 27.973541] [ T399] ? irqentry_exit+0x76/0x4f0 kern :err : [ 27.973544] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e kern :err : [ 27.973546] [ T399] RIP: 0033:0x7f3689aa8779 kern :err : [ 27.973549] [ T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 67 76 0d 00 f7 d8 64 89 01 48 kern :err : [ 27.973551] [ T399] RSP: 002b:00007ffca3326338 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 kern :err : [ 27.973555] [ T399] RAX: ffffffffffffffda RBX: 000055c94afdd3e0 RCX: 00007f3689aa8779 kern :err : [ 27.973556] [ T399] RDX: 0000000000000000 RSI: 00007f36882ae44d RDI: 0000000000000053 kern :err : [ 27.973557] [ T399] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055c94af65b30 kern :err : [ 27.973558] [ T399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36882ae44d kern :err : [ 27.973559] [ T399] R13: 0000000000020000 R14: 000055c94afb65f0 R15: 0000000000000000 kern :err : [ 27.973561] [ T399] </TASK> kern :err : [ 28.051757] [ T399] Allocated by task 399: kern :warn : [ 28.052350] [ T399] kasan_save_stack+0x1e/0x70 kern :warn : [ 28.053001] [ T399] kasan_save_track+0x10/0x30 kern :warn : [ 28.053646] [ T399] __kasan_kmalloc+0x8b/0xb0 kern :warn : [ 28.054278] [ T399] __kmalloc_noprof+0x1d8/0x5f0 kern :warn : [ 28.054944] [ T399] init_bdb_block+0x128/0xc30 [i915] kern :warn : [ 28.055915] [ T399] intel_bios_init+0x4de/0x14b0 [i915] kern :warn : [ 28.056854] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] kern :warn : [ 28.057984] [ T399] i915_driver_probe+0x209/0x9f0 [i915] kern :warn : [ 28.058917] [ T399] local_pci_probe+0xdb/0x1b0 kern :warn : [ 28.059565] [ T399] pci_call_probe+0x153/0x4f0 kern :warn : [ 28.060210] [ T399] pci_device_probe+0x173/0x2f0 kern :warn : [ 28.060878] [ T399] call_driver_probe+0x62/0x1f0 kern :warn : [ 28.061547] [ T399] really_probe+0x197/0x770 kern :warn : [ 28.062168] [ T399] __driver_probe_device+0x18c/0x3b0 kern :warn : [ 28.062894] [ T399] driver_probe_device+0x4a/0x130 kern :warn : [ 28.063587] [ T399] __driver_attach+0x18c/0x4f0 kern :warn : [ 28.064243] [ T399] bus_for_each_dev+0xef/0x170 kern :warn : [ 28.064898] [ T399] bus_add_driver+0x2a7/0x4f0 kern :warn : [ 28.065543] [ T399] driver_register+0x1a1/0x370 kern :warn : [ 28.066202] [ T399] i915_init+0x57/0x160 [i915] kern :warn : [ 28.067030] [ T399] do_one_initcall+0x8d/0x3f0 kern :warn : [ 28.067677] [ T399] do_init_module+0x281/0x830 kern :warn : [ 28.068320] [ T399] load_module+0x173d/0x2070 kern :warn : [ 28.068951] [ T399] init_module_from_file+0x157/0x1b0 kern :warn : [ 28.069678] [ T399] idempotent_init_module+0x21c/0x770 kern :warn : [ 28.070417] [ T399] __x64_sys_finit_module+0xca/0x170 kern :warn : [ 28.071143] [ T399] do_syscall_64+0x108/0x5b0 kern :warn : [ 28.071777] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e kern :err : [ 28.072915] [ T399] The buggy address belongs to the object at ffff8881eba2c000 which belongs to the cache kmalloc-2k of size 2048 kern :err : [ 28.074832] [ T399] The buggy address is located 0 bytes to the right of allocated 1181-byte region [ffff8881eba2c000, ffff8881eba2c49d) kern :err : [ 28.077135] [ T399] The buggy address belongs to the physical page: kern :warn : [ 28.078017] [ T399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eba28 kern :warn : [ 28.079226] [ T399] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 kern :warn : [ 28.080389] [ T399] flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) kern :warn : [ 28.081460] [ T399] page_type: f5(slab) kern :warn : [ 28.082008] [ T399] raw: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 kern :warn : [ 28.083180] [ T399] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 kern :warn : [ 28.084355] [ T399] head: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 kern :warn : [ 28.085541] [ T399] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 kern :warn : [ 28.086725] [ T399] head: 0017ffffc0000003 ffffea0007ae8a01 00000000ffffffff 00000000ffffffff kern :warn : [ 28.087909] [ T399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 kern :warn : [ 28.089093] [ T399] page dumped because: kasan: bad access detected kern :err : [ 28.090297] [ T399] Memory state around the buggy address: kern :err : [ 28.091073] [ T399] ffff8881eba2c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 kern :err : [ 28.092175] [ T399] ffff8881eba2c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 kern :err : [ 28.093276] [ T399] >ffff8881eba2c480: 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc fc kern :err : [ 28.094376] [ T399] ^ kern :err : [ 28.095041] [ T399] ffff8881eba2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc kern :err : [ 28.096145] [ T399] ffff8881eba2c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc kern :err : [ 28.097247] [ T399] ================================================================== kern :warn : [ 28.098668] [ T399] Disabling lock debugging due to kernel taint -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default 2026-04-15 6:42 ` [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default kernel test robot @ 2026-04-16 6:40 ` Petr Vorel 2026-04-16 7:40 ` Oliver Sang 0 siblings, 1 reply; 5+ messages in thread From: Petr Vorel @ 2026-04-16 6:40 UTC (permalink / raw) To: kernel test robot Cc: lkp, intel-gfx, Jani Nikula, oe-lkp, linux-integrity, Michał Grzelak, intel-xe, ltp Hi all, [ Cc Mimi and linux-integrity ] > Hello, > kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps" on: > commit: 07d1ee54da4966c1457602dc088a8a43b29254cb ("[PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default") > url: https://github.com/intel-lab-lkp/linux/commits/Micha-Grzelak/drm-i915-lt-align-xe3plpd-with-VS-PE-Override-layout/20260401-092928 > base: https://gitlab.freedesktop.org/drm/i915/kernel.git for-linux-next > patch link: https://lore.kernel.org/all/20260331183332.1773886-16-michal.grzelak@intel.com/ > patch subject: [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default > in testcase: ltp > version: > with following parameters: > test: ima > config: x86_64-rhel-9.4-ltp > compiler: gcc-14 > test machine: 22 threads 1 sockets Intel(R) Core(TM) Ultra 9 185H @ 4.5GHz (Meteor Lake) with 32G memory > (please refer to attached dmesg/kmsg for entire log/backtrace) > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <oliver.sang@intel.com> > | Closes: https://lore.kernel.org/oe-lkp/202604150702.d409a2b6-lkp@intel.com > The kernel config and materials to reproduce are available at: > https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com > kern :err : [ 27.966990] [ T399] ================================================================== > kern :err : [ 27.968126] [ T399] BUG: KASAN: slab-out-of-bounds in parse_vswing_preemph_snps+0x2dd/0x430 [i915] > kern :err : [ 27.969712] [ T399] Read of size 4 at addr ffff8881eba2c49d by task (udev-worker)/399 > kern :err : [ 27.971135] [ T399] CPU: 4 UID: 0 PID: 399 Comm: (udev-worker) Tainted: G S 7.0.0-rc4-01496-g07d1ee54da49 #1 PREEMPT(lazy) > kern :err : [ 27.971139] [ T399] Tainted: [S]=CPU_OUT_OF_SPEC > kern :err : [ 27.971140] [ T399] Hardware name: ASUSTeK COMPUTER INC. NUC14RVS-B/NUC14RVSU9, BIOS RVMTL357.0047.2025.0108.1408 01/08/2025 > kern :err : [ 27.971142] [ T399] Call Trace: > kern :err : [ 27.971144] [ T399] <TASK> > kern :err : [ 27.971145] [ T399] dump_stack_lvl+0x47/0x70 > kern :err : [ 27.971152] [ T399] print_address_description+0x88/0x320 > kern :err : [ 27.971156] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] > kern :err : [ 27.971355] [ T399] print_report+0x106/0x1f4 > kern :err : [ 27.971357] [ T399] ? __virt_addr_valid+0xc4/0x230 > kern :err : [ 27.971360] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] > kern :err : [ 27.971533] [ T399] kasan_report+0xb5/0xf0 > kern :err : [ 27.971537] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] > kern :err : [ 27.971704] [ T399] parse_vswing_preemph_snps+0x2dd/0x430 [i915] > kern :err : [ 27.971868] [ T399] intel_bios_init+0xcc1/0x14b0 [i915] > kern :err : [ 27.972042] [ T399] ? drm_vblank_init+0x147/0x330 [drm] > kern :err : [ 27.972105] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] > kern :err : [ 27.972295] [ T399] i915_driver_probe+0x209/0x9f0 [i915] > kern :err : [ 27.972445] [ T399] ? __pfx_mutex_lock+0x10/0x10 > kern :err : [ 27.972450] [ T399] ? mutex_lock+0x91/0xf0 > kern :err : [ 27.972451] [ T399] ? __pfx_i915_driver_probe+0x10/0x10 [i915] > kern :err : [ 27.972597] [ T399] ? drm_privacy_screen_get+0x2bf/0x370 [drm] > kern :err : [ 27.972628] [ T399] ? intel_display_driver_probe_defer+0x41/0x70 [i915] > kern :err : [ 27.972814] [ T399] ? i915_pci_probe+0x2ab/0x3b0 [i915] > kern :err : [ 27.972963] [ T399] ? __pfx_i915_pci_probe+0x10/0x10 [i915] > kern :err : [ 27.973110] [ T399] local_pci_probe+0xdb/0x1b0 > kern :err : [ 27.973114] [ T399] pci_call_probe+0x153/0x4f0 > kern :err : [ 27.973116] [ T399] ? __pfx_pci_call_probe+0x10/0x10 > kern :err : [ 27.973117] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 > kern :err : [ 27.973119] [ T399] ? pci_assign_irq+0x80/0x2f0 > kern :err : [ 27.973121] [ T399] ? pci_match_device+0x38d/0x6b0 > kern :err : [ 27.973123] [ T399] ? kernfs_create_link+0x164/0x230 > kern :err : [ 27.973127] [ T399] pci_device_probe+0x173/0x2f0 > kern :err : [ 27.973128] [ T399] call_driver_probe+0x62/0x1f0 > kern :err : [ 27.973132] [ T399] really_probe+0x197/0x770 > kern :err : [ 27.973134] [ T399] __driver_probe_device+0x18c/0x3b0 > kern :err : [ 27.973137] [ T399] driver_probe_device+0x4a/0x130 > kern :err : [ 27.973139] [ T399] __driver_attach+0x18c/0x4f0 > kern :err : [ 27.973141] [ T399] ? __pfx___driver_attach+0x10/0x10 > kern :err : [ 27.973143] [ T399] bus_for_each_dev+0xef/0x170 > kern :err : [ 27.973145] [ T399] ? kasan_unpoison+0x40/0x70 > kern :err : [ 27.973147] [ T399] ? __pfx_bus_for_each_dev+0x10/0x10 > kern :err : [ 27.973149] [ T399] ? __kasan_slab_alloc+0x2f/0x70 > kern :err : [ 27.973152] [ T399] ? klist_add_tail+0x132/0x270 > kern :err : [ 27.973154] [ T399] bus_add_driver+0x2a7/0x4f0 > kern :err : [ 27.973156] [ T399] driver_register+0x1a1/0x370 > kern :err : [ 27.973158] [ T399] i915_init+0x57/0x160 [i915] > kern :err : [ 27.973307] [ T399] ? __pfx_i915_init+0x10/0x10 [i915] > kern :err : [ 27.973453] [ T399] do_one_initcall+0x8d/0x3f0 > kern :err : [ 27.973455] [ T399] ? __pfx_do_one_initcall+0x10/0x10 > kern :err : [ 27.973457] [ T399] ? kasan_unpoison+0x3b/0x70 > kern :err : [ 27.973458] [ T399] ? kasan_unpoison+0x40/0x70 > kern :err : [ 27.973460] [ T399] do_init_module+0x281/0x830 > kern :err : [ 27.973463] [ T399] ? __pfx_do_init_module+0x10/0x10 > kern :err : [ 27.973464] [ T399] ? kfree+0x195/0x430 > kern :err : [ 27.973467] [ T399] load_module+0x173d/0x2070 > kern :err : [ 27.973469] [ T399] ? ima_post_read_file+0x18f/0x230 I'm surprised, but indeed it's could be triggered by IMA. Looking at full dmesg [1] I'm surprised that this is triggered before tests are actually run and there is no IMA specific kernel command line parameter. That means that error is not related to any LTP test. Is it always reproducible or just a random glitch? ima_post_read_file() is a part of IMA core therefore issue might be not related to any config, but just FYI kernel config [2]. Kind regards, Petr [1] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/kmsg.xz [2] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/config-7.0.0-rc4-01496-g07d1ee54da49 > kern :err : [ 27.973474] [ T399] ? __pfx_load_module+0x10/0x10 > kern :err : [ 27.973476] [ T399] ? security_kernel_post_read_file+0x35/0xf0 > kern :err : [ 27.973479] [ T399] ? __pfx_kernel_read_file+0x10/0x10 > kern :err : [ 27.973483] [ T399] ? __pfx_current_time+0x10/0x10 > kern :err : [ 27.973486] [ T399] ? init_module_from_file+0x157/0x1b0 > kern :err : [ 27.973487] [ T399] init_module_from_file+0x157/0x1b0 > kern :err : [ 27.973489] [ T399] ? __pfx_init_module_from_file+0x10/0x10 > kern :err : [ 27.973491] [ T399] ? touch_atime+0x1bc/0x4f0 > kern :err : [ 27.973493] [ T399] ? _raw_spin_lock+0x80/0xf0 > kern :err : [ 27.973494] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 > kern :err : [ 27.973496] [ T399] ? __pfx_filemap_read+0x10/0x10 > kern :err : [ 27.973498] [ T399] ? do_sys_openat2+0xeb/0x170 > kern :err : [ 27.973501] [ T399] idempotent_init_module+0x21c/0x770 > kern :err : [ 27.973503] [ T399] ? __pfx_idempotent_init_module+0x10/0x10 > kern :err : [ 27.973505] [ T399] ? fdget+0x54/0x3b0 > kern :err : [ 27.973506] [ T399] ? security_capable+0x35/0xf0 > kern :err : [ 27.973509] [ T399] __x64_sys_finit_module+0xca/0x170 > kern :err : [ 27.973511] [ T399] do_syscall_64+0x108/0x5b0 > kern :err : [ 27.973513] [ T399] ? vfs_read+0x3be/0x9b0 > kern :err : [ 27.973514] [ T399] ? vfs_read+0x3be/0x9b0 > kern :err : [ 27.973516] [ T399] ? __pfx_vfs_read+0x10/0x10 > kern :err : [ 27.973517] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 > kern :err : [ 27.973519] [ T399] ? fdget+0x54/0x3b0 > kern :err : [ 27.973520] [ T399] ? __pfx___seccomp_filter+0x10/0x10 > kern :err : [ 27.973523] [ T399] ? __x64_sys_pread64+0x18d/0x1f0 > kern :err : [ 27.973525] [ T399] ? __pfx___x64_sys_pread64+0x10/0x10 > kern :err : [ 27.973526] [ T399] ? fdget+0x54/0x3b0 > kern :err : [ 27.973528] [ T399] ? security_capable+0x35/0xf0 > kern :err : [ 27.973530] [ T399] ? do_syscall_64+0x140/0x5b0 > kern :err : [ 27.973531] [ T399] ? arch_exit_to_user_mode_prepare+0x9e/0xf0 > kern :err : [ 27.973533] [ T399] ? do_syscall_64+0x140/0x5b0 > kern :err : [ 27.973534] [ T399] ? __x64_sys_openat+0x104/0x1f0 > kern :err : [ 27.973536] [ T399] ? __pfx___x64_sys_openat+0x10/0x10 > kern :err : [ 27.973538] [ T399] ? do_syscall_64+0x140/0x5b0 > kern :err : [ 27.973540] [ T399] ? do_syscall_64+0x140/0x5b0 > kern :err : [ 27.973541] [ T399] ? irqentry_exit+0x76/0x4f0 > kern :err : [ 27.973544] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e > kern :err : [ 27.973546] [ T399] RIP: 0033:0x7f3689aa8779 > kern :err : [ 27.973549] [ T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 67 76 0d 00 f7 d8 64 89 01 48 > kern :err : [ 27.973551] [ T399] RSP: 002b:00007ffca3326338 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 > kern :err : [ 27.973555] [ T399] RAX: ffffffffffffffda RBX: 000055c94afdd3e0 RCX: 00007f3689aa8779 > kern :err : [ 27.973556] [ T399] RDX: 0000000000000000 RSI: 00007f36882ae44d RDI: 0000000000000053 > kern :err : [ 27.973557] [ T399] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055c94af65b30 > kern :err : [ 27.973558] [ T399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36882ae44d > kern :err : [ 27.973559] [ T399] R13: 0000000000020000 R14: 000055c94afb65f0 R15: 0000000000000000 > kern :err : [ 27.973561] [ T399] </TASK> > kern :err : [ 28.051757] [ T399] Allocated by task 399: > kern :warn : [ 28.052350] [ T399] kasan_save_stack+0x1e/0x70 > kern :warn : [ 28.053001] [ T399] kasan_save_track+0x10/0x30 > kern :warn : [ 28.053646] [ T399] __kasan_kmalloc+0x8b/0xb0 > kern :warn : [ 28.054278] [ T399] __kmalloc_noprof+0x1d8/0x5f0 > kern :warn : [ 28.054944] [ T399] init_bdb_block+0x128/0xc30 [i915] > kern :warn : [ 28.055915] [ T399] intel_bios_init+0x4de/0x14b0 [i915] > kern :warn : [ 28.056854] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] > kern :warn : [ 28.057984] [ T399] i915_driver_probe+0x209/0x9f0 [i915] > kern :warn : [ 28.058917] [ T399] local_pci_probe+0xdb/0x1b0 > kern :warn : [ 28.059565] [ T399] pci_call_probe+0x153/0x4f0 > kern :warn : [ 28.060210] [ T399] pci_device_probe+0x173/0x2f0 > kern :warn : [ 28.060878] [ T399] call_driver_probe+0x62/0x1f0 > kern :warn : [ 28.061547] [ T399] really_probe+0x197/0x770 > kern :warn : [ 28.062168] [ T399] __driver_probe_device+0x18c/0x3b0 > kern :warn : [ 28.062894] [ T399] driver_probe_device+0x4a/0x130 > kern :warn : [ 28.063587] [ T399] __driver_attach+0x18c/0x4f0 > kern :warn : [ 28.064243] [ T399] bus_for_each_dev+0xef/0x170 > kern :warn : [ 28.064898] [ T399] bus_add_driver+0x2a7/0x4f0 > kern :warn : [ 28.065543] [ T399] driver_register+0x1a1/0x370 > kern :warn : [ 28.066202] [ T399] i915_init+0x57/0x160 [i915] > kern :warn : [ 28.067030] [ T399] do_one_initcall+0x8d/0x3f0 > kern :warn : [ 28.067677] [ T399] do_init_module+0x281/0x830 > kern :warn : [ 28.068320] [ T399] load_module+0x173d/0x2070 > kern :warn : [ 28.068951] [ T399] init_module_from_file+0x157/0x1b0 > kern :warn : [ 28.069678] [ T399] idempotent_init_module+0x21c/0x770 > kern :warn : [ 28.070417] [ T399] __x64_sys_finit_module+0xca/0x170 > kern :warn : [ 28.071143] [ T399] do_syscall_64+0x108/0x5b0 > kern :warn : [ 28.071777] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e > kern :err : [ 28.072915] [ T399] The buggy address belongs to the object at ffff8881eba2c000 > which belongs to the cache kmalloc-2k of size 2048 > kern :err : [ 28.074832] [ T399] The buggy address is located 0 bytes to the right of > allocated 1181-byte region [ffff8881eba2c000, ffff8881eba2c49d) > kern :err : [ 28.077135] [ T399] The buggy address belongs to the physical page: > kern :warn : [ 28.078017] [ T399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eba28 > kern :warn : [ 28.079226] [ T399] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 > kern :warn : [ 28.080389] [ T399] flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) > kern :warn : [ 28.081460] [ T399] page_type: f5(slab) > kern :warn : [ 28.082008] [ T399] raw: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 > kern :warn : [ 28.083180] [ T399] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 > kern :warn : [ 28.084355] [ T399] head: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 > kern :warn : [ 28.085541] [ T399] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 > kern :warn : [ 28.086725] [ T399] head: 0017ffffc0000003 ffffea0007ae8a01 00000000ffffffff 00000000ffffffff > kern :warn : [ 28.087909] [ T399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 > kern :warn : [ 28.089093] [ T399] page dumped because: kasan: bad access detected > kern :err : [ 28.090297] [ T399] Memory state around the buggy address: > kern :err : [ 28.091073] [ T399] ffff8881eba2c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > kern :err : [ 28.092175] [ T399] ffff8881eba2c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > kern :err : [ 28.093276] [ T399] >ffff8881eba2c480: 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc fc > kern :err : [ 28.094376] [ T399] ^ > kern :err : [ 28.095041] [ T399] ffff8881eba2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > kern :err : [ 28.096145] [ T399] ffff8881eba2c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > kern :err : [ 28.097247] [ T399] ================================================================== > kern :warn : [ 28.098668] [ T399] Disabling lock debugging due to kernel taint -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default 2026-04-16 6:40 ` Petr Vorel @ 2026-04-16 7:40 ` Oliver Sang 2026-04-16 9:17 ` Michał Grzelak 0 siblings, 1 reply; 5+ messages in thread From: Oliver Sang @ 2026-04-16 7:40 UTC (permalink / raw) To: Petr Vorel Cc: lkp, intel-gfx, Jani Nikula, oliver.sang, oe-lkp, linux-integrity, Michał Grzelak, intel-xe, ltp hi, Petr, On Thu, Apr 16, 2026 at 08:40:51AM +0200, Petr Vorel wrote: > Hi all, > > [ Cc Mimi and linux-integrity ] > > Hello, > > > kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps" on: > > > commit: 07d1ee54da4966c1457602dc088a8a43b29254cb ("[PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default") > > url: https://github.com/intel-lab-lkp/linux/commits/Micha-Grzelak/drm-i915-lt-align-xe3plpd-with-VS-PE-Override-layout/20260401-092928 > > base: https://gitlab.freedesktop.org/drm/i915/kernel.git for-linux-next > > patch link: https://lore.kernel.org/all/20260331183332.1773886-16-michal.grzelak@intel.com/ > > patch subject: [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default > > > in testcase: ltp > > version: > > with following parameters: > > > test: ima > > > > > config: x86_64-rhel-9.4-ltp > > compiler: gcc-14 > > test machine: 22 threads 1 sockets Intel(R) Core(TM) Ultra 9 185H @ 4.5GHz (Meteor Lake) with 32G memory > > > (please refer to attached dmesg/kmsg for entire log/backtrace) > > > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > > the same patch/commit), kindly add following tags > > | Reported-by: kernel test robot <oliver.sang@intel.com> > > | Closes: https://lore.kernel.org/oe-lkp/202604150702.d409a2b6-lkp@intel.com > > > > The kernel config and materials to reproduce are available at: > > https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com > > > > kern :err : [ 27.966990] [ T399] ================================================================== > > kern :err : [ 27.968126] [ T399] BUG: KASAN: slab-out-of-bounds in parse_vswing_preemph_snps+0x2dd/0x430 [i915] > > kern :err : [ 27.969712] [ T399] Read of size 4 at addr ffff8881eba2c49d by task (udev-worker)/399 > > > kern :err : [ 27.971135] [ T399] CPU: 4 UID: 0 PID: 399 Comm: (udev-worker) Tainted: G S 7.0.0-rc4-01496-g07d1ee54da49 #1 PREEMPT(lazy) > > kern :err : [ 27.971139] [ T399] Tainted: [S]=CPU_OUT_OF_SPEC > > kern :err : [ 27.971140] [ T399] Hardware name: ASUSTeK COMPUTER INC. NUC14RVS-B/NUC14RVSU9, BIOS RVMTL357.0047.2025.0108.1408 01/08/2025 > > kern :err : [ 27.971142] [ T399] Call Trace: > > kern :err : [ 27.971144] [ T399] <TASK> > > kern :err : [ 27.971145] [ T399] dump_stack_lvl+0x47/0x70 > > kern :err : [ 27.971152] [ T399] print_address_description+0x88/0x320 > > kern :err : [ 27.971156] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] > > kern :err : [ 27.971355] [ T399] print_report+0x106/0x1f4 > > kern :err : [ 27.971357] [ T399] ? __virt_addr_valid+0xc4/0x230 > > kern :err : [ 27.971360] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] > > kern :err : [ 27.971533] [ T399] kasan_report+0xb5/0xf0 > > kern :err : [ 27.971537] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] > > kern :err : [ 27.971704] [ T399] parse_vswing_preemph_snps+0x2dd/0x430 [i915] > > kern :err : [ 27.971868] [ T399] intel_bios_init+0xcc1/0x14b0 [i915] > > kern :err : [ 27.972042] [ T399] ? drm_vblank_init+0x147/0x330 [drm] > > kern :err : [ 27.972105] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] > > kern :err : [ 27.972295] [ T399] i915_driver_probe+0x209/0x9f0 [i915] > > kern :err : [ 27.972445] [ T399] ? __pfx_mutex_lock+0x10/0x10 > > kern :err : [ 27.972450] [ T399] ? mutex_lock+0x91/0xf0 > > kern :err : [ 27.972451] [ T399] ? __pfx_i915_driver_probe+0x10/0x10 [i915] > > kern :err : [ 27.972597] [ T399] ? drm_privacy_screen_get+0x2bf/0x370 [drm] > > kern :err : [ 27.972628] [ T399] ? intel_display_driver_probe_defer+0x41/0x70 [i915] > > kern :err : [ 27.972814] [ T399] ? i915_pci_probe+0x2ab/0x3b0 [i915] > > kern :err : [ 27.972963] [ T399] ? __pfx_i915_pci_probe+0x10/0x10 [i915] > > kern :err : [ 27.973110] [ T399] local_pci_probe+0xdb/0x1b0 > > kern :err : [ 27.973114] [ T399] pci_call_probe+0x153/0x4f0 > > kern :err : [ 27.973116] [ T399] ? __pfx_pci_call_probe+0x10/0x10 > > kern :err : [ 27.973117] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 > > kern :err : [ 27.973119] [ T399] ? pci_assign_irq+0x80/0x2f0 > > kern :err : [ 27.973121] [ T399] ? pci_match_device+0x38d/0x6b0 > > kern :err : [ 27.973123] [ T399] ? kernfs_create_link+0x164/0x230 > > kern :err : [ 27.973127] [ T399] pci_device_probe+0x173/0x2f0 > > kern :err : [ 27.973128] [ T399] call_driver_probe+0x62/0x1f0 > > kern :err : [ 27.973132] [ T399] really_probe+0x197/0x770 > > kern :err : [ 27.973134] [ T399] __driver_probe_device+0x18c/0x3b0 > > kern :err : [ 27.973137] [ T399] driver_probe_device+0x4a/0x130 > > kern :err : [ 27.973139] [ T399] __driver_attach+0x18c/0x4f0 > > kern :err : [ 27.973141] [ T399] ? __pfx___driver_attach+0x10/0x10 > > kern :err : [ 27.973143] [ T399] bus_for_each_dev+0xef/0x170 > > kern :err : [ 27.973145] [ T399] ? kasan_unpoison+0x40/0x70 > > kern :err : [ 27.973147] [ T399] ? __pfx_bus_for_each_dev+0x10/0x10 > > kern :err : [ 27.973149] [ T399] ? __kasan_slab_alloc+0x2f/0x70 > > kern :err : [ 27.973152] [ T399] ? klist_add_tail+0x132/0x270 > > kern :err : [ 27.973154] [ T399] bus_add_driver+0x2a7/0x4f0 > > kern :err : [ 27.973156] [ T399] driver_register+0x1a1/0x370 > > kern :err : [ 27.973158] [ T399] i915_init+0x57/0x160 [i915] > > kern :err : [ 27.973307] [ T399] ? __pfx_i915_init+0x10/0x10 [i915] > > kern :err : [ 27.973453] [ T399] do_one_initcall+0x8d/0x3f0 > > kern :err : [ 27.973455] [ T399] ? __pfx_do_one_initcall+0x10/0x10 > > kern :err : [ 27.973457] [ T399] ? kasan_unpoison+0x3b/0x70 > > kern :err : [ 27.973458] [ T399] ? kasan_unpoison+0x40/0x70 > > kern :err : [ 27.973460] [ T399] do_init_module+0x281/0x830 > > kern :err : [ 27.973463] [ T399] ? __pfx_do_init_module+0x10/0x10 > > kern :err : [ 27.973464] [ T399] ? kfree+0x195/0x430 > > kern :err : [ 27.973467] [ T399] load_module+0x173d/0x2070 > > kern :err : [ 27.973469] [ T399] ? ima_post_read_file+0x18f/0x230 > > I'm surprised, but indeed it's could be triggered by IMA. > > Looking at full dmesg [1] I'm surprised that this is triggered before tests are > actually run and there is no IMA specific kernel command line parameter. That > means that error is not related to any LTP test. > > Is it always reproducible or just a random glitch? in our tests, it's quite persistent and clean on parent: ========================================================================================= tbox_group/testcase/rootfs/kconfig/compiler/test: igk-mtl-nuc02/ltp/debian-13-x86_64-20250902.cgz/x86_64-rhel-9.4-ltp/gcc-14/ima e3d53a63657f3213 07d1ee54da4966c1457602dc088 ---------------- --------------------------- fail:runs %reproduction fail:runs | | | :6 100% 6:6 dmesg.BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps > > ima_post_read_file() is a part of IMA core therefore issue might be not related > to any config, but just FYI kernel config [2]. > > Kind regards, > Petr > > [1] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/kmsg.xz > [2] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/config-7.0.0-rc4-01496-g07d1ee54da49 > > > kern :err : [ 27.973474] [ T399] ? __pfx_load_module+0x10/0x10 > > kern :err : [ 27.973476] [ T399] ? security_kernel_post_read_file+0x35/0xf0 > > kern :err : [ 27.973479] [ T399] ? __pfx_kernel_read_file+0x10/0x10 > > kern :err : [ 27.973483] [ T399] ? __pfx_current_time+0x10/0x10 > > kern :err : [ 27.973486] [ T399] ? init_module_from_file+0x157/0x1b0 > > kern :err : [ 27.973487] [ T399] init_module_from_file+0x157/0x1b0 > > kern :err : [ 27.973489] [ T399] ? __pfx_init_module_from_file+0x10/0x10 > > kern :err : [ 27.973491] [ T399] ? touch_atime+0x1bc/0x4f0 > > kern :err : [ 27.973493] [ T399] ? _raw_spin_lock+0x80/0xf0 > > kern :err : [ 27.973494] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 > > kern :err : [ 27.973496] [ T399] ? __pfx_filemap_read+0x10/0x10 > > kern :err : [ 27.973498] [ T399] ? do_sys_openat2+0xeb/0x170 > > kern :err : [ 27.973501] [ T399] idempotent_init_module+0x21c/0x770 > > kern :err : [ 27.973503] [ T399] ? __pfx_idempotent_init_module+0x10/0x10 > > kern :err : [ 27.973505] [ T399] ? fdget+0x54/0x3b0 > > kern :err : [ 27.973506] [ T399] ? security_capable+0x35/0xf0 > > kern :err : [ 27.973509] [ T399] __x64_sys_finit_module+0xca/0x170 > > kern :err : [ 27.973511] [ T399] do_syscall_64+0x108/0x5b0 > > kern :err : [ 27.973513] [ T399] ? vfs_read+0x3be/0x9b0 > > kern :err : [ 27.973514] [ T399] ? vfs_read+0x3be/0x9b0 > > kern :err : [ 27.973516] [ T399] ? __pfx_vfs_read+0x10/0x10 > > kern :err : [ 27.973517] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 > > kern :err : [ 27.973519] [ T399] ? fdget+0x54/0x3b0 > > kern :err : [ 27.973520] [ T399] ? __pfx___seccomp_filter+0x10/0x10 > > kern :err : [ 27.973523] [ T399] ? __x64_sys_pread64+0x18d/0x1f0 > > kern :err : [ 27.973525] [ T399] ? __pfx___x64_sys_pread64+0x10/0x10 > > kern :err : [ 27.973526] [ T399] ? fdget+0x54/0x3b0 > > kern :err : [ 27.973528] [ T399] ? security_capable+0x35/0xf0 > > kern :err : [ 27.973530] [ T399] ? do_syscall_64+0x140/0x5b0 > > kern :err : [ 27.973531] [ T399] ? arch_exit_to_user_mode_prepare+0x9e/0xf0 > > kern :err : [ 27.973533] [ T399] ? do_syscall_64+0x140/0x5b0 > > kern :err : [ 27.973534] [ T399] ? __x64_sys_openat+0x104/0x1f0 > > kern :err : [ 27.973536] [ T399] ? __pfx___x64_sys_openat+0x10/0x10 > > kern :err : [ 27.973538] [ T399] ? do_syscall_64+0x140/0x5b0 > > kern :err : [ 27.973540] [ T399] ? do_syscall_64+0x140/0x5b0 > > kern :err : [ 27.973541] [ T399] ? irqentry_exit+0x76/0x4f0 > > kern :err : [ 27.973544] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e > > kern :err : [ 27.973546] [ T399] RIP: 0033:0x7f3689aa8779 > > kern :err : [ 27.973549] [ T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 67 76 0d 00 f7 d8 64 89 01 48 > > kern :err : [ 27.973551] [ T399] RSP: 002b:00007ffca3326338 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 > > kern :err : [ 27.973555] [ T399] RAX: ffffffffffffffda RBX: 000055c94afdd3e0 RCX: 00007f3689aa8779 > > kern :err : [ 27.973556] [ T399] RDX: 0000000000000000 RSI: 00007f36882ae44d RDI: 0000000000000053 > > kern :err : [ 27.973557] [ T399] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055c94af65b30 > > kern :err : [ 27.973558] [ T399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36882ae44d > > kern :err : [ 27.973559] [ T399] R13: 0000000000020000 R14: 000055c94afb65f0 R15: 0000000000000000 > > kern :err : [ 27.973561] [ T399] </TASK> > > > kern :err : [ 28.051757] [ T399] Allocated by task 399: > > kern :warn : [ 28.052350] [ T399] kasan_save_stack+0x1e/0x70 > > kern :warn : [ 28.053001] [ T399] kasan_save_track+0x10/0x30 > > kern :warn : [ 28.053646] [ T399] __kasan_kmalloc+0x8b/0xb0 > > kern :warn : [ 28.054278] [ T399] __kmalloc_noprof+0x1d8/0x5f0 > > kern :warn : [ 28.054944] [ T399] init_bdb_block+0x128/0xc30 [i915] > > kern :warn : [ 28.055915] [ T399] intel_bios_init+0x4de/0x14b0 [i915] > > kern :warn : [ 28.056854] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] > > kern :warn : [ 28.057984] [ T399] i915_driver_probe+0x209/0x9f0 [i915] > > kern :warn : [ 28.058917] [ T399] local_pci_probe+0xdb/0x1b0 > > kern :warn : [ 28.059565] [ T399] pci_call_probe+0x153/0x4f0 > > kern :warn : [ 28.060210] [ T399] pci_device_probe+0x173/0x2f0 > > kern :warn : [ 28.060878] [ T399] call_driver_probe+0x62/0x1f0 > > kern :warn : [ 28.061547] [ T399] really_probe+0x197/0x770 > > kern :warn : [ 28.062168] [ T399] __driver_probe_device+0x18c/0x3b0 > > kern :warn : [ 28.062894] [ T399] driver_probe_device+0x4a/0x130 > > kern :warn : [ 28.063587] [ T399] __driver_attach+0x18c/0x4f0 > > kern :warn : [ 28.064243] [ T399] bus_for_each_dev+0xef/0x170 > > kern :warn : [ 28.064898] [ T399] bus_add_driver+0x2a7/0x4f0 > > kern :warn : [ 28.065543] [ T399] driver_register+0x1a1/0x370 > > kern :warn : [ 28.066202] [ T399] i915_init+0x57/0x160 [i915] > > kern :warn : [ 28.067030] [ T399] do_one_initcall+0x8d/0x3f0 > > kern :warn : [ 28.067677] [ T399] do_init_module+0x281/0x830 > > kern :warn : [ 28.068320] [ T399] load_module+0x173d/0x2070 > > kern :warn : [ 28.068951] [ T399] init_module_from_file+0x157/0x1b0 > > kern :warn : [ 28.069678] [ T399] idempotent_init_module+0x21c/0x770 > > kern :warn : [ 28.070417] [ T399] __x64_sys_finit_module+0xca/0x170 > > kern :warn : [ 28.071143] [ T399] do_syscall_64+0x108/0x5b0 > > kern :warn : [ 28.071777] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e > > > kern :err : [ 28.072915] [ T399] The buggy address belongs to the object at ffff8881eba2c000 > > which belongs to the cache kmalloc-2k of size 2048 > > kern :err : [ 28.074832] [ T399] The buggy address is located 0 bytes to the right of > > allocated 1181-byte region [ffff8881eba2c000, ffff8881eba2c49d) > > > kern :err : [ 28.077135] [ T399] The buggy address belongs to the physical page: > > kern :warn : [ 28.078017] [ T399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eba28 > > kern :warn : [ 28.079226] [ T399] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 > > kern :warn : [ 28.080389] [ T399] flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) > > kern :warn : [ 28.081460] [ T399] page_type: f5(slab) > > kern :warn : [ 28.082008] [ T399] raw: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 > > kern :warn : [ 28.083180] [ T399] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 > > kern :warn : [ 28.084355] [ T399] head: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 > > kern :warn : [ 28.085541] [ T399] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 > > kern :warn : [ 28.086725] [ T399] head: 0017ffffc0000003 ffffea0007ae8a01 00000000ffffffff 00000000ffffffff > > kern :warn : [ 28.087909] [ T399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 > > kern :warn : [ 28.089093] [ T399] page dumped because: kasan: bad access detected > > > kern :err : [ 28.090297] [ T399] Memory state around the buggy address: > > kern :err : [ 28.091073] [ T399] ffff8881eba2c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > kern :err : [ 28.092175] [ T399] ffff8881eba2c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > kern :err : [ 28.093276] [ T399] >ffff8881eba2c480: 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc fc > > kern :err : [ 28.094376] [ T399] ^ > > kern :err : [ 28.095041] [ T399] ffff8881eba2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > kern :err : [ 28.096145] [ T399] ffff8881eba2c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > kern :err : [ 28.097247] [ T399] ================================================================== > > kern :warn : [ 28.098668] [ T399] Disabling lock debugging due to kernel taint -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default 2026-04-16 7:40 ` Oliver Sang @ 2026-04-16 9:17 ` Michał Grzelak 2026-04-17 17:11 ` Petr Vorel 0 siblings, 1 reply; 5+ messages in thread From: Michał Grzelak @ 2026-04-16 9:17 UTC (permalink / raw) To: Oliver Sang Cc: lkp, intel-gfx, Jani Nikula, oe-lkp, linux-integrity, Michał Grzelak, intel-xe, ltp Hi Petr & Oliver, On Thu, 16 Apr 2026, Oliver Sang wrote: > hi, Petr, > > On Thu, Apr 16, 2026 at 08:40:51AM +0200, Petr Vorel wrote: >> Hi all, >> >> [ Cc Mimi and linux-integrity ] >>> Hello, >> >>> kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps" on: >> >>> commit: 07d1ee54da4966c1457602dc088a8a43b29254cb ("[PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default") >>> url: https://github.com/intel-lab-lkp/linux/commits/Micha-Grzelak/drm-i915-lt-align-xe3plpd-with-VS-PE-Override-layout/20260401-092928 >>> base: https://gitlab.freedesktop.org/drm/i915/kernel.git for-linux-next >>> patch link: https://lore.kernel.org/all/20260331183332.1773886-16-michal.grzelak@intel.com/ >>> patch subject: [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default >> >>> in testcase: ltp >>> version: >>> with following parameters: >> >>> test: ima >> >> >> >>> config: x86_64-rhel-9.4-ltp >>> compiler: gcc-14 >>> test machine: 22 threads 1 sockets Intel(R) Core(TM) Ultra 9 185H @ 4.5GHz (Meteor Lake) with 32G memory >> >>> (please refer to attached dmesg/kmsg for entire log/backtrace) >> >> >> >>> If you fix the issue in a separate patch/commit (i.e. not just a new version of >>> the same patch/commit), kindly add following tags >>> | Reported-by: kernel test robot <oliver.sang@intel.com> >>> | Closes: https://lore.kernel.org/oe-lkp/202604150702.d409a2b6-lkp@intel.com >> >> >>> The kernel config and materials to reproduce are available at: >>> https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com >> >> >>> kern :err : [ 27.966990] [ T399] ================================================================== >>> kern :err : [ 27.968126] [ T399] BUG: KASAN: slab-out-of-bounds in parse_vswing_preemph_snps+0x2dd/0x430 [i915] >>> kern :err : [ 27.969712] [ T399] Read of size 4 at addr ffff8881eba2c49d by task (udev-worker)/399 >> >>> kern :err : [ 27.971135] [ T399] CPU: 4 UID: 0 PID: 399 Comm: (udev-worker) Tainted: G S 7.0.0-rc4-01496-g07d1ee54da49 #1 PREEMPT(lazy) >>> kern :err : [ 27.971139] [ T399] Tainted: [S]=CPU_OUT_OF_SPEC >>> kern :err : [ 27.971140] [ T399] Hardware name: ASUSTeK COMPUTER INC. NUC14RVS-B/NUC14RVSU9, BIOS RVMTL357.0047.2025.0108.1408 01/08/2025 >>> kern :err : [ 27.971142] [ T399] Call Trace: >>> kern :err : [ 27.971144] [ T399] <TASK> >>> kern :err : [ 27.971145] [ T399] dump_stack_lvl+0x47/0x70 >>> kern :err : [ 27.971152] [ T399] print_address_description+0x88/0x320 >>> kern :err : [ 27.971156] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] >>> kern :err : [ 27.971355] [ T399] print_report+0x106/0x1f4 >>> kern :err : [ 27.971357] [ T399] ? __virt_addr_valid+0xc4/0x230 >>> kern :err : [ 27.971360] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] >>> kern :err : [ 27.971533] [ T399] kasan_report+0xb5/0xf0 >>> kern :err : [ 27.971537] [ T399] ? parse_vswing_preemph_snps+0x2dd/0x430 [i915] >>> kern :err : [ 27.971704] [ T399] parse_vswing_preemph_snps+0x2dd/0x430 [i915] >>> kern :err : [ 27.971868] [ T399] intel_bios_init+0xcc1/0x14b0 [i915] >>> kern :err : [ 27.972042] [ T399] ? drm_vblank_init+0x147/0x330 [drm] >>> kern :err : [ 27.972105] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] >>> kern :err : [ 27.972295] [ T399] i915_driver_probe+0x209/0x9f0 [i915] >>> kern :err : [ 27.972445] [ T399] ? __pfx_mutex_lock+0x10/0x10 >>> kern :err : [ 27.972450] [ T399] ? mutex_lock+0x91/0xf0 >>> kern :err : [ 27.972451] [ T399] ? __pfx_i915_driver_probe+0x10/0x10 [i915] >>> kern :err : [ 27.972597] [ T399] ? drm_privacy_screen_get+0x2bf/0x370 [drm] >>> kern :err : [ 27.972628] [ T399] ? intel_display_driver_probe_defer+0x41/0x70 [i915] >>> kern :err : [ 27.972814] [ T399] ? i915_pci_probe+0x2ab/0x3b0 [i915] >>> kern :err : [ 27.972963] [ T399] ? __pfx_i915_pci_probe+0x10/0x10 [i915] >>> kern :err : [ 27.973110] [ T399] local_pci_probe+0xdb/0x1b0 >>> kern :err : [ 27.973114] [ T399] pci_call_probe+0x153/0x4f0 >>> kern :err : [ 27.973116] [ T399] ? __pfx_pci_call_probe+0x10/0x10 >>> kern :err : [ 27.973117] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 >>> kern :err : [ 27.973119] [ T399] ? pci_assign_irq+0x80/0x2f0 >>> kern :err : [ 27.973121] [ T399] ? pci_match_device+0x38d/0x6b0 >>> kern :err : [ 27.973123] [ T399] ? kernfs_create_link+0x164/0x230 >>> kern :err : [ 27.973127] [ T399] pci_device_probe+0x173/0x2f0 >>> kern :err : [ 27.973128] [ T399] call_driver_probe+0x62/0x1f0 >>> kern :err : [ 27.973132] [ T399] really_probe+0x197/0x770 >>> kern :err : [ 27.973134] [ T399] __driver_probe_device+0x18c/0x3b0 >>> kern :err : [ 27.973137] [ T399] driver_probe_device+0x4a/0x130 >>> kern :err : [ 27.973139] [ T399] __driver_attach+0x18c/0x4f0 >>> kern :err : [ 27.973141] [ T399] ? __pfx___driver_attach+0x10/0x10 >>> kern :err : [ 27.973143] [ T399] bus_for_each_dev+0xef/0x170 >>> kern :err : [ 27.973145] [ T399] ? kasan_unpoison+0x40/0x70 >>> kern :err : [ 27.973147] [ T399] ? __pfx_bus_for_each_dev+0x10/0x10 >>> kern :err : [ 27.973149] [ T399] ? __kasan_slab_alloc+0x2f/0x70 >>> kern :err : [ 27.973152] [ T399] ? klist_add_tail+0x132/0x270 >>> kern :err : [ 27.973154] [ T399] bus_add_driver+0x2a7/0x4f0 >>> kern :err : [ 27.973156] [ T399] driver_register+0x1a1/0x370 >>> kern :err : [ 27.973158] [ T399] i915_init+0x57/0x160 [i915] >>> kern :err : [ 27.973307] [ T399] ? __pfx_i915_init+0x10/0x10 [i915] >>> kern :err : [ 27.973453] [ T399] do_one_initcall+0x8d/0x3f0 >>> kern :err : [ 27.973455] [ T399] ? __pfx_do_one_initcall+0x10/0x10 >>> kern :err : [ 27.973457] [ T399] ? kasan_unpoison+0x3b/0x70 >>> kern :err : [ 27.973458] [ T399] ? kasan_unpoison+0x40/0x70 >>> kern :err : [ 27.973460] [ T399] do_init_module+0x281/0x830 >>> kern :err : [ 27.973463] [ T399] ? __pfx_do_init_module+0x10/0x10 >>> kern :err : [ 27.973464] [ T399] ? kfree+0x195/0x430 >>> kern :err : [ 27.973467] [ T399] load_module+0x173d/0x2070 >>> kern :err : [ 27.973469] [ T399] ? ima_post_read_file+0x18f/0x230 >> >> I'm surprised, but indeed it's could be triggered by IMA. >> >> Looking at full dmesg [1] I'm surprised that this is triggered before tests are >> actually run and there is no IMA specific kernel command line parameter. That >> means that error is not related to any LTP test. >> >> Is it always reproducible or just a random glitch? > > in our tests, it's quite persistent and clean on parent: I haven't reproduced it myself, but this issue seems somewhat related with issue observed earlier by CI [1]. I would expect it to not be a random glitch but a true bug related to the series. In previous versions of the series, during parsing there was a unfortunate snippet of: + const u32 *tables = block->tables; + size_t offset = 0; + size_t row_width; + const u32 *vals; + + row_width = block->num_columns * sizeof(*tables); + + for (int idx = 0; idx < block->num_tables; idx++) { + for (int row = 0; row < num_rows; row++) { + vals = &tables[offset]; [...] + offset += row_width; + } + } Which caused hopping by 4 times more bytes than it should, because the sizeof() wasn't meant to be there. Since parsing takes place at module load, looks like it could be the issue. This seems especially convincing given that report is from parse_vswing_preemph_snps(). I have to also admit that it would be consistent with review comment from Sashiko [2]. Lastly, sadly due to poorly split commits, 15th patch from v1 turned on whole VBT #57 searching. This probably caused bisect to point at 15th patch instead of pointing at patch adding parsing code, which would clearly show that patch/es introduce/s the bug. Anyways, now the bug should be fixed in v2 [3]. [1] https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_164196v1/fi-hsw-4770/dmesg0.txt [2] https://sashiko.dev/#/patchset/20260331183332.1773886-1-michal.grzelak%40intel.com?part=5 [3] https://lore.kernel.org/intel-gfx/20260415234639.3577774-21-michal.grzelak@intel.com/ BR, Michał > ========================================================================================= > tbox_group/testcase/rootfs/kconfig/compiler/test: > igk-mtl-nuc02/ltp/debian-13-x86_64-20250902.cgz/x86_64-rhel-9.4-ltp/gcc-14/ima > > e3d53a63657f3213 07d1ee54da4966c1457602dc088 > ---------------- --------------------------- > fail:runs %reproduction fail:runs > | | | > :6 100% 6:6 dmesg.BUG:KASAN:slab-out-of-bounds_in_parse_vswing_preemph_snps > > >> >> ima_post_read_file() is a part of IMA core therefore issue might be not related >> to any config, but just FYI kernel config [2]. >> >> Kind regards, >> Petr >> >> [1] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/kmsg.xz >> [2] https://download.01.org/0day-ci/archive/20260415/202604150702.d409a2b6-lkp@intel.com/config-7.0.0-rc4-01496-g07d1ee54da49 >> >>> kern :err : [ 27.973474] [ T399] ? __pfx_load_module+0x10/0x10 >>> kern :err : [ 27.973476] [ T399] ? security_kernel_post_read_file+0x35/0xf0 >>> kern :err : [ 27.973479] [ T399] ? __pfx_kernel_read_file+0x10/0x10 >>> kern :err : [ 27.973483] [ T399] ? __pfx_current_time+0x10/0x10 >>> kern :err : [ 27.973486] [ T399] ? init_module_from_file+0x157/0x1b0 >>> kern :err : [ 27.973487] [ T399] init_module_from_file+0x157/0x1b0 >>> kern :err : [ 27.973489] [ T399] ? __pfx_init_module_from_file+0x10/0x10 >>> kern :err : [ 27.973491] [ T399] ? touch_atime+0x1bc/0x4f0 >>> kern :err : [ 27.973493] [ T399] ? _raw_spin_lock+0x80/0xf0 >>> kern :err : [ 27.973494] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 >>> kern :err : [ 27.973496] [ T399] ? __pfx_filemap_read+0x10/0x10 >>> kern :err : [ 27.973498] [ T399] ? do_sys_openat2+0xeb/0x170 >>> kern :err : [ 27.973501] [ T399] idempotent_init_module+0x21c/0x770 >>> kern :err : [ 27.973503] [ T399] ? __pfx_idempotent_init_module+0x10/0x10 >>> kern :err : [ 27.973505] [ T399] ? fdget+0x54/0x3b0 >>> kern :err : [ 27.973506] [ T399] ? security_capable+0x35/0xf0 >>> kern :err : [ 27.973509] [ T399] __x64_sys_finit_module+0xca/0x170 >>> kern :err : [ 27.973511] [ T399] do_syscall_64+0x108/0x5b0 >>> kern :err : [ 27.973513] [ T399] ? vfs_read+0x3be/0x9b0 >>> kern :err : [ 27.973514] [ T399] ? vfs_read+0x3be/0x9b0 >>> kern :err : [ 27.973516] [ T399] ? __pfx_vfs_read+0x10/0x10 >>> kern :err : [ 27.973517] [ T399] ? __pfx__raw_spin_lock+0x10/0x10 >>> kern :err : [ 27.973519] [ T399] ? fdget+0x54/0x3b0 >>> kern :err : [ 27.973520] [ T399] ? __pfx___seccomp_filter+0x10/0x10 >>> kern :err : [ 27.973523] [ T399] ? __x64_sys_pread64+0x18d/0x1f0 >>> kern :err : [ 27.973525] [ T399] ? __pfx___x64_sys_pread64+0x10/0x10 >>> kern :err : [ 27.973526] [ T399] ? fdget+0x54/0x3b0 >>> kern :err : [ 27.973528] [ T399] ? security_capable+0x35/0xf0 >>> kern :err : [ 27.973530] [ T399] ? do_syscall_64+0x140/0x5b0 >>> kern :err : [ 27.973531] [ T399] ? arch_exit_to_user_mode_prepare+0x9e/0xf0 >>> kern :err : [ 27.973533] [ T399] ? do_syscall_64+0x140/0x5b0 >>> kern :err : [ 27.973534] [ T399] ? __x64_sys_openat+0x104/0x1f0 >>> kern :err : [ 27.973536] [ T399] ? __pfx___x64_sys_openat+0x10/0x10 >>> kern :err : [ 27.973538] [ T399] ? do_syscall_64+0x140/0x5b0 >>> kern :err : [ 27.973540] [ T399] ? do_syscall_64+0x140/0x5b0 >>> kern :err : [ 27.973541] [ T399] ? irqentry_exit+0x76/0x4f0 >>> kern :err : [ 27.973544] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e >>> kern :err : [ 27.973546] [ T399] RIP: 0033:0x7f3689aa8779 >>> kern :err : [ 27.973549] [ T399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 67 76 0d 00 f7 d8 64 89 01 48 >>> kern :err : [ 27.973551] [ T399] RSP: 002b:00007ffca3326338 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 >>> kern :err : [ 27.973555] [ T399] RAX: ffffffffffffffda RBX: 000055c94afdd3e0 RCX: 00007f3689aa8779 >>> kern :err : [ 27.973556] [ T399] RDX: 0000000000000000 RSI: 00007f36882ae44d RDI: 0000000000000053 >>> kern :err : [ 27.973557] [ T399] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055c94af65b30 >>> kern :err : [ 27.973558] [ T399] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36882ae44d >>> kern :err : [ 27.973559] [ T399] R13: 0000000000020000 R14: 000055c94afb65f0 R15: 0000000000000000 >>> kern :err : [ 27.973561] [ T399] </TASK> >> >>> kern :err : [ 28.051757] [ T399] Allocated by task 399: >>> kern :warn : [ 28.052350] [ T399] kasan_save_stack+0x1e/0x70 >>> kern :warn : [ 28.053001] [ T399] kasan_save_track+0x10/0x30 >>> kern :warn : [ 28.053646] [ T399] __kasan_kmalloc+0x8b/0xb0 >>> kern :warn : [ 28.054278] [ T399] __kmalloc_noprof+0x1d8/0x5f0 >>> kern :warn : [ 28.054944] [ T399] init_bdb_block+0x128/0xc30 [i915] >>> kern :warn : [ 28.055915] [ T399] intel_bios_init+0x4de/0x14b0 [i915] >>> kern :warn : [ 28.056854] [ T399] intel_display_driver_probe_noirq+0x8d/0x870 [i915] >>> kern :warn : [ 28.057984] [ T399] i915_driver_probe+0x209/0x9f0 [i915] >>> kern :warn : [ 28.058917] [ T399] local_pci_probe+0xdb/0x1b0 >>> kern :warn : [ 28.059565] [ T399] pci_call_probe+0x153/0x4f0 >>> kern :warn : [ 28.060210] [ T399] pci_device_probe+0x173/0x2f0 >>> kern :warn : [ 28.060878] [ T399] call_driver_probe+0x62/0x1f0 >>> kern :warn : [ 28.061547] [ T399] really_probe+0x197/0x770 >>> kern :warn : [ 28.062168] [ T399] __driver_probe_device+0x18c/0x3b0 >>> kern :warn : [ 28.062894] [ T399] driver_probe_device+0x4a/0x130 >>> kern :warn : [ 28.063587] [ T399] __driver_attach+0x18c/0x4f0 >>> kern :warn : [ 28.064243] [ T399] bus_for_each_dev+0xef/0x170 >>> kern :warn : [ 28.064898] [ T399] bus_add_driver+0x2a7/0x4f0 >>> kern :warn : [ 28.065543] [ T399] driver_register+0x1a1/0x370 >>> kern :warn : [ 28.066202] [ T399] i915_init+0x57/0x160 [i915] >>> kern :warn : [ 28.067030] [ T399] do_one_initcall+0x8d/0x3f0 >>> kern :warn : [ 28.067677] [ T399] do_init_module+0x281/0x830 >>> kern :warn : [ 28.068320] [ T399] load_module+0x173d/0x2070 >>> kern :warn : [ 28.068951] [ T399] init_module_from_file+0x157/0x1b0 >>> kern :warn : [ 28.069678] [ T399] idempotent_init_module+0x21c/0x770 >>> kern :warn : [ 28.070417] [ T399] __x64_sys_finit_module+0xca/0x170 >>> kern :warn : [ 28.071143] [ T399] do_syscall_64+0x108/0x5b0 >>> kern :warn : [ 28.071777] [ T399] entry_SYSCALL_64_after_hwframe+0x76/0x7e >> >>> kern :err : [ 28.072915] [ T399] The buggy address belongs to the object at ffff8881eba2c000 >>> which belongs to the cache kmalloc-2k of size 2048 >>> kern :err : [ 28.074832] [ T399] The buggy address is located 0 bytes to the right of >>> allocated 1181-byte region [ffff8881eba2c000, ffff8881eba2c49d) >> >>> kern :err : [ 28.077135] [ T399] The buggy address belongs to the physical page: >>> kern :warn : [ 28.078017] [ T399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eba28 >>> kern :warn : [ 28.079226] [ T399] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 >>> kern :warn : [ 28.080389] [ T399] flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) >>> kern :warn : [ 28.081460] [ T399] page_type: f5(slab) >>> kern :warn : [ 28.082008] [ T399] raw: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 >>> kern :warn : [ 28.083180] [ T399] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 >>> kern :warn : [ 28.084355] [ T399] head: 0017ffffc0000040 ffff888100042f00 dead000000000100 dead000000000122 >>> kern :warn : [ 28.085541] [ T399] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 >>> kern :warn : [ 28.086725] [ T399] head: 0017ffffc0000003 ffffea0007ae8a01 00000000ffffffff 00000000ffffffff >>> kern :warn : [ 28.087909] [ T399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 >>> kern :warn : [ 28.089093] [ T399] page dumped because: kasan: bad access detected >> >>> kern :err : [ 28.090297] [ T399] Memory state around the buggy address: >>> kern :err : [ 28.091073] [ T399] ffff8881eba2c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> kern :err : [ 28.092175] [ T399] ffff8881eba2c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> kern :err : [ 28.093276] [ T399] >ffff8881eba2c480: 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc fc >>> kern :err : [ 28.094376] [ T399] ^ >>> kern :err : [ 28.095041] [ T399] ffff8881eba2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >>> kern :err : [ 28.096145] [ T399] ffff8881eba2c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >>> kern :err : [ 28.097247] [ T399] ================================================================== >>> kern :warn : [ 28.098668] [ T399] Disabling lock debugging due to kernel taint > -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default 2026-04-16 9:17 ` Michał Grzelak @ 2026-04-17 17:11 ` Petr Vorel 0 siblings, 0 replies; 5+ messages in thread From: Petr Vorel @ 2026-04-17 17:11 UTC (permalink / raw) To: Michał Grzelak Cc: lkp, intel-gfx, Jani Nikula, Oliver Sang, oe-lkp, linux-integrity, intel-xe, ltp Hi Michał, all, > Hi Petr & Oliver, > > in our tests, it's quite persistent and clean on parent: > I haven't reproduced it myself, but this issue seems somewhat related > with issue observed earlier by CI [1]. I would expect it to not be a > random glitch but a true bug related to the series. > In previous versions of the series, during parsing there was a > unfortunate snippet of: > + const u32 *tables = block->tables; > + size_t offset = 0; > + size_t row_width; > + const u32 *vals; > + > + row_width = block->num_columns * sizeof(*tables); > + > + for (int idx = 0; idx < block->num_tables; idx++) { > + for (int row = 0; row < num_rows; row++) { > + vals = &tables[offset]; > [...] > + offset += row_width; > + } > + } > Which caused hopping by 4 times more bytes than it should, because the > sizeof() wasn't meant to be there. Since parsing takes place at module > load, looks like it could be the issue. This seems especially convincing > given that report is from parse_vswing_preemph_snps(). I have to also > admit that it would be consistent with review comment from Sashiko [2]. > Lastly, sadly due to poorly split commits, 15th patch from v1 turned on > whole VBT #57 searching. This probably caused bisect to point at 15th > patch instead of pointing at patch adding parsing code, which would > clearly show that patch/es introduce/s the bug. > Anyways, now the bug should be fixed in v2 [3]. Michał, thanks a lot for pointing pointing this out. Kind regards, Petr > [1] https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_164196v1/fi-hsw-4770/dmesg0.txt > [2] https://sashiko.dev/#/patchset/20260331183332.1773886-1-michal.grzelak%40intel.com?part=5 > [3] https://lore.kernel.org/intel-gfx/20260415234639.3577774-21-michal.grzelak@intel.com/ > BR, > Michał -- Mailing list info: https://lists.linux.it/listinfo/ltp ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-04-17 17:11 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260331183332.1773886-16-michal.grzelak@intel.com>
2026-04-15 6:42 ` [LTP] [PATCH v1 15/16] drm/i915/bios: search for VBT #57 by default kernel test robot
2026-04-16 6:40 ` Petr Vorel
2026-04-16 7:40 ` Oliver Sang
2026-04-16 9:17 ` Michał Grzelak
2026-04-17 17:11 ` Petr Vorel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox