Ubuntu
linux package

UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:151:32

  1. Kinetic (22.10)
  2. Bug #2002842
Bug #2002842 reported by Vadim Sukhomlinov
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
HWE Next
New
Undecided
Unassigned
linux (Ubuntu)
Confirmed
Undecided
Unassigned
Jammy
In Progress
Undecided
AceLan Kao
Kinetic
In Progress
Undecided
AceLan Kao

Bug Description

I'm getting UBSAN complains every boot, this issue exists for years, but I was lazy to report it as everything works. However, not sure if it is security issue:

[ 1.866789] ================================================================================
[ 1.866992] ================================================================================
[ 1.867187] UBSAN: array-index-out-of-bounds in /build/linux-oKJrrr/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:151:32
[ 1.867454] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 1.867608] CPU: 0 PID: 203 Comm: kworker/0:1H Tainted: G I 5.15.0-58-generic #64-Ubuntu
[ 1.867612] Hardware name: Gigabyte Technology Co., Ltd. X299 UD4/X299 UD4-CF, BIOS F6p 12/06/2021
[ 1.867614] Workqueue: kblockd blk_mq_run_work_fn
[ 1.867620] Call Trace:
[ 1.867621] <TASK>
[ 1.867623] show_stack+0x52/0x5c
[ 1.867628] dump_stack_lvl+0x4a/0x63
[ 1.867635] dump_stack+0x10/0x16
[ 1.867641] ubsan_epilogue+0x9/0x49
[ 1.867647] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ 1.867653] ? _printk+0x58/0x73
[ 1.867658] MR_GetPhyParams+0x487/0x700 [megaraid_sas]
[ 1.867675] MR_BuildRaidContext+0x402/0xb50 [megaraid_sas]
[ 1.867693] megasas_build_ldio_fusion+0x5b9/0x9a0 [megaraid_sas]
[ 1.867710] megasas_build_io_fusion+0x412/0x450 [megaraid_sas]
[ 1.867725] megasas_build_and_issue_cmd_fusion+0xa5/0x380 [megaraid_sas]
[ 1.867739] megasas_queue_command+0x1be/0x200 [megaraid_sas]
[ 1.867753] ? ktime_get+0x43/0xc0
[ 1.867759] scsi_dispatch_cmd+0x93/0x200
[ 1.867764] scsi_queue_rq+0x2d5/0x690
[ 1.867771] blk_mq_dispatch_rq_list+0x13c/0x680
[ 1.867779] ? sbitmap_get+0x1/0xe0
[ 1.867786] __blk_mq_do_dispatch_sched+0xba/0x2e0
[ 1.867792] blk_mq_do_dispatch_sched+0x40/0x70
[ 1.867797] __blk_mq_sched_dispatch_requests+0x105/0x150
[ 1.867802] blk_mq_sched_dispatch_requests+0x35/0x70
[ 1.867806] __blk_mq_run_hw_queue+0x34/0xc0
[ 1.867812] blk_mq_run_work_fn+0x1f/0x30
[ 1.867818] process_one_work+0x228/0x3d0
[ 1.867823] worker_thread+0x53/0x420
[ 1.867826] ? process_one_work+0x3d0/0x3d0
[ 1.867830] kthread+0x127/0x150
[ 1.867836] ? set_kthread_struct+0x50/0x50
[ 1.867843] ret_from_fork+0x1f/0x30
[ 1.867852] </TASK>
[ 1.867853] ================================================================================

