Injection doesn't work on VIF when AP mode is started on main interface (only affects kernel 6.9+)

[i486]

Description:
When starting the AP mode on the main interface (wlan0), creating a virtual interface (wlan0mon) in monitor mode, and testing injection using tools like aireplay-ng, the injection fails to work. The problem began after kernel 6.9.0, as it worked on previous kernel versions.

Steps to Reproduce:

1. Start AP Mode on wlan0 interface using hostapd. I've used linux-wifi-hotspot with just No Virt and 2.4GHz checked, which used following configuration:

   beacon_int=100
   ssid=Test
   interface=wlan0
   driver=nl80211
   channel=1
   ctrl_interface=/tmp/create_ap.wlan0.conf.P66RQgOm/hostapd_ctrl
   ctrl_interface_group=0
   ignore_broadcast_ssid=0
   ap_isolate=0
   hw_mode=g
   wpa=2
   wpa_passphrase=12345678
   wpa_key_mgmt=WPA-PSK
   wpa_pairwise=CCMP
   rsn_pairwise=CCMP   
   

2. Create Virtual Interface:

   iw dev wlan0 interface add wlan0mon type monitor addr 12:34:56:78:AB:CD
   

3. Test Injection using aireplay-ng:

   aireplay-ng -9 wlan0mon
   

   Output on 6.8 or earlier:

   23:58:12  Trying broadcast probe requests...
   23:58:12  Injection is working!
   23:58:14  xx:xx:xx:xx:xx:xx - channel: 1 - 'xxxxxxx'
   23:58:20   30/30: 100%
   
   23:58:20  xx:xx:xx:xx:xx:xx - channel: 1 - 'xxxxxxx'
   23:58:21  Ping (min/avg/max): 4.066ms/27.308ms/170.734ms Power: -24.87
   23:58:21  30/30: 100%
   

   Output on 6.9 or later:

   23:58:12  Trying broadcast probe requests...
   23:58:14  xx:xx:xx:xx:xx:xx - channel: 1 - 'xxxxxxx'
   23:58:20   0/30: 0%
   
   23:58:20  xx:xx:xx:xx:xx:xx - channel: 1 - 'xxxxxxx'
   23:58:21  Ping (min/avg/max): 4.066ms/27.308ms/170.734ms Power: -24.87
   23:58:21  0/30: 0%
   

Expected Behavior:
Injection should work as expected on the wlan0mon interface after starting AP mode on wlan0.

Actual Behavior:
Injection does not work, even though it previously worked on all kernel versions before 6.9.0.

Tested Working On These Kernels:

• linux-image-6.1.0-kali9-amd64 (6.1.27-1kali1)
• linux-image-6.1.127-custom (6.1.127-1)
• linux-image-unsigned-6.2.0-060200-generic
• linux-image-unsigned-6.2.0-060200rc1-generic
• linux-image-unsigned-6.3.0-060300-generic
• linux-image-unsigned-6.4.0-060400-generic
• linux-image-unsigned-6.5.0-060500-generic
• linux-image-unsigned-6.6.63-060663-generic
• linux-image-unsigned-6.7.10-060710-generic
• linux-image-unsigned-6.8.12-060812-generic

Tested Not Working On These Kernels:

• linux-image-unsigned-6.9.0-060900-generic
• linux-image-unsigned-6.9.10-060910-generic
• linux-image-amd64/kali-rolling (6.11.2-1kali1)
• linux-image-unsigned-6.12.0-061200-generic
• linux-image-6.13.1/bookworm (6.13.1-1)

Tested Driver Commit: 21a3fa7

CLICK HERE TO SEE ADDITIONAL INFORMATION

########## wireless info START ##########

/root/wireless-info/wireless-info: line 148: last: command not found
Report from: 07 Feb 2025 00:45 +08 +0800

Booted last: 07 Feb 2025 00:00 +08 +0800

Script from: 27 Aug 2024 10:55 UTC +0000

##### release ###########################

Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2024.4
Codename:	kali-rolling

##### kernel ############################

Linux 6.7.10-060710-generic #202403151538 SMP PREEMPT_DYNAMIC Fri Mar 15 20:14:18 UTC 2024 x86_64 unknown unknown GNU/Linux

