Public bug reported:
Steps to reproduce below but it doesn't happen all the time:
nmcli set wlan0 managed no
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
[packet capture on wlan0]
ifconfig wlan0 down
iwconfig wlan0 mode managed
airmon-ng start wlan0
[packet capture on wlan0mon]
airmon-ng stop wlan0
ifconfig wlan0 down
ifconfig wlan0 mode managed
nmcli set wlan0 managed yes
After that network managed didn't take back the device and iwconfig displayed
something unrealistic hube in txpower - like -13124245424dBm
along with stacktrace in dmesg:
[209247.466524]
================================================================================
[209247.466535] UBSAN: shift-out-of-bounds in
/build/linux-oem-5.17-UWvyZR/linux-oem-5.17-5.17.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:675:22
[209247.466544] shift exponent 65535 is too large for 64-bit type 'long
unsigned int'
[209247.466551] CPU: 6 PID: 396541 Comm: ifconfig Kdump: loaded Tainted: P
U OE 5.17.0-1028-oem #29-Ubuntu
[209247.466558] Hardware name: Dell Inc. XPS 13 9310/0DXP1F, BIOS 3.12.1
12/27/2022
[209247.466562] Call Trace:
[209247.466566] <TASK>
[209247.466574] show_stack+0x52/0x59
[209247.466589] dump_stack_lvl+0x4c/0x64
[209247.466598] dump_stack+0x10/0x13
[209247.466603] ubsan_epilogue+0x9/0x46
[209247.466608] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef
[209247.466617] ? iwl_txq_inc_wr_ptr+0x5a/0x70 [iwlwifi]
[209247.466670] ? iwl_pcie_gen2_enqueue_hcmd+0x5a2/0xa60 [iwlwifi]
[209247.466708] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm]
[209247.466761] iwl_mvm_mac_ctx_send+0x81/0xb0 [iwlmvm]
[209247.466793] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm]
[209247.466822] iwl_mvm_mac_add_interface+0x130/0x420 [iwlmvm]
[209247.466850] drv_add_interface+0x4b/0x130 [mac80211]
[209247.466922] ieee80211_add_virtual_monitor.part.0+0xc8/0x280 [mac80211]
[209247.466997] ieee80211_do_open+0x8a5/0xa00 [mac80211]
[209247.467079] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211]
[209247.467149] ieee80211_open+0x6d/0x90 [mac80211]
[209247.467215] __dev_open+0xf9/0x1c0
[209247.467225] __dev_change_flags+0x1a4/0x220
[209247.467232] dev_change_flags+0x26/0x60
[209247.467239] devinet_ioctl+0x599/0x6f0
[209247.467245] ? _copy_from_user+0x2e/0x70
[209247.467255] inet_ioctl+0x166/0x190
[209247.467260] ? lru_cache_add+0x1c/0x20
[209247.467268] ? lru_cache_add_inactive_or_unevictable+0x2e/0xe0
[209247.467275] ? page_add_new_anon_rmap+0x69/0x100
[209247.467281] ? set_pte+0x9/0x10
[209247.467289] ? wp_page_copy+0x331/0x5e0
[209247.467293] sock_do_ioctl+0x42/0x100
[209247.467302] ? netdev_name_node_lookup_rcu+0x6b/0x80
[209247.467308] ? __check_object_size.part.0+0x3a/0x140
[209247.467314] sock_ioctl+0xf0/0x310
[209247.467321] ? __audit_syscall_entry+0xcd/0x130
[209247.467329] ? sock_do_ioctl+0xd6/0x100
[209247.467336] __x64_sys_ioctl+0x8f/0xd0
[209247.467343] do_syscall_64+0x59/0xc0
[209247.467350] ? __audit_syscall_entry+0xcd/0x130
[209247.467357] ? exit_to_user_mode_prepare+0x37/0xb0
[209247.467366] ? syscall_exit_to_user_mode+0x27/0x50
[209247.467373] ? do_syscall_64+0x69/0xc0
[209247.467377] ? exit_to_user_mode_prepare+0x37/0xb0
[209247.467383] ? irqentry_exit_to_user_mode+0x9/0x20
[209247.467389] ? irqentry_exit+0x35/0x40
[209247.467395] ? exc_page_fault+0x89/0x180
[209247.467401] ? asm_exc_page_fault+0x8/0x30
