[Kernel-packages] [Bug 2017135] [NEW] memcpy: detected field-spanning write (size 45) of single field

Thu, 20 Apr 2023 05:25:31 -0700 

Public bug reported:

Linux rpi-4b-rev1d5-ca8d 6.2.0-1004-raspi #5-Ubuntu SMP PREEMPT Mon Apr
3 11:15:14 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux

[   23.936791] ------------[ cut here ]------------
[   23.941514] memcpy: detected field-spanning write (size 45) of single field 
"&mgmt_frame->u" at drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 
(size 26)
[   23.956680] WARNING: CPU: 1 PID: 22 at 
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 
brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[   23.970783] Modules linked in: rfcomm cmac algif_hash aes_arm64 
algif_skcipher af_alg bnep hci_uart btqca btrtl btbcm btintel snd_seq_dummy 
snd_hrtimer binfmt_misc tc358762 brcmfmac_wcc vc4 btsdio snd_soc_hdmi_codec 
drm_display_helper cec drm_dma_helper bluetooth drm_kms_helper snd_soc_core 
ecdh_generic ecc snd_compress snd_bcm2835(CE) ac97_bus snd_pcm_dmaengine 
snd_pcm brcmfmac v3d snd_seq_midi gpu_sched snd_seq_midi_event brcmutil 
crct10dif_ce snd_rawmidi drm_shmem_helper bcm2835_isp(CE) bcm2835_codec(CE) 
bcm2835_v4l2(CE) cfg80211 raspberrypi_hwmon snd_seq rpivid_hevc(CE) 
bcm2835_mmal_vchiq(CE) rfkill joydev snd_seq_device v4l2_mem2mem edt_ft5x06 
videobuf2_vmalloc videobuf2_dma_contig vc_sm_cma(CE) snd_timer input_leds 
videobuf2_memops videobuf2_v4l2 snd videodev syscopyarea sysfillrect 
videobuf2_common mc sysimgblt nvmem_rmem uio_pdrv_genirq uio fuse efi_pstore 
ip_tables x_tables ipv6 autofs4 hid_logitech_hidpp btrfs blake2b_generic 
hid_logitech_dj xor xor_neon hid_generic usbh
 id
[   23.970952]  raid6_pq libcrc32c spidev dwc2 i2c_mux_pinctrl roles i2c_mux 
i2c_brcmstb udc_core xhci_pci i2c_bcm2835 spi_bcm2835 xhci_pci_renesas 
panel_simple drm phy_generic drm_panel_orientation_quirks backlight z3fold zstd
[   24.079493] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G         C  E      
6.2.0-1004-raspi #5-Ubuntu
[   24.088757] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)
[   24.094670] Workqueue: events brcmf_fweh_event_worker [brcmfmac]
[   24.100805] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   24.107865] pc : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[   24.114697] lr : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[   24.121520] sp : ffff8000080ebc30
[   24.124875] x29: ffff8000080ebc30 x28: 000000000000002d x27: ffff652acb03f460
[   24.132114] x26: ffffb3d7d5887eb8 x25: 000000000000002d x24: ffffb3d7d58a2000
[   24.139352] x23: ffff652ac8a52698 x22: 000000000000003d x21: ffff652ac8a52680
[   24.146591] x20: 0000000000000000 x19: ffff652ac0e47980 x18: 000000000000004b
[   24.153828] x17: 000000009e6d28e0 x16: ffffb3d84aefc370 x15: 2f7373656c657269
[   24.161065] x14: 0000000000000001 x13: ffffb3d84b8cdba0 x12: 0000000000000001
[   24.168301] x11: 0000000000000002 x10: 0000000000000b90 x9 : ffffb3d84a2dd1c0
[   24.175539] x8 : ffff8000080eb9b8 x7 : 0000000000000000 x6 : 00000000000000d0
[   24.182777] x5 : ffff8000080ec000 x4 : ffff8000080e8000 x3 : 0000000000000000
[   24.190015] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff652ac02a2000
[   24.197251] Call trace:
[   24.199725]  brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[   24.206208]  brcmf_fweh_call_event_handler+0x40/0xa0 [brcmfmac]
[   24.212253]  brcmf_fweh_event_worker+0x1f8/0x370 [brcmfmac]
[   24.217943]  process_one_work+0x21c/0x4a0
[   24.222017]  worker_thread+0x74/0x430
[   24.225733]  kthread+0xec/0x100
[   24.228916]  ret_from_fork+0x10/0x20
[   24.232541] ---[ end trace 0000000000000000 ]---

** Affects: linux-raspi (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-raspi (Ubuntu Lunar)
     Importance: Undecided
         Status: New

