Public bug reported:
Activating wifi on the current Mantic Beta images, on a Raspberry Pi 4B
with 4GB or 8GB of RAM (the only two I've tested thus far) causes the
following to show up in dmesg:
[ 10.384021]
================================================================================
[ 10.393418] UBSAN: array-index-out-of-bounds in
/build/linux-raspi-dZDMS4/linux-raspi-6.5.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27
[ 10.408653] index 1 is out of range for type '__le16 [1]'
[ 10.414856] CPU: 2 PID: 581 Comm: wpa_supplicant Tainted: G C E
6.5.0-1002-raspi #2-Ubuntu
[ 10.414876] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
[ 10.414881] Call trace:
[ 10.414884] dump_backtrace+0x9c/0x128
[ 10.414897] show_stack+0x20/0x38
[ 10.414903] dump_stack_lvl+0xbc/0x120
[ 10.414911] dump_stack+0x18/0x28
[ 10.414916] __ubsan_handle_out_of_bounds+0xac/0xe8
[ 10.414922] brcmf_escan_prep+0x31c/0x338 [brcmfmac]
[ 10.415003] brcmf_run_escan+0xac/0x1c8 [brcmfmac]
[ 10.415050] brcmf_do_escan+0x90/0x100 [brcmfmac]
[ 10.415096] brcmf_cfg80211_scan+0x108/0x2b0 [brcmfmac]
[ 10.415142] rdev_scan+0x38/0x158 [cfg80211]
[ 10.415348] cfg80211_scan+0x134/0x178 [cfg80211]
[ 10.415453] nl80211_trigger_scan+0x438/0x9d8 [cfg80211]
[ 10.415557] genl_family_rcv_msg_doit.isra.0+0xc0/0x130
[ 10.415568] genl_family_rcv_msg+0x1c8/0x240
[ 10.415574] genl_rcv_msg+0x64/0xe8
[ 10.415580] netlink_rcv_skb+0x64/0x138
[ 10.415586] genl_rcv+0x40/0x60
[ 10.415592] netlink_unicast+0x2f0/0x350
[ 10.415598] netlink_sendmsg+0x26c/0x490
[ 10.415603] sock_sendmsg+0x64/0xc0
[ 10.415610] ____sys_sendmsg+0x260/0x318
[ 10.415615] ___sys_sendmsg+0x88/0xf0
[ 10.415621] __sys_sendmsg+0x70/0xd8
[ 10.415626] __arm64_sys_sendmsg+0x2c/0x40
[ 10.415632] invoke_syscall+0x50/0x120
[ 10.415638] el0_svc_common.constprop.0+0x6c/0x140
[ 10.415642] do_el0_svc+0x34/0x50
[ 10.415646] el0_svc+0x30/0xc8
[ 10.415654] el0t_64_sync_handler+0x120/0x130
[ 10.415659] el0t_64_sync+0x1a8/0x1b0
[ 10.415668]
================================================================================
However, the wifi still works afterward, so it's not entirely fatal!
** Affects: linux-raspi (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi in Ubuntu.
https://bugs.launchpad.net/bugs/2037059
Title:
array index out of bounds in brcmfmac driver
Status in linux-raspi package in Ubuntu:
New
Bug description:
Activating wifi on the current Mantic Beta images, on a Raspberry Pi
4B with 4GB or 8GB of RAM (the only two I've tested thus far) causes
the following to show up in dmesg:
[ 10.384021]
================================================================================
[ 10.393418] UBSAN: array-index-out-of-bounds in
/build/linux-raspi-dZDMS4/linux-raspi-6.5.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27
[ 10.408653] index 1 is out of range for type '__le16 [1]'
[ 10.414856] CPU: 2 PID: 581 Comm: wpa_supplicant Tainted: G C E
6.5.0-1002-raspi #2-Ubuntu
[ 10.414876] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
[ 10.414881] Call trace:
[ 10.414884] dump_backtrace+0x9c/0x128
[ 10.414897] show_stack+0x20/0x38
[ 10.414903] dump_stack_lvl+0xbc/0x120
[ 10.414911] dump_stack+0x18/0x28
[ 10.414916] __ubsan_handle_out_of_bounds+0xac/0xe8
[ 10.414922] brcmf_escan_prep+0x31c/0x338 [brcmfmac]
[ 10.415003] brcmf_run_escan+0xac/0x1c8 [brcmfmac]
[ 10.415050] brcmf_do_escan+0x90/0x100 [brcmfmac]
[ 10.415096] brcmf_cfg80211_scan+0x108/0x2b0 [brcmfmac]
[ 10.415142] rdev_scan+0x38/0x158 [cfg80211]
[ 10.415348] cfg80211_scan+0x134/0x178 [cfg80211]
[ 10.415453] nl80211_trigger_scan+0x438/0x9d8 [cfg80211]
[ 10.415557] genl_family_rcv_msg_doit.isra.0+0xc0/0x130
[ 10.415568] genl_family_rcv_msg+0x1c8/0x240
[ 10.415574] genl_rcv_msg+0x64/0xe8
[ 10.415580] netlink_rcv_skb+0x64/0x138
[ 10.415586] genl_rcv+0x40/0x60
[ 10.415592] netlink_unicast+0x2f0/0x350
[ 10.415598] netlink_sendmsg+0x26c/0x490
[ 10.415603] sock_sendmsg+0x64/0xc0
[ 10.415610] ____sys_sendmsg+0x260/0x318
[ 10.415615] ___sys_sendmsg+0x88/0xf0
[ 10.415621] __sys_sendmsg+0x70/0xd8
[ 10.415626] __arm64_sys_sendmsg+0x2c/0x40
[ 10.415632] invoke_syscall+0x50/0x120
[ 10.415638] el0_svc_common.constprop.0+0x6c/0x140
[ 10.415642] do_el0_svc+0x34/0x50
[ 10.415646] el0_svc+0x30/0xc8
[ 10.415654] el0t_64_sync_handler+0x120/0x130
[ 10.415659] el0t_64_sync+0x1a8/0x1b0
[ 10.415668]
================================================================================
However, the wifi still works afterward, so it's not entirely fatal!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/2037059/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