[209247.467406] entry_SYSCALL_64_after_hwframe+0x44/0xae
[209247.467411] RIP: 0033:0x7f4f6d3deaff
[209247.467418] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00
00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0
3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
[209247.467423] RSP: 002b:00007ffc754f4380 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[209247.467430] RAX: ffffffffffffffda RBX: 0000000000000041 RCX:
00007f4f6d3deaff
[209247.467433] RDX: 00007ffc754f43e0 RSI: 0000000000008914 RDI:
0000000000000004
[209247.467436] RBP: 00007ffc754f4490 R08: 0000000000000009 R09:
0000000000000000
[209247.467439] R10: 00005565f4201078 R11: 0000000000000246 R12:
00007ffc754f43e0
[209247.467441] R13: 0000000000000004 R14: 00005565f4205958 R15:
00007f4f6d55c040
[209247.467447] </TASK>
[209247.467449]
================================================================================
The following caused Network Manager catched up and connected to configured
wifi:
sudo rmmod iwlmvm
sudo modprobe iwlmvm
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-modules-iwlwifi-5.17.0-1028-oem (not installed)
ProcVersionSignature: Ubuntu 5.17.0-1028.29-oem 5.17.15
Uname: Linux 5.17.0-1028-oem x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Mar 13 17:44:41 2023
InstallationDate: Installed on 2015-05-08 (2866 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: linux-oem-5.17
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: linux-oem-5.17 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.17 in Ubuntu.
https://bugs.launchpad.net/bugs/2011457
Title:
UBSAN: shift-out-of-bounds in /build/linux-oem-5.17-UWvyZR/linux-
oem-5.17-5.17.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-
ctxt.c:675:22
Status in linux-oem-5.17 package in Ubuntu:
New
Bug description:
Steps to reproduce below but it doesn't happen all the time:
nmcli set wlan0 managed no
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
[packet capture on wlan0]
ifconfig wlan0 down
iwconfig wlan0 mode managed
airmon-ng start wlan0
[packet capture on wlan0mon]
airmon-ng stop wlan0
ifconfig wlan0 down
ifconfig wlan0 mode managed
nmcli set wlan0 managed yes
After that network managed didn't take back the device and iwconfig displayed
something unrealistic hube in txpower - like -13124245424dBm
along with stacktrace in dmesg:
[209247.466524]
================================================================================
[209247.466535] UBSAN: shift-out-of-bounds in
/build/linux-oem-5.17-UWvyZR/linux-oem-5.17-5.17.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:675:22
[209247.466544] shift exponent 65535 is too large for 64-bit type 'long
unsigned int'
[209247.466551] CPU: 6 PID: 396541 Comm: ifconfig Kdump: loaded Tainted: P
U OE 5.17.0-1028-oem #29-Ubuntu
[209247.466558] Hardware name: Dell Inc. XPS 13 9310/0DXP1F, BIOS 3.12.1
12/27/2022
[209247.466562] Call Trace:
[209247.466566] <TASK>
[209247.466574] show_stack+0x52/0x59
[209247.466589] dump_stack_lvl+0x4c/0x64
[209247.466598] dump_stack+0x10/0x13
[209247.466603] ubsan_epilogue+0x9/0x46
[209247.466608] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef
[209247.466617] ? iwl_txq_inc_wr_ptr+0x5a/0x70 [iwlwifi]
[209247.466670] ? iwl_pcie_gen2_enqueue_hcmd+0x5a2/0xa60 [iwlwifi]
[209247.466708] iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm]
[209247.466761] iwl_mvm_mac_ctx_send+0x81/0xb0 [iwlmvm]
[209247.466793] iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm]
[209247.466822] iwl_mvm_mac_add_interface+0x130/0x420 [iwlmvm]
[209247.466850] drv_add_interface+0x4b/0x130 [mac80211]
[209247.466922] ieee80211_add_virtual_monitor.part.0+0xc8/0x280 [mac80211]
[209247.466997] ieee80211_do_open+0x8a5/0xa00 [mac80211]
[209247.467079] ? ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211]
[209247.467149] ieee80211_open+0x6d/0x90 [mac80211]
[209247.467215] __dev_open+0xf9/0x1c0
[209247.467225] __dev_change_flags+0x1a4/0x220
[209247.467232] dev_change_flags+0x26/0x60
[209247.467239] devinet_ioctl+0x599/0x6f0
[209247.467245] ? _copy_from_user+0x2e/0x70
[209247.467255] inet_ioctl+0x166/0x190
[209247.467260] ? lru_cache_add+0x1c/0x20
[209247.467268] ? lru_cache_add_inactive_or_unevictable+0x2e/0xe0
[209247.467275] ? page_add_new_anon_rmap+0x69/0x100
[209247.467281] ? set_pte+0x9/0x10
[209247.467289] ? wp_page_copy+0x331/0x5e0
[209247.467293] sock_do_ioctl+0x42/0x100
[209247.467302] ? netdev_name_node_lookup_rcu+0x6b/0x80
[209247.467308] ? __check_object_size.part.0+0x3a/0x140
[209247.467314] sock_ioctl+0xf0/0x310
[209247.467321] ? __audit_syscall_entry+0xcd/0x130
[209247.467329] ? sock_do_ioctl+0xd6/0x100
[209247.467336] __x64_sys_ioctl+0x8f/0xd0
[209247.467343] do_syscall_64+0x59/0xc0
[209247.467350] ? __audit_syscall_entry+0xcd/0x130
[209247.467357] ? exit_to_user_mode_prepare+0x37/0xb0
[209247.467366] ? syscall_exit_to_user_mode+0x27/0x50
[209247.467373] ? do_syscall_64+0x69/0xc0
[209247.467377] ? exit_to_user_mode_prepare+0x37/0xb0
[209247.467383] ? irqentry_exit_to_user_mode+0x9/0x20
[209247.467389] ? irqentry_exit+0x35/0x40
[209247.467395] ? exc_page_fault+0x89/0x180
[209247.467401] ? asm_exc_page_fault+0x8/0x30
[209247.467406] entry_SYSCALL_64_after_hwframe+0x44/0xae
[209247.467411] RIP: 0033:0x7f4f6d3deaff
[209247.467418] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00
00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89
c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
[209247.467423] RSP: 002b:00007ffc754f4380 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[209247.467430] RAX: ffffffffffffffda RBX: 0000000000000041 RCX:
00007f4f6d3deaff
[209247.467433] RDX: 00007ffc754f43e0 RSI: 0000000000008914 RDI:
0000000000000004
[209247.467436] RBP: 00007ffc754f4490 R08: 0000000000000009 R09:
0000000000000000
[209247.467439] R10: 00005565f4201078 R11: 0000000000000246 R12:
00007ffc754f43e0
[209247.467441] R13: 0000000000000004 R14: 00005565f4205958 R15:
00007f4f6d55c040
[209247.467447] </TASK>
[209247.467449]
================================================================================
The following caused Network Manager catched up and connected to configured
wifi:
sudo rmmod iwlmvm
sudo modprobe iwlmvm
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-modules-iwlwifi-5.17.0-1028-oem (not installed)
ProcVersionSignature: Ubuntu 5.17.0-1028.29-oem 5.17.15
Uname: Linux 5.17.0-1028-oem x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Mar 13 17:44:41 2023
InstallationDate: Installed on 2015-05-08 (2866 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: linux-oem-5.17
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-oem-5.17/+bug/2011457/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp