Bug is still here... Ubuntu 22.04 jammy
Broadcom MegaRAID 9580-8i8e Linux version 6.2.0-37-generic (buildd@bos03-amd64-055) (x86_64-linux- gnu-gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #38~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 2 18:01:13 UTC 2 (Ubuntu 6.2.0-37.38~22.04.1-generic 6.2.16) ... [ 3.869311] megasas: 07.719.03.00-rc1 [ 3.869764] megaraid_sas 0000:43:00.0: BAR:0x0 BAR's base_addr(phys):0x0000028080f00000 mapped virt_addr:0x0000000065c51147 [ 3.869770] megaraid_sas 0000:43:00.0: FW now in Ready state [ 3.869775] megaraid_sas 0000:43:00.0: 63 bit DMA mask and 63 bit consistent mask [ 3.869973] megaraid_sas 0000:43:00.0: firmware supports msix : (128) [ 3.872925] megaraid_sas 0000:43:00.0: requested/available msix 72/72 poll_queue 0 [ 3.872928] ================================================================================ [ 3.872951] UBSAN: array-index-out-of-bounds in /build/linux-hwe-6.2-I50pf3/linux-hwe-6.2-6.2.0/arch/x86/include/asm/topology.h:72:28 [ 3.872979] index -1 is out of range for type 'cpumask *[1024]' [ 3.872995] CPU: 33 PID: 538 Comm: systemd-udevd Not tainted 6.2.0-37-generic #38~22.04.1-Ubuntu [ 3.872999] Hardware name: Supermicro Super Server/H12SSL-i, BIOS 2.5 09/08/2022 [ 3.873001] Call Trace: [ 3.873004] <TASK> [ 3.873007] dump_stack_lvl+0x48/0x70 [ 3.873015] dump_stack+0x10/0x20 [ 3.873018] __ubsan_handle_out_of_bounds+0xa2/0x100 [ 3.873024] ? __pfx_default_calc_sets+0x10/0x10 [ 3.873030] megasas_alloc_irq_vectors+0x215/0x220 [megaraid_sas] [ 3.873043] megasas_init_fw+0x617/0x1320 [megaraid_sas] [ 3.873057] megasas_probe_one+0x18d/0x5a0 [megaraid_sas] [ 3.873069] local_pci_probe+0x4b/0xb0 [ 3.873075] pci_call_probe+0x55/0x190 [ 3.873080] pci_device_probe+0x84/0x120 [ 3.873084] ? srso_return_thunk+0x5/0x10 [ 3.873090] really_probe+0x1ed/0x450 [ 3.873095] __driver_probe_device+0x8a/0x190 [ 3.873099] driver_probe_device+0x23/0xd0 [ 3.873102] __driver_attach+0x10f/0x220 [ 3.873106] ? __pfx___driver_attach+0x10/0x10 [ 3.873109] bus_for_each_dev+0x83/0xe0 [ 3.873114] driver_attach+0x1e/0x30 [ 3.873116] bus_add_driver+0x152/0x250 [ 3.873119] ? srso_return_thunk+0x5/0x10 [ 3.873124] driver_register+0x83/0x160 [ 3.873127] __pci_register_driver+0x68/0x80 [ 3.873131] megasas_init+0xdb/0xff0 [megaraid_sas] [ 3.873143] ? __pfx_init_module+0x10/0x10 [megaraid_sas] [ 3.873153] do_one_initcall+0x49/0x240 [ 3.873159] ? srso_return_thunk+0x5/0x10 [ 3.873162] ? kmalloc_trace+0x2a/0xb0 [ 3.873168] do_init_module+0x52/0x240 [ 3.873173] load_module+0xb96/0xd60 [ 3.873177] ? security_kernel_post_read_file+0x5c/0x80 [ 3.873183] ? srso_return_thunk+0x5/0x10 [ 3.873186] ? kernel_read_file+0x25c/0x2b0 [ 3.873194] __do_sys_finit_module+0xcc/0x150 [ 3.873197] ? srso_return_thunk+0x5/0x10 [ 3.873200] ? __do_sys_finit_module+0xcc/0x150 [ 3.873209] __x64_sys_finit_module+0x18/0x30 [ 3.873213] do_syscall_64+0x5c/0x90 [ 3.873217] ? srso_return_thunk+0x5/0x10 [ 3.873221] ? syscall_exit_to_user_mode+0x38/0x60 [ 3.873225] ? srso_return_thunk+0x5/0x10 [ 3.873229] ? do_syscall_64+0x69/0x90 [ 3.873232] ? syscall_exit_to_user_mode+0x38/0x60 [ 3.873235] ? srso_return_thunk+0x5/0x10 [ 3.873239] ? do_syscall_64+0x69/0x90 [ 3.873242] ? srso_return_thunk+0x5/0x10 [ 3.873245] ? irqentry_exit+0x43/0x50 [ 3.873249] ? srso_return_thunk+0x5/0x10 [ 3.873252] ? exc_page_fault+0x92/0x1b0 [ 3.873256] entry_SYSCALL_64_after_hwframe+0x73/0xdd [ 3.873260] RIP: 0033:0x7f0618b5da7d [ 3.873264] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 83 a3 0f 00 f7 d8 64 89 01 48 [ 3.873266] RSP: 002b:00007ffc9db735e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 3.873270] RAX: ffffffffffffffda RBX: 00005615ff4f7740 RCX: 00007f0618b5da7d [ 3.873272] RDX: 0000000000000000 RSI: 00007f0618cf4441 RDI: 0000000000000005 [ 3.873274] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007ffc9db73720 [ 3.873276] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f0618cf4441 [ 3.873278] R13: 00005615ff4f76a0 R14: 00005615ff526e60 R15: 00005615ff513f20 [ 3.873285] </TASK> [ 3.873287] ================================================================================ [ 3.873325] megaraid_sas 0000:43:00.0: current msix/online cpus : (72/64) [ 3.873327] megaraid_sas 0000:43:00.0: RDPQ mode : (enabled) [ 3.873332] megaraid_sas 0000:43:00.0: Current firmware supports maximum commands: 5101 LDIO threshold: 0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2008157 Title: [SRU][Ubuntu 22.04.1]: Observed "Array Index out of bounds" Call Trace multiple times on Ubuntu 22.04.1 OS during boot Status in linux package in Ubuntu: In Progress Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Committed Bug description: SRU Justification: [Impact] When booted into Ubuntu 22.04.1 OS after installation, observed "Array Index out of bounds" Call Trace multiple times in dmesg. Call Trace is as follow: [ 6.125704] UBSAN: array-index-out-of-bounds in /build/linux-JjvoxS/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 [ 6.125705] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' [ 6.125707] CPU: 0 PID: 18 Comm: kworker/0:1 Not tainted 5.15.0-53-generic #59-Ubuntu [ 6.125709] Hardware name: Dell Inc. , BIOS 11/08/2022 [ 6.125710] Workqueue: events work_for_cpu_fn [ 6.125716] Call Trace: [ 6.125718] <TASK> [ 6.125720] show_stack+0x52/0x5c [ 6.125725] dump_stack_lvl+0x4a/0x63 [ 6.125731] dump_stack+0x10/0x16 [ 6.125732] ubsan_epilogue+0x9/0x49 [ 6.125734] __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 6.125736] ? MR_PopulateDrvRaidMap+0x194/0x580 [megaraid_sas] [ 6.125747] mr_update_load_balance_params+0xb9/0xc0 [megaraid_sas] [ 6.125753] MR_ValidateMapInfo+0x8d/0x290 [megaraid_sas] [ 6.125757] megasas_init_adapter_fusion+0x3ce/0x420 [megaraid_sas] [ 6.125762] ? megasas_setup_reply_map+0x49/0xac [megaraid_sas] [ 6.125768] megasas_init_fw.cold+0x87c/0x10c8 [megaraid_sas] [ 6.125774] megasas_probe_one+0x15c/0x4e0 [megaraid_sas] [ 6.125779] local_pci_probe+0x48/0x90 [ 6.125783] work_for_cpu_fn+0x17/0x30 [ 6.125785] process_one_work+0x228/0x3d0 [ 6.125786] worker_thread+0x223/0x420 [ 6.125787] ? process_one_work+0x3d0/0x3d0 [ 6.125788] kthread+0x127/0x150 [ 6.125790] ? set_kthread_struct+0x50/0x50 [ 6.125791] ret_from_fork+0x1f/0x30 [ 6.125796] </TASK> [ 6.125796] ================================================================================ Steps to reproduce: 1. Connect PERC H355 controller to the system 2. Create RAID1 using drives connected to PERC Controller 3. Install Ubuntu 22.04.1 on VD 4. Boot into OS after installation 5. Multiple Call Traces of "array-index-out-of-bounds" are seen Expected Behavior: OS should boot without this Call Trace [Fix] [PATCH v3 0/6] Replace one-element arrays with flexible-array members https://lore.kernel.org/linux-hardening/cover.1660592640.git.gustavo...@kernel.org/ 48658213 scsi: megaraid_sas: Use struct_size() in code related to struct MR_PD_CFG_SEQ_NUM_SYNC 41e83026 scsi: megaraid_sas: Use struct_size() in code related to struct MR_FW_RAID_MAP ee92366a scsi: megaraid_sas: Replace one-element array with flexible- array member in MR_PD_CFG_SEQ_NUM_SYNC eeb3bab7 scsi: megaraid_sas: Replace one-element array with flexible- array member in MR_DRV_RAID_MAP 204a29a1 scsi: megaraid_sas: Replace one-element array with flexible- array member in MR_FW_RAID_MAP_DYNAMIC ac23b92b scsi: megaraid_sas: Replace one-element array with flexible- array member in MR_FW_RAID_MAP [Test Plan] 1. Connect PERC H355 controller to the system 2. Create RAID1 using drives connected to PERC Controller 3. Install Ubuntu 22.04.1 on VD 4. Boot into OS after installation OS should boot without the Call Trace listed in the Impact field [Where problems could occur] [Other Info] https://code.launchpad.net/~mreed8855/ubuntu/+source/linux/+git/jammy/+ref/array_bounds_lp_2008157 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2008157/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