Parameters: ro, quiet, nosgx, mitigations=off, splash

##### desktop ###########################

Default Xsession

##### lspci #############################

00:1f.6 Ethernet controller [0200]: Intel Corporation Ethernet Connection (7) I219-V [8086:15bc] (rev 10)
	DeviceName: Onboard - Ethernet
	Subsystem: ASRock Incorporation Device [1849:15bc]
	Kernel driver in use: e1000e

##### lsusb #############################

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 046d:c245 Logitech, Inc. G400 Optical Mouse
Bus 001 Device 003: ID 04f2:1665 Chicony Electronics Co., Ltd Alienware Advanced Gaming Keyboard AW568
Bus 001 Device 008: ID 0b05:17d2 ASUSTek Computer, Inc. USB-AC56 802.11a/b/g/n/ac Wireless Adapter [Realtek RTL8812AU]
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

##### PCMCIA card info ##################

'pccardctl' is not installed (package "pcmciautils").

##### rfkill ############################

3: phy5: Wireless LAN
	Soft blocked: no
	Hard blocked: no

##### secure boot #######################

SecureBoot disabled
Platform is in Setup Mode

##### lsmod #############################

rtw_8812au             12288  0
rtw_8812a              57344  1 rtw_8812au
rtw_usb                28672  1 rtw_8812au
mac80211             1724416  2 rtw_usb,rtw_core
intel_wmi_thunderbolt    16384  0
wmi_bmof               12288  0
cfg80211             1323008  2 rtw_core,mac80211
libarc4                12288  1 mac80211
mxm_wmi                12288  1 nouveau
wmi                    40960  5 video,intel_wmi_thunderbolt,wmi_bmof,mxm_wmi,nouveau

##### dkms #############################

##### interfaces ########################

[/etc/network/interfaces]

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

##### ifconfig ##########################

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback <MAC address> brd <MAC address>
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether <MAC 'eth0' [IF1]> brd <MAC address>
    inet 192.168.2.133/24 brd 192.168.2.255 scope global dynamic noprefixroute eth0
       valid_lft 76588sec preferred_lft 76588sec
    inet6 fe80::<IP6 'eth0' [IF1]>/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
6: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether <MAC 'wlan0' [IF2]> brd <MAC address>
    inet 192.168.12.1/24 brd 192.168.12.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::<IP6 'wlan0' [IF2]>/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
7: wlan0mon: <BROADCAST,ALLMULTI,PROMISC,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ieee802.11/radiotap <MAC 'wlan0mon' [IF3]> brd <MAC address>

##### iwconfig ##########################

lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11  Mode:Master  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
wlan0mon  IEEE 802.11  Mode:Monitor  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
          

##### route #############################

default via 192.168.2.10 dev eth0 proto dhcp src 192.168.2.133 metric 100 
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.133 metric 100 
192.168.12.0/24 dev wlan0 proto kernel scope link src 192.168.12.1 

##### resolv.conf #######################

[644 root '/etc/resolv.conf']
nameserver 192.168.2.10

##### network managers ##################

Installed:

	NetworkManager

Running:

root         768       1  0 Feb06 ?        00:00:07 /usr/sbin/NetworkManager --no-daemon

##### NetworkManager info ###############

GENERAL.DEVICE:                         eth0
GENERAL.TYPE:                           ethernet
GENERAL.NM-TYPE:                        NMDeviceEthernet
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/Devices/2
GENERAL.VENDOR:                         Intel Corporation
GENERAL.PRODUCT:                        Ethernet Connection (7) I219-V
GENERAL.DRIVER:                         e1000e
GENERAL.DRIVER-VERSION:                 6.7.10-060710-generic
GENERAL.FIRMWARE-VERSION:               0.5-4
GENERAL.HWADDR:                         <MAC 'eth0' [IF1]>
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.REASON:                         0 (No reason given)
GENERAL.IP4-CONNECTIVITY:               4 (full)
GENERAL.IP6-CONNECTIVITY:               4 (full)
GENERAL.UDI:                            /sys/devices/pci0000:00/0000:00:1f.6/net/eth0
GENERAL.PATH:                           pci-0000:00:1f.6
GENERAL.IP-IFACE:                       eth0
GENERAL.IS-SOFTWARE:                    no
GENERAL.NM-MANAGED:                     yes
GENERAL.AUTOCONNECT:                    yes
GENERAL.FIRMWARE-MISSING:               no
GENERAL.NM-PLUGIN-MISSING:              no
GENERAL.PHYS-PORT-ID:                   --
GENERAL.CONNECTION:                     Wired connection 1
GENERAL.CON-UUID:                       bcbb983d-538f-4aef-8a49-436f73d761ff
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.METERED:                        no (guessed)
CAPABILITIES.CARRIER-DETECT:            yes
CAPABILITIES.SPEED:                     1000 Mb/s
CAPABILITIES.IS-SOFTWARE:               no
CAPABILITIES.SRIOV:                     no
INTERFACE-FLAGS.UP:                     yes
INTERFACE-FLAGS.LOWER-UP:               yes
INTERFACE-FLAGS.CARRIER:                yes
INTERFACE-FLAGS.PROMISC:                no
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.2.133/24
IP4.GATEWAY:                            192.168.2.10
IP4.ROUTE[1]:                           dst = 192.168.2.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.2.10, mt = 100
IP4.DNS[1]:                             192.168.2.10
DHCP4.OPTION[1]:                        broadcast_address = 192.168.2.255
DHCP4.OPTION[2]:                        dhcp_client_identifier = 01:<MAC 'eth0' [IF1]>
DHCP4.OPTION[3]:                        dhcp_lease_time = 86400
DHCP4.OPTION[4]:                        dhcp_server_identifier = 192.168.2.10
DHCP4.OPTION[5]:                        domain_name_servers = 192.168.2.10
DHCP4.OPTION[6]:                        expiry = 1738936882
DHCP4.OPTION[7]:                        host_name = Administrator
DHCP4.OPTION[8]:                        ip_address = 192.168.2.133
DHCP4.OPTION[9]:                        next_server = 192.168.2.10
DHCP4.OPTION[10]:                       requested_broadcast_address = 1
DHCP4.OPTION[11]:                       requested_domain_name = 1
DHCP4.OPTION[12]:                       requested_domain_name_servers = 1
DHCP4.OPTION[13]:                       requested_domain_search = 1
DHCP4.OPTION[14]:                       requested_host_name = 1
DHCP4.OPTION[15]:                       requested_interface_mtu = 1
DHCP4.OPTION[16]:                       requested_ms_classless_static_routes = 1
DHCP4.OPTION[17]:                       requested_nis_domain = 1
DHCP4.OPTION[18]:                       requested_nis_servers = 1
DHCP4.OPTION[19]:                       requested_ntp_servers = 1
DHCP4.OPTION[20]:                       requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[21]:                       requested_root_path = 1
DHCP4.OPTION[22]:                       requested_routers = 1
DHCP4.OPTION[23]:                       requested_static_routes = 1
DHCP4.OPTION[24]:                       requested_subnet_mask = 1
DHCP4.OPTION[25]:                       requested_time_offset = 1
DHCP4.OPTION[26]:                       requested_wpad = 1
DHCP4.OPTION[27]:                       routers = 192.168.2.10
DHCP4.OPTION[28]:                       subnet_mask = 255.255.255.0
DHCP4.OPTION[29]:                       wpad = 

IP6.ADDRESS[1]:                         fe80::<IP6 'eth0' [IF1]>/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024
CONNECTIONS.AVAILABLE-CONNECTION-PATHS: /org/freedesktop/NetworkManager/Settings/2
CONNECTIONS.AVAILABLE-CONNECTIONS[1]:   bcbb983d-538f-4aef-8a49-436f73d761ff | Wired connection 1

GENERAL.DEVICE:                         p2p-dev-wlan0
GENERAL.TYPE:                           wifi-p2p
GENERAL.NM-TYPE:                        NMDeviceWifiP2P
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/Devices/10
GENERAL.VENDOR:                         --
GENERAL.PRODUCT:                        --
GENERAL.DRIVER:                         (unknown)
GENERAL.DRIVER-VERSION:                 --
GENERAL.FIRMWARE-VERSION:               --
GENERAL.HWADDR:                         (unknown)
GENERAL.MTU:                            0
GENERAL.STATE:                          20 (unavailable)
GENERAL.REASON:                         10 (802.1X supplicant failed)
GENERAL.IP4-CONNECTIVITY:               1 (none)
GENERAL.IP6-CONNECTIVITY:               1 (none)
GENERAL.UDI:                            /virtual/device/placeholder/8
GENERAL.PATH:                           --
GENERAL.IP-IFACE:                       --
GENERAL.IS-SOFTWARE:                    no
GENERAL.NM-MANAGED:                     yes
GENERAL.AUTOCONNECT:                    yes
GENERAL.FIRMWARE-MISSING:               no
GENERAL.NM-PLUGIN-MISSING:              no
GENERAL.PHYS-PORT-ID:                   --
GENERAL.CONNECTION:                     --
GENERAL.CON-UUID:                       --
GENERAL.CON-PATH:                       --
GENERAL.METERED:                        unknown
CAPABILITIES.CARRIER-DETECT:            no
CAPABILITIES.SPEED:                     unknown
CAPABILITIES.IS-SOFTWARE:               no
CAPABILITIES.SRIOV:                     no
INTERFACE-FLAGS.UP:                     no
INTERFACE-FLAGS.LOWER-UP:               no
INTERFACE-FLAGS.CARRIER:                no
INTERFACE-FLAGS.PROMISC:                no
CONNECTIONS.AVAILABLE-CONNECTION-PATHS: --

GENERAL.DEVICE:                         wlan0
GENERAL.TYPE:                           wifi
GENERAL.NM-TYPE:                        NMDeviceWifi
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/Devices/9
GENERAL.VENDOR:                         ASUSTek Computer, Inc.
GENERAL.PRODUCT:                        USB-AC56 802.11a/b/g/n/ac Wireless Adapter [Realtek RTL8812AU]
GENERAL.DRIVER:                         rtw_8812au
GENERAL.DRIVER-VERSION:                 6.7.10-060710-generic
GENERAL.FIRMWARE-VERSION:               N/A
GENERAL.HWADDR:                         <MAC 'wlan0' [IF2]>
GENERAL.MTU:                            1500
GENERAL.STATE:                          10 (unmanaged)
GENERAL.REASON:                         76 (The device is unmanaged by user decision via settings plugin ("unmanaged-devices" for keyfile or "NM_CONTROLLED=no" for ifcfg-rh))
GENERAL.IP4-CONNECTIVITY:               1 (none)
GENERAL.IP6-CONNECTIVITY:               1 (none)
GENERAL.UDI:                            /sys/devices/pci0000:00/0000:00:14.0/usb1/1-10/1-10:1.0/net/wlan0
GENERAL.PATH:                           pci-0000:00:14.0-usb-0:10:1.0
GENERAL.IP-IFACE:                       wlan0
GENERAL.IS-SOFTWARE:                    no
GENERAL.NM-MANAGED:                     no
GENERAL.AUTOCONNECT:                    yes
GENERAL.FIRMWARE-MISSING:               no
GENERAL.NM-PLUGIN-MISSING:              no
GENERAL.PHYS-PORT-ID:                   --
GENERAL.CONNECTION:                     --
GENERAL.CON-UUID:                       --
GENERAL.CON-PATH:                       --
GENERAL.METERED:                        unknown
CAPABILITIES.CARRIER-DETECT:            no
CAPABILITIES.SPEED:                     unknown
CAPABILITIES.IS-SOFTWARE:               no
CAPABILITIES.SRIOV:                     no
INTERFACE-FLAGS.UP:                     yes
INTERFACE-FLAGS.LOWER-UP:               yes
INTERFACE-FLAGS.CARRIER:                yes
INTERFACE-FLAGS.PROMISC:                no
WIFI-PROPERTIES.WEP:                    yes
WIFI-PROPERTIES.WPA:                    yes
WIFI-PROPERTIES.WPA2:                   yes
WIFI-PROPERTIES.TKIP:                   yes
WIFI-PROPERTIES.CCMP:                   yes
WIFI-PROPERTIES.AP:                     yes
WIFI-PROPERTIES.ADHOC:                  yes
WIFI-PROPERTIES.2GHZ:                   yes
WIFI-PROPERTIES.5GHZ:                   yes
WIFI-PROPERTIES.6GHZ:                   no
WIFI-PROPERTIES.MESH:                   no
WIFI-PROPERTIES.IBSS-RSN:               no
IP4.ADDRESS[1]:                         192.168.12.1/24
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 192.168.12.0/24, nh = 0.0.0.0, mt = 0
IP6.ADDRESS[1]:                         fe80::<IP6 'wlan0' [IF2]>/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 256
CONNECTIONS.AVAILABLE-CONNECTION-PATHS: --

