[jimc:wk-modhash] [dyndbg] 37e1c3e5c7: UBSAN:shift-out-of-bounds_in_lib/dynamic

All of lore.kernel.org
 help / color / mirror / Atom feed

* [jimc:wk-modhash] [dyndbg]  37e1c3e5c7: UBSAN:shift-out-of-bounds_in_lib/dynamic_debug.c
@ 2026-01-26 13:29 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2026-01-26 13:29 UTC (permalink / raw)
  To: Jim Cromie, Łukasz Bartosik; +Cc: oe-lkp, lkp, oliver.sang



Hello,

kernel test robot noticed "UBSAN:shift-out-of-bounds_in_lib/dynamic_debug.c" on:

commit: 37e1c3e5c714f09a36daac2b5c3c55b3b7f9fae4 ("dyndbg: cache the dynamic prefixes per callsite.")
https://github.com/jimc/linux.git wk-modhash

in testcase: boot

config: i386-randconfig-007-20260122
compiler: gcc-14
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202601262104.7de47c0d-lkp@intel.com



[   14.780445][  T188] ------------[ cut here ]------------
[   14.781136][  T188] UBSAN: shift-out-of-bounds in lib/dynamic_debug.c:1829:32
[   14.782062][  T188] shift exponent 56 is too large for 32-bit type 'long unsigned int'
[   14.782876][  T188] CPU: 1 UID: 0 PID: 188 Comm: modprobe Tainted: G        W           6.19.0-rc6-00045-g37e1c3e5c714 #1 PREEMPT(voluntary)  2e75ccc13652b2427b0e513c9a339818f0710a46
[   14.782881][  T188] Tainted: [W]=WARN
[   14.782882][  T188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.782887][  T188] Call Trace:
[   14.782888][  T188]  ? show_stack (arch/x86/kernel/dumpstack.c:338)
[   14.782897][  T188]  dump_stack_lvl (lib/dump_stack.c:122)
[   14.782903][  T188]  dump_stack (lib/dump_stack.c:130)
[   14.782906][  T188]  ubsan_epilogue (lib/ubsan.c:234 (discriminator 1))
[   14.782910][  T188]  __ubsan_handle_shift_out_of_bounds.cold (lib/ubsan.c:494)
[   14.782917][  T188]  ddebug_prefix_key (lib/dynamic_debug.c:1830)
[   14.782920][  T188]  ddebug_drop_cached_prefix (lib/dynamic_debug.c:1836)
[   14.782923][  T188]  ddebug_module_notify.cold (lib/dynamic_debug.c:1770 (discriminator 3) lib/dynamic_debug.c:1798 (discriminator 3))
[   14.782926][  T188]  notifier_call_chain (kernel/notifier.c:87)
[   14.782931][  T188]  blocking_notifier_call_chain (kernel/notifier.c:380 kernel/notifier.c:368)
[   14.782935][  T188]  do_init_module (kernel/module/main.c:3140)
[   14.782937][  T188]  load_module (kernel/module/main.c:3515)
[   14.782943][  T188]  init_module_from_file (kernel/module/main.c:3719)
[   14.782948][  T188]  __ia32_sys_finit_module (kernel/module/main.c:3730 kernel/module/main.c:3756 kernel/module/main.c:3740 kernel/module/main.c:3740)
[   14.782954][  T188]  ia32_sys_call (arch/x86/entry/syscall_32.c:50)
[   14.782956][  T188]  do_int80_syscall_32 (arch/x86/entry/syscall_32.c:83 (discriminator 1) arch/x86/entry/syscall_32.c:259 (discriminator 1))
[   14.782960][  T188]  entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[   14.782962][  T188] EIP: 0x37ee2092
[   14.782965][  T188] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 f8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 <c3> 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 e9                	add    %ch,%cl
   4:	90                   	nop
   5:	ff                   	(bad)
   6:	ff                   	(bad)
   7:	ff                   	(bad)
   8:	ff a3 24 00 00 00    	jmp    *0x24(%rbx)
   e:	68 30 00 00 00       	push   $0x30
  13:	e9 80 ff ff ff       	jmp    0xffffffffffffff98
  18:	ff a3 f8 ff ff ff    	jmp    *-0x8(%rbx)
  1e:	66 90                	xchg   %ax,%ax
	...
  28:	cd 80                	int    $0x80
  2a:*	c3                   	ret		<-- trapping instruction
  2b:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  32:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
  38:	8b 1c 24             	mov    (%rsp),%ebx
  3b:	c3                   	ret
  3c:	8d                   	.byte 0x8d
  3d:	b4 26                	mov    $0x26,%ah
	...

Code starting with the faulting instruction
===========================================
   0:	c3                   	ret
   1:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
   8:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
   e:	8b 1c 24             	mov    (%rsp),%ebx
  11:	c3                   	ret
  12:	8d                   	.byte 0x8d
  13:	b4 26                	mov    $0x26,%ah
	...
[   14.782967][  T188] EAX: ffffffda EBX: 00000003 ECX: 004a3214 EDX: 00000000
[   14.782969][  T188] ESI: 01ae5ef0 EDI: 01ae5530 EBP: 00000000 ESP: 3f958ca8
[   14.782970][  T188] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200216
[   14.782975][  T188] ---[ end trace ]---


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260126/202601262104.7de47c0d-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-01-26 13:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-26 13:29 [jimc:wk-modhash] [dyndbg] 37e1c3e5c7: UBSAN:shift-out-of-bounds_in_lib/dynamic_debug.c kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.