[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Changed in: kunpeng920 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: Fix Released Status in kunpeng920 ubuntu-18.04 series: Fix Released Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Released Status in kunpeng920 ubuntu-20.04 series: Fix Released Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.818560] worker_thread+0x70/0x670 [30293.822207] kthread+0x1b0/0x1b8 [30293.825423] ret_from_fork+0x10/0x18 [30293.828983]
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Changed in: kunpeng920/ubuntu-20.04 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: Fix Committed Status in kunpeng920 ubuntu-18.04 series: Fix Released Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Released Status in kunpeng920 ubuntu-20.04 series: Fix Released Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.818560] worker_thread+0x70/0x670 [30293.822207] kthread+0x1b0/0x1b8 [30293.825423] ret_from_fork+0x10/0x18 [
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Released for Eoan. ** Changed in: kunpeng920/ubuntu-19.10 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: Fix Committed Status in kunpeng920 ubuntu-18.04 series: Fix Released Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Released Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.818560] worker_thread+0x70/0x670 [30293.822207] kthread+0x1b0/0x1b8 [30293.825423] ret_fr
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Updating kunpeng920 18.04 series to match linux bionic series. ** Changed in: kunpeng920/ubuntu-18.04 Status: Fix Committed => Fix Released ** Changed in: kunpeng920/ubuntu-18.04 Milestone: None => ubuntu-18.04.4-sru-1 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: Fix Committed Status in kunpeng920 ubuntu-18.04 series: Fix Released Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Released Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] proce
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
This bug was fixed in the package linux - 4.15.0-88.88 --- linux (4.15.0-88.88) bionic; urgency=medium * bionic/linux: 4.15.0-88.88 -proposed tracker (LP: #1862824) * Segmentation fault (kernel oops) with memory-hotplug in ubuntu_kernel_selftests on Bionic kernel (LP: #1862312) - Revert "mm/memory_hotplug: fix online/offline_pages called w.o. mem_hotplug_lock" - mm/memory_hotplug: fix online/offline_pages called w.o. mem_hotplug_lock linux (4.15.0-87.87) bionic; urgency=medium * bionic/linux: 4.15.0-87.87 -proposed tracker (LP: #1861165) * Bionic update: upstream stable patchset 2020-01-22 (LP: #1860602) - scsi: lpfc: Fix discovery failures when target device connectivity bounces - scsi: mpt3sas: Fix clear pending bit in ioctl status - scsi: lpfc: Fix locking on mailbox command completion - Input: atmel_mxt_ts - disable IRQ across suspend - iommu/tegra-smmu: Fix page tables in > 4 GiB memory - scsi: target: compare full CHAP_A Algorithm strings - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices - scsi: csiostor: Don't enable IRQs too early - powerpc/pseries: Mark accumulate_stolen_time() as notrace - powerpc/pseries: Don't fail hash page table insert for bolted mapping - powerpc/tools: Don't quote $objdump in scripts - dma-debug: add a schedule point in debug_dma_dump_mappings() - clocksource/drivers/asm9260: Add a check for of_clk_get - powerpc/security/book3s64: Report L1TF status in sysfs - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning - ext4: update direct I/O read lock pattern for IOCB_NOWAIT - jbd2: Fix statistics for the number of logged blocks - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow - f2fs: fix to update dir's i_pino during cross_rename - clk: qcom: Allow constant ratio freq tables for rcg - irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary - irqchip: ingenic: Error out if IRQ domain creation failed - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences - scsi: ufs: fix potential bug which ends in system hang - powerpc/pseries/cmm: Implement release() function for sysfs device - powerpc/security: Fix wrong message when RFI Flush is disable - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE - clk: pxa: fix one of the pxa RTC clocks - bcache: at least try to shrink 1 node in bch_mca_scan() - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors - libnvdimm/btt: fix variable 'rc' set but not used - HID: Improve Windows Precision Touchpad detection. - scsi: pm80xx: Fix for SATA device discovery - scsi: ufs: Fix error handing during hibern8 enter - scsi: scsi_debug: num_tgts must be >= 0 - scsi: NCR5380: Add disconnect_mask module parameter - scsi: iscsi: Don't send data to unbound connection - scsi: target: iscsi: Wait for all commands to finish before freeing a session - gpio: mpc8xxx: Don't overwrite default irq_set_type callback - apparmor: fix unsigned len comparison with less than zero - scripts/kallsyms: fix definitely-lost memory leak - cdrom: respect device capabilities during opening action - perf script: Fix brstackinsn for AUXTRACE - perf regs: Make perf_reg_name() return "unknown" instead of NULL - s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR - libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h - s390/cpum_sf: Check for SDBT and SDB consistency - ocfs2: fix passing zero to 'PTR_ERR' warning - kernel: sysctl: make drop_caches write-only - userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK - x86/mce: Fix possibly incorrect severity calculation on AMD - net, sysctl: Fix compiler warning when only cBPF is present - netfilter: nf_queue: enqueue skbs with NULL dst - ALSA: hda - Downgrade error message for single-cmd fallback - bonding: fix active-backup transition after link failure - perf strbuf: Remove redundant va_end() in strbuf_addv() - Make filldir[64]() verify the directory entry filename is valid - filldir[64]: remove WARN_ON_ONCE() for bad directory entries - netfilter: ebtables: compat: reject all padding in matches/watchers - 6pack,mkiss: fix possible deadlock - netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() - inetpeer: fix data-race in inet_putpeer / inet_putpeer - net: add a READ_ONCE() in skb_peek_tail() - net: icmp: fix data-race in cmp_global_allow() - hrtimer: Annotate lockless access to timer->state - spi: fsl: don't map irq during probe - tty/serial: atmel: fix out of range clock divider handling - pinctrl: baytrail: Reall
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
This bug was fixed in the package linux - 5.3.0-40.32 --- linux (5.3.0-40.32) eoan; urgency=medium * eoan/linux: 5.3.0-40.32 -proposed tracker (LP: #1861214) * No sof soundcard for 'ASoC: CODEC DAI intel-hdmi-hifi1 not registered' after modprobe sof (LP: #1860248) - ASoC: SOF: Intel: fix HDA codec driver probe with multiple controllers * ocfs2-tools is causing kernel panics in Ubuntu Focal (Ubuntu-5.4.0-9.12) (LP: #1852122) - ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less * QAT drivers for C3XXX and C62X not included as modules (LP: #1845959) - [Config] CRYPTO_DEV_QAT_C3XXX=m, CRYPTO_DEV_QAT_C62X=m and CRYPTO_DEV_QAT_DH895xCC=m * Eoan update: upstream stable patchset 2020-01-24 (LP: #1860816) - scsi: lpfc: Fix discovery failures when target device connectivity bounces - scsi: mpt3sas: Fix clear pending bit in ioctl status - scsi: lpfc: Fix locking on mailbox command completion - Input: atmel_mxt_ts - disable IRQ across suspend - f2fs: fix to update time in lazytime mode - iommu: rockchip: Free domain on .domain_free - iommu/tegra-smmu: Fix page tables in > 4 GiB memory - dmaengine: xilinx_dma: Clear desc_pendingcount in xilinx_dma_reset - scsi: target: compare full CHAP_A Algorithm strings - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices - scsi: csiostor: Don't enable IRQs too early - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() - powerpc/pseries: Mark accumulate_stolen_time() as notrace - powerpc/pseries: Don't fail hash page table insert for bolted mapping - powerpc/tools: Don't quote $objdump in scripts - dma-debug: add a schedule point in debug_dma_dump_mappings() - leds: lm3692x: Handle failure to probe the regulator - clocksource/drivers/asm9260: Add a check for of_clk_get - clocksource/drivers/timer-of: Use unique device name instead of timer - powerpc/security/book3s64: Report L1TF status in sysfs - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning - ext4: update direct I/O read lock pattern for IOCB_NOWAIT - ext4: iomap that extends beyond EOF should be marked dirty - jbd2: Fix statistics for the number of logged blocks - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow - f2fs: fix to update dir's i_pino during cross_rename - clk: qcom: Allow constant ratio freq tables for rcg - clk: clk-gpio: propagate rate change to parent - irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary - irqchip: ingenic: Error out if IRQ domain creation failed - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences - PCI: rpaphp: Fix up pointer to first drc-info entry - scsi: ufs: fix potential bug which ends in system hang - powerpc/pseries/cmm: Implement release() function for sysfs device - PCI: rpaphp: Don't rely on firmware feature to imply drc-info support - PCI: rpaphp: Annotate and correctly byte swap DRC properties - PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc- info - powerpc/security: Fix wrong message when RFI Flush is disable - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE - clk: pxa: fix one of the pxa RTC clocks - bcache: at least try to shrink 1 node in bch_mca_scan() - HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors - ARM: 8937/1: spectre-v2: remove Brahma-B53 from hardening - libnvdimm/btt: fix variable 'rc' set but not used - HID: Improve Windows Precision Touchpad detection. - HID: rmi: Check that the RMI_STARTED bit is set before unregistering the RMI transport device - watchdog: Fix the race between the release of watchdog_core_data and cdev - scsi: pm80xx: Fix for SATA device discovery - scsi: ufs: Fix error handing during hibern8 enter - scsi: scsi_debug: num_tgts must be >= 0 - scsi: NCR5380: Add disconnect_mask module parameter - scsi: iscsi: Don't send data to unbound connection - scsi: target: iscsi: Wait for all commands to finish before freeing a session - gpio: mpc8xxx: Don't overwrite default irq_set_type callback - apparmor: fix unsigned len comparison with less than zero - scripts/kallsyms: fix definitely-lost memory leak - powerpc: Don't add -mabi= flags when building with Clang - cdrom: respect device capabilities during opening action - perf script: Fix brstackinsn for AUXTRACE - perf regs: Make perf_reg_name() return "unknown" instead of NULL - s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR - libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h -
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Changed in: kunpeng920 Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: Fix Committed Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.818560] worker_thread+0x70/0x670 [30293.822207] kthread+0x1b0/0x1b8 [30293.825423] ret_from_fork+0x10/0x18 [30293.828
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Both 4.15.0-87.87 and 5.3.0-40.32 work fine for me. Thanks. ** Tags removed: verification-needed-bionic verification-needed-eoan ** Tags added: verification-done-bionic verification-done-eoan -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.81856
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-eoan -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Changed in: kunpeng920/ubuntu-19.04 Status: Fix Committed => Fix Released ** Changed in: kunpeng920/ubuntu-19.04 Milestone: None => ubuntu-19.04-sru-12 ** Changed in: kunpeng920/ubuntu-18.04-hwe Status: Fix Committed => Fix Released ** Changed in: kunpeng920/ubuntu-18.04-hwe Milestone: None => ubuntu-18.04.3-sru-7 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Released Status in kunpeng920 ubuntu-19.04 series: Fix Released Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Released Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
This bug was fixed in the package linux - 5.0.0-40.44 --- linux (5.0.0-40.44) disco; urgency=medium * disco/linux: 5.0.0-40.44 -proposed tracker (LP: #1859724) * use-after-free in i915_ppgtt_close (LP: #1859522) // CVE-2020-7053 - SAUCE: drm/i915: Fix use-after-free when destroying GEM context * CVE-2019-14615 - drm/i915/gen9: Clear residual context state on context switch * System hang with kernel traces while entering reboot process on a Disco ARM64 moonshot node (LP: #1859582) - Revert "RDMA/cm: Fix memory leak in cm_add/remove_one" linux (5.0.0-39.43) disco; urgency=medium * disco/linux: 5.0.0-39.43 -proposed tracker (LP: #1858547) * [Regression] usb usb2-port2: Cannot enable. Maybe the USB cable is bad? (LP: #1856608) - SAUCE: Revert "usb: handle warm-reset port requests on hub resume" * PAN is broken for execute-only user mappings on ARMv8 (LP: #1858815) - arm64: Revert support for execute-only user mappings * Fix unusable USB hub on Dell TB16 after S3 (LP: #1855312) - SAUCE: USB: core: Make port power cycle a seperate helper function - SAUCE: USB: core: Attempt power cycle port when it's in eSS.Disabled state * [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() (LP: #1853992) - scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() * [sas-1126]scsi: hisi_sas: Assign NCQ tag for all NCQ commands (LP: #1853995) - scsi: hisi_sas: Assign NCQ tag for all NCQ commands * [sas-1126]scsi: hisi_sas: Fix the conflict between device gone and host reset (LP: #1853997) - scsi: hisi_sas: Fix the conflict between device gone and host reset * scsi: hisi_sas: Check sas_port before using it (LP: #1855952) - scsi: hisi_sas: Check sas_port before using it * CVE-2019-18885 - btrfs: refactor btrfs_find_device() take fs_devices as argument - btrfs: merge btrfs_find_device and find_device * Integrate Intel SGX driver into linux-azure (LP: #1844245) - [Packaging] Add systemd service to load intel_sgx * [SRU][B/OEM-B/OEM-OSP1/D/E/F] Add LG I2C touchscreen multitouch support (LP: #1857541) - SAUCE: HID: multitouch: Add LG MELF0410 I2C touchscreen support * cifs: DFS Caching feature causing problems traversing multi-tier DFS setups (LP: #1854887) - cifs: Fix retrieval of DFS referrals in cifs_mount() * qede driver causes 100% CPU load (LP: #1855409) - qede: Handle infinite driver spinning for Tx timestamp. * [roce-1126]RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver (LP: #1853989) - RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver - RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver * [roce-1126]RDMA/hns: Fixs hw access invalid dma memory error (LP: #1853990) - RDMA/hns: Fixs hw access invalid dma memory error * [hns-1126]net: hns3: revert to old channel when setting new channel num fail (LP: #1853983) - net: hns3: revert to old channel when setting new channel num fail * [hns-1126]net: hns3: fix port setting handle for fibre port (LP: #1853984) - net: hns3: fix port setting handle for fibre port * [hns-1126] net: hns: add support for vlan TSO (LP: #1853937) - net: hns: add support for vlan TSO * [hns-1126]net: hns3: fix flow control configure issue for fibre port (LP: #1853948) - net: hns3: fix flow control configure issue for fibre port * mce: ras: When inject 1bit ecc error, there is no mce log recorded in the dmesg (LP: #1857413) - RAS/CEC: Increment cec_entered under the mutex lock - RAS/CEC: Check count_threshold unconditionally * efivarfs test in ubuntu_kernel_selftest failed on the second run (LP: #1809704) - selftests/efivarfs: clean up test files from test_create*() * CVE-2019-19082 - drm/amd/display: prevent memory leak * CVE-2019-19078 - ath10k: fix memory leak * CVE-2019-19077 - RDMA: Fix goto target to release the allocated memory * Disco update: upstream stable patchset 2019-12-17 (LP: #1856754) - rsi: release skb if rsi_prepare_beacon fails - arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator - sparc64: implement ioremap_uc - lp: fix sparc64 LPSETTIMEOUT ioctl - usb: gadget: u_serial: add missing port entry locking - tty: serial: fsl_lpuart: use the sg count from dma_map_sg - tty: serial: msm_serial: Fix flow control - serial: pl011: Fix DMA ->flush_buffer() - serial: serial_core: Perform NULL checks for break_ctl ops - serial: ifx6x60: add missed pm_runtime_disable - autofs: fix a leak in autofs_expire_indirect() - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN - iwlwifi: pcie: don't consider IV len in A-MSDU - exportfs_decode_fh(): negative pinned may become positive without the parent locked - audit_get_nd(): don't unlock parent too early - NFC: nxp-nci: Fix NULL pointer derefer
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Thanks. Ubuntu-5.0.0-40.44 works for me. ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Committed Status in kunpeng920 ubuntu-19.04 series: Fix Committed Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.818560] worker_thread+0x70/0x670 [30293.822207] kthread+0x1b0/0x1b8
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Committed Status in kunpeng920 ubuntu-19.04 series: Fix Committed Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xe
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Changed in: kunpeng920/ubuntu-19.10 Status: In Progress => Fix Committed ** Changed in: kunpeng920/ubuntu-19.04 Status: In Progress => Fix Committed ** Changed in: kunpeng920/ubuntu-18.04-hwe Status: In Progress => Fix Committed ** Changed in: kunpeng920/ubuntu-18.04 Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: Fix Committed Status in kunpeng920 ubuntu-18.04-hwe series: Fix Committed Status in kunpeng920 ubuntu-19.04 series: Fix Committed Status in kunpeng920 ubuntu-19.10 series: Fix Committed Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.8
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Changed in: linux (Ubuntu Eoan) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Disco) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: In Progress Status in kunpeng920 ubuntu-18.04-hwe series: In Progress Status in kunpeng920 ubuntu-19.04 series: In Progress Status in kunpeng920 ubuntu-19.10 series: In Progress Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567]
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Description changed: + [Impact] + Potential NULL-pointer dereference. + + [Test Case] + No known test case, but the issue is clear from code reading. + + [Fix] + 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() + + [Regression Risk] + Patch restricted to hisi_sas driver. + + [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 - [30293.566004] + [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 - [30293.676541] + [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 - [30293.723801] + [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_add+0x5f8/0x9b8 [30293.785658] scsi_sysfs_add_sdev+0xa4/0x310 [30293.789825] scsi_probe_and_add_lun+0xe60/0x1240 [30293.794425] __scsi_scan_target+0x1ac/0x780 [30293.798591] scsi_scan_target+0x134/0x140 [30293.802586] sas_rphy_add+0x1fc/0x2c8 [30293.806234] sas_probe_devices+0x10c/0x1e8 [30293.810313] sas_discover_domain+0x754/0x998 [30293.814567] process_one_work+0x3c0/0x878 [30293.818560] worker_thread+0x70/0x670 [30293.822207] kthread+0x1b0/0x1b8 [30293.825423] ret_from_fork+0x10/0x18 - [30293.828983] + [30293.828983] [30293.830473] The buggy address belongs to the object at b72e47233480 [30293.830473] which belongs to the cache kmalloc-256 of size 256 [30293.842934] The buggy address is located 192 bytes inside of [30293.842934] 256-byte region [b72e47233480, b72e47233580) [30293.854617] The buggy address belongs to the page: [30293.859388] page:7edcb91c8cc0 count:1 mapcount:0 mapping:972e5f000200 index:0x0 [30293.867360] flags: 0xdfffe200(slab) [30293.871533] raw: dfffe200 7edcb915ca48 7edcb93fdc08 972e5f000200 [Expected Results] [Reproducibility] [Additional information] (Firmware version, kernel version, affected hardware, etc. if required): [Resolution] scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() -- You received this bug notification because you are a member of Kernel P
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Patch has been sent for review https://lists.ubuntu.com/archives/kernel-team/2019-December/106550.html ** Changed in: linux (Ubuntu Focal) Status: Incomplete => Fix Released ** Changed in: kunpeng920/ubuntu-18.04 Status: New => In Progress ** Changed in: kunpeng920/ubuntu-18.04 Assignee: (unassigned) => Ike Panhc (ikepanhc) ** Changed in: kunpeng920/ubuntu-19.04 Status: New => In Progress ** Changed in: kunpeng920/ubuntu-19.04 Assignee: (unassigned) => Ike Panhc (ikepanhc) ** Changed in: kunpeng920/ubuntu-19.10 Status: New => In Progress ** Changed in: kunpeng920/ubuntu-19.10 Assignee: (unassigned) => Ike Panhc (ikepanhc) ** Changed in: kunpeng920 Status: New => In Progress ** Changed in: kunpeng920/ubuntu-18.04-hwe Status: Fix Committed => In Progress ** Changed in: kunpeng920/ubuntu-18.04-hwe Milestone: ubuntu-18.04.5 => None ** Changed in: kunpeng920/ubuntu-18.04-hwe Assignee: (unassigned) => Ike Panhc (ikepanhc) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: In Progress Status in kunpeng920 ubuntu-18.04-hwe series: In Progress Status in kunpeng920 ubuntu-19.04 series: In Progress Status in kunpeng920 ubuntu-19.10 series: In Progress Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: In Progress Status in linux source package in Disco: In Progress Status in linux source package in Eoan: In Progress Status in linux source package in Focal: Fix Released Bug description: [Impact] Potential NULL-pointer dereference. [Test Case] No known test case, but the issue is clear from code reading. [Fix] 445ee2de112a scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() [Regression Risk] Patch restricted to hisi_sas driver. [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136
[Kernel-packages] [Bug 1853992] Re: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Eoan) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Eoan) Status: New => In Progress ** Changed in: linux (Ubuntu Eoan) Assignee: (unassigned) => Ike Panhc (ikepanhc) ** Changed in: linux (Ubuntu Disco) Status: New => In Progress ** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Ike Panhc (ikepanhc) ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Ike Panhc (ikepanhc) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1853992 Title: [sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset() Status in kunpeng920: In Progress Status in kunpeng920 ubuntu-18.04 series: In Progress Status in kunpeng920 ubuntu-18.04-hwe series: Fix Committed Status in kunpeng920 ubuntu-19.04 series: In Progress Status in kunpeng920 ubuntu-19.10 series: In Progress Status in kunpeng920 ubuntu-20.04 series: Fix Committed Status in kunpeng920 upstream-kernel series: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: In Progress Status in linux source package in Disco: In Progress Status in linux source package in Eoan: In Progress Status in linux source package in Focal: Fix Released Bug description: [Bug Description] sas kasan test will produce this out bounds in sas module [Steps to Reproduce] 1) enbale this kasn 2) 3) [Actual Results] 30293.504016] sas: ata464: end_device-2:2:6: dev error handler [30293.504041] sas: ata465: end_device-2:2:7: dev error handler [30293.504059] sas: ata466: end_device-2:2:8: dev error handler [30293.538746] == [30293.550672] BUG: KASAN: slab-out-of-bounds in hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.558642] Read of size 8 at addr b72e47233540 by task kworker/u193:3/79165 [30293.566004] [30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: GB O 5.1.0-rc1-g7a3fab8-dirty #1 [30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B010.01 06/21/2019 [30293.586037] Workqueue: events_unbound async_run_entry_fn [30293.591331] Call trace: [30293.593770] dump_backtrace+0x0/0x1f8 [30293.597419] show_stack+0x14/0x20 [30293.600726] dump_stack+0xc4/0xfc [30293.604032] print_address_description+0x60/0x258 [30293.608716] kasan_report+0x164/0x1b8 [30293.612366] __asan_load8+0x84/0xa8 [30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250 [30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170 [30293.625562] sas_ata_hard_reset+0x88/0x178 [30293.629646] ata_do_reset.constprop.6+0x80/0x90 [30293.634160] ata_eh_reset+0x71c/0x10e8 [30293.637897] ata_eh_recover+0x3d0/0x1a80 [30293.641804] ata_do_eh+0x50/0xd0 [30293.645020] ata_std_error_handler+0x78/0xa8 [30293.649273] ata_scsi_port_error_handler+0x288/0x930 [30293.654216] async_sas_ata_eh+0x68/0x90 [30293.658040] async_run_entry_fn+0x7c/0x1c0 [30293.662121] process_one_work+0x3c0/0x878 [30293.666115] worker_thread+0x70/0x670 [30293.669762] kthread+0x1b0/0x1b8 [30293.672978] ret_from_fork+0x10/0x18 [30293.676541] [30293.678027] Allocated by task 16690: [30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188 [30293.686018] kasan_kmalloc+0xc/0x18 [30293.689496] __kmalloc_node_track_caller+0x5c/0x98 [30293.694270] devm_kmalloc+0x44/0xb8 [30293.697746] hisi_sas_v3_probe+0x2ec/0x698 [30293.701828] local_pci_probe+0x74/0xf0 [30293.705562] work_for_cpu_fn+0x2c/0x48 [30293.709300] process_one_work+0x3c0/0x878 [30293.713294] worker_thread+0x400/0x670 [30293.717027] kthread+0x1b0/0x1b8 [30293.720241] ret_from_fork+0x10/0x18 [30293.723801] [30293.725287] Freed by task 16227: [30293.728503] __kasan_slab_free+0x108/0x210 [30293.732583] kasan_slab_free+0x10/0x18 [30293.736318] kfree+0x74/0x150 [30293.739276] devres_free+0x34/0x48 [30293.742665] devres_release+0x38/0x60 [30293.746313] devm_pinctrl_put+0x34/0x58 [30293.750136] pinctrl_bind_pins+0x164/0x248 [30293.754214] really_probe+0xc0/0x3b0 [30293.75] driver_probe_device+0x70/0x138 [30293.761944] __device_attach_driver+0xc0/0xe0 [30293.766285] bus_for_each_drv+0xcc/0x150 [30293.770194] __device_attach+0x154/0x1c0 [30293.774101] device_initial_probe+0x10/0x18 [30293.778270] bus_probe_device+0xec/0x100 [30293.782178] device_ad