** Description changed:

+ Linux rpi-4b-rev1d5-ca8d 6.2.0-1004-raspi #5-Ubuntu SMP PREEMPT Mon Apr
+ 3 11:15:14 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
  
  [   23.936791] ------------[ cut here ]------------
  [   23.941514] memcpy: detected field-spanning write (size 45) of single 
field "&mgmt_frame->u" at 
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 (size 26)
  [   23.956680] WARNING: CPU: 1 PID: 22 at 
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 
brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   23.970783] Modules linked in: rfcomm cmac algif_hash aes_arm64 
algif_skcipher af_alg bnep hci_uart btqca btrtl btbcm btintel snd_seq_dummy 
snd_hrtimer binfmt_misc tc358762 brcmfmac_wcc vc4 btsdio snd_soc_hdmi_codec 
drm_display_helper cec drm_dma_helper bluetooth drm_kms_helper snd_soc_core 
ecdh_generic ecc snd_compress snd_bcm2835(CE) ac97_bus snd_pcm_dmaengine 
snd_pcm brcmfmac v3d snd_seq_midi gpu_sched snd_seq_midi_event brcmutil 
crct10dif_ce snd_rawmidi drm_shmem_helper bcm2835_isp(CE) bcm2835_codec(CE) 
bcm2835_v4l2(CE) cfg80211 raspberrypi_hwmon snd_seq rpivid_hevc(CE) 
bcm2835_mmal_vchiq(CE) rfkill joydev snd_seq_device v4l2_mem2mem edt_ft5x06 
videobuf2_vmalloc videobuf2_dma_contig vc_sm_cma(CE) snd_timer input_leds 
videobuf2_memops videobuf2_v4l2 snd videodev syscopyarea sysfillrect 
videobuf2_common mc sysimgblt nvmem_rmem uio_pdrv_genirq uio fuse efi_pstore 
ip_tables x_tables ipv6 autofs4 hid_logitech_hidpp btrfs blake2b_generic 
hid_logitech_dj xor xor_neon hid_generic us
 bhid
  [   23.970952]  raid6_pq libcrc32c spidev dwc2 i2c_mux_pinctrl roles i2c_mux 
i2c_brcmstb udc_core xhci_pci i2c_bcm2835 spi_bcm2835 xhci_pci_renesas 
panel_simple drm phy_generic drm_panel_orientation_quirks backlight z3fold zstd
  [   24.079493] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G         C  E      
6.2.0-1004-raspi #5-Ubuntu
  [   24.088757] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)
  [   24.094670] Workqueue: events brcmf_fweh_event_worker [brcmfmac]
  [   24.100805] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  [   24.107865] pc : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   24.114697] lr : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   24.121520] sp : ffff8000080ebc30
  [   24.124875] x29: ffff8000080ebc30 x28: 000000000000002d x27: 
ffff652acb03f460
  [   24.132114] x26: ffffb3d7d5887eb8 x25: 000000000000002d x24: 
ffffb3d7d58a2000
  [   24.139352] x23: ffff652ac8a52698 x22: 000000000000003d x21: 
ffff652ac8a52680
  [   24.146591] x20: 0000000000000000 x19: ffff652ac0e47980 x18: 
000000000000004b
  [   24.153828] x17: 000000009e6d28e0 x16: ffffb3d84aefc370 x15: 
2f7373656c657269
  [   24.161065] x14: 0000000000000001 x13: ffffb3d84b8cdba0 x12: 
0000000000000001
  [   24.168301] x11: 0000000000000002 x10: 0000000000000b90 x9 : 
ffffb3d84a2dd1c0
  [   24.175539] x8 : ffff8000080eb9b8 x7 : 0000000000000000 x6 : 
00000000000000d0
  [   24.182777] x5 : ffff8000080ec000 x4 : ffff8000080e8000 x3 : 
0000000000000000
  [   24.190015] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 
ffff652ac02a2000
  [   24.197251] Call trace:
  [   24.199725]  brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   24.206208]  brcmf_fweh_call_event_handler+0x40/0xa0 [brcmfmac]
  [   24.212253]  brcmf_fweh_event_worker+0x1f8/0x370 [brcmfmac]
  [   24.217943]  process_one_work+0x21c/0x4a0
  [   24.222017]  worker_thread+0x74/0x430
  [   24.225733]  kthread+0xec/0x100
  [   24.228916]  ret_from_fork+0x10/0x20
  [   24.232541] ---[ end trace 0000000000000000 ]---

** Also affects: linux-raspi (Ubuntu Lunar)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi in Ubuntu.
https://bugs.launchpad.net/bugs/2017135

