Ubuntu
linux package

  1. Bug #1998576
  2. Comment #0

Comment 0 for bug 1998576

Revision history for this message
Manah (manah) wrote :

Hello all!

On Ubuntu 20.04.5 LTS, when I use the mdk3 tool (https://github.com/aircrack-ng/mdk3, also available in Ubuntu PPA), it raises a kernel exception in the Wi-Fi driver:

UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22
shift exponent 65535 is too large for 64-bit type 'long unsigned int'

The exact command I use is :

mdk3 wlp2s0 b -f somefile.txt -a -s 200

(Where wlp2s0 is my main Wi-Fi interface.)
Here is the full logs:

Dec 2 09:22:38 red-october kernel: [ 1228.100538] ================================================================================
Dec 2 09:22:38 red-october kernel: [ 1228.100614] UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22
Dec 2 09:22:38 red-october kernel: [ 1228.100714] shift exponent 65535 is too large for 64-bit type 'long unsigned int'
Dec 2 09:22:38 red-october kernel: [ 1228.102683] CPU: 3 PID: 5865 Comm: ifconfig Tainted: P OE 5.15.0-53-generic #59~20.04.1-Ubuntu
Dec 2 09:22:38 red-october kernel: [ 1228.102689] Hardware name: ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II/GA401II, BIOS GA401II.220 03/14/2022
Dec 2 09:22:38 red-october kernel: [ 1228.102693] Call Trace:
Dec 2 09:22:38 red-october kernel: [ 1228.102696] <TASK>
Dec 2 09:22:38 red-october kernel: [ 1228.102701] dump_stack_lvl+0x4a/0x63
Dec 2 09:22:38 red-october kernel: [ 1228.102713] dump_stack+0x10/0x16
Dec 2 09:22:38 red-october kernel: [ 1228.102718] ubsan_epilogue+0x9/0x49
Dec 2 09:22:38 red-october kernel: [ 1228.102723] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
Dec 2 09:22:38 red-october kernel: [ 1228.102734] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm]
Dec 2 09:22:38 red-october kernel: [ 1228.102770] iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm]
Dec 2 09:22:38 red-october kernel: [ 1228.102798] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm]
Dec 2 09:22:38 red-october kernel: [ 1228.102821] iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm]
Dec 2 09:22:38 red-october kernel: [ 1228.102847] drv_add_interface+0x4a/0x100 [mac80211]
Dec 2 09:22:38 red-october kernel: [ 1228.102912] ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211]
Dec 2 09:22:38 red-october kernel: [ 1228.102980] ieee80211_do_open+0x867/0x970 [mac80211]
Dec 2 09:22:38 red-october kernel: [ 1228.103041] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211]
Dec 2 09:22:38 red-october kernel: [ 1228.103104] ieee80211_open+0x70/0x90 [mac80211]
Dec 2 09:22:38 red-october kernel: [ 1228.103165] __dev_open+0xe8/0x1a0
Dec 2 09:22:38 red-october kernel: [ 1228.103172] __dev_change_flags+0x190/0x200
Dec 2 09:22:38 red-october kernel: [ 1228.103178] dev_change_flags+0x26/0x70
Dec 2 09:22:38 red-october kernel: [ 1228.103183] devinet_ioctl+0x5f2/0x780
Dec 2 09:22:38 red-october kernel: [ 1228.103192] inet_ioctl+0x169/0x190
Dec 2 09:22:38 red-october kernel: [ 1228.103199] sock_do_ioctl+0x47/0x100
Dec 2 09:22:38 red-october kernel: [ 1228.103206] sock_ioctl+0xf3/0x310
Dec 2 09:22:38 red-october kernel: [ 1228.103211] ? syscall_exit_to_user_mode+0x27/0x50
Dec 2 09:22:38 red-october kernel: [ 1228.103218] ? do_syscall_64+0x69/0xc0
Dec 2 09:22:38 red-october kernel: [ 1228.103223] __x64_sys_ioctl+0x95/0xd0
Dec 2 09:22:38 red-october kernel: [ 1228.103232] do_syscall_64+0x5c/0xc0
Dec 2 09:22:38 red-october kernel: [ 1228.103236] ? irqentry_exit_to_user_mode+0x9/0x20
Dec 2 09:22:38 red-october kernel: [ 1228.103241] ? irqentry_exit+0x1d/0x30
Dec 2 09:22:38 red-october kernel: [ 1228.103246] ? exc_page_fault+0x89/0x170
Dec 2 09:22:38 red-october kernel: [ 1228.103252] entry_SYSCALL_64_after_hwframe+0x61/0xcb
Dec 2 09:22:38 red-october kernel: [ 1228.103257] RIP: 0033:0x7f487d3b63ab
Dec 2 09:22:38 red-october kernel: [ 1228.103263] Code: 0f 1e fa 48 8b 05 e5 7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b5 7a 0d 00 f7 d8 64 89 01 48
Dec 2 09:22:38 red-october kernel: [ 1228.103267] RSP: 002b:00007ffc147740a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
Dec 2 09:22:38 red-october kernel: [ 1228.103273] RAX: ffffffffffffffda RBX: 00007ffc147740b0 RCX: 00007f487d3b63ab
Dec 2 09:22:38 red-october kernel: [ 1228.103276] RDX: 00007ffc147740b0 RSI: 0000000000008914 RDI: 0000000000000004
Dec 2 09:22:38 red-october kernel: [ 1228.103278] RBP: 00007ffc14774160 R08: 0000000000000008 R09: 0000561e451b2940
Dec 2 09:22:38 red-october kernel: [ 1228.103281] R10: 0000000000000021 R11: 0000000000000202 R12: 0000000000000041
Dec 2 09:22:38 red-october kernel: [ 1228.103283] R13: 00007ffc14774458 R14: 0000000000000000 R15: 0000000000000000
Dec 2 09:22:38 red-october kernel: [ 1228.103288] </TASK>
Dec 2 09:22:38 red-october kernel: [ 1228.103290] ================================================================================
Dec 2 09:22:38 red-october kernel: [ 1228.109299] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
Dec 2 09:22:38 red-october kernel: [ 1228.131698] device wlp2s0 entered promiscuous mode
Dec 2 09:23:29 red-october kernel: [ 1278.805519] AppRun[2337]: segfault at 8 ip 00007f6b8401cb41 sp 00007ffd8c7daa70 error 4 in libQt5DBus.so.5[7f6b83feb000+8d000]
Dec 2 09:23:29 red-october kernel: [ 1278.805537] Code: 00 00 00 c3 90 0f 1f 40 00 48 8b 47 08 8b 80 a0 00 00 00 c3 90 0f 1f 40 00 41 57 41 56 41 55 41 54 49 89 fc 55 53 48 83 ec 48 <48> 8b 5e 08 64 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 80 bb