Comment 31 for bug 1966793

Maybe related:

[ 4.559227] ================================================================================
[ 4.559231] UBSAN: shift-out-of-bounds in /build/linux-TxVM9Q/linux-5.15.0/drivers/net/wireless/intel/iwlwifi/mvm/sta.c:2026:53
[ 4.559233] shift exponent 65535 is too large for 64-bit type 'long unsigned int'
[ 4.559235] CPU: 5 PID: 678 Comm: NetworkManager Not tainted 5.15.0-41-generic #44-Ubuntu
[ 4.559237] Hardware name: HP HP ProBook 440 G8 Notebook PC/87E0, BIOS T70 Ver. 01.08.20 03/12/2022
[ 4.559238] Call Trace:
[ 4.559239] <TASK>
[ 4.559241] show_stack+0x52/0x58
[ 4.559246] dump_stack_lvl+0x4a/0x5f
[ 4.559249] dump_stack+0x10/0x12
[ 4.559250] ubsan_epilogue+0x9/0x45
[ 4.559252] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef
[ 4.559256] iwl_mvm_add_aux_sta.cold+0x17/0x1f [iwlmvm]
[ 4.559273] iwl_mvm_up+0x644/0x9e0 [iwlmvm]
[ 4.559280] ? rtl_set_rx_mode+0x101/0x180 [r8169]
[ 4.559284] __iwl_mvm_mac_start+0x2b/0x1a0 [iwlmvm]
[ 4.559292] iwl_mvm_mac_start+0x5f/0xc0 [iwlmvm]
[ 4.559298] drv_start+0x4f/0xe0 [mac80211]
[ 4.559335] ieee80211_do_open+0x488/0x9c0 [mac80211]
[ 4.559357] ? ieee80211_check_concurrent_iface+0x158/0x1c0 [mac80211]
[ 4.559377] ieee80211_open+0x6c/0x90 [mac80211]
[ 4.559396] __dev_open+0xf0/0x1c0
[ 4.559399] __dev_change_flags+0x1a3/0x220
[ 4.559400] ? cpumask_next+0x23/0x30
[ 4.559402] dev_change_flags+0x26/0x60
[ 4.559404] do_setlink+0x28a/0xc50
[ 4.559406] ? __nla_validate_parse+0x4c/0x1a0
[ 4.559408] __rtnl_newlink+0x618/0xa20
[ 4.559410] ? skb_queue_tail+0x48/0x50
[ 4.559412] ? sock_def_readable+0x4b/0x80
[ 4.559413] ? __netlink_sendskb+0x5f/0x80
[ 4.559416] ? netlink_unicast+0x2f3/0x330
[ 4.559417] ? rtnl_getlink+0x392/0x410
[ 4.559420] ? kmem_cache_alloc_trace+0x19e/0x2e0
[ 4.559424] rtnl_newlink+0x49/0x70
[ 4.559425] rtnetlink_rcv_msg+0x15a/0x400
[ 4.559426] ? rtnl_calcit.isra.0+0x130/0x130
[ 4.559427] netlink_rcv_skb+0x53/0x100
[ 4.559429] rtnetlink_rcv+0x15/0x20
[ 4.559430] netlink_unicast+0x21a/0x330
[ 4.559431] netlink_sendmsg+0x24c/0x4c0
[ 4.559432] sock_sendmsg+0x62/0x70
[ 4.559433] ____sys_sendmsg+0x24e/0x290
[ 4.559434] ? import_iovec+0x31/0x40
[ 4.559437] ? sendmsg_copy_msghdr+0x7b/0xa0
[ 4.559438] ___sys_sendmsg+0x81/0xc0
[ 4.559440] ? kvfree+0x2a/0x30
[ 4.559442] ? kfree+0x1f3/0x250
[ 4.559443] ? security_file_free+0x54/0x60
[ 4.559446] ? kmem_cache_free+0x245/0x290
[ 4.559447] ? __fget_files+0x86/0xc0
[ 4.559450] __sys_sendmsg+0x62/0xb0
[ 4.559451] ? exit_to_user_mode_loop+0x10d/0x160
[ 4.559454] __x64_sys_sendmsg+0x1d/0x20
[ 4.559455] do_syscall_64+0x59/0xc0
[ 4.559457] ? exit_to_user_mode_prepare+0x37/0xb0
[ 4.559459] ? syscall_exit_to_user_mode+0x27/0x50
[ 4.559461] ? __x64_sys_write+0x19/0x20
[ 4.559462] ? do_syscall_64+0x69/0xc0
[ 4.559463] ? __x64_sys_close+0x11/0x40
[ 4.559465] ? do_syscall_64+0x69/0xc0
[ 4.559466] ? do_syscall_64+0x69/0xc0
[ 4.559467] ? do_syscall_64+0x69/0xc0
[ 4.559468] ? __x64_sys_recvmsg+0x1d/0x20
[ 4.559469] ? do_syscall_64+0x69/0xc0
[ 4.559470] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 4.559472] RIP: 0033:0x7f43685d2b4d
[ 4.559474] Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 3a 8f f6 ff 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 7e 8f f6 ff 48
[ 4.559475] RSP: 002b:00007fff55980730 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
[ 4.559478] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00007f43685d2b4d
[ 4.559479] RDX: 0000000000000000 RSI: 00007fff55980770 RDI: 000000000000000c
[ 4.559479] RBP: 000055c295425040 R08: 0000000000000000 R09: 0000000000000000
[ 4.559480] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 4.559481] R13: 00007fff559808c0 R14: 00007fff559808bc R15: 0000000000000000
[ 4.559482] </TASK>
[ 4.559483] ================================================================================