** Changed in: linux-raspi (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-raspi in Ubuntu. https://bugs.launchpad.net/bugs/2037059
Title: array index out of bounds in brcmfmac driver Status in linux-raspi package in Ubuntu: Fix Released Bug description: Activating wifi on the current Mantic Beta images, on a Raspberry Pi 4B with 4GB or 8GB of RAM (the only two I've tested thus far) causes the following to show up in dmesg: [ 10.384021] ================================================================================ [ 10.393418] UBSAN: array-index-out-of-bounds in /build/linux-raspi-dZDMS4/linux-raspi-6.5.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27 [ 10.408653] index 1 is out of range for type '__le16 [1]' [ 10.414856] CPU: 2 PID: 581 Comm: wpa_supplicant Tainted: G C E 6.5.0-1002-raspi #2-Ubuntu [ 10.414876] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT) [ 10.414881] Call trace: [ 10.414884] dump_backtrace+0x9c/0x128 [ 10.414897] show_stack+0x20/0x38 [ 10.414903] dump_stack_lvl+0xbc/0x120 [ 10.414911] dump_stack+0x18/0x28 [ 10.414916] __ubsan_handle_out_of_bounds+0xac/0xe8 [ 10.414922] brcmf_escan_prep+0x31c/0x338 [brcmfmac] [ 10.415003] brcmf_run_escan+0xac/0x1c8 [brcmfmac] [ 10.415050] brcmf_do_escan+0x90/0x100 [brcmfmac] [ 10.415096] brcmf_cfg80211_scan+0x108/0x2b0 [brcmfmac] [ 10.415142] rdev_scan+0x38/0x158 [cfg80211] [ 10.415348] cfg80211_scan+0x134/0x178 [cfg80211] [ 10.415453] nl80211_trigger_scan+0x438/0x9d8 [cfg80211] [ 10.415557] genl_family_rcv_msg_doit.isra.0+0xc0/0x130 [ 10.415568] genl_family_rcv_msg+0x1c8/0x240 [ 10.415574] genl_rcv_msg+0x64/0xe8 [ 10.415580] netlink_rcv_skb+0x64/0x138 [ 10.415586] genl_rcv+0x40/0x60 [ 10.415592] netlink_unicast+0x2f0/0x350 [ 10.415598] netlink_sendmsg+0x26c/0x490 [ 10.415603] sock_sendmsg+0x64/0xc0 [ 10.415610] ____sys_sendmsg+0x260/0x318 [ 10.415615] ___sys_sendmsg+0x88/0xf0 [ 10.415621] __sys_sendmsg+0x70/0xd8 [ 10.415626] __arm64_sys_sendmsg+0x2c/0x40 [ 10.415632] invoke_syscall+0x50/0x120 [ 10.415638] el0_svc_common.constprop.0+0x6c/0x140 [ 10.415642] do_el0_svc+0x34/0x50 [ 10.415646] el0_svc+0x30/0xc8 [ 10.415654] el0t_64_sync_handler+0x120/0x130 [ 10.415659] el0t_64_sync+0x1a8/0x1b0 [ 10.415668] ================================================================================ However, the wifi still works afterward, so it's not entirely fatal! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2037059/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp