From: "Ahelenia Ziemiańska" <nabijaczleweli@nabijaczleweli.xyz>
To: Brian Norris <briannorris@chromium.org>,
Kalle Valo <kvalo@kernel.org>,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: memcpy: detected field-spanning write (size 101) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251 (size 1)
Date: Fri, 26 Jan 2024 20:47:32 +0100 [thread overview]
Message-ID: <xebnh5c5rnfequ6khyhieugefrtt5mdftr6rsw522ocpg3yvln@tarta.nabijaczleweli.xyz> (raw)
[-- Attachment #1: Type: text/plain, Size: 3965 bytes --]
Hi!
I have a Google Hana (mt8173-elm-hana.dts) laptop with Wi-Fi provided by
the mmc@11260000/mwifiex@1 device ("marvell,sd8897").
On 6.6.11 in the dmesg I see
[ 41.314595] ------------[ cut here ]------------
[ 41.314634] memcpy: detected field-spanning write (size 101) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251 (size 1)
[ 41.314739] WARNING: CPU: 1 PID: 298 at drivers/net/wireless/marvell/mwifiex/scan.c:2251 mwifiex_cmd_802_11_scan_ext+0xa8/0xb8 [mwifiex]
[ 41.314802] Modules linked in: uvcvideo uvc videobuf2_vmalloc xhci_mtk_hcd xhci_hcd hid_multitouch joydev sbs_battery snd_soc_hdmi_codec btmrvl_sdio evdev btmrvl crct10dif_ce bluetooth polyval_ce mwifiex_sdio polyval_generic sha2_ce sha256_arm64 mwifiex sha1_ce arm_smc_wdt mt8173_rt5650 ecdh_generic mt8173_afe_pcm snd_soc_rt5645 snd_soc_mtk_common snd_soc_rl6231 snd_soc_core snd_pcm_dmaengine snd_pcm snd_timer mtu3 snd ofpart udc_core spi_nor i2c_hid_of soundcore i2c_hid elan_i2c elants_i2c melfas_mip4 da9211_regulator mt6577_auxadc spi_mt65xx gpio_keys ghash_generic ghash_ce gf128mul gcm aes_ce_ccm algif_aead crypto_null des_generic libdes ecb algif_skcipher aes_neon_blk aes_ce_blk aes_ce_cipher md4 cfg80211 algif_hash af_alg rfkill binfmt_misc pkcs8_key_parser dm_mod loop efi_pstore dax configfs nfnetlink ip_tables x_tables autofs4
[ 41.315059] CPU: 1 PID: 298 Comm: iwd Not tainted 6.6.11 #75
[ 41.315072] Hardware name: Google Hana (DT)
[ 41.315082] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 41.315096] pc : mwifiex_cmd_802_11_scan_ext+0xa8/0xb8 [mwifiex]
[ 41.315132] lr : mwifiex_cmd_802_11_scan_ext+0xa4/0xb8 [mwifiex]
[ 41.315169] sp : ffff800082e43620
[ 41.315177] x29: ffff800082e43620 x28: 0000000000000000 x27: 0000000000000000
[ 41.315196] x26: 0000000000000107 x25: 0000000000000001 x24: 0000000000000000
[ 41.315213] x23: ffff0000cb4d3400 x22: ffff0000cb694000 x21: 0000000000000065
[ 41.315230] x20: ffff0000cbc6e3c0 x19: ffff0000cb4d3400 x18: ffff80008154d871
[ 41.315248] x17: 0000000000000001 x16: ffffffffffffffff x15: 0000000000000004
[ 41.315265] x14: ffff800081f1eee8 x13: 0000000000000003 x12: 0000000000000003
[ 41.315283] x11: 0000000000000000 x10: 0000000000000027 x9 : bd143d0859bfb200
[ 41.315300] x8 : bd143d0859bfb200 x7 : 205d343336343133 x6 : 332e31342020205b
[ 41.315318] x5 : ffff80008215d2ff x4 : ffff800082e431d7 x3 : 0000000000000000
[ 41.315335] x2 : 0000000000000065 x1 : ffff800082e433d0 x0 : 0000000000000094
[ 41.315353] Call trace:
[ 41.315362] mwifiex_cmd_802_11_scan_ext+0xa8/0xb8 [mwifiex]
[ 41.315399] mwifiex_sta_prepare_cmd+0x774/0x848 [mwifiex]
[ 41.315435] mwifiex_send_cmd+0x28c/0x300 [mwifiex]
[ 41.315470] mwifiex_scan_channel_list+0x294/0x348 [mwifiex]
[ 41.315506] mwifiex_scan_networks+0x1a4/0x3b8 [mwifiex]
[ 41.315541] mwifiex_cfg80211_scan+0x37c/0x850 [mwifiex]
[ 41.315577] cfg80211_scan+0x48/0x2d0 [cfg80211]
[ 41.315734] nl80211_trigger_scan+0x728/0x788 [cfg80211]
[ 41.315836] genl_family_rcv_msg_doit+0xc4/0x128
[ 41.315855] genl_rcv_msg+0x214/0x228
[ 41.315868] netlink_rcv_skb+0x128/0x148
[ 41.315881] genl_rcv+0x40/0x60
[ 41.315893] netlink_unicast+0x24c/0x400
[ 41.315905] netlink_sendmsg+0x2d8/0x3d8
[ 41.315917] __sys_sendto+0x16c/0x1f8
[ 41.315931] __arm64_sys_sendto+0x34/0x50
[ 41.315944] invoke_syscall+0x78/0x108
[ 41.315959] el0_svc_common+0x8c/0xf0
[ 41.315972] do_el0_svc+0x28/0x40
[ 41.315984] el0_svc+0x40/0xc8
[ 41.315997] el0t_64_sync_handler+0x90/0x100
[ 41.316009] el0t_64_sync+0x190/0x198
[ 41.316021] ---[ end trace 0000000000000000 ]---
(With the line unchanged in ecb1b8288dc7ccbdcb3b9df005fa1c0e0c0388a7.)
I don't really know what the relevancy or meaning of this is,
but one has to assume a WARNING with a backtrace is never good,
so forwarding.
Best,
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2024-01-26 19:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 19:47 Ahelenia Ziemiańska [this message]
2024-01-29 13:55 ` memcpy: detected field-spanning write (size 101) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251 (size 1) Dmitry Antipov
2024-01-30 23:46 ` Ahelenia Ziemiańska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xebnh5c5rnfequ6khyhieugefrtt5mdftr6rsw522ocpg3yvln@tarta.nabijaczleweli.xyz \
--to=nabijaczleweli@nabijaczleweli.xyz \
--cc=briannorris@chromium.org \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.