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-5.15.0-58-generic 5.15.0-58.64
ProcVersionSignature: Ubuntu 5.15.0-58.64-generic 5.15.74
Uname: Linux 5.15.0-58-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC3: vsukhoml 2725 F.... pulseaudio
 /dev/snd/controlC0: vsukhoml 2725 F.... pulseaudio
 /dev/snd/controlC1: vsukhoml 2725 F.... pulseaudio
 /dev/snd/controlC2: vsukhoml 2725 F.... pulseaudio
CasperMD5CheckResult: unknown
CurrentDesktop: XFCE
Date: Fri Jan 13 11:12:10 2023
InstallationDate: Installed on 2020-05-03 (985 days ago)
InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
MachineType: Gigabyte Technology Co., Ltd. X299 UD4
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-58-generic root=UUID=9f617cba-f115-4ee3-ad8e-de95fcd2ca03 ro quiet splash nomodeset
RelatedPackageVersions:
 linux-restricted-modules-5.15.0-58-generic N/A
 linux-backports-modules-5.15.0-58-generic N/A
 linux-firmware 20220329.git681281e4-0ubuntu3.9
SourcePackage: linux
UpgradeStatus: Upgraded to jammy on 2022-07-15 (182 days ago)
dmi.bios.date: 12/06/2021
dmi.bios.release: 5.13
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F6p
dmi.board.asset.tag: Default string
dmi.board.name: X299 UD4-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: Default string
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF6p:bd12/06/2021:br5.13:svnGigabyteTechnologyCo.,Ltd.:pnX299UD4:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnX299UD4-CF:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring:
dmi.product.family: Default string
dmi.product.name: X299 UD4
dmi.product.sku: Default string
dmi.product.version: Default string
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

Revision history for this message
Vadim Sukhomlinov (vsukhoml) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
John Hartley (graphdrum) wrote :
Download full text (4.0 KiB)

Problem:

This bug is also being reporting on my Lenovo x3650 Server, so adding here to confirm multiple occurrence/

Ubuntu Version:

$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

kernel version:

$ uname -a
Linux blue 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

[ 4.607349] UBSAN: array-index-out-of-bounds in /build/linux-oKJrrr/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
[ 4.607725] index 5 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 4.607925] CPU: 0 PID: 402 Comm: kworker/0:2 Not tainted 5.15.0-58-generic #64-Ubuntu
[ 4.607930] Hardware name: LENOVO System x3650 M5: -[8871AC1]-/01KN179, BIOS -[TCE148A-3.30]- 10/26/2020
[ 4.607932] Workqueue: events work_for_cpu_fn
[ 4.607944] Call Trace:
[ 4.607948] <TASK>
[ 4.607950] show_stack+0x52/0x5c
[ 4.607958] dump_stack_lvl+0x4a/0x63
[ 4.607968] dump_stack+0x10/0x16
[ 4.607972] ubsan_epilogue+0x9/0x49
[ 4.607977] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ 4.607982] ? MR_PopulateDrvRaidMap+0x295/0x580 [megaraid_sas]
[ 4.608002] mr_update_load_balance_params+0xb9/0xc0 [megaraid_sas]
[ 4.608014] MR_ValidateMapInfo+0x8d/0x290 [megaraid_sas]
[ 4.608025] megasas_init_adapter_fusion+0x3ce/0x420 [megaraid_sas]
[ 4.608036] ? megasas_setup_reply_map+0x49/0xac [megaraid_sas]
[ 4.608050] megasas_init_fw.cold+0x87f/0x10c8 [megaraid_sas]
[ 4.608064] megasas_probe_one+0x15c/0x4e0 [megaraid_sas]
[ 4.608075] local_pci_probe+0x4b/0x90
[ 4.608081] work_for_cpu_fn+0x1a/0x30
[ 4.608085] process_one_work+0x22b/0x3d0
[ 4.608089] worker_thread+0x223/0x420
[ 4.608092] ? process_one_work+0x3d0/0x3d0
[ 4.608095] kthread+0x12a/0x150
[ 4.608099] ? set_kthread_struct+0x50/0x50
[ 4.608103] ret_from_fork+0x22/0x30
[ 4.608110] </TASK>
[ 4.608111] ================================================================================
[ 4.608385] ================================================================================
[ 4.608655] UBSAN: array-index-out-of-bounds in /build/linux-oKJrrr/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
[ 4.609031] index 5 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 4.609230] CPU: 0 PID: 402 Comm: kworker/0:2 Not tainted 5.15.0-58-generic #64-Ubuntu
[ 4.609233] Hardware name: LENOVO System x3650 M5: -[8871AC1]-/01KN179, BIOS -[TCE148A-3.30]- 10/26/2020
[ 4.609234] Workqueue: events work_for_cpu_fn
[ 4.609239] Call Trace:
[ 4.609240] <TASK>
[ 4.609241] show_stack+0x52/0x5c
[ 4.609244] dump_stack_lvl+0x4a/0x63
[ 4.609249] dump_stack+0x10/0x16
[ 4.609253] ubsan_epilogue+0x9/0x49
[ 4.609257] __ubsan_handle_out_of...

Read more...

Revision history for this message
Satish Patel (satish-txt) wrote :

I got this bug today in Ubuntu 22.04

root@ceph1:~# uname -a
Linux ceph1 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
root@ceph1:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"

[ 17.317308] ================================================================================
[ 17.317310] UBSAN: array-index-out-of-bounds in /build/linux-oKJrrr/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
[ 17.317312] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 17.317314] CPU: 16 PID: 116 Comm: kworker/16:0H Not tainted 5.15.0-58-generic #64-Ubuntu
[ 17.317317] Hardware name: Dell Inc. PowerEdge R620/0VV3F2, BIOS 2.9.0 12/06/2019
[ 17.317319] Workqueue: kblockd blk_mq_run_work_fn
[ 17.317326] Call Trace:
[ 17.317329] <TASK>
[ 17.317332] show_stack+0x52/0x5c
[ 17.317337] dump_stack_lvl+0x4a/0x63
[ 17.317343] dump_stack+0x10/0x16
[ 17.317345] ubsan_epilogue+0x9/0x49
[ 17.317357] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ 17.317361] MR_BuildRaidContext+0xa5e/0xb50 [megaraid_sas]
[ 17.317375] megasas_build_ldio_fusion+0x5b9/0x9a0 [megaraid_sas]
[ 17.317384] megasas_build_io_fusion+0x412/0x450 [megaraid_sas]
[ 17.317391] megasas_build_and_issue_cmd_fusion+0xa5/0x380 [megaraid_sas]
[ 17.317398] megasas_queue_command+0x1c1/0x200 [megaraid_sas]
[ 17.317405] ? ktime_get+0x46/0xc0
[ 17.317409] scsi_dispatch_cmd+0x96/0x200
[ 17.317412] scsi_queue_rq+0x2d5/0x690
[ 17.317415] blk_mq_dispatch_rq_list+0x13f/0x680
[ 17.317418] ? sbitmap_get+0x1/0xe0
[ 17.317422] __blk_mq_do_dispatch_sched+0xba/0x2e0
[ 17.317424] blk_mq_do_dispatch_sched+0x40/0x70
[ 17.317426] __blk_mq_sched_dispatch_requests+0x105/0x150
[ 17.317428] blk_mq_sched_dispatch_requests+0x35/0x70
[ 17.317429] __blk_mq_run_hw_queue+0x34/0xc0
[ 17.317432] blk_mq_run_work_fn+0x1f/0x30
[ 17.317434] process_one_work+0x22b/0x3d0
[ 17.317436] worker_thread+0x53/0x420
[ 17.317438] ? process_one_work+0x3d0/0x3d0
[ 17.317439] kthread+0x12a/0x150
[ 17.317441] ? set_kthread_struct+0x50/0x50
[ 17.317444] ret_from_fork+0x22/0x30
[ 17.317448] </TASK>
[ 17.317449] ================================================================================
[ 17.317450] ================================================================================

Revision history for this message
DUFOUR Olivier (odufourc) wrote :

There is a ticket upstream that might be related to this issue :
https://bugzilla.kernel.org/show_bug.cgi?id=215943

From the comments, there is possibly a patch merged in kernel 6.1 to fix this problem.

AceLan Kao (acelankao)
Changed in linux (Ubuntu Jammy):
status: New → In Progress
Changed in linux (Ubuntu Kinetic):
status: New → In Progress
Changed in linux (Ubuntu Jammy):
assignee: nobody → AceLan Kao (acelankao)
Changed in linux (Ubuntu Kinetic):
assignee: nobody → AceLan Kao (acelankao)
tags: added: oem-priority originate-from-1992670 somerville
Revision history for this message
AceLan Kao (acelankao) wrote :

Here is the test kernel and the patches applied on top of 5.15.0-68
https://people.canonical.com/~acelan/bugs/lp2002842/

I'll find a machine to verify it later.

Revision history for this message
Jasvinder Singh Kwatra (jasvinder1107) wrote :

We are running kernel 5.15.0-71-generic,we are still seeing this issue.

 uname -r
5.15.0-71-generic
/usr/bin/lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.