SSID  BSSID  MODE  CHAN  FREQ  RATE  SIGNAL  BARS  SECURITY  ACTIVE  IN-USE 

##### NetworkManager.state ##############

[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true

##### NetworkManager config #############

[[/etc/NetworkManager/conf.d/system-wifi-powersave.conf]]
[connection]
wifi.powersave = 2

[[/etc/NetworkManager/NetworkManager.conf]]
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[keyfile]
unmanaged-devices=interface-name:wlan0

[[/usr/lib/NetworkManager/conf.d/no-mac-addr-change.conf]]
[device-31-mac-addr-change]
match-device=driver:eagle_sdio,driver:wl
wifi.scan-rand-mac-address=no

##### NetworkManager profiles ###########

[ipv4] method=auto
[ipv6] method=auto

##### Netplan config ####################

##### iw reg get ########################

Region: Asia/Ulaanbaatar (based on set time zone)

global
country US: DFS-FCC
	(902 - 904 @ 2), (N/A, 30), (N/A)
	(904 - 920 @ 16), (N/A, 30), (N/A)
	(920 - 928 @ 8), (N/A, 30), (N/A)
	(2400 - 2472 @ 40), (N/A, 30), (N/A)
	(5150 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
	(5250 - 5350 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW
	(5470 - 5730 @ 160), (N/A, 24), (0 ms), DFS
	(5730 - 5850 @ 80), (N/A, 30), (N/A), AUTO-BW
	(5850 - 5895 @ 40), (N/A, 27), (N/A), NO-OUTDOOR, AUTO-BW, PASSIVE-SCAN
	(5925 - 7125 @ 320), (N/A, 12), (N/A), NO-OUTDOOR, PASSIVE-SCAN
	(57240 - 71000 @ 2160), (N/A, 40), (N/A)

##### iwlist channels ###################

lo        no frequency information.

eth0      no frequency information.

wlan0     32 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 36 : 5.18 GHz
          Channel 40 : 5.2 GHz
          Channel 44 : 5.22 GHz
          Channel 48 : 5.24 GHz
          Channel 52 : 5.26 GHz
          Channel 56 : 5.28 GHz
          Channel 60 : 5.3 GHz
          Channel 64 : 5.32 GHz
          Channel 100 : 5.5 GHz
          Channel 104 : 5.52 GHz
          Channel 108 : 5.54 GHz
          Channel 112 : 5.56 GHz
          Channel 116 : 5.58 GHz
          Channel 120 : 5.6 GHz
          Channel 124 : 5.62 GHz
          Channel 128 : 5.64 GHz
          Channel 132 : 5.66 GHz
          Channel 136 : 5.68 GHz
          Channel 140 : 5.7 GHz
          Channel 144 : 5.72 GHz
          Channel 149 : 5.745 GHz
wlan0mon  32 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 36 : 5.18 GHz
          Channel 40 : 5.2 GHz
          Channel 44 : 5.22 GHz
          Channel 48 : 5.24 GHz
          Channel 52 : 5.26 GHz
          Channel 56 : 5.28 GHz
          Channel 60 : 5.3 GHz
          Channel 64 : 5.32 GHz
          Channel 100 : 5.5 GHz
          Channel 104 : 5.52 GHz
          Channel 108 : 5.54 GHz
          Channel 112 : 5.56 GHz
          Channel 116 : 5.58 GHz
          Channel 120 : 5.6 GHz
          Channel 124 : 5.62 GHz
          Channel 128 : 5.64 GHz
          Channel 132 : 5.66 GHz
          Channel 136 : 5.68 GHz
          Channel 140 : 5.7 GHz
          Channel 144 : 5.72 GHz
          Channel 149 : 5.745 GHz

