[Kernel-packages] [Bug 2037059] Re: array index out of bounds in brcmfmac driver

Tue, 10 Oct 2023 06:27:49 -0700 

** Changed in: linux-raspi (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi in Ubuntu.
https://bugs.launchpad.net/bugs/2037059

Title:
  array index out of bounds in brcmfmac driver

Status in linux-raspi package in Ubuntu:
  Fix Released

Bug description:
  Activating wifi on the current Mantic Beta images, on a Raspberry Pi
  4B with 4GB or 8GB of RAM (the only two I've tested thus far) causes
  the following to show up in dmesg:

  [   10.384021] 
================================================================================
  [   10.393418] UBSAN: array-index-out-of-bounds in 
/build/linux-raspi-dZDMS4/linux-raspi-6.5.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27
  [   10.408653] index 1 is out of range for type '__le16 [1]'
  [   10.414856] CPU: 2 PID: 581 Comm: wpa_supplicant Tainted: G         C  E   
   6.5.0-1002-raspi #2-Ubuntu
  [   10.414876] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
  [   10.414881] Call trace:
  [   10.414884]  dump_backtrace+0x9c/0x128
  [   10.414897]  show_stack+0x20/0x38
  [   10.414903]  dump_stack_lvl+0xbc/0x120
  [   10.414911]  dump_stack+0x18/0x28
  [   10.414916]  __ubsan_handle_out_of_bounds+0xac/0xe8
  [   10.414922]  brcmf_escan_prep+0x31c/0x338 [brcmfmac]
  [   10.415003]  brcmf_run_escan+0xac/0x1c8 [brcmfmac]
  [   10.415050]  brcmf_do_escan+0x90/0x100 [brcmfmac]
  [   10.415096]  brcmf_cfg80211_scan+0x108/0x2b0 [brcmfmac]
  [   10.415142]  rdev_scan+0x38/0x158 [cfg80211]
  [   10.415348]  cfg80211_scan+0x134/0x178 [cfg80211]
  [   10.415453]  nl80211_trigger_scan+0x438/0x9d8 [cfg80211]
  [   10.415557]  genl_family_rcv_msg_doit.isra.0+0xc0/0x130
  [   10.415568]  genl_family_rcv_msg+0x1c8/0x240
  [   10.415574]  genl_rcv_msg+0x64/0xe8
  [   10.415580]  netlink_rcv_skb+0x64/0x138
  [   10.415586]  genl_rcv+0x40/0x60
  [   10.415592]  netlink_unicast+0x2f0/0x350
  [   10.415598]  netlink_sendmsg+0x26c/0x490
  [   10.415603]  sock_sendmsg+0x64/0xc0
  [   10.415610]  ____sys_sendmsg+0x260/0x318
  [   10.415615]  ___sys_sendmsg+0x88/0xf0
  [   10.415621]  __sys_sendmsg+0x70/0xd8
  [   10.415626]  __arm64_sys_sendmsg+0x2c/0x40
  [   10.415632]  invoke_syscall+0x50/0x120
  [   10.415638]  el0_svc_common.constprop.0+0x6c/0x140
  [   10.415642]  do_el0_svc+0x34/0x50
  [   10.415646]  el0_svc+0x30/0xc8
  [   10.415654]  el0t_64_sync_handler+0x120/0x130
  [   10.415659]  el0t_64_sync+0x1a8/0x1b0
  [   10.415668] 
================================================================================

  However, the wifi still works afterward, so it's not entirely fatal!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2037059/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to