Title:
  memcpy: detected field-spanning write (size 45) of single field

Status in linux-raspi package in Ubuntu:
  New
Status in linux-raspi source package in Lunar:
  New

Bug description:
  Linux rpi-4b-rev1d5-ca8d 6.2.0-1004-raspi #5-Ubuntu SMP PREEMPT Mon
  Apr  3 11:15:14 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux

  [   23.936791] ------------[ cut here ]------------
  [   23.941514] memcpy: detected field-spanning write (size 45) of single 
field "&mgmt_frame->u" at 
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 (size 26)
  [   23.956680] WARNING: CPU: 1 PID: 22 at 
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 
brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   23.970783] Modules linked in: rfcomm cmac algif_hash aes_arm64 
algif_skcipher af_alg bnep hci_uart btqca btrtl btbcm btintel snd_seq_dummy 
snd_hrtimer binfmt_misc tc358762 brcmfmac_wcc vc4 btsdio snd_soc_hdmi_codec 
drm_display_helper cec drm_dma_helper bluetooth drm_kms_helper snd_soc_core 
ecdh_generic ecc snd_compress snd_bcm2835(CE) ac97_bus snd_pcm_dmaengine 
snd_pcm brcmfmac v3d snd_seq_midi gpu_sched snd_seq_midi_event brcmutil 
crct10dif_ce snd_rawmidi drm_shmem_helper bcm2835_isp(CE) bcm2835_codec(CE) 
bcm2835_v4l2(CE) cfg80211 raspberrypi_hwmon snd_seq rpivid_hevc(CE) 
bcm2835_mmal_vchiq(CE) rfkill joydev snd_seq_device v4l2_mem2mem edt_ft5x06 
videobuf2_vmalloc videobuf2_dma_contig vc_sm_cma(CE) snd_timer input_leds 
videobuf2_memops videobuf2_v4l2 snd videodev syscopyarea sysfillrect 
videobuf2_common mc sysimgblt nvmem_rmem uio_pdrv_genirq uio fuse efi_pstore 
ip_tables x_tables ipv6 autofs4 hid_logitech_hidpp btrfs blake2b_generic 
hid_logitech_dj xor xor_neon hid_generic us
 bhid
  [   23.970952]  raid6_pq libcrc32c spidev dwc2 i2c_mux_pinctrl roles i2c_mux 
i2c_brcmstb udc_core xhci_pci i2c_bcm2835 spi_bcm2835 xhci_pci_renesas 
panel_simple drm phy_generic drm_panel_orientation_quirks backlight z3fold zstd
  [   24.079493] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G         C  E      
6.2.0-1004-raspi #5-Ubuntu
  [   24.088757] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)
  [   24.094670] Workqueue: events brcmf_fweh_event_worker [brcmfmac]
  [   24.100805] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  [   24.107865] pc : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   24.114697] lr : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   24.121520] sp : ffff8000080ebc30
  [   24.124875] x29: ffff8000080ebc30 x28: 000000000000002d x27: 
ffff652acb03f460
  [   24.132114] x26: ffffb3d7d5887eb8 x25: 000000000000002d x24: 
ffffb3d7d58a2000
  [   24.139352] x23: ffff652ac8a52698 x22: 000000000000003d x21: 
ffff652ac8a52680
  [   24.146591] x20: 0000000000000000 x19: ffff652ac0e47980 x18: 
000000000000004b
  [   24.153828] x17: 000000009e6d28e0 x16: ffffb3d84aefc370 x15: 
2f7373656c657269
  [   24.161065] x14: 0000000000000001 x13: ffffb3d84b8cdba0 x12: 
0000000000000001
  [   24.168301] x11: 0000000000000002 x10: 0000000000000b90 x9 : 
ffffb3d84a2dd1c0
  [   24.175539] x8 : ffff8000080eb9b8 x7 : 0000000000000000 x6 : 
00000000000000d0
  [   24.182777] x5 : ffff8000080ec000 x4 : ffff8000080e8000 x3 : 
0000000000000000
  [   24.190015] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 
ffff652ac02a2000
  [   24.197251] Call trace:
  [   24.199725]  brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
  [   24.206208]  brcmf_fweh_call_event_handler+0x40/0xa0 [brcmfmac]
  [   24.212253]  brcmf_fweh_event_worker+0x1f8/0x370 [brcmfmac]
  [   24.217943]  process_one_work+0x21c/0x4a0
  [   24.222017]  worker_thread+0x74/0x430
  [   24.225733]  kthread+0xec/0x100
  [   24.228916]  ret_from_fork+0x10/0x20
  [   24.232541] ---[ end trace 0000000000000000 ]---

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2017135/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to