Hello, I observe the same callstack on Ubuntu 20.04.06 LTS after trying to enable monitor mode: sudo ip link set dev wlp82s0 down sudo iwconfig wlp82s0 mode monitor // Callstack visible after that command sudo ip link set dev wlp82s0 up
When I call those commands again then callstack is not seen, but monitor mode not works and I am unable to do wifi sniffing. Wifi sniffing stopped working today. Reboot of PC does not help. PC: Lenovo P53 Info about wifi driver: $ cat dmesg.txt | grep -E "wifi|wlp82s0" [ 29.785225] iwlwifi 0000:52:00.0: enabling device (0000 -> 0002) [ 29.807499] iwlwifi 0000:52:00.0: api flags index 2 larger than supported by driver [ 29.807514] iwlwifi 0000:52:00.0: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37 [ 29.807735] iwlwifi 0000:52:00.0: loaded firmware version 66.f1c864e0.0 cc-a0-66.ucode op_mode iwlmvm [ 29.971841] iwlwifi 0000:52:00.0: BIOS contains WGDS but no WRDS [ 29.971851] iwlwifi 0000:52:00.0: Detected Intel(R) Wi-Fi 6 AX200 160MHz, REV=0x340 [ 30.131778] iwlwifi 0000:52:00.0: Detected RF HR B3, rfid=0x10a100 [ 30.201478] iwlwifi 0000:52:00.0: base HW address: f8:e4:e3:d9:d2:ee [ 30.578367] iwlwifi 0000:52:00.0 wlp82s0: renamed from wlan0 callstack: [ 502.483818] ================================================================================ [ 502.483829] UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-x48ylI/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 [ 502.483841] shift exponent 65535 is too large for 64-bit type 'long unsigned int' [ 502.483851] CPU: 0 PID: 5401 Comm: ip Tainted: P OE 5.15.0-69-generic #76~20.04.1-Ubuntu [ 502.483862] Hardware name: LENOVO 20QNS1T600/20QNS1T600, BIOS N2NET38W (1.23 ) 06/04/2020 [ 502.483866] Call Trace: [ 502.483871] <TASK> [ 502.483877] dump_stack_lvl+0x4a/0x63 [ 502.483890] dump_stack+0x10/0x16 [ 502.483896] ubsan_epilogue+0x9/0x49 [ 502.483909] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e [ 502.483929] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm] [ 502.484008] iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm] [ 502.484061] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm] [ 502.484108] iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm] [ 502.484153] drv_add_interface+0x47/0x100 [mac80211] [ 502.484266] ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211] [ 502.484392] ieee80211_do_open+0x867/0x970 [mac80211] [ 502.484511] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211] [ 502.484629] ieee80211_open+0x70/0x90 [mac80211] [ 502.484744] __dev_open+0xe5/0x1a0 [ 502.484757] __dev_change_flags+0x190/0x200 [ 502.484770] dev_change_flags+0x26/0x70 [ 502.484781] do_setlink+0x907/0xc40 [ 502.484796] ? __nla_validate_parse+0x4c/0x1a0 [ 502.484811] __rtnl_newlink+0x593/0xa10 [ 502.484822] ? __nla_reserve+0x41/0x60 [ 502.484832] ? __kmalloc_node_track_caller+0x1d0/0x4e0 [ 502.484843] ? skb_free_head+0x69/0x80 [ 502.484854] ? security_sock_rcv_skb+0x2c/0x50 [ 502.484868] ? netlink_deliver_tap+0x3d/0x230 [ 502.484876] ? sk_filter_trim_cap+0xc1/0x230 [ 502.484889] ? skb_queue_tail+0x48/0x60 [ 502.484898] ? sock_def_readable+0x4b/0x80 [ 502.484905] ? __netlink_sendskb+0x3f/0x60 [ 502.484913] ? netlink_unicast+0x21b/0x250 [ 502.484924] ? rtnl_getlink+0x37c/0x400 [ 502.484950] ? __cond_resched+0x19/0x40 [ 502.484963] ? kmem_cache_alloc_trace+0x15a/0x420 [ 502.484972] rtnl_newlink+0x49/0x70 [ 502.484982] rtnetlink_rcv_msg+0x15d/0x410 [ 502.484994] ? __cond_resched+0x19/0x40 [ 502.485004] ? rtnl_calcit.isra.0+0x130/0x130 [ 502.485015] netlink_rcv_skb+0x53/0x100 [ 502.485026] rtnetlink_rcv+0x15/0x20 [ 502.485034] netlink_unicast+0x1ab/0x250 [ 502.485043] netlink_sendmsg+0x23e/0x4a0 [ 502.485055] sock_sendmsg+0x66/0x70 [ 502.485067] ____sys_sendmsg+0x21c/0x290 [ 502.485076] ? copy_msghdr_from_user+0x5c/0x90 [ 502.485091] ___sys_sendmsg+0x81/0xc0 [ 502.485103] ? mntput_no_expire+0x4c/0x260 [ 502.485112] ? __cond_resched+0x19/0x40 [ 502.485123] ? security_file_free+0x54/0x60 [ 502.485132] ? call_rcu+0xa8/0x230 [ 502.485144] ? __fput+0x127/0x280 [ 502.485158] __sys_sendmsg+0x62/0xc0 [ 502.485171] ? handle_mm_fault+0xd9/0x2c0 [ 502.485181] __x64_sys_sendmsg+0x1f/0x30 [ 502.485191] do_syscall_64+0x59/0xc0 [ 502.485203] ? irqentry_exit_to_user_mode+0x9/0x20 [ 502.485211] ? irqentry_exit+0x1d/0x30 [ 502.485218] ? exc_page_fault+0x89/0x170 [ 502.485225] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 502.485235] RIP: 0033:0x7f342cf485e7 [ 502.485245] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 [ 502.485252] RSP: 002b:00007ffe89aee5a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 502.485263] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f342cf485e7 [ 502.485269] RDX: 0000000000000000 RSI: 00007ffe89aee620 RDI: 0000000000000003 [ 502.485273] RBP: 000000006437ce8c R08: 0000000000000001 R09: 000000000000007c [ 502.485278] R10: 00007f342d014be0 R11: 0000000000000246 R12: 0000000000000001 [ 502.485283] R13: 00007ffe89aeee00 R14: 00007ffe89aee6f0 R15: 000055702574a020 [ 502.485295] </TASK> [ 502.485299] ================================================================================ -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1998576 Title: UBSAN: shift-out-of-bounds in WiFi driver (iwlwifi/mvm/mac-ctxt.c) Status in linux package in Ubuntu: Confirmed Bug description: Hello all! On Ubuntu 20.04.5 LTS, when I use the mdk3 tool (https://github.com/aircrack-ng/mdk3, also available in Ubuntu PPA), it raises a kernel exception in the Wi-Fi driver: UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 shift exponent 65535 is too large for 64-bit type 'long unsigned int' The exact command I use is : mdk3 wlp2s0 b -f somefile.txt -a -s 200 (Where wlp2s0 is my main Wi-Fi interface.) Here is the full logs: Dec 2 09:22:38 red-october kernel: [ 1228.100538] ================================================================================ Dec 2 09:22:38 red-october kernel: [ 1228.100614] UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 Dec 2 09:22:38 red-october kernel: [ 1228.100714] shift exponent 65535 is too large for 64-bit type 'long unsigned int' Dec 2 09:22:38 red-october kernel: [ 1228.102683] CPU: 3 PID: 5865 Comm: ifconfig Tainted: P OE 5.15.0-53-generic #59~20.04.1-Ubuntu Dec 2 09:22:38 red-october kernel: [ 1228.102689] Hardware name: ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II/GA401II, BIOS GA401II.220 03/14/2022 Dec 2 09:22:38 red-october kernel: [ 1228.102693] Call Trace: Dec 2 09:22:38 red-october kernel: [ 1228.102696] <TASK> Dec 2 09:22:38 red-october kernel: [ 1228.102701] dump_stack_lvl+0x4a/0x63 Dec 2 09:22:38 red-october kernel: [ 1228.102713] dump_stack+0x10/0x16 Dec 2 09:22:38 red-october kernel: [ 1228.102718] ubsan_epilogue+0x9/0x49 Dec 2 09:22:38 red-october kernel: [ 1228.102723] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e Dec 2 09:22:38 red-october kernel: [ 1228.102734] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102770] iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102798] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102821] iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102847] drv_add_interface+0x4a/0x100 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.102912] ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.102980] ieee80211_do_open+0x867/0x970 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103041] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103104] ieee80211_open+0x70/0x90 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103165] __dev_open+0xe8/0x1a0 Dec 2 09:22:38 red-october kernel: [ 1228.103172] __dev_change_flags+0x190/0x200 Dec 2 09:22:38 red-october kernel: [ 1228.103178] dev_change_flags+0x26/0x70 Dec 2 09:22:38 red-october kernel: [ 1228.103183] devinet_ioctl+0x5f2/0x780 Dec 2 09:22:38 red-october kernel: [ 1228.103192] inet_ioctl+0x169/0x190 Dec 2 09:22:38 red-october kernel: [ 1228.103199] sock_do_ioctl+0x47/0x100 Dec 2 09:22:38 red-october kernel: [ 1228.103206] sock_ioctl+0xf3/0x310 Dec 2 09:22:38 red-october kernel: [ 1228.103211] ? syscall_exit_to_user_mode+0x27/0x50 Dec 2 09:22:38 red-october kernel: [ 1228.103218] ? do_syscall_64+0x69/0xc0 Dec 2 09:22:38 red-october kernel: [ 1228.103223] __x64_sys_ioctl+0x95/0xd0 Dec 2 09:22:38 red-october kernel: [ 1228.103232] do_syscall_64+0x5c/0xc0 Dec 2 09:22:38 red-october kernel: [ 1228.103236] ? irqentry_exit_to_user_mode+0x9/0x20 Dec 2 09:22:38 red-october kernel: [ 1228.103241] ? irqentry_exit+0x1d/0x30 Dec 2 09:22:38 red-october kernel: [ 1228.103246] ? exc_page_fault+0x89/0x170 Dec 2 09:22:38 red-october kernel: [ 1228.103252] entry_SYSCALL_64_after_hwframe+0x61/0xcb Dec 2 09:22:38 red-october kernel: [ 1228.103257] RIP: 0033:0x7f487d3b63ab Dec 2 09:22:38 red-october kernel: [ 1228.103263] Code: 0f 1e fa 48 8b 05 e5 7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b5 7a 0d 00 f7 d8 64 89 01 48 Dec 2 09:22:38 red-october kernel: [ 1228.103267] RSP: 002b:00007ffc147740a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 Dec 2 09:22:38 red-october kernel: [ 1228.103273] RAX: ffffffffffffffda RBX: 00007ffc147740b0 RCX: 00007f487d3b63ab Dec 2 09:22:38 red-october kernel: [ 1228.103276] RDX: 00007ffc147740b0 RSI: 0000000000008914 RDI: 0000000000000004 Dec 2 09:22:38 red-october kernel: [ 1228.103278] RBP: 00007ffc14774160 R08: 0000000000000008 R09: 0000561e451b2940 Dec 2 09:22:38 red-october kernel: [ 1228.103281] R10: 0000000000000021 R11: 0000000000000202 R12: 0000000000000041 Dec 2 09:22:38 red-october kernel: [ 1228.103283] R13: 00007ffc14774458 R14: 0000000000000000 R15: 0000000000000000 Dec 2 09:22:38 red-october kernel: [ 1228.103288] </TASK> Dec 2 09:22:38 red-october kernel: [ 1228.103290] ================================================================================ Dec 2 09:22:38 red-october kernel: [ 1228.109299] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready Dec 2 09:22:38 red-october kernel: [ 1228.131698] device wlp2s0 entered promiscuous mode Dec 2 09:23:29 red-october kernel: [ 1278.805519] AppRun[2337]: segfault at 8 ip 00007f6b8401cb41 sp 00007ffd8c7daa70 error 4 in libQt5DBus.so.5[7f6b83feb000+8d000] Dec 2 09:23:29 red-october kernel: [ 1278.805537] Code: 00 00 00 c3 90 0f 1f 40 00 48 8b 47 08 8b 80 a0 00 00 00 c3 90 0f 1f 40 00 41 57 41 56 41 55 41 54 49 89 fc 55 53 48 83 ec 48 <48> 8b 5e 08 64 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 80 bb --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC2: manah 1805 F.... pulseaudio /dev/snd/controlC0: manah 1805 F.... pulseaudio /dev/snd/controlC1: manah 1805 F.... pulseaudio CasperMD5CheckResult: skip CurrentDesktop: i3 DistroRelease: Ubuntu 20.04 InstallationDate: Installed on 2021-02-05 (667 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) MachineType: ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II NonfreeKernelModules: nvidia_modeset nvidia Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=fr_FR.UTF-8 SHELL=/bin/bash ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-53-generic root=UUID=3995421e-0915-4983-a047-4eb41a9e5873 ro quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 5.15.0-53.59~20.04.1-generic 5.15.64 RelatedPackageVersions: linux-restricted-modules-5.15.0-53-generic N/A linux-backports-modules-5.15.0-53-generic N/A linux-firmware 1.201.5+system76~1646062142~20.04~b05e0ab~dev Tags: focal Uname: Linux 5.15.0-53-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip docker libvirt lpadmin lxd plugdev sambashare sudo vboxusers _MarkForUpload: True dmi.bios.date: 03/14/2022 dmi.bios.release: 5.16 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: GA401II.220 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: GA401II dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.ec.firmware.release: 3.15 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrGA401II.220:bd03/14/2022:br5.16:efr3.15:svnASUSTeKCOMPUTERINC.:pnROGZephyrusG14GA401II_GA401II:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnGA401II:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:sku: dmi.product.family: ROG Zephyrus G14 dmi.product.name: ROG Zephyrus G14 GA401II_GA401II dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998576/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp