Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: linux-oem-6.5 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.5 in Ubuntu.
https://bugs.launchpad.net/bugs/2039231
Title:
UBSAN: array-index-out-of-bounds in /build/linux-
oem-6.5-XiW3QL/linux-
oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7655:12
Status in linux-oem-6.5 package in Ubuntu:
Confirmed
Bug description:
Dmesg is full of UBSAN errors to do with the mpt3sas driver when
initializing an mpt2sas device.
[ 5.012673] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:4667:12
[ 5.014521] index 1 is out of range for type
'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.015606] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.015611] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.015613] Call Trace:
[ 5.015617] <IRQ>
[ 5.015621] dump_stack_lvl+0x48/0x70
[ 5.015632] dump_stack+0x10/0x20
[ 5.015637] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.015646] _scsih_check_topo_delete_events+0x2dc/0x350 [mpt3sas]
[ 5.015698] mpt3sas_scsih_event_callback+0x21f/0x630 [mpt3sas]
[ 5.015735] _base_async_event.isra.0+0x73/0x190 [mpt3sas]
[ 5.015769] _base_process_reply_queue+0x3a0/0x720 [mpt3sas]
[ 5.015799] _base_interrupt+0x4e/0x70 [mpt3sas]
[ 5.015829] __handle_irq_event_percpu+0x4f/0x1c0
[ 5.015835] handle_irq_event+0x39/0x80
[ 5.015839] handle_edge_irq+0x8c/0x250
[ 5.015844] __common_interrupt+0x56/0x110
[ 5.015850] common_interrupt+0x9f/0xb0
[ 5.015854] </IRQ>
[ 5.015856] <TASK>
[ 5.015858] asm_common_interrupt+0x27/0x40
[ 5.015865] RIP: 0010:cpuidle_enter_state+0xda/0x720
[ 5.015872] Code: 25 07 ff e8 a8 f5 ff ff 8b 53 04 49 89 c7 0f 1f 44 00 00
31 ff e8 46 d1 05 ff 80 7d d0 00 0f 85 61 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6
0f 88 f7 01 00 00 4d 63 ee 49 83 fd 09 0f 87 19 05 00 00
[ 5.015876] RSP: 0018:ffffac24c00bbe18 EFLAGS: 00000246
[ 5.015881] RAX: 0000000000000000 RBX: ffffa0abc03beb00 RCX:
0000000000000000
[ 5.015884] RDX: 0000000000000003 RSI: 0000000000000000 RDI:
0000000000000000
[ 5.015886] RBP: ffffac24c00bbe68 R08: 0000000000000000 R09:
0000000000000000
[ 5.015888] R10: 0000000000000000 R11: 0000000000000000 R12:
ffffffffb64d1ac0
[ 5.015890] R13: 0000000000000004 R14: 0000000000000004 R15:
000000012ab445e7
[ 5.015895] ? cpuidle_enter_state+0xca/0x720
[ 5.015901] ? tick_nohz_stop_tick+0x90/0x210
[ 5.015908] cpuidle_enter+0x2e/0x50
[ 5.015912] call_cpuidle+0x23/0x60
[ 5.015918] cpuidle_idle_call+0x11d/0x190
[ 5.015922] do_idle+0x82/0xf0
[ 5.015926] cpu_startup_entry+0x1d/0x20
[ 5.015930] start_secondary+0x129/0x160
[ 5.015936] secondary_startup_64_no_verify+0x17e/0x18b
[ 5.015944] </TASK>
[ 5.015946]
================================================================================
[ 5.017993] mpt2sas_cm0: hba_port entry: 00000000fd3a54f4, port: 255 is
added to hba_port list
[ 5.018324]
================================================================================
[ 5.019566] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6810:36
[ 5.021429] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA
[1]'
[ 5.022478] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.022483] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.022486] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.022533] Call Trace:
[ 5.022536] <TASK>
[ 5.022539] dump_stack_lvl+0x48/0x70
[ 5.022547] dump_stack+0x10/0x20
[ 5.022551] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.022559] _scsih_sas_host_add+0x669/0x700 [mpt3sas]
[ 5.022597] _mpt3sas_fw_work+0x753/0xbc0 [mpt3sas]
[ 5.022633] ? raw_spin_rq_unlock+0x10/0x40
[ 5.022637] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.022642] ? __schedule+0x2d4/0x750
[ 5.022648] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.022681] process_one_work+0x240/0x450
[ 5.022688] worker_thread+0x50/0x3f0
[ 5.022693] ? __pfx_worker_thread+0x10/0x10
[ 5.022698] kthread+0xf2/0x120
[ 5.022704] ? __pfx_kthread+0x10/0x10
[ 5.022710] ret_from_fork+0x47/0x70
[ 5.022717] ? __pfx_kthread+0x10/0x10
[ 5.022722] ret_from_fork_asm+0x1b/0x30
[ 5.022728] </TASK>
[ 5.022729]
================================================================================
[ 5.025642] mpt2sas_cm0: host_add: handle(0x0001),
sas_addr(0x500062b0002d0050), phys(8)
[ 5.025919]
================================================================================
[ 5.027158] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6598:38
[ 5.029016] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA
[1]'
[ 5.030064] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.030069] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.030071] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.030108] Call Trace:
[ 5.030110] <TASK>
[ 5.030113] dump_stack_lvl+0x48/0x70
[ 5.030119] dump_stack+0x10/0x20
[ 5.030123] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.030130] _scsih_sas_host_refresh+0x51f/0x590 [mpt3sas]
[ 5.030166] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.030199] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.030234] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.030267] ? raw_spin_rq_unlock+0x10/0x40
[ 5.030271] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.030275] ? __schedule+0x2d4/0x750
[ 5.030280] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.030313] process_one_work+0x240/0x450
[ 5.030318] worker_thread+0x50/0x3f0
[ 5.030323] ? __pfx_worker_thread+0x10/0x10
[ 5.030327] kthread+0xf2/0x120
[ 5.030333] ? __pfx_kthread+0x10/0x10
[ 5.030338] ret_from_fork+0x47/0x70
[ 5.030344] ? __pfx_kthread+0x10/0x10
[ 5.030349] ret_from_fork_asm+0x1b/0x30
[ 5.030354] </TASK>
[ 5.030356]
================================================================================
[ 5.031593]
================================================================================
[ 5.032837] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6602:36
[ 5.034687] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA
[1]'
[ 5.035735] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.035739] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.035741] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.035777] Call Trace:
[ 5.035779] <TASK>
[ 5.035781] dump_stack_lvl+0x48/0x70
[ 5.035787] dump_stack+0x10/0x20
[ 5.035791] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.035798] _scsih_sas_host_refresh+0x4e7/0x590 [mpt3sas]
[ 5.035833] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.035866] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.035900] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.035933] ? raw_spin_rq_unlock+0x10/0x40
[ 5.035936] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.035940] ? __schedule+0x2d4/0x750
[ 5.035945] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.035978] process_one_work+0x240/0x450
[ 5.035983] worker_thread+0x50/0x3f0
[ 5.035988] ? __pfx_worker_thread+0x10/0x10
[ 5.035992] kthread+0xf2/0x120
[ 5.035998] ? __pfx_kthread+0x10/0x10
[ 5.036003] ret_from_fork+0x47/0x70
[ 5.036009] ? __pfx_kthread+0x10/0x10
[ 5.036014] ret_from_fork_asm+0x1b/0x30
[ 5.036019] </TASK>
[ 5.036021]
================================================================================
[ 5.037265]
================================================================================
[ 5.038503] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6619:7
[ 5.040338] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA
[1]'
[ 5.041391] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.041396] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.041398] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.041432] Call Trace:
[ 5.041434] <TASK>
[ 5.041436] dump_stack_lvl+0x48/0x70
[ 5.041441] dump_stack+0x10/0x20
[ 5.041446] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.041452] _scsih_sas_host_refresh+0x503/0x590 [mpt3sas]
[ 5.041486] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.041521] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.041564] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.041597] ? raw_spin_rq_unlock+0x10/0x40
[ 5.041600] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.041604] ? __schedule+0x2d4/0x750
[ 5.041609] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.041641] process_one_work+0x240/0x450
[ 5.041647] worker_thread+0x50/0x3f0
[ 5.041652] ? __pfx_worker_thread+0x10/0x10
[ 5.041656] kthread+0xf2/0x120
[ 5.041662] ? __pfx_kthread+0x10/0x10
[ 5.041667] ret_from_fork+0x47/0x70
[ 5.041673] ? __pfx_kthread+0x10/0x10
[ 5.041678] ret_from_fork_asm+0x1b/0x30
[ 5.041683] </TASK>
[ 5.041685]
================================================================================
[ 5.042922]
================================================================================
[ 5.044159] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6666:21
[ 5.046013] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA
[1]'
[ 5.047061] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.047064] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.047066] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.047100] Call Trace:
[ 5.047102] <TASK>
[ 5.047104] dump_stack_lvl+0x48/0x70
[ 5.047109] dump_stack+0x10/0x20
[ 5.047114] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.047120] _scsih_sas_host_refresh+0x53b/0x590 [mpt3sas]
[ 5.047154] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.047186] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.047219] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.047251] ? raw_spin_rq_unlock+0x10/0x40
[ 5.047255] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.047258] ? __schedule+0x2d4/0x750
[ 5.047264] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.047296] process_one_work+0x240/0x450
[ 5.047301] worker_thread+0x50/0x3f0
[ 5.047306] ? __pfx_worker_thread+0x10/0x10
[ 5.047310] kthread+0xf2/0x120
[ 5.047316] ? __pfx_kthread+0x10/0x10
