Comment 2 for bug 2037059

Something very similar on the Pi 2 Zero W as well, which is interesting as it has a different wifi chipset to the 3B+ and the 4B:

[ 18.959819] ================================================================================
[ 18.968950] UBSAN: array-index-out-of-bounds in /build/linux-raspi-dZDMS4/linux-raspi-6.5.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27
[ 18.983850] index 1 is out of range for type '__le16 [1]'
[ 18.989615] CPU: 1 PID: 519 Comm: wpa_supplicant Tainted: G C E 6.5.0-1002-raspi #2-Ubuntu
[ 18.989647] Hardware name: Raspberry Pi Zero 2 W Rev 1.0 (DT)
[ 18.989655] Call trace:
[ 18.989661] dump_backtrace+0x9c/0x128
[ 18.989686] show_stack+0x20/0x38
[ 18.989698] dump_stack_lvl+0xbc/0x120
[ 18.989715] dump_stack+0x18/0x28
[ 18.989727] __ubsan_handle_out_of_bounds+0xac/0xe8
[ 18.989743] brcmf_escan_prep+0x31c/0x338 [brcmfmac]
[ 18.989923] brcmf_run_escan+0xac/0x1c8 [brcmfmac]
[ 18.990052] brcmf_do_escan+0x90/0x100 [brcmfmac]
[ 18.990176] brcmf_cfg80211_scan+0x108/0x2b0 [brcmfmac]
[ 18.990299] rdev_scan+0x38/0x158 [cfg80211]
[ 18.990922] cfg80211_scan+0x134/0x178 [cfg80211]
[ 18.991412] nl80211_trigger_scan+0x438/0x9d8 [cfg80211]
[ 18.991839] genl_family_rcv_msg_doit.isra.0+0xc0/0x130
[ 18.991867] genl_family_rcv_msg+0x1c8/0x240
[ 18.991884] genl_rcv_msg+0x64/0xe8
[ 18.991898] netlink_rcv_skb+0x64/0x138
[ 18.991913] genl_rcv+0x40/0x60
[ 18.991928] netlink_unicast+0x2f0/0x350
[ 18.991942] netlink_sendmsg+0x26c/0x490
[ 18.991957] sock_sendmsg+0x64/0xc0
[ 18.991971] ____sys_sendmsg+0x260/0x318
[ 18.991981] ___sys_sendmsg+0x88/0xf0
[ 18.991994] __sys_sendmsg+0x70/0xd8
[ 18.992007] __arm64_sys_sendmsg+0x2c/0x40
[ 18.992020] invoke_syscall+0x50/0x120
[ 18.992034] el0_svc_common.constprop.0+0x6c/0x140
[ 18.992044] do_el0_svc+0x34/0x50
[ 18.992054] el0_svc+0x30/0xc8
[ 18.992068] el0t_64_sync_handler+0x120/0x130
[ 18.992081] el0t_64_sync+0x1a8/0x1b0
[ 18.992590] ================================================================================