Public bug reported: Hello, I'm hitting a bug with Ubuntu 25.10 and kernel 6.17.0-8-generic (also occurs on 6.18.0), on a server with 2 AMD EPYC 9965 processors on a Gigabyte MZ73-LM2 board. When the dw-i3c-master module is loaded, the following error occurs: [ 20.282795] dw-i3c-master AMDI0015:00: probe with driver dw-i3c-master failed with error -110 [ 22.458995] dw-i3c-master AMDI0015:01: probe with driver dw-i3c-master failed with error -110 [ 22.471317] ------------[ cut here ]------------ [ 22.471322] UBSAN: shift-out-of-bounds in /build/linux-fRGTtX/linux-6.17.0/drivers/i3c/master/dw-i3c-master.c:885:12 [ 22.483690] shift exponent 64 is too large for 64-bit type 'long unsigned int' [ 22.491964] CPU: 336 UID: 0 PID: 7528 Comm: (udev-worker) Tainted: P O 6.17.0-8-generic #8-Ubuntu PREEMPT(voluntary) [ 22.491967] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE [ 22.491969] Hardware name: Giga Computing MZ73-LM2-000/MZ73-LM2-000, BIOS R23_F43 11/28/2025 [ 22.491972] Call Trace: [ 22.491974] <TASK> [ 22.491977] show_stack+0x49/0x60 [ 22.491984] dump_stack_lvl+0x5f/0x90 [ 22.491990] dump_stack+0x10/0x18 [ 22.491992] ubsan_epilogue+0x9/0x39 [ 22.491995] __ubsan_handle_shift_out_of_bounds.cold+0xd7/0x1ab [ 22.491999] dw_i3c_master_daa.cold+0x1a/0x90 [dw_i3c_master] [ 22.492003] i3c_master_do_daa+0x2d/0x90 [i3c] [ 22.492007] i3c_master_bus_init+0x296/0x360 [i3c] [ 22.492009] i3c_master_register+0x3b3/0x540 [i3c] [ 22.492011] dw_i3c_common_probe+0x23f/0x2c0 [dw_i3c_master] [ 22.492014] dw_i3c_probe+0x30/0x50 [dw_i3c_master] [ 22.492016] platform_probe+0x3f/0xc0 [ 22.492021] ? driver_sysfs_add+0x63/0xd0 [ 22.492025] really_probe+0xf6/0x370 [ 22.492025] ? pm_runtime_barrier+0x56/0xa0 [ 22.492028] __driver_probe_device+0x8b/0x160 [ 22.492029] driver_probe_device+0x24/0xd0 [ 22.492030] ? __pfx___driver_attach+0x10/0x10 [ 22.492031] __driver_attach+0xef/0x220 [ 22.492033] ? __pfx_dw_i3c_driver_init+0x10/0x10 [dw_i3c_master] [ 22.492035] bus_for_each_dev+0x87/0xe0 [ 22.492037] driver_attach+0x1e/0x30 [ 22.492038] bus_add_driver+0x13e/0x230 [ 22.492040] ? __pfx_dw_i3c_driver_init+0x10/0x10 [dw_i3c_master] [ 22.492042] driver_register+0x75/0xf0 [ 22.492043] __platform_driver_register+0x1e/0x30 [ 22.492045] dw_i3c_driver_init+0x1c/0xff0 [dw_i3c_master] [ 22.492046] do_one_initcall+0x56/0x330 [ 22.492049] do_init_module+0x8b/0x290 [ 22.492053] load_module+0x817/0x910 [ 22.492055] init_module_from_file+0x9b/0x100 [ 22.492057] idempotent_init_module+0x10e/0x300 [ 22.492059] __x64_sys_finit_module+0x73/0xf0 [ 22.492060] ? __secure_computing+0x84/0xe0 [ 22.492064] x64_sys_call+0x1c88/0x2330 [ 22.492066] do_syscall_64+0x81/0xc90 [ 22.492070] ? handle_mm_fault+0x1e8/0x2f0 [ 22.492075] ? arch_exit_to_user_mode_prepare.isra.0+0xd/0x100 [ 22.492077] ? irqentry_exit_to_user_mode+0x2d/0x1d0 [ 22.492080] ? irqentry_exit+0x43/0x50 [ 22.492081] ? exc_page_fault+0x90/0x1b0 [ 22.492082] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 22.492084] RIP: 0033:0x73faa4d348cd [ 22.492086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 13 f5 0f 00 f7 d8 64 89 01 48 [ 22.492087] RSP: 002b:00007ffdce26dea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 22.492090] RAX: ffffffffffffffda RBX: 000062e6e38501f0 RCX: 000073faa4d348cd [ 22.492091] RDX: 0000000000000004 RSI: 000073faa4a3d336 RDI: 0000000000000059 [ 22.492092] RBP: 00007ffdce26df40 R08: 0000000000000000 R09: 000062e6e38792a0 [ 22.492093] R10: 0000000000000000 R11: 0000000000000246 R12: 000073faa4a3d336 [ 22.492093] R13: 0000000000020000 R14: 000062e6e385cd30 R15: 000062e6e3859aa0 [ 22.492094] </TASK> [ 22.492095] ---[ end trace ]--- [ 23.515650] dw-i3c-master AMDI0015:03: probe with driver dw-i3c-master failed with error -110
I have also reported the bug at [email protected] and tried some suggested patches but so far I haven't been able to find a solution, the thread is visible at https://lists.infradead.org/pipermail/linux-i3c/2025-December/003367.html It looks like the value of master->maxdevs from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/i3c/master/dw-i3c-master.c?h=v6.17#n1590 is 65535 and I don't know why. I'm attaching the full output from dmesg. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Attachment added: "dmesg" https://bugs.launchpad.net/bugs/2137235/+attachment/5936502/+files/dmesg ** Summary changed: - Kernel 6.17.0: dw-i3c-master fails to load: UBSAN: shift-out-of-bounds in drivers/i3c/master/dw-i3c-master.c:885:12 + Kernel 6.17.0: dw-i3c-master yields error on load: UBSAN: shift-out-of-bounds in drivers/i3c/master/dw-i3c-master.c:885:12 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2137235 Title: Kernel 6.17.0: dw-i3c-master yields error on load: UBSAN: shift-out- of-bounds in drivers/i3c/master/dw-i3c-master.c:885:12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2137235/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
