Ubuntu
linux-oem-6.5 package

UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7655:12

Bug #2039231 reported by Robert Ross
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
linux-hwe-6.5 (Ubuntu)
Confirmed
Undecided
Unassigned
linux-oem-6.5 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Dmesg is full of UBSAN errors to do with the mpt3sas driver when initializing an mpt2sas device.

[ 5.012673] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:4667:12
[ 5.014521] index 1 is out of range for type 'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.015606] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.015611] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.015613] Call Trace:
[ 5.015617] <IRQ>
[ 5.015621] dump_stack_lvl+0x48/0x70
[ 5.015632] dump_stack+0x10/0x20
[ 5.015637] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.015646] _scsih_check_topo_delete_events+0x2dc/0x350 [mpt3sas]
[ 5.015698] mpt3sas_scsih_event_callback+0x21f/0x630 [mpt3sas]
[ 5.015735] _base_async_event.isra.0+0x73/0x190 [mpt3sas]
[ 5.015769] _base_process_reply_queue+0x3a0/0x720 [mpt3sas]
[ 5.015799] _base_interrupt+0x4e/0x70 [mpt3sas]
[ 5.015829] __handle_irq_event_percpu+0x4f/0x1c0
[ 5.015835] handle_irq_event+0x39/0x80
[ 5.015839] handle_edge_irq+0x8c/0x250
[ 5.015844] __common_interrupt+0x56/0x110
[ 5.015850] common_interrupt+0x9f/0xb0
[ 5.015854] </IRQ>
[ 5.015856] <TASK>
[ 5.015858] asm_common_interrupt+0x27/0x40
[ 5.015865] RIP: 0010:cpuidle_enter_state+0xda/0x720
[ 5.015872] Code: 25 07 ff e8 a8 f5 ff ff 8b 53 04 49 89 c7 0f 1f 44 00 00 31 ff e8 46 d1 05 ff 80 7d d0 00 0f 85 61 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 f7 01 00 00 4d 63 ee 49 83 fd 09 0f 87 19 05 00 00
[ 5.015876] RSP: 0018:ffffac24c00bbe18 EFLAGS: 00000246
[ 5.015881] RAX: 0000000000000000 RBX: ffffa0abc03beb00 RCX: 0000000000000000
[ 5.015884] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[ 5.015886] RBP: ffffac24c00bbe68 R08: 0000000000000000 R09: 0000000000000000
[ 5.015888] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffb64d1ac0
[ 5.015890] R13: 0000000000000004 R14: 0000000000000004 R15: 000000012ab445e7
[ 5.015895] ? cpuidle_enter_state+0xca/0x720
[ 5.015901] ? tick_nohz_stop_tick+0x90/0x210
[ 5.015908] cpuidle_enter+0x2e/0x50
[ 5.015912] call_cpuidle+0x23/0x60
[ 5.015918] cpuidle_idle_call+0x11d/0x190
[ 5.015922] do_idle+0x82/0xf0
[ 5.015926] cpu_startup_entry+0x1d/0x20
[ 5.015930] start_secondary+0x129/0x160
[ 5.015936] secondary_startup_64_no_verify+0x17e/0x18b
[ 5.015944] </TASK>
[ 5.015946] ================================================================================
[ 5.017993] mpt2sas_cm0: hba_port entry: 00000000fd3a54f4, port: 255 is added to hba_port list
[ 5.018324] ================================================================================
[ 5.019566] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6810:36
[ 5.021429] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 5.022478] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.022483] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.022486] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.022533] Call Trace:
[ 5.022536] <TASK>
[ 5.022539] dump_stack_lvl+0x48/0x70
[ 5.022547] dump_stack+0x10/0x20
[ 5.022551] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.022559] _scsih_sas_host_add+0x669/0x700 [mpt3sas]
[ 5.022597] _mpt3sas_fw_work+0x753/0xbc0 [mpt3sas]
[ 5.022633] ? raw_spin_rq_unlock+0x10/0x40
[ 5.022637] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.022642] ? __schedule+0x2d4/0x750
[ 5.022648] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.022681] process_one_work+0x240/0x450
[ 5.022688] worker_thread+0x50/0x3f0
[ 5.022693] ? __pfx_worker_thread+0x10/0x10
[ 5.022698] kthread+0xf2/0x120
[ 5.022704] ? __pfx_kthread+0x10/0x10
[ 5.022710] ret_from_fork+0x47/0x70
[ 5.022717] ? __pfx_kthread+0x10/0x10
[ 5.022722] ret_from_fork_asm+0x1b/0x30
[ 5.022728] </TASK>
[ 5.022729] ================================================================================
[ 5.025642] mpt2sas_cm0: host_add: handle(0x0001), sas_addr(0x500062b0002d0050), phys(8)
[ 5.025919] ================================================================================
[ 5.027158] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6598:38
[ 5.029016] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 5.030064] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.030069] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.030071] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.030108] Call Trace:
[ 5.030110] <TASK>
[ 5.030113] dump_stack_lvl+0x48/0x70
[ 5.030119] dump_stack+0x10/0x20
[ 5.030123] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.030130] _scsih_sas_host_refresh+0x51f/0x590 [mpt3sas]
[ 5.030166] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.030199] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.030234] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.030267] ? raw_spin_rq_unlock+0x10/0x40
[ 5.030271] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.030275] ? __schedule+0x2d4/0x750
[ 5.030280] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.030313] process_one_work+0x240/0x450
[ 5.030318] worker_thread+0x50/0x3f0
[ 5.030323] ? __pfx_worker_thread+0x10/0x10
[ 5.030327] kthread+0xf2/0x120
[ 5.030333] ? __pfx_kthread+0x10/0x10
[ 5.030338] ret_from_fork+0x47/0x70
[ 5.030344] ? __pfx_kthread+0x10/0x10
[ 5.030349] ret_from_fork_asm+0x1b/0x30
[ 5.030354] </TASK>
[ 5.030356] ================================================================================
[ 5.031593] ================================================================================
[ 5.032837] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6602:36
[ 5.034687] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 5.035735] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.035739] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.035741] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.035777] Call Trace:
[ 5.035779] <TASK>
[ 5.035781] dump_stack_lvl+0x48/0x70
[ 5.035787] dump_stack+0x10/0x20
[ 5.035791] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.035798] _scsih_sas_host_refresh+0x4e7/0x590 [mpt3sas]
[ 5.035833] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.035866] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.035900] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.035933] ? raw_spin_rq_unlock+0x10/0x40
[ 5.035936] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.035940] ? __schedule+0x2d4/0x750
[ 5.035945] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.035978] process_one_work+0x240/0x450
[ 5.035983] worker_thread+0x50/0x3f0
[ 5.035988] ? __pfx_worker_thread+0x10/0x10
[ 5.035992] kthread+0xf2/0x120
[ 5.035998] ? __pfx_kthread+0x10/0x10
[ 5.036003] ret_from_fork+0x47/0x70
[ 5.036009] ? __pfx_kthread+0x10/0x10
[ 5.036014] ret_from_fork_asm+0x1b/0x30
[ 5.036019] </TASK>
[ 5.036021] ================================================================================
[ 5.037265] ================================================================================
[ 5.038503] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6619:7
[ 5.040338] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 5.041391] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.041396] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.041398] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.041432] Call Trace:
[ 5.041434] <TASK>
[ 5.041436] dump_stack_lvl+0x48/0x70
[ 5.041441] dump_stack+0x10/0x20
[ 5.041446] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.041452] _scsih_sas_host_refresh+0x503/0x590 [mpt3sas]
[ 5.041486] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.041521] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.041564] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.041597] ? raw_spin_rq_unlock+0x10/0x40
[ 5.041600] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.041604] ? __schedule+0x2d4/0x750
[ 5.041609] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.041641] process_one_work+0x240/0x450
[ 5.041647] worker_thread+0x50/0x3f0
[ 5.041652] ? __pfx_worker_thread+0x10/0x10
[ 5.041656] kthread+0xf2/0x120
[ 5.041662] ? __pfx_kthread+0x10/0x10
[ 5.041667] ret_from_fork+0x47/0x70
[ 5.041673] ? __pfx_kthread+0x10/0x10
[ 5.041678] ret_from_fork_asm+0x1b/0x30
[ 5.041683] </TASK>
[ 5.041685] ================================================================================
[ 5.042922] ================================================================================
[ 5.044159] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6666:21
[ 5.046013] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 5.047061] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.047064] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.047066] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.047100] Call Trace:
[ 5.047102] <TASK>
[ 5.047104] dump_stack_lvl+0x48/0x70
[ 5.047109] dump_stack+0x10/0x20
[ 5.047114] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.047120] _scsih_sas_host_refresh+0x53b/0x590 [mpt3sas]
[ 5.047154] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.047186] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.047219] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.047251] ? raw_spin_rq_unlock+0x10/0x40
[ 5.047255] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.047258] ? __schedule+0x2d4/0x750
[ 5.047264] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.047296] process_one_work+0x240/0x450
[ 5.047301] worker_thread+0x50/0x3f0
[ 5.047306] ? __pfx_worker_thread+0x10/0x10
[ 5.047310] kthread+0xf2/0x120
[ 5.047316] ? __pfx_kthread+0x10/0x10
[ 5.047321] ret_from_fork+0x47/0x70
[ 5.047327] ? __pfx_kthread+0x10/0x10
[ 5.047332] ret_from_fork_asm+0x1b/0x30
[ 5.047337] </TASK>
[ 5.047339] ================================================================================
[ 5.048587] ================================================================================
[ 5.049825] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7649:32
[ 5.051675] index 1 is out of range for type 'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.052767] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.052771] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.052773] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.052808] Call Trace:
[ 5.052809] <TASK>
[ 5.052811] dump_stack_lvl+0x48/0x70
[ 5.052817] dump_stack+0x10/0x20
[ 5.052821] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.052827] _scsih_sas_topology_change_event.isra.0+0x5ac/0x690 [mpt3sas]
[ 5.052860] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.052893] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.052925] ? raw_spin_rq_unlock+0x10/0x40
[ 5.052929] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.052932] ? __schedule+0x2d4/0x750
[ 5.052938] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.052970] process_one_work+0x240/0x450
[ 5.052975] worker_thread+0x50/0x3f0
[ 5.052980] ? __pfx_worker_thread+0x10/0x10
[ 5.052984] kthread+0xf2/0x120
[ 5.052990] ? __pfx_kthread+0x10/0x10
[ 5.052995] ret_from_fork+0x47/0x70
[ 5.053001] ? __pfx_kthread+0x10/0x10
[ 5.053006] ret_from_fork_asm+0x1b/0x30
[ 5.053011] </TASK>
[ 5.053013] ================================================================================
[ 5.054251] ================================================================================
[ 5.055489] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7651:23
[ 5.057343] index 1 is out of range for type 'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.058430] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.058434] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.058436] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.058469] Call Trace:
[ 5.058471] <TASK>
[ 5.058473] dump_stack_lvl+0x48/0x70
[ 5.058478] dump_stack+0x10/0x20
[ 5.058482] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.058489] _scsih_sas_topology_change_event.isra.0+0x587/0x690 [mpt3sas]
[ 5.058522] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.058554] ? raw_spin_rq_unlock+0x10/0x40
[ 5.058557] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.058561] ? __schedule+0x2d4/0x750
[ 5.058566] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.058598] process_one_work+0x240/0x450
[ 5.058603] worker_thread+0x50/0x3f0
[ 5.058608] ? __pfx_worker_thread+0x10/0x10
[ 5.058612] kthread+0xf2/0x120
[ 5.058618] ? __pfx_kthread+0x10/0x10
[ 5.058623] ret_from_fork+0x47/0x70
[ 5.058629] ? __pfx_kthread+0x10/0x10
[ 5.058634] ret_from_fork_asm+0x1b/0x30
[ 5.058639] </TASK>
[ 5.058641] ================================================================================
[ 5.059880] ================================================================================
[ 5.061123] UBSAN: array-index-out-of-bounds in /build/linux-oem-6.5-XiW3QL/linux-oem-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:7655:12
[ 5.062972] index 1 is out of range for type 'MPI2_EVENT_SAS_TOPO_PHY_ENTRY [1]'
[ 5.064057] CPU: 2 PID: 153 Comm: kworker/u8:7 Not tainted 6.5.0-1004-oem #4-Ubuntu
[ 5.064061] Hardware name: Supermicro C7Q67/C7Q67, BIOS 2.1a 11/10/2015
[ 5.064063] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.064096] Call Trace:
[ 5.064098] <TASK>
[ 5.064100] dump_stack_lvl+0x48/0x70
[ 5.064105] dump_stack+0x10/0x20
[ 5.064110] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.064116] _scsih_sas_topology_change_event.isra.0+0x630/0x690 [mpt3sas]
[ 5.064161] _mpt3sas_fw_work+0x80d/0xbc0 [mpt3sas]
[ 5.064194] ? raw_spin_rq_unlock+0x10/0x40
[ 5.064198] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.064202] ? __schedule+0x2d4/0x750
[ 5.064207] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.064239] process_one_work+0x240/0x450
[ 5.064245] worker_thread+0x50/0x3f0
[ 5.064249] ? __pfx_worker_thread+0x10/0x10
[ 5.064254] kthread+0xf2/0x120
[ 5.064259] ? __pfx_kthread+0x10/0x10
[ 5.064265] ret_from_fork+0x47/0x70
[ 5.064270] ? __pfx_kthread+0x10/0x10
[ 5.064276] ret_from_fork_asm+0x1b/0x30
[ 5.064281] </TASK>
[ 5.064282] ================================================================================
[ 10.396594] mpt2sas_cm0: port enable: SUCCESS

lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04

apt-cache policy linux-image-6.5.0-1004-oem
linux-image-6.5.0-1004-oem:
  Installed: 6.5.0-1004.4
  Candidate: 6.5.0-1004.4
  Version table:
 *** 6.5.0-1004.4 500
        500 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
        100 /var/lib/dpkg/status

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-oem-6.5 (Ubuntu):
status: New → Confirmed
Revision history for this message
Konstantin G (kenga13) wrote :

Have it with LSI SAS 2308 HBA (HP H220).

Revision history for this message
Joel (kekpira) wrote (last edit ):

I too have this issue:
01:00.0 Serial Attached SCSI controller: Broadcom / LSI SAS2308 PCI-Express Fusion-MPT SAS-2 (rev 05)
Subsystem: Broadcom / LSI 9207-8i SAS2.1 HBA
Kernel driver in use: mpt3sas
Kernel modules: mpt3sas

Revision history for this message
MichaelE (michael-eitelwein) wrote :
Download full text (95.6 KiB)

I have it on Ubuntu 22.04.4 LTS with kernel 6.5.0-21-generic. It does not appear with kernel 5.12.0-97-generic

System still boots, but not understanding the impact I stay with the 5.12 kernel for now.

2024-02-24T15:17:22.325371+01:00 mothership kernel: [ 2.670320] mpt3sas version 43.100.00.00 loaded
2024-02-24T15:17:22.325385+01:00 mothership kernel: [ 2.670811] intel-lpss 0000:00:15.1: enabling device (0000 -> 0002)
2024-02-24T15:17:22.325387+01:00 mothership kernel: [ 2.672018] platform idma64.1: Adding to iommu group 25
2024-02-24T15:17:22.325388+01:00 mothership kernel: [ 2.672436] mpt2sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65631140 kB)
2024-02-24T15:17:22.325389+01:00 mothership kernel: [ 2.672473] cryptd: max_cpu_qlen set to 1000
2024-02-24T15:17:22.325389+01:00 mothership kernel: [ 2.673274] idma64 idma64.1: Found Intel integrated DMA 64-bit
2024-02-24T15:17:22.325390+01:00 mothership kernel: [ 2.673309] platform i2c_designware.1: Adding to iommu group 26
2024-02-24T15:17:22.325397+01:00 mothership kernel: [ 2.676101] ACPI: bus type drm_connector registered
2024-02-24T15:17:22.325399+01:00 mothership kernel: [ 2.676294] i801_smbus 0000:00:1f.4: SMBus using PCI interrupt
2024-02-24T15:17:22.325399+01:00 mothership kernel: [ 2.687442] mpt2sas_cm0: CurrentHostPageSize is 0: Setting default host page size to 4k
2024-02-24T15:17:22.325400+01:00 mothership kernel: [ 2.699409] pci 0000:00:1f.1: [8086:a120] type 00 class 0x058000
2024-02-24T15:17:22.325402+01:00 mothership kernel: [ 2.700412] hub 2-0:1.0: 10 ports detected
2024-02-24T15:17:22.325402+01:00 mothership kernel: [ 2.707338] mpt2sas_cm0: MSI-X vectors supported: 16
2024-02-24T15:17:22.325403+01:00 mothership kernel: [ 2.708191] Fusion MPT base driver 3.04.20
2024-02-24T15:17:22.325413+01:00 mothership kernel: [ 2.708213] Copyright (c) 1999-2008 LSI Corporation
2024-02-24T15:17:22.325414+01:00 mothership kernel: [ 2.717327] pci 0000:00:1f.1: reg 0x10: [mem 0xfd000000-0xfdffffff 64bit]
2024-02-24T15:17:22.325415+01:00 mothership kernel: [ 2.723653] no of cores: 8, max_msix_vectors: -1
2024-02-24T15:17:22.325416+01:00 mothership kernel: [ 2.723655] mpt2sas_cm0: 0 8 8
2024-02-24T15:17:22.325417+01:00 mothership kernel: [ 2.728114] mpt2sas_cm0: High IOPs queues : disabled
2024-02-24T15:17:22.325418+01:00 mothership kernel: [ 2.735959] pci 0000:00:1f.1: Adding to iommu group 27
2024-02-24T15:17:22.325431+01:00 mothership kernel: [ 2.739934] pps pps0: new PPS source ptp0
2024-02-24T15:17:22.325433+01:00 mothership kernel: [ 2.742852] mpt2sas0-msix0: PCI-MSI-X enabled: IRQ 138
2024-02-24T15:17:22.325433+01:00 mothership kernel: [ 2.742877] mpt2sas0-msix1: PCI-MSI-X enabled: IRQ 139
2024-02-24T15:17:22.325434+01:00 mothership kernel: [ 2.742879] mpt2sas0-msix2: PCI-MSI-X enabled: IRQ 140
2024-02-24T15:17:22.325435+01:00 mothership kernel: [ 2.742879] mpt2sas0-msix3: PCI-MSI-X enabled: IRQ 141
2024-02-24T15:17:22.325436+01:00 mothership kernel: [ 2.742880] mpt2sas0-msix4: PCI-MSI-X enabled: IRQ 142
2024-02-24T15:17:22.325437+01:00 mothership kernel: [ 2.742881] mpt2sas0-msix5: PCI-MSI-X...

Revision history for this message
MichaelE (michael-eitelwein) wrote :
Download full text (3.8 KiB)

lspci for the above

00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers (rev 07)
00:01.0 PCI bridge: Intel Corporation 6th-10th Gen Core Processor PCIe Controller (x16) (rev 07)
00:01.1 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x8) (rev 07)
00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31)
00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31)
00:15.0 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Serial IO I2C Controller #0 (rev 31)
00:15.1 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Serial IO I2C Controller #1 (rev 31)
00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31)
00:16.3 Serial controller: Intel Corporation 100 Series/C230 Series Chipset Family KT Redirection (rev 31)
00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31)
00:1c.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #1 (rev f1)
00:1c.2 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #3 (rev f1)
00:1c.4 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #5 (rev f1)
00:1c.5 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #6 (rev f1)
00:1c.6 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #7 (rev f1)
00:1c.7 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #8 (rev f1)
00:1d.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #9 (rev f1)
00:1f.0 ISA bridge: Intel Corporation C236 Chipset LPC/eSPI Controller (rev 31)
00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31)
00:1f.3 Audio device: Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller (rev 31)
00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-LM (rev 31)
01:00.0 Serial Attached SCSI controller: Broadcom / LSI SAS2308 PCI-Express Fusion-MPT SAS-2 (rev 05)
02:00.0 Serial Attached SCSI controller: Broadcom / LSI SAS2308 PCI-Express Fusion-MPT SAS-2 (rev 05)
03:00.0 USB controller: ASMedia Technology Inc. ASM1142 USB 3.1 Host Controller
04:00.0 PCI bridge: Tundra Semiconductor Corp. Device 8113 (rev 01)
06:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03)
07:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge (rev 03)
08:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 30)
09:00.0 PCI bridge: Microsemi / PMC / IDT PES12N3A 12-lane 3-Port PCI Express Switch (rev 0e)
0a:02.0 PCI bridge: Microsemi / PMC / ID...

Read more...