[ 5.047321] ret_from_fork+0x47/0x70
[ 5.047327] ? __pfx_kthread+0x10/0x10
[ 5.047332] ret_from_fork_asm+0x1b/0x30
[ 5.047337] </TASK>
[ 5.047339]
================================================================================
[ 5.048587]
================================================================================
[ 5.049825] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7649:32
[ 5.051675] index 1 is out of range for type
'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.052767] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.052771] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.052773] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.052808] Call Trace:
[ 5.052809] <TASK>
[ 5.052811] dump_stack_lvl+0x48/0x70
[ 5.052817] dump_stack+0x10/0x20
[ 5.052821] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.052827] _scsih_sas_topology_change_event.isra.0+0x5ac/0x690 [mpt3sas]
[ 5.052860] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.052893] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.052925] ? raw_spin_rq_unlock+0x10/0x40
[ 5.052929] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.052932] ? __schedule+0x2d4/0x750
[ 5.052938] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.052970] process_one_work+0x240/0x450
[ 5.052975] worker_thread+0x50/0x3f0
[ 5.052980] ? __pfx_worker_thread+0x10/0x10
[ 5.052984] kthread+0xf2/0x120
[ 5.052990] ? __pfx_kthread+0x10/0x10
[ 5.052995] ret_from_fork+0x47/0x70
[ 5.053001] ? __pfx_kthread+0x10/0x10
[ 5.053006] ret_from_fork_asm+0x1b/0x30
[ 5.053011] </TASK>
[ 5.053013]
================================================================================
[ 5.054251]
================================================================================
[ 5.055489] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7651:23
[ 5.057343] index 1 is out of range for type
'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.058430] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.058434] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.058436] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.058469] Call Trace:
[ 5.058471] <TASK>
[ 5.058473] dump_stack_lvl+0x48/0x70
[ 5.058478] dump_stack+0x10/0x20
[ 5.058482] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.058489] _scsih_sas_topology_change_event.isra.0+0x587/0x690 [mpt3sas]
[ 5.058522] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.058554] ? raw_spin_rq_unlock+0x10/0x40
[ 5.058557] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.058561] ? __schedule+0x2d4/0x750
[ 5.058566] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.058598] process_one_work+0x240/0x450
[ 5.058603] worker_thread+0x50/0x3f0
[ 5.058608] ? __pfx_worker_thread+0x10/0x10
[ 5.058612] kthread+0xf2/0x120
[ 5.058618] ? __pfx_kthread+0x10/0x10
[ 5.058623] ret_from_fork+0x47/0x70
[ 5.058629] ? __pfx_kthread+0x10/0x10
[ 5.058634] ret_from_fork_asm+0x1b/0x30
[ 5.058639] </TASK>
[ 5.058641]
================================================================================
[ 5.059880]
================================================================================
[ 5.061123] UBSAN: array-index-out-of-bounds in
/build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7655:12
[ 5.062972] index 1 is out of range for type
'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.064057] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem
#4-Ubuntu
[ 5.064061] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.064063] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.064096] Call Trace:
[ 5.064098] <TASK>
[ 5.064100] dump_stack_lvl+0x48/0x70
[ 5.064105] dump_stack+0x10/0x20
[ 5.064110] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.064116] _scsih_sas_topology_change_event.isra.0+0x630/0x690 [mpt3sas]
[ 5.064161] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.064194] ? raw_spin_rq_unlock+0x10/0x40
[ 5.064198] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.064202] ? __schedule+0x2d4/0x750
[ 5.064207] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.064239] process_one_work+0x240/0x450
[ 5.064245] worker_thread+0x50/0x3f0
[ 5.064249] ? __pfx_worker_thread+0x10/0x10
[ 5.064254] kthread+0xf2/0x120
[ 5.064259] ? __pfx_kthread+0x10/0x10
[ 5.064265] ret_from_fork+0x47/0x70
[ 5.064270] ? __pfx_kthread+0x10/0x10
[ 5.064276] ret_from_fork_asm+0x1b/0x30
[ 5.064281] </TASK>
[ 5.064282]
================================================================================
[ 10.396594] mpt2sas_cm0: port enable: SUCCESS
lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
apt-cache policy linux-image-6.5.0-1004-oem
linux-image-6.5.0-1004-oem:
Installed: 6.5.0-1004.4
Candidate: 6.5.0-1004.4
Version table:
*** 6.5.0-1004.4 500
500 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64
Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-oem-6.5/+bug/2039231/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
