Public bug reported:
Linux rpi-4b-rev1d5-ca8d 6.2.0-1004-raspi #5-Ubuntu SMP PREEMPT Mon Apr
3 11:15:14 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
[ 23.936791] ------------[ cut here ]------------
[ 23.941514] memcpy: detected field-spanning write (size 45) of single field
"&mgmt_frame->u" at drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469
(size 26)
[ 23.956680] WARNING: CPU: 1 PID: 22 at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469
brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 23.970783] Modules linked in: rfcomm cmac algif_hash aes_arm64
algif_skcipher af_alg bnep hci_uart btqca btrtl btbcm btintel snd_seq_dummy
snd_hrtimer binfmt_misc tc358762 brcmfmac_wcc vc4 btsdio snd_soc_hdmi_codec
drm_display_helper cec drm_dma_helper bluetooth drm_kms_helper snd_soc_core
ecdh_generic ecc snd_compress snd_bcm2835(CE) ac97_bus snd_pcm_dmaengine
snd_pcm brcmfmac v3d snd_seq_midi gpu_sched snd_seq_midi_event brcmutil
crct10dif_ce snd_rawmidi drm_shmem_helper bcm2835_isp(CE) bcm2835_codec(CE)
bcm2835_v4l2(CE) cfg80211 raspberrypi_hwmon snd_seq rpivid_hevc(CE)
bcm2835_mmal_vchiq(CE) rfkill joydev snd_seq_device v4l2_mem2mem edt_ft5x06
videobuf2_vmalloc videobuf2_dma_contig vc_sm_cma(CE) snd_timer input_leds
videobuf2_memops videobuf2_v4l2 snd videodev syscopyarea sysfillrect
videobuf2_common mc sysimgblt nvmem_rmem uio_pdrv_genirq uio fuse efi_pstore
ip_tables x_tables ipv6 autofs4 hid_logitech_hidpp btrfs blake2b_generic
hid_logitech_dj xor xor_neon hid_generic usbh
id
[ 23.970952] raid6_pq libcrc32c spidev dwc2 i2c_mux_pinctrl roles i2c_mux
i2c_brcmstb udc_core xhci_pci i2c_bcm2835 spi_bcm2835 xhci_pci_renesas
panel_simple drm phy_generic drm_panel_orientation_quirks backlight z3fold zstd
[ 24.079493] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G C E
6.2.0-1004-raspi #5-Ubuntu
[ 24.088757] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)
[ 24.094670] Workqueue: events brcmf_fweh_event_worker [brcmfmac]
[ 24.100805] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 24.107865] pc : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.114697] lr : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.121520] sp : ffff8000080ebc30
[ 24.124875] x29: ffff8000080ebc30 x28: 000000000000002d x27: ffff652acb03f460
[ 24.132114] x26: ffffb3d7d5887eb8 x25: 000000000000002d x24: ffffb3d7d58a2000
[ 24.139352] x23: ffff652ac8a52698 x22: 000000000000003d x21: ffff652ac8a52680
[ 24.146591] x20: 0000000000000000 x19: ffff652ac0e47980 x18: 000000000000004b
[ 24.153828] x17: 000000009e6d28e0 x16: ffffb3d84aefc370 x15: 2f7373656c657269
[ 24.161065] x14: 0000000000000001 x13: ffffb3d84b8cdba0 x12: 0000000000000001
[ 24.168301] x11: 0000000000000002 x10: 0000000000000b90 x9 : ffffb3d84a2dd1c0
[ 24.175539] x8 : ffff8000080eb9b8 x7 : 0000000000000000 x6 : 00000000000000d0
[ 24.182777] x5 : ffff8000080ec000 x4 : ffff8000080e8000 x3 : 0000000000000000
[ 24.190015] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff652ac02a2000
[ 24.197251] Call trace:
[ 24.199725] brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.206208] brcmf_fweh_call_event_handler+0x40/0xa0 [brcmfmac]
[ 24.212253] brcmf_fweh_event_worker+0x1f8/0x370 [brcmfmac]
[ 24.217943] process_one_work+0x21c/0x4a0
[ 24.222017] worker_thread+0x74/0x430
[ 24.225733] kthread+0xec/0x100
[ 24.228916] ret_from_fork+0x10/0x20
[ 24.232541] ---[ end trace 0000000000000000 ]---
** Affects: linux-raspi (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi (Ubuntu Lunar)
Importance: Undecided
Status: New
** Description changed:
+ Linux rpi-4b-rev1d5-ca8d 6.2.0-1004-raspi #5-Ubuntu SMP PREEMPT Mon Apr
+ 3 11:15:14 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
[ 23.936791] ------------[ cut here ]------------
[ 23.941514] memcpy: detected field-spanning write (size 45) of single
field "&mgmt_frame->u" at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 (size 26)
[ 23.956680] WARNING: CPU: 1 PID: 22 at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469
brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 23.970783] Modules linked in: rfcomm cmac algif_hash aes_arm64
algif_skcipher af_alg bnep hci_uart btqca btrtl btbcm btintel snd_seq_dummy
snd_hrtimer binfmt_misc tc358762 brcmfmac_wcc vc4 btsdio snd_soc_hdmi_codec
drm_display_helper cec drm_dma_helper bluetooth drm_kms_helper snd_soc_core
ecdh_generic ecc snd_compress snd_bcm2835(CE) ac97_bus snd_pcm_dmaengine
snd_pcm brcmfmac v3d snd_seq_midi gpu_sched snd_seq_midi_event brcmutil
crct10dif_ce snd_rawmidi drm_shmem_helper bcm2835_isp(CE) bcm2835_codec(CE)
bcm2835_v4l2(CE) cfg80211 raspberrypi_hwmon snd_seq rpivid_hevc(CE)
bcm2835_mmal_vchiq(CE) rfkill joydev snd_seq_device v4l2_mem2mem edt_ft5x06
videobuf2_vmalloc videobuf2_dma_contig vc_sm_cma(CE) snd_timer input_leds
videobuf2_memops videobuf2_v4l2 snd videodev syscopyarea sysfillrect
videobuf2_common mc sysimgblt nvmem_rmem uio_pdrv_genirq uio fuse efi_pstore
ip_tables x_tables ipv6 autofs4 hid_logitech_hidpp btrfs blake2b_generic
hid_logitech_dj xor xor_neon hid_generic us
bhid
[ 23.970952] raid6_pq libcrc32c spidev dwc2 i2c_mux_pinctrl roles i2c_mux
i2c_brcmstb udc_core xhci_pci i2c_bcm2835 spi_bcm2835 xhci_pci_renesas
panel_simple drm phy_generic drm_panel_orientation_quirks backlight z3fold zstd
[ 24.079493] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G C E
6.2.0-1004-raspi #5-Ubuntu
[ 24.088757] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)
[ 24.094670] Workqueue: events brcmf_fweh_event_worker [brcmfmac]
[ 24.100805] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 24.107865] pc : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.114697] lr : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.121520] sp : ffff8000080ebc30
[ 24.124875] x29: ffff8000080ebc30 x28: 000000000000002d x27:
ffff652acb03f460
[ 24.132114] x26: ffffb3d7d5887eb8 x25: 000000000000002d x24:
ffffb3d7d58a2000
[ 24.139352] x23: ffff652ac8a52698 x22: 000000000000003d x21:
ffff652ac8a52680
[ 24.146591] x20: 0000000000000000 x19: ffff652ac0e47980 x18:
000000000000004b
[ 24.153828] x17: 000000009e6d28e0 x16: ffffb3d84aefc370 x15:
2f7373656c657269
[ 24.161065] x14: 0000000000000001 x13: ffffb3d84b8cdba0 x12:
0000000000000001
[ 24.168301] x11: 0000000000000002 x10: 0000000000000b90 x9 :
ffffb3d84a2dd1c0
[ 24.175539] x8 : ffff8000080eb9b8 x7 : 0000000000000000 x6 :
00000000000000d0
[ 24.182777] x5 : ffff8000080ec000 x4 : ffff8000080e8000 x3 :
0000000000000000
[ 24.190015] x2 : 0000000000000000 x1 : 0000000000000000 x0 :
ffff652ac02a2000
[ 24.197251] Call trace:
[ 24.199725] brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.206208] brcmf_fweh_call_event_handler+0x40/0xa0 [brcmfmac]
[ 24.212253] brcmf_fweh_event_worker+0x1f8/0x370 [brcmfmac]
[ 24.217943] process_one_work+0x21c/0x4a0
[ 24.222017] worker_thread+0x74/0x430
[ 24.225733] kthread+0xec/0x100
[ 24.228916] ret_from_fork+0x10/0x20
[ 24.232541] ---[ end trace 0000000000000000 ]---
** Also affects: linux-raspi (Ubuntu Lunar)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi in Ubuntu.
https://bugs.launchpad.net/bugs/2017135
Title:
memcpy: detected field-spanning write (size 45) of single field
Status in linux-raspi package in Ubuntu:
New
Status in linux-raspi source package in Lunar:
New
Bug description:
Linux rpi-4b-rev1d5-ca8d 6.2.0-1004-raspi #5-Ubuntu SMP PREEMPT Mon
Apr 3 11:15:14 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
[ 23.936791] ------------[ cut here ]------------
[ 23.941514] memcpy: detected field-spanning write (size 45) of single
field "&mgmt_frame->u" at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469 (size 26)
[ 23.956680] WARNING: CPU: 1 PID: 22 at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c:1469
brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 23.970783] Modules linked in: rfcomm cmac algif_hash aes_arm64
algif_skcipher af_alg bnep hci_uart btqca btrtl btbcm btintel snd_seq_dummy
snd_hrtimer binfmt_misc tc358762 brcmfmac_wcc vc4 btsdio snd_soc_hdmi_codec
drm_display_helper cec drm_dma_helper bluetooth drm_kms_helper snd_soc_core
ecdh_generic ecc snd_compress snd_bcm2835(CE) ac97_bus snd_pcm_dmaengine
snd_pcm brcmfmac v3d snd_seq_midi gpu_sched snd_seq_midi_event brcmutil
crct10dif_ce snd_rawmidi drm_shmem_helper bcm2835_isp(CE) bcm2835_codec(CE)
bcm2835_v4l2(CE) cfg80211 raspberrypi_hwmon snd_seq rpivid_hevc(CE)
bcm2835_mmal_vchiq(CE) rfkill joydev snd_seq_device v4l2_mem2mem edt_ft5x06
videobuf2_vmalloc videobuf2_dma_contig vc_sm_cma(CE) snd_timer input_leds
videobuf2_memops videobuf2_v4l2 snd videodev syscopyarea sysfillrect
videobuf2_common mc sysimgblt nvmem_rmem uio_pdrv_genirq uio fuse efi_pstore
ip_tables x_tables ipv6 autofs4 hid_logitech_hidpp btrfs blake2b_generic
hid_logitech_dj xor xor_neon hid_generic us
bhid
[ 23.970952] raid6_pq libcrc32c spidev dwc2 i2c_mux_pinctrl roles i2c_mux
i2c_brcmstb udc_core xhci_pci i2c_bcm2835 spi_bcm2835 xhci_pci_renesas
panel_simple drm phy_generic drm_panel_orientation_quirks backlight z3fold zstd
[ 24.079493] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G C E
6.2.0-1004-raspi #5-Ubuntu
[ 24.088757] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)
[ 24.094670] Workqueue: events brcmf_fweh_event_worker [brcmfmac]
[ 24.100805] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 24.107865] pc : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.114697] lr : brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.121520] sp : ffff8000080ebc30
[ 24.124875] x29: ffff8000080ebc30 x28: 000000000000002d x27:
ffff652acb03f460
[ 24.132114] x26: ffffb3d7d5887eb8 x25: 000000000000002d x24:
ffffb3d7d58a2000
[ 24.139352] x23: ffff652ac8a52698 x22: 000000000000003d x21:
ffff652ac8a52680
[ 24.146591] x20: 0000000000000000 x19: ffff652ac0e47980 x18:
000000000000004b
[ 24.153828] x17: 000000009e6d28e0 x16: ffffb3d84aefc370 x15:
2f7373656c657269
[ 24.161065] x14: 0000000000000001 x13: ffffb3d84b8cdba0 x12:
0000000000000001
[ 24.168301] x11: 0000000000000002 x10: 0000000000000b90 x9 :
ffffb3d84a2dd1c0
[ 24.175539] x8 : ffff8000080eb9b8 x7 : 0000000000000000 x6 :
00000000000000d0
[ 24.182777] x5 : ffff8000080ec000 x4 : ffff8000080e8000 x3 :
0000000000000000
[ 24.190015] x2 : 0000000000000000 x1 : 0000000000000000 x0 :
ffff652ac02a2000
[ 24.197251] Call trace:
[ 24.199725] brcmf_p2p_notify_action_frame_rx+0x380/0x440 [brcmfmac]
[ 24.206208] brcmf_fweh_call_event_handler+0x40/0xa0 [brcmfmac]
[ 24.212253] brcmf_fweh_event_worker+0x1f8/0x370 [brcmfmac]
[ 24.217943] process_one_work+0x21c/0x4a0
[ 24.222017] worker_thread+0x74/0x430
[ 24.225733] kthread+0xec/0x100
[ 24.228916] ret_from_fork+0x10/0x20
[ 24.232541] ---[ end trace 0000000000000000 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2017135/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp