From: kernel test robot <oliver.sang@intel.com>
To: "Jim Cromie" <jim.cromie@gmail.com>,
"Łukasz Bartosik" <ukaszb@chromium.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <oliver.sang@intel.com>
Subject: [jimc:wk-modhash] [dyndbg] 37e1c3e5c7: UBSAN:shift-out-of-bounds_in_lib/dynamic_debug.c
Date: Mon, 26 Jan 2026 21:29:34 +0800 [thread overview]
Message-ID: <202601262104.7de47c0d-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "UBSAN:shift-out-of-bounds_in_lib/dynamic_debug.c" on:
commit: 37e1c3e5c714f09a36daac2b5c3c55b3b7f9fae4 ("dyndbg: cache the dynamic prefixes per callsite.")
https://github.com/jimc/linux.git wk-modhash
in testcase: boot
config: i386-randconfig-007-20260122
compiler: gcc-14
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202601262104.7de47c0d-lkp@intel.com
[ 14.780445][ T188] ------------[ cut here ]------------
[ 14.781136][ T188] UBSAN: shift-out-of-bounds in lib/dynamic_debug.c:1829:32
[ 14.782062][ T188] shift exponent 56 is too large for 32-bit type 'long unsigned int'
[ 14.782876][ T188] CPU: 1 UID: 0 PID: 188 Comm: modprobe Tainted: G W 6.19.0-rc6-00045-g37e1c3e5c714 #1 PREEMPT(voluntary) 2e75ccc13652b2427b0e513c9a339818f0710a46
[ 14.782881][ T188] Tainted: [W]=WARN
[ 14.782882][ T188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 14.782887][ T188] Call Trace:
[ 14.782888][ T188] ? show_stack (arch/x86/kernel/dumpstack.c:338)
[ 14.782897][ T188] dump_stack_lvl (lib/dump_stack.c:122)
[ 14.782903][ T188] dump_stack (lib/dump_stack.c:130)
[ 14.782906][ T188] ubsan_epilogue (lib/ubsan.c:234 (discriminator 1))
[ 14.782910][ T188] __ubsan_handle_shift_out_of_bounds.cold (lib/ubsan.c:494)
[ 14.782917][ T188] ddebug_prefix_key (lib/dynamic_debug.c:1830)
[ 14.782920][ T188] ddebug_drop_cached_prefix (lib/dynamic_debug.c:1836)
[ 14.782923][ T188] ddebug_module_notify.cold (lib/dynamic_debug.c:1770 (discriminator 3) lib/dynamic_debug.c:1798 (discriminator 3))
[ 14.782926][ T188] notifier_call_chain (kernel/notifier.c:87)
[ 14.782931][ T188] blocking_notifier_call_chain (kernel/notifier.c:380 kernel/notifier.c:368)
[ 14.782935][ T188] do_init_module (kernel/module/main.c:3140)
[ 14.782937][ T188] load_module (kernel/module/main.c:3515)
[ 14.782943][ T188] init_module_from_file (kernel/module/main.c:3719)
[ 14.782948][ T188] __ia32_sys_finit_module (kernel/module/main.c:3730 kernel/module/main.c:3756 kernel/module/main.c:3740 kernel/module/main.c:3740)
[ 14.782954][ T188] ia32_sys_call (arch/x86/entry/syscall_32.c:50)
[ 14.782956][ T188] do_int80_syscall_32 (arch/x86/entry/syscall_32.c:83 (discriminator 1) arch/x86/entry/syscall_32.c:259 (discriminator 1))
[ 14.782960][ T188] entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 14.782962][ T188] EIP: 0x37ee2092
[ 14.782965][ T188] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 f8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 <c3> 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 e9 add %ch,%cl
4: 90 nop
5: ff (bad)
6: ff (bad)
7: ff (bad)
8: ff a3 24 00 00 00 jmp *0x24(%rbx)
e: 68 30 00 00 00 push $0x30
13: e9 80 ff ff ff jmp 0xffffffffffffff98
18: ff a3 f8 ff ff ff jmp *-0x8(%rbx)
1e: 66 90 xchg %ax,%ax
...
28: cd 80 int $0x80
2a:* c3 ret <-- trapping instruction
2b: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
32: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 ret
3c: 8d .byte 0x8d
3d: b4 26 mov $0x26,%ah
...
Code starting with the faulting instruction
===========================================
0: c3 ret
1: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
8: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 ret
12: 8d .byte 0x8d
13: b4 26 mov $0x26,%ah
...
[ 14.782967][ T188] EAX: ffffffda EBX: 00000003 ECX: 004a3214 EDX: 00000000
[ 14.782969][ T188] ESI: 01ae5ef0 EDI: 01ae5530 EBP: 00000000 ESP: 3f958ca8
[ 14.782970][ T188] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00200216
[ 14.782975][ T188] ---[ end trace ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260126/202601262104.7de47c0d-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-01-26 13:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202601262104.7de47c0d-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=jim.cromie@gmail.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=ukaszb@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox