This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1853992
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1853992
Title:
[sas-1126]scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
Status in kunpeng920:
In Progress
Status in kunpeng920 ubuntu-18.04 series:
In Progress
Status in kunpeng920 ubuntu-18.04-hwe series:
Fix Committed
Status in kunpeng920 ubuntu-19.04 series:
In Progress
Status in kunpeng920 ubuntu-19.10 series:
In Progress
Status in kunpeng920 ubuntu-20.04 series:
Fix Committed
Status in kunpeng920 upstream-kernel series:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
In Progress
Status in linux source package in Disco:
In Progress
Status in linux source package in Eoan:
In Progress
Status in linux source package in Focal:
Fix Released
Bug description:
[Bug Description]
sas kasan test will produce this out bounds in sas module
[Steps to Reproduce]
1) enbale this kasn
2)
3)
[Actual Results]
30293.504016] sas: ata464: end_device-2:2:6: dev error handler
[30293.504041] sas: ata465: end_device-2:2:7: dev error handler
[30293.504059] sas: ata466: end_device-2:2:8: dev error handler
[30293.538746]
==================================================================
[30293.550672] BUG: KASAN: slab-out-of-bounds in
hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.558642] Read of size 8 at addr ffffb72e47233540 by task
kworker/u193:3/79165
[30293.566004]
[30293.567498] CPU: 14 PID: 79165 Comm: kworker/u193:3 Tainted: G B O
5.1.0-rc1-g7a3fab8-dirty #1
[30293.577196] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2
CS V3.B010.01 06/21/2019
[30293.586037] Workqueue: events_unbound async_run_entry_fn
[30293.591331] Call trace:
[30293.593770] dump_backtrace+0x0/0x1f8
[30293.597419] show_stack+0x14/0x20
[30293.600726] dump_stack+0xc4/0xfc
[30293.604032] print_address_description+0x60/0x258
[30293.608716] kasan_report+0x164/0x1b8
[30293.612366] __asan_load8+0x84/0xa8
[30293.615842] hisi_sas_debug_I_T_nexus_reset+0xcc/0x250
[30293.620961] hisi_sas_I_T_nexus_reset+0xc4/0x170
[30293.625562] sas_ata_hard_reset+0x88/0x178
[30293.629646] ata_do_reset.constprop.6+0x80/0x90
[30293.634160] ata_eh_reset+0x71c/0x10e8
[30293.637897] ata_eh_recover+0x3d0/0x1a80
[30293.641804] ata_do_eh+0x50/0xd0
[30293.645020] ata_std_error_handler+0x78/0xa8
[30293.649273] ata_scsi_port_error_handler+0x288/0x930
[30293.654216] async_sas_ata_eh+0x68/0x90
[30293.658040] async_run_entry_fn+0x7c/0x1c0
[30293.662121] process_one_work+0x3c0/0x878
[30293.666115] worker_thread+0x70/0x670
[30293.669762] kthread+0x1b0/0x1b8
[30293.672978] ret_from_fork+0x10/0x18
[30293.676541]
[30293.678027] Allocated by task 16690:
[30293.681593] __kasan_kmalloc.isra.0+0xd4/0x188
[30293.686018] kasan_kmalloc+0xc/0x18
[30293.689496] __kmalloc_node_track_caller+0x5c/0x98
[30293.694270] devm_kmalloc+0x44/0xb8
[30293.697746] hisi_sas_v3_probe+0x2ec/0x698
[30293.701828] local_pci_probe+0x74/0xf0
[30293.705562] work_for_cpu_fn+0x2c/0x48
[30293.709300] process_one_work+0x3c0/0x878
[30293.713294] worker_thread+0x400/0x670
[30293.717027] kthread+0x1b0/0x1b8
[30293.720241] ret_from_fork+0x10/0x18
[30293.723801]
[30293.725287] Freed by task 16227:
[30293.728503] __kasan_slab_free+0x108/0x210
[30293.732583] kasan_slab_free+0x10/0x18
[30293.736318] kfree+0x74/0x150
[30293.739276] devres_free+0x34/0x48
[30293.742665] devres_release+0x38/0x60
[30293.746313] devm_pinctrl_put+0x34/0x58
[30293.750136] pinctrl_bind_pins+0x164/0x248
[30293.754214] really_probe+0xc0/0x3b0
[30293.757777] driver_probe_device+0x70/0x138
[30293.761944] __device_attach_driver+0xc0/0xe0
[30293.766285] bus_for_each_drv+0xcc/0x150
[30293.770194] __device_attach+0x154/0x1c0
[30293.774101] device_initial_probe+0x10/0x18
[30293.778270] bus_probe_device+0xec/0x100
[30293.782178] device_add+0x5f8/0x9b8
[30293.785658] scsi_sysfs_add_sdev+0xa4/0x310
[30293.789825] scsi_probe_and_add_lun+0xe60/0x1240
[30293.794425] __scsi_scan_target+0x1ac/0x780
[30293.798591] scsi_scan_target+0x134/0x140
[30293.802586] sas_rphy_add+0x1fc/0x2c8
[30293.806234] sas_probe_devices+0x10c/0x1e8
[30293.810313] sas_discover_domain+0x754/0x998
[30293.814567] process_one_work+0x3c0/0x878
[30293.818560] worker_thread+0x70/0x670
[30293.822207] kthread+0x1b0/0x1b8
[30293.825423] ret_from_fork+0x10/0x18
[30293.828983]
[30293.830473] The buggy address belongs to the object at ffffb72e47233480
[30293.830473] which belongs to the cache kmalloc-256 of size 256
[30293.842934] The buggy address is located 192 bytes inside of
[30293.842934] 256-byte region [ffffb72e47233480, ffffb72e47233580)
[30293.854617] The buggy address belongs to the page:
[30293.859388] page:ffff7edcb91c8cc0 count:1 mapcount:0
mapping:ffff972e5f000200 index:0x0
[30293.867360] flags: 0xdfffe00000000200(slab)
[30293.871533] raw: dfffe00000000200 ffff7edcb915ca48 ffff7edcb93fdc08
ffff972e5f000200
[Expected Results]
[Reproducibility]
[Additional information]
(Firmware version, kernel version, affected hardware, etc. if required):
[Resolution]
scsi: hisi_sas: Fix out of bound at debug_I_T_nexus_reset()
To manage notifications about this bug go to:
https://bugs.launchpad.net/kunpeng920/+bug/1853992/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
