Public bug reported: Hello all!
On Ubuntu 20.04.5 LTS, when I use the mdk3 tool (https://github.com/aircrack-ng/mdk3, also available in Ubuntu PPA), it raises a kernel exception in the Wi-Fi driver: UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 shift exponent 65535 is too large for 64-bit type 'long unsigned int' The exact command I use is : mdk3 wlp2s0 b -f somefile.txt -a -s 200 (Where wlp2s0 is my main Wi-Fi interface.) Here is the full logs: Dec 2 09:22:38 red-october kernel: [ 1228.100538] ================================================================================ Dec 2 09:22:38 red-october kernel: [ 1228.100614] UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 Dec 2 09:22:38 red-october kernel: [ 1228.100714] shift exponent 65535 is too large for 64-bit type 'long unsigned int' Dec 2 09:22:38 red-october kernel: [ 1228.102683] CPU: 3 PID: 5865 Comm: ifconfig Tainted: P OE 5.15.0-53-generic #59~20.04.1-Ubuntu Dec 2 09:22:38 red-october kernel: [ 1228.102689] Hardware name: ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II/GA401II, BIOS GA401II.220 03/14/2022 Dec 2 09:22:38 red-october kernel: [ 1228.102693] Call Trace: Dec 2 09:22:38 red-october kernel: [ 1228.102696] <TASK> Dec 2 09:22:38 red-october kernel: [ 1228.102701] dump_stack_lvl+0x4a/0x63 Dec 2 09:22:38 red-october kernel: [ 1228.102713] dump_stack+0x10/0x16 Dec 2 09:22:38 red-october kernel: [ 1228.102718] ubsan_epilogue+0x9/0x49 Dec 2 09:22:38 red-october kernel: [ 1228.102723] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e Dec 2 09:22:38 red-october kernel: [ 1228.102734] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102770] iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102798] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102821] iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102847] drv_add_interface+0x4a/0x100 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.102912] ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.102980] ieee80211_do_open+0x867/0x970 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103041] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103104] ieee80211_open+0x70/0x90 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103165] __dev_open+0xe8/0x1a0 Dec 2 09:22:38 red-october kernel: [ 1228.103172] __dev_change_flags+0x190/0x200 Dec 2 09:22:38 red-october kernel: [ 1228.103178] dev_change_flags+0x26/0x70 Dec 2 09:22:38 red-october kernel: [ 1228.103183] devinet_ioctl+0x5f2/0x780 Dec 2 09:22:38 red-october kernel: [ 1228.103192] inet_ioctl+0x169/0x190 Dec 2 09:22:38 red-october kernel: [ 1228.103199] sock_do_ioctl+0x47/0x100 Dec 2 09:22:38 red-october kernel: [ 1228.103206] sock_ioctl+0xf3/0x310 Dec 2 09:22:38 red-october kernel: [ 1228.103211] ? syscall_exit_to_user_mode+0x27/0x50 Dec 2 09:22:38 red-october kernel: [ 1228.103218] ? do_syscall_64+0x69/0xc0 Dec 2 09:22:38 red-october kernel: [ 1228.103223] __x64_sys_ioctl+0x95/0xd0 Dec 2 09:22:38 red-october kernel: [ 1228.103232] do_syscall_64+0x5c/0xc0 Dec 2 09:22:38 red-october kernel: [ 1228.103236] ? irqentry_exit_to_user_mode+0x9/0x20 Dec 2 09:22:38 red-october kernel: [ 1228.103241] ? irqentry_exit+0x1d/0x30 Dec 2 09:22:38 red-october kernel: [ 1228.103246] ? exc_page_fault+0x89/0x170 Dec 2 09:22:38 red-october kernel: [ 1228.103252] entry_SYSCALL_64_after_hwframe+0x61/0xcb Dec 2 09:22:38 red-october kernel: [ 1228.103257] RIP: 0033:0x7f487d3b63ab Dec 2 09:22:38 red-october kernel: [ 1228.103263] Code: 0f 1e fa 48 8b 05 e5 7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b5 7a 0d 00 f7 d8 64 89 01 48 Dec 2 09:22:38 red-october kernel: [ 1228.103267] RSP: 002b:00007ffc147740a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 Dec 2 09:22:38 red-october kernel: [ 1228.103273] RAX: ffffffffffffffda RBX: 00007ffc147740b0 RCX: 00007f487d3b63ab Dec 2 09:22:38 red-october kernel: [ 1228.103276] RDX: 00007ffc147740b0 RSI: 0000000000008914 RDI: 0000000000000004 Dec 2 09:22:38 red-october kernel: [ 1228.103278] RBP: 00007ffc14774160 R08: 0000000000000008 R09: 0000561e451b2940 Dec 2 09:22:38 red-october kernel: [ 1228.103281] R10: 0000000000000021 R11: 0000000000000202 R12: 0000000000000041 Dec 2 09:22:38 red-october kernel: [ 1228.103283] R13: 00007ffc14774458 R14: 0000000000000000 R15: 0000000000000000 Dec 2 09:22:38 red-october kernel: [ 1228.103288] </TASK> Dec 2 09:22:38 red-october kernel: [ 1228.103290] ================================================================================ Dec 2 09:22:38 red-october kernel: [ 1228.109299] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready Dec 2 09:22:38 red-october kernel: [ 1228.131698] device wlp2s0 entered promiscuous mode Dec 2 09:23:29 red-october kernel: [ 1278.805519] AppRun[2337]: segfault at 8 ip 00007f6b8401cb41 sp 00007ffd8c7daa70 error 4 in libQt5DBus.so.5[7f6b83feb000+8d000] Dec 2 09:23:29 red-october kernel: [ 1278.805537] Code: 00 00 00 c3 90 0f 1f 40 00 48 8b 47 08 8b 80 a0 00 00 00 c3 90 0f 1f 40 00 41 57 41 56 41 55 41 54 49 89 fc 55 53 48 83 ec 48 <48> 8b 5e 08 64 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 80 bb ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1998576 Title: UBSAN: shift-out-of-bounds in WiFi driver (iwlwifi/mvm/mac-ctxt.c) Status in linux package in Ubuntu: New Bug description: Hello all! On Ubuntu 20.04.5 LTS, when I use the mdk3 tool (https://github.com/aircrack-ng/mdk3, also available in Ubuntu PPA), it raises a kernel exception in the Wi-Fi driver: UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 shift exponent 65535 is too large for 64-bit type 'long unsigned int' The exact command I use is : mdk3 wlp2s0 b -f somefile.txt -a -s 200 (Where wlp2s0 is my main Wi-Fi interface.) Here is the full logs: Dec 2 09:22:38 red-october kernel: [ 1228.100538] ================================================================================ Dec 2 09:22:38 red-october kernel: [ 1228.100614] UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22 Dec 2 09:22:38 red-october kernel: [ 1228.100714] shift exponent 65535 is too large for 64-bit type 'long unsigned int' Dec 2 09:22:38 red-october kernel: [ 1228.102683] CPU: 3 PID: 5865 Comm: ifconfig Tainted: P OE 5.15.0-53-generic #59~20.04.1-Ubuntu Dec 2 09:22:38 red-october kernel: [ 1228.102689] Hardware name: ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II/GA401II, BIOS GA401II.220 03/14/2022 Dec 2 09:22:38 red-october kernel: [ 1228.102693] Call Trace: Dec 2 09:22:38 red-october kernel: [ 1228.102696] <TASK> Dec 2 09:22:38 red-october kernel: [ 1228.102701] dump_stack_lvl+0x4a/0x63 Dec 2 09:22:38 red-october kernel: [ 1228.102713] dump_stack+0x10/0x16 Dec 2 09:22:38 red-october kernel: [ 1228.102718] ubsan_epilogue+0x9/0x49 Dec 2 09:22:38 red-october kernel: [ 1228.102723] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e Dec 2 09:22:38 red-october kernel: [ 1228.102734] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102770] iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102798] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102821] iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm] Dec 2 09:22:38 red-october kernel: [ 1228.102847] drv_add_interface+0x4a/0x100 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.102912] ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.102980] ieee80211_do_open+0x867/0x970 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103041] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103104] ieee80211_open+0x70/0x90 [mac80211] Dec 2 09:22:38 red-october kernel: [ 1228.103165] __dev_open+0xe8/0x1a0 Dec 2 09:22:38 red-october kernel: [ 1228.103172] __dev_change_flags+0x190/0x200 Dec 2 09:22:38 red-october kernel: [ 1228.103178] dev_change_flags+0x26/0x70 Dec 2 09:22:38 red-october kernel: [ 1228.103183] devinet_ioctl+0x5f2/0x780 Dec 2 09:22:38 red-october kernel: [ 1228.103192] inet_ioctl+0x169/0x190 Dec 2 09:22:38 red-october kernel: [ 1228.103199] sock_do_ioctl+0x47/0x100 Dec 2 09:22:38 red-october kernel: [ 1228.103206] sock_ioctl+0xf3/0x310 Dec 2 09:22:38 red-october kernel: [ 1228.103211] ? syscall_exit_to_user_mode+0x27/0x50 Dec 2 09:22:38 red-october kernel: [ 1228.103218] ? do_syscall_64+0x69/0xc0 Dec 2 09:22:38 red-october kernel: [ 1228.103223] __x64_sys_ioctl+0x95/0xd0 Dec 2 09:22:38 red-october kernel: [ 1228.103232] do_syscall_64+0x5c/0xc0 Dec 2 09:22:38 red-october kernel: [ 1228.103236] ? irqentry_exit_to_user_mode+0x9/0x20 Dec 2 09:22:38 red-october kernel: [ 1228.103241] ? irqentry_exit+0x1d/0x30 Dec 2 09:22:38 red-october kernel: [ 1228.103246] ? exc_page_fault+0x89/0x170 Dec 2 09:22:38 red-october kernel: [ 1228.103252] entry_SYSCALL_64_after_hwframe+0x61/0xcb Dec 2 09:22:38 red-october kernel: [ 1228.103257] RIP: 0033:0x7f487d3b63ab Dec 2 09:22:38 red-october kernel: [ 1228.103263] Code: 0f 1e fa 48 8b 05 e5 7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b5 7a 0d 00 f7 d8 64 89 01 48 Dec 2 09:22:38 red-october kernel: [ 1228.103267] RSP: 002b:00007ffc147740a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 Dec 2 09:22:38 red-october kernel: [ 1228.103273] RAX: ffffffffffffffda RBX: 00007ffc147740b0 RCX: 00007f487d3b63ab Dec 2 09:22:38 red-october kernel: [ 1228.103276] RDX: 00007ffc147740b0 RSI: 0000000000008914 RDI: 0000000000000004 Dec 2 09:22:38 red-october kernel: [ 1228.103278] RBP: 00007ffc14774160 R08: 0000000000000008 R09: 0000561e451b2940 Dec 2 09:22:38 red-october kernel: [ 1228.103281] R10: 0000000000000021 R11: 0000000000000202 R12: 0000000000000041 Dec 2 09:22:38 red-october kernel: [ 1228.103283] R13: 00007ffc14774458 R14: 0000000000000000 R15: 0000000000000000 Dec 2 09:22:38 red-october kernel: [ 1228.103288] </TASK> Dec 2 09:22:38 red-october kernel: [ 1228.103290] ================================================================================ Dec 2 09:22:38 red-october kernel: [ 1228.109299] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready Dec 2 09:22:38 red-october kernel: [ 1228.131698] device wlp2s0 entered promiscuous mode Dec 2 09:23:29 red-october kernel: [ 1278.805519] AppRun[2337]: segfault at 8 ip 00007f6b8401cb41 sp 00007ffd8c7daa70 error 4 in libQt5DBus.so.5[7f6b83feb000+8d000] Dec 2 09:23:29 red-october kernel: [ 1278.805537] Code: 00 00 00 c3 90 0f 1f 40 00 48 8b 47 08 8b 80 a0 00 00 00 c3 90 0f 1f 40 00 41 57 41 56 41 55 41 54 49 89 fc 55 53 48 83 ec 48 <48> 8b 5e 08 64 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 80 bb To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998576/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
