[Kernel-packages] [Bug 1998576] IwConfig.txt

Manah Sun, 04 Dec 2022 23:51:18 -0800

apport information

** Attachment added: "IwConfig.txt"
   
https://bugs.launchpad.net/bugs/1998576/+attachment/5634478/+files/IwConfig.txt


-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1998576

Title:
  UBSAN: shift-out-of-bounds in WiFi driver (iwlwifi/mvm/mac-ctxt.c)

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Hello all!

  On Ubuntu 20.04.5 LTS, when I use the mdk3 tool
  (https://github.com/aircrack-ng/mdk3, also available in Ubuntu PPA),
  it raises a kernel exception in the Wi-Fi driver:

  UBSAN: shift-out-of-bounds in 
/build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22
  shift exponent 65535 is too large for 64-bit type 'long unsigned int'

  The exact command I use is :

  mdk3 wlp2s0 b -f somefile.txt -a -s 200

  (Where wlp2s0 is my main Wi-Fi interface.)
  Here is the full logs:

  Dec  2 09:22:38 red-october kernel: [ 1228.100538] 
================================================================================
  Dec  2 09:22:38 red-october kernel: [ 1228.100614] UBSAN: shift-out-of-bounds 
in 
/build/linux-hwe-5.15-ZCQu4B/linux-hwe-5.15-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:669:22
  Dec  2 09:22:38 red-october kernel: [ 1228.100714] shift exponent 65535 is 
too large for 64-bit type 'long unsigned int'
  Dec  2 09:22:38 red-october kernel: [ 1228.102683] CPU: 3 PID: 5865 Comm: 
ifconfig Tainted: P           OE     5.15.0-53-generic #59~20.04.1-Ubuntu
  Dec  2 09:22:38 red-october kernel: [ 1228.102689] Hardware name: ASUSTeK 
COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II/GA401II, BIOS GA401II.220 
03/14/2022
  Dec  2 09:22:38 red-october kernel: [ 1228.102693] Call Trace:
  Dec  2 09:22:38 red-october kernel: [ 1228.102696]  <TASK>
  Dec  2 09:22:38 red-october kernel: [ 1228.102701]  dump_stack_lvl+0x4a/0x63
  Dec  2 09:22:38 red-october kernel: [ 1228.102713]  dump_stack+0x10/0x16
  Dec  2 09:22:38 red-october kernel: [ 1228.102718]  ubsan_epilogue+0x9/0x49
  Dec  2 09:22:38 red-october kernel: [ 1228.102723]  
__ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
  Dec  2 09:22:38 red-october kernel: [ 1228.102734]  
iwl_mvm_mac_ctxt_cmd_listener.cold+0x20/0x32 [iwlmvm]
  Dec  2 09:22:38 red-october kernel: [ 1228.102770]  
iwl_mvm_mac_ctx_send+0x8b/0xd0 [iwlmvm]
  Dec  2 09:22:38 red-october kernel: [ 1228.102798]  
iwl_mvm_mac_ctxt_add+0x44/0xf0 [iwlmvm]
  Dec  2 09:22:38 red-october kernel: [ 1228.102821]  
iwl_mvm_mac_add_interface+0x133/0x350 [iwlmvm]
  Dec  2 09:22:38 red-october kernel: [ 1228.102847]  
drv_add_interface+0x4a/0x100 [mac80211]
  Dec  2 09:22:38 red-october kernel: [ 1228.102912]  
ieee80211_add_virtual_monitor+0x11a/0x330 [mac80211]
  Dec  2 09:22:38 red-october kernel: [ 1228.102980]  
ieee80211_do_open+0x867/0x970 [mac80211]
  Dec  2 09:22:38 red-october kernel: [ 1228.103041]  ? 
ieee80211_check_concurrent_iface+0x158/0x1d0 [mac80211]
  Dec  2 09:22:38 red-october kernel: [ 1228.103104]  ieee80211_open+0x70/0x90 
[mac80211]
  Dec  2 09:22:38 red-october kernel: [ 1228.103165]  __dev_open+0xe8/0x1a0
  Dec  2 09:22:38 red-october kernel: [ 1228.103172]  
__dev_change_flags+0x190/0x200
  Dec  2 09:22:38 red-october kernel: [ 1228.103178]  dev_change_flags+0x26/0x70
  Dec  2 09:22:38 red-october kernel: [ 1228.103183]  devinet_ioctl+0x5f2/0x780
  Dec  2 09:22:38 red-october kernel: [ 1228.103192]  inet_ioctl+0x169/0x190
  Dec  2 09:22:38 red-october kernel: [ 1228.103199]  sock_do_ioctl+0x47/0x100
  Dec  2 09:22:38 red-october kernel: [ 1228.103206]  sock_ioctl+0xf3/0x310
  Dec  2 09:22:38 red-october kernel: [ 1228.103211]  ? 
syscall_exit_to_user_mode+0x27/0x50
  Dec  2 09:22:38 red-october kernel: [ 1228.103218]  ? do_syscall_64+0x69/0xc0
  Dec  2 09:22:38 red-october kernel: [ 1228.103223]  __x64_sys_ioctl+0x95/0xd0
  Dec  2 09:22:38 red-october kernel: [ 1228.103232]  do_syscall_64+0x5c/0xc0
  Dec  2 09:22:38 red-october kernel: [ 1228.103236]  ? 
irqentry_exit_to_user_mode+0x9/0x20
  Dec  2 09:22:38 red-october kernel: [ 1228.103241]  ? irqentry_exit+0x1d/0x30
  Dec  2 09:22:38 red-october kernel: [ 1228.103246]  ? 
exc_page_fault+0x89/0x170
  Dec  2 09:22:38 red-october kernel: [ 1228.103252]  
entry_SYSCALL_64_after_hwframe+0x61/0xcb
  Dec  2 09:22:38 red-october kernel: [ 1228.103257] RIP: 0033:0x7f487d3b63ab
  Dec  2 09:22:38 red-october kernel: [ 1228.103263] Code: 0f 1e fa 48 8b 05 e5 
7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 
1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b5 7a 0d 00 f7 
d8 64 89 01 48
  Dec  2 09:22:38 red-october kernel: [ 1228.103267] RSP: 002b:00007ffc147740a8 
EFLAGS: 00000202 ORIG_RAX: 0000000000000010
  Dec  2 09:22:38 red-october kernel: [ 1228.103273] RAX: ffffffffffffffda RBX: 
00007ffc147740b0 RCX: 00007f487d3b63ab
  Dec  2 09:22:38 red-october kernel: [ 1228.103276] RDX: 00007ffc147740b0 RSI: 
0000000000008914 RDI: 0000000000000004
  Dec  2 09:22:38 red-october kernel: [ 1228.103278] RBP: 00007ffc14774160 R08: 
0000000000000008 R09: 0000561e451b2940
  Dec  2 09:22:38 red-october kernel: [ 1228.103281] R10: 0000000000000021 R11: 
0000000000000202 R12: 0000000000000041
  Dec  2 09:22:38 red-october kernel: [ 1228.103283] R13: 00007ffc14774458 R14: 
0000000000000000 R15: 0000000000000000
  Dec  2 09:22:38 red-october kernel: [ 1228.103288]  </TASK>
  Dec  2 09:22:38 red-october kernel: [ 1228.103290] 
================================================================================
  Dec  2 09:22:38 red-october kernel: [ 1228.109299] IPv6: 
ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
  Dec  2 09:22:38 red-october kernel: [ 1228.131698] device wlp2s0 entered 
promiscuous mode
  Dec  2 09:23:29 red-october kernel: [ 1278.805519] AppRun[2337]: segfault at 
8 ip 00007f6b8401cb41 sp 00007ffd8c7daa70 error 4 in 
libQt5DBus.so.5[7f6b83feb000+8d000]
  Dec  2 09:23:29 red-october kernel: [ 1278.805537] Code: 00 00 00 c3 90 0f 1f 
40 00 48 8b 47 08 8b 80 a0 00 00 00 c3 90 0f 1f 40 00 41 57 41 56 41 55 41 54 
49 89 fc 55 53 48 83 ec 48 <48> 8b 5e 08 64 48 8b 04 25 28 00 00 00 48 89 44 24 
38 31 c0 80 bb
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu27.25
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC2:  manah      1805 F.... pulseaudio
   /dev/snd/controlC0:  manah      1805 F.... pulseaudio
   /dev/snd/controlC1:  manah      1805 F.... pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: i3
  DistroRelease: Ubuntu 20.04
  InstallationDate: Installed on 2021-02-05 (667 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  MachineType: ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II
  NonfreeKernelModules: nvidia_modeset nvidia
  Package: linux (not installed)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 amdgpudrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-53-generic 
root=UUID=3995421e-0915-4983-a047-4eb41a9e5873 ro quiet splash vt.handoff=7
  ProcVersionSignature: Ubuntu 5.15.0-53.59~20.04.1-generic 5.15.64
  RelatedPackageVersions:
   linux-restricted-modules-5.15.0-53-generic N/A
   linux-backports-modules-5.15.0-53-generic  N/A
   linux-firmware                             
1.201.5+system76~1646062142~20.04~b05e0ab~dev
  Tags:  focal
  Uname: Linux 5.15.0-53-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip docker libvirt lpadmin lxd plugdev sambashare sudo 
vboxusers
  _MarkForUpload: True
  dmi.bios.date: 03/14/2022
  dmi.bios.release: 5.16
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: GA401II.220
  dmi.board.asset.tag: ATN12345678901234567
  dmi.board.name: GA401II
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: 1.0
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: ASUSTeK COMPUTER INC.
  dmi.chassis.version: 1.0
  dmi.ec.firmware.release: 3.15
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrGA401II.220:bd03/14/2022:br5.16:efr3.15:svnASUSTeKCOMPUTERINC.:pnROGZephyrusG14GA401II_GA401II:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnGA401II:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:sku:
  dmi.product.family: ROG Zephyrus G14
  dmi.product.name: ROG Zephyrus G14 GA401II_GA401II
  dmi.product.version: 1.0
  dmi.sys.vendor: ASUSTeK COMPUTER INC.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998576/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1998576] IwConfig.txt

Reply via email to