Bug#1116643: UBSAN: shift-out-of-bounds in .../drivers/gpu/drm/display/drm_dp_mst_topology.c (shift exponent -1)

[Vincent Lefevre <vincent@vinc17.net>]

On 2025-11-25 20:59:16 +0100, Salvatore Bonaccorso wrote:
> > What I did:
> >   * Earlier, the laptop was connected to a dock.
> >   * I logged out.
> >   * I disconnected the machine from the dock.
> >   * I closed the lid, which suspended the machine as expected:
> >     Sep 29 09:19:53 qaa systemd-logind[1241]: Lid closed.
> >     Sep 29 09:19:53 qaa systemd-logind[1241]: Suspending...
> > 
> > The above occurred after I opened the lid.
> 
> Assuming you can reproduce this,

Not tried yet, but this had already occurred once, with the
6.16.7+deb14-amd64 kernel:

Sep 15 02:48:08 qaa kernel: Linux version 6.16.7+deb14-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.3.0-8) 14.3.0, GNU ld (GNU Binutils for Debian) 2.45) #1 SMP PREEMPT_DYNAMIC Debian 6.16.7-1 (2025-09-11)
Sep 15 02:48:08 qaa kernel: Command line: BOOT_IMAGE=/vmlinuz-6.16.7+deb14-amd64 root=/dev/mapper/qaa--vg-root ro quiet
[...]
Sep 15 02:48:09 qaa boltd[1396]: [41ba8780-0029-WD22TB4 Thunderbolt Dock   ] connected: connected (/sys/devices/pci0000:00/0000:00:0d.2/domain0/0-0/0-1)
[...]
Sep 15 03:53:11 qaa systemd-logind[1253]: Lid closed.
Sep 15 03:53:11 qaa kernel: ACPI: button: The lid device is not compliant to SW_LID.
[...]
Sep 15 08:23:19 qaa systemd-logind[1253]: Lid opened.
[...]
Sep 15 08:23:30 qaa boltd[1396]: [41ba8780-0029-WD22TB4 Thunderbolt Dock   ] disconnected (/sys/devices/pci0000:00/0000:00:0d.2/domain0/0-0/0-1)
Sep 15 08:23:30 qaa kernel: thunderbolt 0-1: device disconnected
[...]
Sep 15 08:23:35 qaa systemd-logind[1253]: Lid closed.
Sep 15 08:23:35 qaa systemd-logind[1253]: Suspending...
[...]
Sep 15 08:23:35 qaa wpa_supplicant[1319]: nl80211: deinit ifname=wlp0s20f3 disabled_11b_rates=0
Sep 15 09:02:12 qaa kernel: Freezing user space processes
Sep 15 09:02:12 qaa kernel: Freezing user space processes completed (elapsed 0.216 seconds)
[...]
Sep 15 09:02:12 qaa systemd-logind[1253]: Lid opened.
[...]
Sep 15 09:53:02 qaa systemd-logind[1253]: Lid closed.
Sep 15 09:53:02 qaa systemd-logind[1253]: Suspending...
[...]
Sep 15 09:53:03 qaa wpa_supplicant[1319]: nl80211: deinit ifname=wlp0s20f3 disabled_11b_rates=0
Sep 15 13:17:55 qaa kernel: Freezing user space processes
Sep 15 13:17:55 qaa kernel: Freezing user space processes completed (elapsed 0.001 seconds)
Sep 15 13:17:55 qaa kernel: OOM killer disabled.
Sep 15 13:17:55 qaa kernel: Freezing remaining freezable tasks
Sep 15 13:17:55 qaa kernel: Freezing remaining freezable tasks completed (elapsed 0.001 seconds)
Sep 15 13:17:55 qaa kernel: printk: Suspending console(s) (use no_console_suspend to debug)
Sep 15 13:17:55 qaa kernel: ------------[ cut here ]------------
Sep 15 13:17:55 qaa kernel: UBSAN: shift-out-of-bounds in /build/reproducible-path/linux-6.16.7/drivers/gpu/drm/display/drm_dp_mst_topology.c:4574:36
Sep 15 13:17:55 qaa kernel: shift exponent -1 is negative
[...]

then various crashes when rebooting at 17:50:57.

Recall of the issue on September 29:

Sep 25 17:46:18 qaa kernel: Linux version 6.16.8+deb14-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.3.0-8) 14.3.0, GNU ld (GNU Binutils for Debian) 2.45) #1 SMP PREEMPT_DYNAMIC Debian 6.16.8-1 (2025-09-21)
Sep 25 17:46:18 qaa kernel: Command line: BOOT_IMAGE=/vmlinuz-6.16.8+deb14-amd64 root=/dev/mapper/qaa--vg-root ro quiet
[...]
Sep 25 17:46:19 qaa boltd[1361]: [41ba8780-0029-WD22TB4 Thunderbolt Dock   ] connected: connected (/sys/devices/pci0000:00/0000:00:0d.2/domain0/0-0/0-1)
[...]
Sep 25 17:46:38 qaa systemd-logind[1241]: Lid closed.
Sep 25 17:46:38 qaa kernel: ACPI: button: The lid device is not compliant to SW_LID.
[...]
Sep 29 09:19:16 qaa systemd-logind[1241]: Lid opened.
[...]
Sep 29 09:19:47 qaa kernel: thunderbolt 0-1: device disconnected
Sep 29 09:19:47 qaa boltd[1361]: [41ba8780-0029-WD22TB4 Thunderbolt Dock   ] disconnected (/sys/devices/pci0000:00/0000:00:0d.2/domain0/0-0/0-1)
[...]
Sep 29 09:19:53 qaa systemd-logind[1241]: Lid closed.
Sep 29 09:19:53 qaa systemd-logind[1241]: Suspending...
[...]
Sep 29 09:19:53 qaa wpa_supplicant[1297]: nl80211: deinit ifname=wlp0s20f3 disabled_11b_rates=0
Sep 29 10:00:39 qaa kernel: Freezing user space processes
Sep 29 10:00:39 qaa systemd-logind[1241]: Lid opened.
Sep 29 10:00:39 qaa rtkit-daemon[1845]: The canary thread is apparently starving. Taking action.
Sep 29 10:00:39 qaa kernel: Freezing user space processes completed (elapsed 0.001 seconds)
[...]
Sep 29 10:00:59 qaa systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
Sep 29 10:01:18 qaa lightdm[490939]: Failed to write utmpx: No such file or directory
Sep 29 10:01:18 qaa lightdm[490939]: pam_unix(lightdm:session): session closed for user vinc17
Sep 29 10:01:18 qaa systemd-logind[1241]: Session 818 logged out. Waiting for processes to exit.
[...]
Sep 29 10:01:20 qaa kernel: ------------[ cut here ]------------
Sep 29 10:01:20 qaa kernel: UBSAN: shift-out-of-bounds in /build/reproducible-path/linux-6.16.8/drivers/gpu/drm/display/drm_dp_mst_topology.c:4574:36
Sep 29 10:01:20 qaa kernel: shift exponent -1 is negative
[...]

Lines to look at:
lid (closed|opened)|thunderbolt.*connect|suspend

The only other time I did something similar later was with the
older kernel 6.7.12-amd64, and the issue did not occur.

And previously:

Jul 18 15:40:15 qaa kernel: Linux version 6.12.38+deb13-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.12.38-1 (2025-07-16)
Jul 18 15:40:15 qaa kernel: Command line: BOOT_IMAGE=/vmlinuz-6.12.38+deb13-amd64 root=/dev/mapper/qaa--vg-root ro quiet
[...]
Jul 19 08:41:15 qaa kernel: thunderbolt 0-1: device disconnected
Jul 19 08:41:15 qaa boltd[1592]: [41ba8780-0029-WD22TB4 Thunderbolt Dock   ] disconnected (/sys/devices/pci0000:00/0000:00:0d.2/domain0/0-0/0-1)
[...]
Jul 19 08:41:20 qaa systemd-logind[1450]: Lid closed.
Jul 19 08:41:20 qaa systemd-logind[1450]: Suspending...
[...]
Jul 19 08:41:21 qaa wpa_supplicant[1523]: nl80211: deinit ifname=wlp0s20f3 disabled_11b_rates=0
Jul 19 11:52:32 qaa kernel: Freezing user space processes
[...]
Jul 19 11:52:32 qaa systemd-logind[1450]: Lid opened.
[...]
Jul 28 10:30:45 qaa systemd-logind[1450]: Lid closed.
Jul 28 10:30:45 qaa systemd-logind[1450]: Suspending...
[...]
Jul 28 10:30:45 qaa kernel: Freezing user space processes
Jul 28 12:08:43 qaa kernel: Freezing user space processes completed (elapsed 0.002 seconds)
[...]
Jul 28 12:08:43 qaa boltd[1592]: [41ba8780-0029-WD22TB4 Thunderbolt Dock   ] connected: connected (/sys/devices/pci0000:00/0000:00:0d.2/domain0/0-0/0-1)
[...]
Jul 28 12:08:46 qaa systemd-logind[1450]: Lid opened.

but I got no crashes either.

> can you test the patch from
> https://lore.kernel.org/all/20251119094650.799135-1-suraj.kandpal@intel.com/
> and report back if that fixes the issue?

If I can still reproduce the issue, I hope I can try next week (this
is not very practical as there is space for only 2 initrd.img in
/boot).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)