[Bug 215943] New: UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: bugzilla-daemon@kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 215943] New: UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
Date: Thu, 05 May 2022 13:03:09 +0000	[thread overview]
Message-ID: <bug-215943-11613@https.bugzilla.kernel.org/> (raw)

https://bugzilla.kernel.org/show_bug.cgi?id=215943

            Bug ID: 215943
           Summary: UBSAN: array-index-out-of-bounds in
                    drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
           Product: IO/Storage
           Version: 2.5
    Kernel Version: 5.15.27
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: SCSI
          Assignee: linux-scsi@vger.kernel.org
          Reporter: christian.d.dietrich@gmail.com
        Regression: No

This bug also seems to affect other users / hardware:
https://www.spinics.net/lists/kernel/msg4294764.html (H710P: LSI 2008 / H730
mini & H730P: LSI 3108)

Apart from the kernel message, everything seems to be working so far.

AVAGO MegaRAID SAS 9361-4i controller:

Basics :
======
Controller = 0
Model = AVAGO MegaRAID SAS 9361-4i
Serial Number = SK71088275
Current Controller Date/Time = 05/05/2022, 12:55:31
Current System Date/time = 05/05/2022, 14:55:30
SAS Address = 500605b00cd3ce20
PCI Address = 00:51:00:00
Mfg Date = 03/13/17
Rework Date = 00/00/00
Revision No = 12A

Version :
=======
Firmware Package Build = 24.21.0-0148
Firmware Version = 4.680.00-8555
CPLD Version = 26747-01A
Bios Version = 6.36.00.3_4.19.08.00_0x06180205
HII Version = 03.25.05.14
Ctrl-R Version = 5.19-0606
Preboot CLI Version = 01.07-05:#%0000
NVDATA Version = 3.1705.00-0024
Boot Block Version = 3.07.00.00-0004
Driver Name = megaraid_sas
Driver Version = 07.717.02.00-rc1

Kernel message:

================================================================================
UBSAN: array-index-out-of-bounds in
/build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu
Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <TASK>
 show_stack+0x52/0x58
 dump_stack_lvl+0x4a/0x5f
 dump_stack+0x10/0x12
 ubsan_epilogue+0x9/0x45
 __ubsan_handle_out_of_bounds.cold+0x44/0x49
 MR_BuildRaidContext+0xa5a/0xb50 [megaraid_sas]
 megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas]
 megasas_build_io_fusion+0x40e/0x450 [megaraid_sas]
 megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas]
 megasas_queue_command+0x1b5/0x1f0 [megaraid_sas]
 ? ktime_get+0x46/0xc0
 scsi_dispatch_cmd+0x93/0x1f0
 scsi_queue_rq+0x2d1/0x690
 blk_mq_dispatch_rq_list+0x126/0x600
 ? __sbitmap_queue_get+0x1/0x10
 __blk_mq_do_dispatch_sched+0xba/0x2d0
 ? ttwu_do_wakeup+0x1c/0x160
 __blk_mq_sched_dispatch_requests+0x104/0x150
 blk_mq_sched_dispatch_requests+0x35/0x60
 __blk_mq_run_hw_queue+0x34/0xb0
 blk_mq_run_work_fn+0x1b/0x20
 process_one_work+0x22b/0x3d0
 worker_thread+0x53/0x410
 ? process_one_work+0x3d0/0x3d0
 kthread+0x12a/0x150
 ? set_kthread_struct+0x50/0x50
 ret_from_fork+0x22/0x30
 </TASK>
================================================================================
================================================================================
UBSAN: array-index-out-of-bounds in
/build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu
Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <TASK>
 show_stack+0x52/0x58
 dump_stack_lvl+0x4a/0x5f
 dump_stack+0x10/0x12
 ubsan_epilogue+0x9/0x45
 __ubsan_handle_out_of_bounds.cold+0x44/0x49
 ? _printk+0x58/0x6f
 MR_GetPhyParams+0x3d9/0x700 [megaraid_sas]
 ? ubsan_epilogue+0x15/0x45
 MR_BuildRaidContext+0x402/0xb50 [megaraid_sas]
 megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas]
 megasas_build_io_fusion+0x40e/0x450 [megaraid_sas]
 megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas]
 megasas_queue_command+0x1b5/0x1f0 [megaraid_sas]
 ? ktime_get+0x46/0xc0
 scsi_dispatch_cmd+0x93/0x1f0
 scsi_queue_rq+0x2d1/0x690
 blk_mq_dispatch_rq_list+0x126/0x600
 ? __sbitmap_queue_get+0x1/0x10
 __blk_mq_do_dispatch_sched+0xba/0x2d0
 ? ttwu_do_wakeup+0x1c/0x160
 __blk_mq_sched_dispatch_requests+0x104/0x150
 blk_mq_sched_dispatch_requests+0x35/0x60
 __blk_mq_run_hw_queue+0x34/0xb0
 blk_mq_run_work_fn+0x1b/0x20
 process_one_work+0x22b/0x3d0
 worker_thread+0x53/0x410
 ? process_one_work+0x3d0/0x3d0
 kthread+0x12a/0x150
 ? set_kthread_struct+0x50/0x50
 ret_from_fork+0x22/0x30
 </TASK>
================================================================================
================================================================================
UBSAN: array-index-out-of-bounds in
/build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:115:31
index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu
Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <TASK>
 show_stack+0x52/0x58
 dump_stack_lvl+0x4a/0x5f
 dump_stack+0x10/0x12
 ubsan_epilogue+0x9/0x45
 __ubsan_handle_out_of_bounds.cold+0x44/0x49
 ? _printk+0x58/0x6f
 MR_GetPhyParams+0x509/0x700 [megaraid_sas]
 MR_BuildRaidContext+0x402/0xb50 [megaraid_sas]
 megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas]
 megasas_build_io_fusion+0x40e/0x450 [megaraid_sas]
 megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas]
 megasas_queue_command+0x1b5/0x1f0 [megaraid_sas]
 ? ktime_get+0x46/0xc0
 scsi_dispatch_cmd+0x93/0x1f0
 scsi_queue_rq+0x2d1/0x690
 blk_mq_dispatch_rq_list+0x126/0x600
 ? __sbitmap_queue_get+0x1/0x10
 __blk_mq_do_dispatch_sched+0xba/0x2d0
 ? ttwu_do_wakeup+0x1c/0x160
 __blk_mq_sched_dispatch_requests+0x104/0x150
 blk_mq_sched_dispatch_requests+0x35/0x60
 __blk_mq_run_hw_queue+0x34/0xb0
 blk_mq_run_work_fn+0x1b/0x20
 process_one_work+0x22b/0x3d0
 worker_thread+0x53/0x410
 ? process_one_work+0x3d0/0x3d0
 kthread+0x12a/0x150
 ? set_kthread_struct+0x50/0x50
 ret_from_fork+0x22/0x30
 </TASK>
================================================================================
================================================================================
UBSAN: array-index-out-of-bounds in
/build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:125:9
index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu
Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <TASK>
 show_stack+0x52/0x58
 dump_stack_lvl+0x4a/0x5f
 dump_stack+0x10/0x12
 ubsan_epilogue+0x9/0x45
 __ubsan_handle_out_of_bounds.cold+0x44/0x49
 ? _printk+0x58/0x6f
 MR_GetPhyParams+0x407/0x700 [megaraid_sas]
 MR_BuildRaidContext+0x402/0xb50 [megaraid_sas]
 megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas]
 megasas_build_io_fusion+0x40e/0x450 [megaraid_sas]
 megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas]
 megasas_queue_command+0x1b5/0x1f0 [megaraid_sas]
 ? ktime_get+0x46/0xc0
 scsi_dispatch_cmd+0x93/0x1f0
 scsi_queue_rq+0x2d1/0x690
 blk_mq_dispatch_rq_list+0x126/0x600
 ? __sbitmap_queue_get+0x1/0x10
 __blk_mq_do_dispatch_sched+0xba/0x2d0
 ? ttwu_do_wakeup+0x1c/0x160
 __blk_mq_sched_dispatch_requests+0x104/0x150
 blk_mq_sched_dispatch_requests+0x35/0x60
 __blk_mq_run_hw_queue+0x34/0xb0
 blk_mq_run_work_fn+0x1b/0x20
 process_one_work+0x22b/0x3d0
 worker_thread+0x53/0x410
 ? process_one_work+0x3d0/0x3d0
 kthread+0x12a/0x150
 ? set_kthread_struct+0x50/0x50
 ret_from_fork+0x22/0x30
 </TASK>
================================================================================
================================================================================
UBSAN: array-index-out-of-bounds in
/build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:151:32
index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu
Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <TASK>
 show_stack+0x52/0x58
 dump_stack_lvl+0x4a/0x5f
 dump_stack+0x10/0x12
 ubsan_epilogue+0x9/0x45
 __ubsan_handle_out_of_bounds.cold+0x44/0x49
 ? _printk+0x58/0x6f
 MR_GetPhyParams+0x47f/0x700 [megaraid_sas]
 MR_BuildRaidContext+0x402/0xb50 [megaraid_sas]
 megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas]
 megasas_build_io_fusion+0x40e/0x450 [megaraid_sas]
 megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas]
 megasas_queue_command+0x1b5/0x1f0 [megaraid_sas]
 ? ktime_get+0x46/0xc0
 scsi_dispatch_cmd+0x93/0x1f0
 scsi_queue_rq+0x2d1/0x690
 blk_mq_dispatch_rq_list+0x126/0x600
 ? __sbitmap_queue_get+0x1/0x10
 __blk_mq_do_dispatch_sched+0xba/0x2d0
 ? ttwu_do_wakeup+0x1c/0x160
 __blk_mq_sched_dispatch_requests+0x104/0x150
 blk_mq_sched_dispatch_requests+0x35/0x60
 __blk_mq_run_hw_queue+0x34/0xb0
 blk_mq_run_work_fn+0x1b/0x20
 process_one_work+0x22b/0x3d0
 worker_thread+0x53/0x410
 ? process_one_work+0x3d0/0x3d0
 kthread+0x12a/0x150
 ? set_kthread_struct+0x50/0x50
 ret_from_fork+0x22/0x30
 </TASK>
================================================================================

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

next             reply	other threads:[~2022-05-05 13:03 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-05 13:03 bugzilla-daemon [this message]
2022-05-18  1:10 ` [Bug 215943] UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 bugzilla-daemon
2022-05-27  1:04 ` bugzilla-daemon
2022-05-27 20:41 ` bugzilla-daemon
2022-06-08  5:36 ` bugzilla-daemon
2022-06-08  6:39 ` bugzilla-daemon
2022-06-22 22:27 ` bugzilla-daemon
2022-08-16 21:47 ` bugzilla-daemon
2022-08-24 20:26 ` bugzilla-daemon
2022-11-10 22:22 ` bugzilla-daemon
2022-11-12  2:20 ` bugzilla-daemon
2023-09-11  7:47 ` bugzilla-daemon
2023-09-11  8:19 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-215943-11613@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).