2160963 – memcpy: detected field-spanning write (size 32) of single field "hk.kv_val" at drivers/net/wireless/ath/key.c:506 (size 16)

Bug 2160963 - memcpy: detected field-spanning write (size 32) of single field "hk.kv_val" at drivers/net/wireless/ath/key.c:506 (size 16)

Summary: memcpy: detected field-spanning write (size 32) of single field "hk.kv_val" a...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	38
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-01-14 19:04 UTC by Andre Robatino
Modified:	2023-05-30 17:25 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-05-30 17:25:09 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
journalctl --no-hostname -k (77.59 KB, text/plain) 2023-01-14 19:04 UTC, Andre Robatino	no flags	Details
View All

Description Andre Robatino 2023-01-14 19:04:03 UTC

Created attachment 1938109 [details]
journalctl --no-hostname -k

1. Please describe the problem:
On my Lenovo ThinkPad X131e, I get the following call trace when booting with kernel-6.1.5-200.fc37.x86_64. Despite it the wireless is still working. Not certain but I think this is the first affected kernel version.

Jan 14 13:41:33 kernel: ------------[ cut here ]------------
Jan 14 13:41:33 kernel: memcpy: detected field-spanning write (size 32) of single field "hk.kv_val" at drivers/net/wireless/ath/key.c:506 (size 16)
Jan 14 13:41:33 kernel: WARNING: CPU: 0 PID: 885 at drivers/net/wireless/ath/key.c:506 ath_key_config+0x3f3/0x430 [ath]
Jan 14 13:41:33 kernel: Modules linked in: ath9k ath9k_common ath9k_hw mac80211 nft_objref bnep nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet intel_rapl_msr nft_fib_ipv4 nft_fib_ipv6 nft_fib snd_hda_codec_hdmi intel_rapl_common snd_hda_codec_realtek nft_reject_inet nf_reject_ipv4 snd_hda_codec_generic nf_reject_ipv6 nft_reject ledtrig_audio x86_pkg_temp_thermal intel_powerclamp snd_hda_intel nft_ct coretemp kvm_intel nft_chain_nat nf_nat libarc4 nf_conntrack snd_intel_dspcfg snd_intel_sdw_acpi nf_defrag_ipv6 nf_defrag_ipv4 uvcvideo ath snd_hda_codec videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 kvm snd_hda_core videobuf2_common ath3k snd_hwdep snd_seq snd_seq_device videodev btusb cfg80211 snd_pcm ip_set btrtl nf_tables btbcm iTCO_wdt irqbypass btintel intel_pmc_bxt snd_timer i2c_i801 rapl nfnetlink qrtr btmtk iTCO_vendor_support bluetooth intel_cstate sunrpc joydev mc intel_uncore i2c_smbus pcspkr snd rfkill mei_me lpc_ich mei soundcore chromeos_acpi zram i915 rtsx_pci_sdmmc
Jan 14 13:41:33 kernel:  drm_buddy mmc_core drm_display_helper crct10dif_pclmul crc32_pclmul crc32c_intel cec polyval_generic r8169 ghash_clmulni_intel sha512_ssse3 rtsx_pci serio_raw ttm video wmi ip6_tables ip_tables fuse
Jan 14 13:41:33 kernel: CPU: 0 PID: 885 Comm: wpa_supplicant Not tainted 6.1.5-200.fc37.x86_64 #1
Jan 14 13:41:33 kernel: Hardware name: Google Stout/Stout, BIOS 4.0-6588-g4acd8ea-dirty 09/04/2014
Jan 14 13:41:33 kernel: RIP: 0010:ath_key_config+0x3f3/0x430 [ath]
Jan 14 13:41:33 kernel: Code: 00 00 0f 85 e1 fc ff ff b9 10 00 00 00 48 c7 c2 78 63 e8 c0 48 89 ee 48 c7 c7 b0 63 e8 c0 c6 05 6a 56 00 00 01 e8 f1 75 ee c6 <0f> 0b e9 b8 fc ff ff 0f be 6b 0f e9 2b fd ff ff 48 c7 c2 10 66 e8
Jan 14 13:41:33 kernel: RSP: 0018:ffffabbac0c1f6f8 EFLAGS: 00010286
Jan 14 13:41:33 kernel: RAX: 000000000000007b RBX: ffffa0058507e630 RCX: 0000000000000000
Jan 14 13:41:33 kernel: RDX: 0000000000000001 RSI: ffffffff8874a863 RDI: 00000000ffffffff
Jan 14 13:41:33 kernel: RBP: 0000000000000020 R08: 0000000000000000 R09: ffffabbac0c1f598
Jan 14 13:41:33 kernel: R10: 0000000000000003 R11: ffffffff89146488 R12: ffffa00584d6c078
Jan 14 13:41:33 kernel: R13: 0000000000000000 R14: ffffa00585c35ba8 R15: ffffa0058507e644
Jan 14 13:41:33 kernel: FS:  00007f48540447c0(0000) GS:ffffa005cb200000(0000) knlGS:0000000000000000
