Comment 21 for bug 1998576

Hello,

I observe the same callstack on Ubuntu 20.04.06 LTS after trying to enable monitor mode:
sudo ip link set dev wlp82s0 down
sudo iwconfig wlp82s0 mode monitor
// Callstack visible after that command
sudo ip link set dev wlp82s0 up

When I call those commands again then callstack is not seen, but monitor mode not works and I am unable to do wifi sniffing. Wifi sniffing stopped working today. Reboot of PC does not help.

PC: Lenovo P53
Info about wifi driver:
$ cat dmesg.txt | grep -E "wifi|wlp82s0"
[ 29.785225] iwlwifi 0000:52:00.0: enabling device (0000 -> 0002)
[ 29.807499] iwlwifi 0000:52:00.0: api flags index 2 larger than supported by driver
[ 29.807514] iwlwifi 0000:52:00.0: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37
[ 29.807735] iwlwifi 0000:52:00.0: loaded firmware version 66.f1c864e0.0 cc-a0-66.ucode op_mode iwlmvm
[ 29.971841] iwlwifi 0000:52:00.0: BIOS contains WGDS but no WRDS
[ 29.971851] iwlwifi 0000:52:00.0: Detected Intel(R) Wi-Fi 6 AX200 160MHz, REV=0x340
[ 30.131778] iwlwifi 0000:52:00.0: Detected RF HR B3, rfid=0x10a100
[ 30.201478] iwlwifi 0000:52:00.0: base HW address: f8:e4:e3:d9:d2:ee
[ 30.578367] iwlwifi 0000:52:00.0 wlp82s0: renamed from wlan0

callstack:
[ 502.483818] ================================================================================
[ 502.483829] UBSAN: shift-out-of-bounds in /build/linux-hwe-5.15-x48ylI/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22
[ 502.483841] shift exponent 65535 is too large for 64-bit type 'long unsigned int'
[ 502.483851] CPU: 0 PID: 5401 Comm: ip Tainted: P OE 5.15.0-69-generic #76~20.04.1-Ubuntu
[ 502.483862] Hardware name: LENOVO 20QNS1T600/20QNS1T600, BIOS N2NET38W (1.23 ) 06/04/2020
[ 502.483866] Call Trace:
[ 502.483871] <TASK>
[ 502.483877] dump_stack_lvl+0x4a/0x63
[ 502.483890] dump_stack+0x10/0x16
[ 502.483896] ubsan_epilogue+0x9/0x49
[ 502.483909] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
[ 502.483929] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm]
[ 502.484008] iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm]
[ 502.484061] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm]
[ 502.484108] iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm]
[ 502.484153] drv_add_interface+0x47/0x100 [mac80211]
[ 502.484266] ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211]
[ 502.484392] ieee80211_do_open+0x867/0x970 [mac80211]
[ 502.484511] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211]
[ 502.484629] ieee80211_open+0x70/0x90 [mac80211]
[ 502.484744] __dev_open+0xe5/0x1a0
[ 502.484757] __dev_change_flags+0x190/0x200
[ 502.484770] dev_change_flags+0x26/0x70
[ 502.484781] do_setlink+0x907/0xc40
[ 502.484796] ? __nla_validate_parse+0x4c/0x1a0
[ 502.484811] __rtnl_newlink+0x593/0xa10
[ 502.484822] ? __nla_reserve+0x41/0x60
[ 502.484832] ? __kmalloc_node_track_caller+0x1d0/0x4e0
[ 502.484843] ? skb_free_head+0x69/0x80
[ 502.484854] ? security_sock_rcv_skb+0x2c/0x50
[ 502.484868] ? netlink_deliver_tap+0x3d/0x230
[ 502.484876] ? sk_filter_trim_cap+0xc1/0x230
[ 502.484889] ? skb_queue_tail+0x48/0x60
[ 502.484898] ? sock_def_readable+0x4b/0x80
[ 502.484905] ? __netlink_sendskb+0x3f/0x60
[ 502.484913] ? netlink_unicast+0x21b/0x250
[ 502.484924] ? rtnl_getlink+0x37c/0x400
[ 502.484950] ? __cond_resched+0x19/0x40
[ 502.484963] ? kmem_cache_alloc_trace+0x15a/0x420
[ 502.484972] rtnl_newlink+0x49/0x70
[ 502.484982] rtnetlink_rcv_msg+0x15d/0x410
[ 502.484994] ? __cond_resched+0x19/0x40
[ 502.485004] ? rtnl_calcit.isra.0+0x130/0x130
[ 502.485015] netlink_rcv_skb+0x53/0x100
[ 502.485026] rtnetlink_rcv+0x15/0x20
[ 502.485034] netlink_unicast+0x1ab/0x250
[ 502.485043] netlink_sendmsg+0x23e/0x4a0
[ 502.485055] sock_sendmsg+0x66/0x70
[ 502.485067] ____sys_sendmsg+0x21c/0x290
[ 502.485076] ? copy_msghdr_from_user+0x5c/0x90
[ 502.485091] ___sys_sendmsg+0x81/0xc0
[ 502.485103] ? mntput_no_expire+0x4c/0x260
[ 502.485112] ? __cond_resched+0x19/0x40
[ 502.485123] ? security_file_free+0x54/0x60
[ 502.485132] ? call_rcu+0xa8/0x230
[ 502.485144] ? __fput+0x127/0x280
[ 502.485158] __sys_sendmsg+0x62/0xc0
[ 502.485171] ? handle_mm_fault+0xd9/0x2c0
[ 502.485181] __x64_sys_sendmsg+0x1f/0x30
[ 502.485191] do_syscall_64+0x59/0xc0
[ 502.485203] ? irqentry_exit_to_user_mode+0x9/0x20
[ 502.485211] ? irqentry_exit+0x1d/0x30
[ 502.485218] ? exc_page_fault+0x89/0x170
[ 502.485225] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 502.485235] RIP: 0033:0x7f342cf485e7
[ 502.485245] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 502.485252] RSP: 002b:00007ffe89aee5a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 502.485263] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f342cf485e7
[ 502.485269] RDX: 0000000000000000 RSI: 00007ffe89aee620 RDI: 0000000000000003
[ 502.485273] RBP: 000000006437ce8c R08: 0000000000000001 R09: 000000000000007c
[ 502.485278] R10: 00007f342d014be0 R11: 0000000000000246 R12: 0000000000000001
[ 502.485283] R13: 00007ffe89aeee00 R14: 00007ffe89aee6f0 R15: 000055702574a020
[ 502.485295] </TASK>
[ 502.485299] ================================================================================