Revision history for this message
MichaelE (michael-eitelwein) wrote :
Download full text (28.0 KiB)

Bug persists with Linux mothership 6.5.0-25-generic #25~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Feb 20 16:09:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

4.836804] mpt2sas_cm0: hba_port entry: 0000000092af6f74, port: 255 is added to hba_port list
[ 4.845313] ================================================================================
[ 4.853526] UBSAN: array-index-out-of-bounds in /build/linux-hwe-6.5-v5pKK4/linux-hwe-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6810:36
[ 4.867458] usb 1-5.4: New USB device found, idVendor=413c, idProduct=2005, bcdDevice= 1.05
[ 4.870216] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 4.878708] usb 1-5.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 4.887238] CPU: 7 PID: 64 Comm: kworker/u16:1 Not tainted 6.5.0-25-generic #25~22.04.1-Ubuntu
[ 4.895838] usb 1-5.4: Product: DELL USB Keyboard
[ 4.904638] Hardware name: Supermicro Super Server/X11SAE-F, BIOS 3.9 06/07/2023
[ 4.904639] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 4.913480] usb 1-5.4: Manufacturer: DELL

[ 4.922450] Call Trace:
[ 4.922452] <TASK>
[ 4.965913] dump_stack_lvl+0x48/0x70
[ 4.974249] dump_stack+0x10/0x20
[ 4.982443] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 4.990653] _scsih_sas_host_add+0x669/0x700 [mpt3sas]
[ 4.998847] _mpt3sas_fw_work+0x753/0xbc0 [mpt3sas]
[ 5.006983] ? raw_spin_rq_unlock+0x10/0x40
[ 5.015051] ? finish_task_switch.isra.0+0x85/0x2a0
[ 5.023121] ? __schedule+0x2d3/0x750
[ 5.031159] _firmware_event_work+0x16/0x20 [mpt3sas]
[ 5.039151] process_one_work+0x23d/0x450
[ 5.047001] worker_thread+0x50/0x3f0
[ 5.054741] ? __pfx_worker_thread+0x10/0x10
[ 5.062451] kthread+0xef/0x120
[ 5.070124] ? __pfx_kthread+0x10/0x10
[ 5.077713] ret_from_fork+0x44/0x70
[ 5.085179] ? __pfx_kthread+0x10/0x10
[ 5.092562] ret_from_fork_asm+0x1b/0x30
[ 5.099915] </TASK>
[ 5.107079] ================================================================================
[ 5.115636] mpt2sas_cm0: host_add: handle(0x0001), sas_addr(0x500605b0069ea0d0), phys(8)
[ 5.123297] ================================================================================
[ 5.130856] UBSAN: array-index-out-of-bounds in /build/linux-hwe-6.5-v5pKK4/linux-hwe-6.5-6.5.0/drivers/scsi/mpt3sas/mpt3sas_scsih.c:6598:38
[ 5.146512] index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
[ 5.154538] CPU: 7 PID: 64 Comm: kworker/u16:1 Not tainted 6.5.0-25-generic #25~22.04.1-Ubuntu
[ 5.162702] Hardware name: Supermicro Super Server/X11SAE-F, BIOS 3.9 06/07/2023
[ 5.170925] Workqueue: fw_event_mpt2sas0 _firmware_event_work [mpt3sas]
[ 5.179103] Call Trace:
[ 5.187121] <TASK>
[ 5.195014] dump_stack_lvl+0x48/0x70
[ 5.202871] dump_stack+0x10/0x20
[ 5.209613] usb 1-13.1: new low-speed USB device number 8 using xhci_hcd
[ 5.210706] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5.226527] _scsih_sas_host_refresh+0x51f/0x590 [mpt3sas]
[ 5.234282] _scsih_sas_topology_change_event.isra.0+0x251/0x690 [mpt3sas]
[ 5.241922] ? _mpt3sas_fw_work+0x538/0xbc0 [mpt3sas]
[ 5.249318] _mpt3s...

Revision history for this message
Björn Hinz (bhinz83) wrote :

Same issue with latest linux-generic-hwe-22.04 (6.5.0.28.29~22.04.1)

no longer affects: linux-hwe (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-hwe-6.5 (Ubuntu):
status: New → Confirmed
Revision history for this message
Wouter Depuydt (wouterd) wrote :

Same here on Ubuntu 22.04 (linux-generic-hwe-22.04) and 24.04 (linux-generic)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.