Jan 14 13:41:33 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 14 13:41:33 kernel: CR2: 0000556f00bc2048 CR3: 000000013e02e001 CR4: 00000000001706f0
Jan 14 13:41:33 kernel: Call Trace:
Jan 14 13:41:33 kernel:  <TASK>
Jan 14 13:41:33 kernel:  ath9k_set_key+0x1fe/0x300 [ath9k]
Jan 14 13:41:33 kernel:  drv_set_key+0xa4/0x1b0 [mac80211]
Jan 14 13:41:33 kernel:  ieee80211_key_enable_hw_accel+0x15e/0x2a0 [mac80211]
Jan 14 13:41:33 kernel:  ieee80211_key_replace+0x22d/0x8b0 [mac80211]
Jan 14 13:41:33 kernel:  ? synchronize_rcu+0x51/0x60
Jan 14 13:41:33 kernel:  ? __call_rcu_nocb_wake+0x290/0x290
Jan 14 13:41:33 kernel:  ieee80211_key_link+0x233/0x390 [mac80211]
Jan 14 13:41:33 kernel:  ? __kmalloc+0x49/0x150
Jan 14 13:41:33 kernel:  ? ieee80211_key_alloc+0x129/0x3b0 [mac80211]
Jan 14 13:41:33 kernel:  ieee80211_add_key+0x185/0x310 [mac80211]
Jan 14 13:41:33 kernel:  nl80211_new_key+0x1ed/0x360 [cfg80211]
Jan 14 13:41:33 kernel:  genl_family_rcv_msg_doit+0xe8/0x130
Jan 14 13:41:33 kernel:  genl_rcv_msg+0x112/0x240
Jan 14 13:41:33 kernel:  ? nl80211_msg_put_channel+0x630/0x630 [cfg80211]
Jan 14 13:41:33 kernel:  ? genl_start+0x160/0x160
Jan 14 13:41:33 kernel:  netlink_rcv_skb+0x51/0x100
Jan 14 13:41:33 kernel:  genl_rcv+0x24/0x40
Jan 14 13:41:33 kernel:  netlink_unicast+0x21e/0x360
Jan 14 13:41:33 kernel:  netlink_sendmsg+0x242/0x4a0
Jan 14 13:41:33 kernel:  sock_sendmsg+0x5f/0x70
Jan 14 13:41:33 kernel:  ____sys_sendmsg+0x277/0x2f0
Jan 14 13:41:33 kernel:  ___sys_sendmsg+0x9a/0xe0
Jan 14 13:41:33 kernel:  __sys_sendmsg+0x68/0xa0
Jan 14 13:41:33 kernel:  do_syscall_64+0x5b/0x80
Jan 14 13:41:33 kernel:  ? __sys_setsockopt+0xdb/0x1d0
Jan 14 13:41:33 kernel:  ? syscall_exit_to_user_mode+0x17/0x40
Jan 14 13:41:33 kernel:  ? do_syscall_64+0x67/0x80
Jan 14 13:41:33 kernel:  ? do_syscall_64+0x67/0x80
Jan 14 13:41:33 kernel:  ? exc_page_fault+0x70/0x170
Jan 14 13:41:33 kernel:  entry_SYSCALL_64_after_hwframe+0x63/0xcd
Jan 14 13:41:33 kernel: RIP: 0033:0x7f4853b30d44
Jan 14 13:41:33 kernel: Code: 15 f1 50 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d bd d8 0c 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89
Jan 14 13:41:33 kernel: RSP: 002b:00007ffd596e07b8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
Jan 14 13:41:33 kernel: RAX: ffffffffffffffda RBX: 0000556f00b0d700 RCX: 00007f4853b30d44
Jan 14 13:41:33 kernel: RDX: 0000000000000000 RSI: 00007ffd596e07f0 RDI: 0000000000000006
Jan 14 13:41:33 kernel: RBP: 0000556f00b98350 R08: 0000000000000004 R09: 00007f4853bf7300
Jan 14 13:41:33 kernel: R10: 00007ffd596e08d0 R11: 0000000000000202 R12: 0000556f00b0d610
Jan 14 13:41:33 kernel: R13: 00007ffd596e07f0 R14: 0000000000000000 R15: 00007ffd596e08d0
Jan 14 13:41:33 kernel:  </TASK>
Jan 14 13:41:33 kernel: ---[ end trace 0000000000000000 ]---

2. What is the Version-Release number of the kernel:
kernel-6.1.5-200.fc37.x86_64

6. Are you running any modules that not shipped with directly Fedora's kernel?: No


7. Please attach the kernel logs. You can get the complete kernel log
   for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
   issue occurred on a previous boot, use the journalctl ``-b`` flag.

Comment 1 Andre Robatino 2023-01-14 20:15:29 UTC

According to https://bbs.archlinux.org/viewtopic.php?id=282254 (which links to https://github.com/torvalds/linux/commit/54d9469bc515dc5fcbc20eecbe19cea868b70d68 ) this may just be a warning and the field-spanning write may be intentional.

Comment 2 Andre Robatino 2023-01-16 16:49:39 UTC

Still present in 6.1.6-200.fc37.x86_64. Won't report again until it goes away.

Comment 3 Andre Robatino 2023-05-30 17:25:09 UTC

Message no longer appears in 6.3.4-201.fc38.x86_64.

Note You need to log in before you can comment on or make changes to this bug.