array index out of bounds in brcmfmac driver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-raspi (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Activating wifi on the current Mantic Beta images, on a Raspberry Pi 4B with 4GB or 8GB of RAM (the only two I've tested thus far) causes the following to show up in dmesg:
[ 10.384021] =======
[ 10.393418] UBSAN: array-index-
[ 10.408653] index 1 is out of range for type '__le16 [1]'
[ 10.414856] CPU: 2 PID: 581 Comm: wpa_supplicant Tainted: G C E 6.5.0-1002-raspi #2-Ubuntu
[ 10.414876] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
[ 10.414881] Call trace:
[ 10.414884] dump_backtrace+
[ 10.414897] show_stack+
[ 10.414903] dump_stack_
[ 10.414911] dump_stack+
[ 10.414916] __ubsan_
[ 10.414922] brcmf_escan_
[ 10.415003] brcmf_run_
[ 10.415050] brcmf_do_
[ 10.415096] brcmf_cfg80211_
[ 10.415142] rdev_scan+
[ 10.415348] cfg80211_
[ 10.415453] nl80211_
[ 10.415557] genl_family_
[ 10.415568] genl_family_
[ 10.415574] genl_rcv_
[ 10.415580] netlink_
[ 10.415586] genl_rcv+0x40/0x60
[ 10.415592] netlink_
[ 10.415598] netlink_
[ 10.415603] sock_sendmsg+
[ 10.415610] ____sys_
[ 10.415615] ___sys_
[ 10.415621] __sys_sendmsg+
[ 10.415626] __arm64_
[ 10.415632] invoke_
[ 10.415638] el0_svc_
[ 10.415642] do_el0_
[ 10.415646] el0_svc+0x30/0xc8
[ 10.415654] el0t_64_
[ 10.415659] el0t_64_
[ 10.415668] =======
However, the wifi still works afterward, so it's not entirely fatal!
Changed in linux-raspi (Ubuntu): | |
status: | New → Fix Released |
Also occurs on the 3B+ (which isn't terribly surprising given it shares the same wifi chipset as the 4B)