Ubuntu
linux package

Linux 6.2.0-18-generic memcpy detected field-spanning write in iwlwifi

Bug #2012651 reported by Patrik Lundquist on 2023-03-23

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Linux	Confirmed	Low	linux-kernel-bugs #217214
	linux (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

[ 303.504562] ------------[ cut here ]------------
[ 303.504582] memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16)
[ 303.504634] WARNING: CPU: 1 PID: 1040 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x402/0x4d0 [iwldvm]
[ 303.504685] Modules linked in: ccm cmac algif_hash algif_skcipher af_alg bnep binfmt_misc snd_ctl_led nls_iso8859_1 snd_hda_codec_realtek snd_hda_codec_hdmi intel_rapl_msr snd_hda_codec_generic intel_rapl_common x86_pkg_temp_thermal snd_hda_intel intel_powerclamp snd_intel_dspcfg cdc_mbim coretemp snd_intel_sdw_acpi cdc_ncm snd_hda_codec kvm_intel cdc_ether snd_hda_core snd_hwdep usbnet thinkpad_acpi kvm snd_pcm cdc_wdm cdc_acm mii nvram btusb snd_seq_midi irqbypass iwldvm btrtl snd_seq_midi_event crct10dif_pclmul btbcm crc32_pclmul uvcvideo snd_rawmidi btintel mac80211 polyval_clmulni videobuf2_vmalloc snd_seq btmtk polyval_generic videobuf2_memops ghash_clmulni_intel snd_seq_device videobuf2_v4l2 libarc4 bluetooth sha512_ssse3 at24 sdhci_pci snd_timer firewire_ohci videodev mei_hdcp mei_pxp iwlwifi rapl think_lmi ecdh_generic i2c_i801 cqhci snd firewire_core videobuf2_common mei_me intel_cstate ecc firmware_attributes_class wmi_bmof cfg80211 i2c_smbus xhci_pci sdhci crc_itu_t e1000e
[ 303.504819] soundcore mc ledtrig_audio mei xhci_pci_renesas lpc_ich platform_profile joydev msr parport_pc ppdev lp parport efi_pstore dmi_sysfs ip_tables x_tables autofs4 dm_crypt i915 drm_buddy i2c_algo_bit ttm drm_display_helper cec rc_core drm_kms_helper syscopyarea sysfillrect aesni_intel sysimgblt crypto_simd psmouse input_leds ahci video cryptd drm serio_raw libahci wmi mac_hid
[ 303.504885] CPU: 1 PID: 1040 Comm: wpa_supplicant Not tainted 6.2.0-18-generic #18-Ubuntu
[ 303.504892] Hardware name: LENOVO 24296HG/24296HG, BIOS G4ETB7WW (2.77 ) 09/09/2019
[ 303.504895] RIP: 0010:iwlagn_send_sta_key+0x402/0x4d0 [iwldvm]
[ 303.504931] Code: ff ff b9 10 00 00 00 4c 89 e6 48 c7 c2 80 d5 0d c1 48 c7 c7 00 d5 0d c1 89 85 68 ff ff ff c6 05 3a f0 02 00 01 e8 0e e5 e2 d7 <0f> 0b 8b 85 68 ff ff ff e9 8f fd ff ff 41 8b 4d 14 89 4d 97 43 8b
[ 303.504936] RSP: 0018:ffffbba8413af598 EFLAGS: 00010246
[ 303.504941] RAX: 0000000000000000 RBX: ffff9b93cd0e2088 RCX: 0000000000000000
[ 303.504945] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 303.504947] RBP: ffffbba8413af640 R08: 0000000000000000 R09: 0000000000000000
[ 303.504950] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000020
[ 303.504953] R13: ffff9b93ce24ee30 R14: ffffbba8413af5b4 R15: ffff9b93ce24ee44
[ 303.504957] FS: 00007f9289a5ac40(0000) GS:ffff9b94f6240000(0000) knlGS:0000000000000000
[ 303.504961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 303.504965] CR2: 0000561f310e9b98 CR3: 000000010baa2004 CR4: 00000000001706e0
[ 303.504969] Call Trace:
[ 303.504973] <TASK>
[ 303.504982] iwl_set_dynamic_key+0x1b2/0x260 [iwldvm]
[ 303.505018] iwlagn_mac_set_key+0x1fd/0x290 [iwldvm]
[ 303.505049] drv_set_key+0xc3/0x1d0 [mac80211]
[ 303.505204] ieee80211_key_enable_hw_accel+0xe6/0x2c0 [mac80211]
[ 303.505367] ieee80211_key_replace+0x251/0xac0 [mac80211]
[ 303.505524] ? __pfx_call_rcu_hurry+0x10/0x10
[ 303.505534] ieee80211_key_link+0x133/0x350 [mac80211]
[ 303.505692] ieee80211_add_key+0x185/0x370 [mac80211]
[ 303.505839] nl80211_new_key+0x215/0x3a0 [cfg80211]
[ 303.506015] genl_family_rcv_msg_doit.isra.0+0xe5/0x150
[ 303.506028] genl_family_rcv_msg+0x180/0x250
[ 303.506034] ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
[ 303.506161] ? __pfx_nl80211_new_key+0x10/0x10 [cfg80211]
[ 303.506289] ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
[ 303.506414] genl_rcv_msg+0x4c/0xb0
[ 303.506421] ? __check_object_size.part.0+0x72/0x150
[ 303.506429] ? __pfx_genl_rcv_msg+0x10/0x10
[ 303.506435] netlink_rcv_skb+0x5a/0x110
[ 303.506443] genl_rcv+0x28/0x50
[ 303.506448] netlink_unicast+0x244/0x390
[ 303.506454] netlink_sendmsg+0x250/0x4d0
[ 303.506461] sock_sendmsg+0x6a/0x70
[ 303.506469] ____sys_sendmsg+0x288/0x320
[ 303.506477] ___sys_sendmsg+0x9a/0xf0
[ 303.506486] ? _copy_from_user+0x62/0x80
[ 303.506498] __sys_sendmsg+0x89/0xf0
[ 303.506506] __x64_sys_sendmsg+0x1d/0x30
[ 303.506510] do_syscall_64+0x58/0x90
[ 303.506523] ? syscall_exit_to_user_mode+0x29/0x50
[ 303.506533] ? do_syscall_64+0x67/0x90
[ 303.506541] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 303.506551] RIP: 0033:0x7f928931fbd4
[ 303.506558] Code: 15 49 62 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 0d ea 0d 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89
[ 303.506562] RSP: 002b:00007ffcc6593ab8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 303.506568] RAX: ffffffffffffffda RBX: 0000561f31055870 RCX: 00007f928931fbd4
[ 303.506571] RDX: 0000000000000000 RSI: 00007ffcc6593af0 RDI: 0000000000000006
[ 303.506574] RBP: 0000561f310db130 R08: 0000000000000004 R09: 00007f92893f7300
[ 303.506577] R10: 00007ffcc6593bd0 R11: 0000000000000202 R12: 0000561f31055b50
[ 303.506580] R13: 00007ffcc6593af0 R14: 0000000000000000 R15: 00007ffcc6593bd0
[ 303.506586] </TASK>
[ 303.506588] ---[ end trace 0000000000000000 ]---

ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: linux-image-generic 6.2.0.18.18
ProcVersionSignature: Ubuntu 6.2.0-18.18-generic 6.2.6
Uname: Linux 6.2.0-18-generic x86_64
ApportVersion: 2.26.0-0ubuntu2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: gdm 1580 F.... wireplumber
/dev/snd/controlC1: gdm 1580 F.... wireplumber
/dev/snd/seq: gdm 1577 F.... pipewire
CasperMD5CheckResult: unknown
Date: Thu Mar 23 16:43:19 2023
HibernationDevice: RESUME=UUID=e9f8eff4-8c81-4e13-8f82-b810e748c365
InstallationDate: Installed on 2016-04-25 (2523 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
MachineType: LENOVO 24296HG
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.2.0-18-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash mitigations=off vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
linux-restricted-modules-6.2.0-18-generic N/A
linux-backports-modules-6.2.0-18-generic N/A
linux-firmware 20230323.gitbcdcfbcf-0ubuntu1
SourcePackage: linux
UpgradeStatus: Upgraded to lunar on 2023-03-02 (20 days ago)
dmi.bios.date: 09/09/2019
dmi.bios.release: 2.77
dmi.bios.vendor: LENOVO
dmi.bios.version: G4ETB7WW (2.77 )
dmi.board.asset.tag: Not Available
dmi.board.name: 24296HG
dmi.board.vendor: LENOVO
dmi.board.version: Win8 Pro DPK TPG
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.ec.firmware.release: 1.14
dmi.modalias: dmi:bvnLENOVO:bvrG4ETB7WW(2.77):bd09/09/2019:br2.77:efr1.14:svnLENOVO:pn24296HG:pvrThinkPadT530:rvnLENOVO:rn24296HG:rvrWin8ProDPKTPG:cvnLENOVO:ct10:cvrNotAvailable:skuLENOVO_MT_2429:
dmi.product.family: ThinkPad T530
dmi.product.name: 24296HG
dmi.product.sku: LENOVO_MT_2429
dmi.product.version: ThinkPad T530
dmi.sys.vendor: LENOVO

Tags: