linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [Bug 219575] New: UBSAN: array-index-out-of-bounds in drivers/message/fusion/mptsas.c:2446:22 ; index 1 is out of range for type 'MPI_SAS_IO_UNIT0_PHY_DATA [1]'
@ 2024-12-08 18:26 bugzilla-daemon
  2024-12-09 18:08 ` [Bug 219575] " bugzilla-daemon
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: bugzilla-daemon @ 2024-12-08 18:26 UTC (permalink / raw)
  To: linux-scsi

https://bugzilla.kernel.org/show_bug.cgi?id=219575

            Bug ID: 219575
           Summary: UBSAN: array-index-out-of-bounds in
                    drivers/message/fusion/mptsas.c:2446:22 ; index 1 is
                    out of range for type 'MPI_SAS_IO_UNIT0_PHY_DATA [1]'
           Product: SCSI Drivers
           Version: 2.5
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Other
          Assignee: scsi_drivers-other@kernel-bugs.osdl.org
          Reporter: jernej.jakob@gmail.com
        Regression: No

The following messages are printed when booting with a LSI SAS1068E card:

[  +0.000298] mptbase: ioc0: Initiating bringup
[  +0.099095] ioc0: LSISAS1068E B1: Capabilities={Initiator}
[ +10.148787] scsi host8: ioc0: LSISAS1068E B1, FwRev=01210000h, Ports=1,
MaxQ=483, IRQ=16
[  +0.001685]
================================================================================
[  +0.000039] UBSAN: array-index-out-of-bounds in
/var/tmp/portage/sys-kernel/gentoo-kernel-6.6.58-r1/work/linux-6.6/drivers/message/fusion/mptsas.c:2446:22
[  +0.000041] index 1 is out of range for type 'MPI_SAS_IO_UNIT0_PHY_DATA [1]'
[  +0.000032] CPU: 1 PID: 398 Comm: (udev-worker) Not tainted
6.6.58-gentoo-dist-hardened #1
[  +0.000038] Hardware name:  /DP965LT, BIOS MQ96510J.86A.1761.2009.0326.0001
03/26/2009
[  +0.000036] Call Trace:
[  +0.000030]  <TASK>
[  +0.000029]  dump_stack_lvl+0x47/0x60
[  +0.000036]  __ubsan_handle_out_of_bounds+0x95/0xd0
[  +0.000034]  mptsas_schedule_target_reset+0x5bd1/0x8dc0 [mptsas]
[  +0.000039]  mptsas_schedule_target_reset+0x6d92/0x8dc0 [mptsas]
[  +0.000036]  ? __pm_runtime_idle+0x4a/0xd0
[  +0.000033]  mptsas_schedule_target_reset+0x752f/0x8dc0 [mptsas]
[  +0.000037]  local_pci_probe+0x45/0xa0
[  +0.000032]  pci_device_probe+0xc7/0x260
[  +0.000034]  really_probe+0x19e/0x3e0
[  +0.000032]  ? __pfx___driver_attach+0x10/0x10
[  +0.000032]  __driver_probe_device+0x78/0x160
[  +0.000032]  driver_probe_device+0x1f/0x90
[  +0.000031]  __driver_attach+0xd2/0x1c0
[  +0.000032]  bus_for_each_dev+0x88/0xd0
[  +0.000032]  bus_add_driver+0x142/0x270
[  +0.000031]  driver_register+0x59/0x100
[  +0.000032]  init_module+0x143/0xff0 [mptsas]
[  +0.000035]  ? __pfx_init_module+0x10/0x10 [mptsas]
[  +0.000035]  do_one_initcall+0x5d/0x330
[  +0.000035]  do_init_module+0x90/0x270
[  +0.000032]  __do_sys_init_module+0x184/0x1c0
[  +0.000033]  do_syscall_64+0x5a/0x80
[  +0.000040]  entry_SYSCALL_64_after_hwframe+0x78/0xe2
[  +0.000034] RIP: 0033:0x7f69c467fe3e
[  +0.000034] Code: 48 8b 0d ed df 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f
1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af
00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ba df 0c 00 f7 d8 64 89 01
48
[  +0.000045] RSP: 002b:00007ffd65fe5c78 EFLAGS: 00000246 ORIG_RAX:
00000000000000af
[  +0.000038] RAX: ffffffffffffffda RBX: 0000563ec16483e0 RCX: 00007f69c467fe3e
[  +0.000032] RDX: 00007f69c485a31d RSI: 0000000000031a90 RDI: 0000563ec17d8e00
[  +0.000032] RBP: 0000563ec17d8e00 R08: 0000000000000007 R09: 0000000000000006
[  +0.000032] R10: 0000000000000070 R11: 0000000000000246 R12: 00007f69c485a31d
[  +0.000031] R13: 0000000000020000 R14: 0000563ec1644f50 R15: 0000563ec164a910
[  +0.000034]  </TASK>
[  +0.000029]
================================================================================

The same array-index-out-of-bounds message is repeated a couple more times, for
these lines:
drivers/message/fusion/mptsas.c:2448:22
drivers/message/fusion/mptsas.c:2451:7
drivers/message/fusion/mptsas.c:2443:46

I found this mailing list thread that fixes a couple similar arrays:
https://lkml.org/lkml/2023/8/6/165
but it's for mpt3sas, this card uses mptsas. The fix might be similar.

Otherwise the device functions normally.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-12-06 22:56 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-08 18:26 [Bug 219575] New: UBSAN: array-index-out-of-bounds in drivers/message/fusion/mptsas.c:2446:22 ; index 1 is out of range for type 'MPI_SAS_IO_UNIT0_PHY_DATA [1]' bugzilla-daemon
2024-12-09 18:08 ` [Bug 219575] " bugzilla-daemon
2024-12-10 19:13 ` bugzilla-daemon
2025-12-06 22:56 ` bugzilla-daemon
2025-12-06 22:56 ` bugzilla-daemon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).