https://bugzilla.kernel.org/show_bug.cgi?id=215943 Bug ID: 215943 Summary: UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 Product: IO/Storage Version: 2.5 Kernel Version: 5.15.27 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: SCSI Assignee: linux-scsi@xxxxxxxxxxxxxxx Reporter: christian.d.dietrich@xxxxxxxxx Regression: No This bug also seems to affect other users / hardware: https://www.spinics.net/lists/kernel/msg4294764.html (H710P: LSI 2008 / H730 mini & H730P: LSI 3108) Apart from the kernel message, everything seems to be working so far. AVAGO MegaRAID SAS 9361-4i controller: Basics : ====== Controller = 0 Model = AVAGO MegaRAID SAS 9361-4i Serial Number = SK71088275 Current Controller Date/Time = 05/05/2022, 12:55:31 Current System Date/time = 05/05/2022, 14:55:30 SAS Address = 500605b00cd3ce20 PCI Address = 00:51:00:00 Mfg Date = 03/13/17 Rework Date = 00/00/00 Revision No = 12A Version : ======= Firmware Package Build = 24.21.0-0148 Firmware Version = 4.680.00-8555 CPLD Version = 26747-01A Bios Version = 6.36.00.3_4.19.08.00_0x06180205 HII Version = 03.25.05.14 Ctrl-R Version = 5.19-0606 Preboot CLI Version = 01.07-05:#%0000 NVDATA Version = 3.1705.00-0024 Boot Block Version = 3.07.00.00-0004 Driver Name = megaraid_sas Driver Version = 07.717.02.00-rc1 Kernel message: ================================================================================ UBSAN: array-index-out-of-bounds in /build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019 Workqueue: kblockd blk_mq_run_work_fn Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_out_of_bounds.cold+0x44/0x49 MR_BuildRaidContext+0xa5a/0xb50 [megaraid_sas] megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas] megasas_build_io_fusion+0x40e/0x450 [megaraid_sas] megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas] megasas_queue_command+0x1b5/0x1f0 [megaraid_sas] ? ktime_get+0x46/0xc0 scsi_dispatch_cmd+0x93/0x1f0 scsi_queue_rq+0x2d1/0x690 blk_mq_dispatch_rq_list+0x126/0x600 ? __sbitmap_queue_get+0x1/0x10 __blk_mq_do_dispatch_sched+0xba/0x2d0 ? ttwu_do_wakeup+0x1c/0x160 __blk_mq_sched_dispatch_requests+0x104/0x150 blk_mq_sched_dispatch_requests+0x35/0x60 __blk_mq_run_hw_queue+0x34/0xb0 blk_mq_run_work_fn+0x1b/0x20 process_one_work+0x22b/0x3d0 worker_thread+0x53/0x410 ? process_one_work+0x3d0/0x3d0 kthread+0x12a/0x150 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 </TASK> ================================================================================ ================================================================================ UBSAN: array-index-out-of-bounds in /build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019 Workqueue: kblockd blk_mq_run_work_fn Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_out_of_bounds.cold+0x44/0x49 ? _printk+0x58/0x6f MR_GetPhyParams+0x3d9/0x700 [megaraid_sas] ? ubsan_epilogue+0x15/0x45 MR_BuildRaidContext+0x402/0xb50 [megaraid_sas] megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas] megasas_build_io_fusion+0x40e/0x450 [megaraid_sas] megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas] megasas_queue_command+0x1b5/0x1f0 [megaraid_sas] ? ktime_get+0x46/0xc0 scsi_dispatch_cmd+0x93/0x1f0 scsi_queue_rq+0x2d1/0x690 blk_mq_dispatch_rq_list+0x126/0x600 ? __sbitmap_queue_get+0x1/0x10 __blk_mq_do_dispatch_sched+0xba/0x2d0 ? ttwu_do_wakeup+0x1c/0x160 __blk_mq_sched_dispatch_requests+0x104/0x150 blk_mq_sched_dispatch_requests+0x35/0x60 __blk_mq_run_hw_queue+0x34/0xb0 blk_mq_run_work_fn+0x1b/0x20 process_one_work+0x22b/0x3d0 worker_thread+0x53/0x410 ? process_one_work+0x3d0/0x3d0 kthread+0x12a/0x150 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 </TASK> ================================================================================ ================================================================================ UBSAN: array-index-out-of-bounds in /build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:115:31 index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019 Workqueue: kblockd blk_mq_run_work_fn Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_out_of_bounds.cold+0x44/0x49 ? _printk+0x58/0x6f MR_GetPhyParams+0x509/0x700 [megaraid_sas] MR_BuildRaidContext+0x402/0xb50 [megaraid_sas] megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas] megasas_build_io_fusion+0x40e/0x450 [megaraid_sas] megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas] megasas_queue_command+0x1b5/0x1f0 [megaraid_sas] ? ktime_get+0x46/0xc0 scsi_dispatch_cmd+0x93/0x1f0 scsi_queue_rq+0x2d1/0x690 blk_mq_dispatch_rq_list+0x126/0x600 ? __sbitmap_queue_get+0x1/0x10 __blk_mq_do_dispatch_sched+0xba/0x2d0 ? ttwu_do_wakeup+0x1c/0x160 __blk_mq_sched_dispatch_requests+0x104/0x150 blk_mq_sched_dispatch_requests+0x35/0x60 __blk_mq_run_hw_queue+0x34/0xb0 blk_mq_run_work_fn+0x1b/0x20 process_one_work+0x22b/0x3d0 worker_thread+0x53/0x410 ? process_one_work+0x3d0/0x3d0 kthread+0x12a/0x150 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 </TASK> ================================================================================ ================================================================================ UBSAN: array-index-out-of-bounds in /build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:125:9 index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019 Workqueue: kblockd blk_mq_run_work_fn Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_out_of_bounds.cold+0x44/0x49 ? _printk+0x58/0x6f MR_GetPhyParams+0x407/0x700 [megaraid_sas] MR_BuildRaidContext+0x402/0xb50 [megaraid_sas] megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas] megasas_build_io_fusion+0x40e/0x450 [megaraid_sas] megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas] megasas_queue_command+0x1b5/0x1f0 [megaraid_sas] ? ktime_get+0x46/0xc0 scsi_dispatch_cmd+0x93/0x1f0 scsi_queue_rq+0x2d1/0x690 blk_mq_dispatch_rq_list+0x126/0x600 ? __sbitmap_queue_get+0x1/0x10 __blk_mq_do_dispatch_sched+0xba/0x2d0 ? ttwu_do_wakeup+0x1c/0x160 __blk_mq_sched_dispatch_requests+0x104/0x150 blk_mq_sched_dispatch_requests+0x35/0x60 __blk_mq_run_hw_queue+0x34/0xb0 blk_mq_run_work_fn+0x1b/0x20 process_one_work+0x22b/0x3d0 worker_thread+0x53/0x410 ? process_one_work+0x3d0/0x3d0 kthread+0x12a/0x150 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 </TASK> ================================================================================ ================================================================================ UBSAN: array-index-out-of-bounds in /build/linux-HMZHpV/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:151:32 index 1 is out of range for type 'MR_LD_SPAN_MAP [1]' CPU: 41 PID: 268 Comm: kworker/41:0H Not tainted 5.15.0-27-generic #28-Ubuntu Hardware name: Supermicro Super Server/H11DSU-iN, BIOS 1.3 07/15/2019 Workqueue: kblockd blk_mq_run_work_fn Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_out_of_bounds.cold+0x44/0x49 ? _printk+0x58/0x6f MR_GetPhyParams+0x47f/0x700 [megaraid_sas] MR_BuildRaidContext+0x402/0xb50 [megaraid_sas] megasas_build_ldio_fusion+0x5b5/0x9a0 [megaraid_sas] megasas_build_io_fusion+0x40e/0x450 [megaraid_sas] megasas_build_and_issue_cmd_fusion+0xa5/0x370 [megaraid_sas] megasas_queue_command+0x1b5/0x1f0 [megaraid_sas] ? ktime_get+0x46/0xc0 scsi_dispatch_cmd+0x93/0x1f0 scsi_queue_rq+0x2d1/0x690 blk_mq_dispatch_rq_list+0x126/0x600 ? __sbitmap_queue_get+0x1/0x10 __blk_mq_do_dispatch_sched+0xba/0x2d0 ? ttwu_do_wakeup+0x1c/0x160 __blk_mq_sched_dispatch_requests+0x104/0x150 blk_mq_sched_dispatch_requests+0x35/0x60 __blk_mq_run_hw_queue+0x34/0xb0 blk_mq_run_work_fn+0x1b/0x20 process_one_work+0x22b/0x3d0 worker_thread+0x53/0x410 ? process_one_work+0x3d0/0x3d0 kthread+0x12a/0x150 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 </TASK> ================================================================================ -- You may reply to this email to add a comment. You are receiving this mail because: You are the assignee for the bug.