##### iwlist scan #######################

lo        Interface doesn't support scanning.

eth0      Interface doesn't support scanning.

wlan0     Interface doesn't support scanning : Operation not supported

wlan0mon  Interface doesn't support scanning : Operation not supported

##### module infos ######################

[mac80211]
filename:       /lib/modules/6.7.10-060710-generic/kernel/net/mac80211/mac80211.ko.zst
license:        GPL
description:    IEEE 802.11 subsystem
depends:        cfg80211,libarc4
retpoline:      Y
intree:         Y
name:           mac80211
vermagic:       6.7.10-060710-generic SMP preempt mod_unload modversions 
parm:           minstrel_vht_only:Use only VHT rates when VHT is supported by sta. (bool)
parm:           max_nullfunc_tries:Maximum nullfunc tx tries before disconnecting (reason 4). (int)
parm:           max_probe_tries:Maximum probe tries before disconnecting (reason 4). (int)
parm:           beacon_loss_count:Number of beacon intervals before we decide beacon was lost. (int)
parm:           probe_wait_ms:Maximum time(ms) to wait for probe response before disconnecting (reason 4). (int)
parm:           ieee80211_default_rc_algo:Default rate control algorithm for mac80211 to use (charp)

[cfg80211]
filename:       /lib/modules/6.7.10-060710-generic/kernel/net/wireless/cfg80211.ko.zst
description:    wireless configuration support
license:        GPL
depends:        
retpoline:      Y
intree:         Y
name:           cfg80211
vermagic:       6.7.10-060710-generic SMP preempt mod_unload modversions 
parm:           bss_entries_limit:limit to number of scan BSS entries (per wiphy, default 1000) (int)
parm:           ieee80211_regdom:IEEE 802.11 regulatory domain code (charp)
parm:           cfg80211_disable_40mhz_24ghz:Disable 40MHz support in the 2.4GHz band (bool)

##### module parameters #################

[mac80211]
beacon_loss_count: 7
ieee80211_default_rc_algo: minstrel_ht
max_nullfunc_tries: 2
max_probe_tries: 5
minstrel_vht_only: Y
probe_wait_ms: 500

[cfg80211]
bss_entries_limit: 1000
cfg80211_disable_40mhz_24ghz: N
ieee80211_regdom: 00

##### /etc/modules ######################

##### modprobe options ##################

[/etc/modprobe.d/amd64-microcode-blacklist.conf]
blacklist microcode

[/etc/modprobe.d/ath9k_htc.conf]
options ath9k_htc use_dev_fw=1

[/etc/modprobe.d/blacklist-evbug.conf]
blacklist evbug

[/etc/modprobe.d/blacklist-rtw88.conf]
blacklist rtw88_8703b
blacklist rtw88_8723cs
blacklist rtw88_8723d
blacklist rtw88_8723de
blacklist rtw88_8723ds
blacklist rtw88_8723du
blacklist rtw88_8723x
blacklist rtw88_8812a
blacklist rtw88_8812au
blacklist rtw88_8821a
blacklist rtw88_8821au
blacklist rtw88_8821c
blacklist rtw88_8821ce
blacklist rtw88_8821cs
blacklist rtw88_8821cu
blacklist rtw88_8822b
blacklist rtw88_8822be
blacklist rtw88_8822bs
blacklist rtw88_8822bu
blacklist rtw88_8822c
blacklist rtw88_8822ce
blacklist rtw88_8822cs
blacklist rtw88_8822cu
blacklist rtw88_88xxa
blacklist rtw88_core
blacklist rtw88_pci
blacklist rtw88_sdio
blacklist rtw88_usb

[/etc/modprobe.d/intel-microcode-blacklist.conf]
blacklist microcode

[/etc/modprobe.d/kali-defaults.conf]
options kvm enable_virt_at_load=0

[/etc/modprobe.d/mdadm.conf]
options md_mod start_ro=1

##### rc.local ##########################

grep: /etc/rc.local: No such file or directory

##### pm-utils ##########################

find: ‘/etc/pm/*.d’: No such file or directory

##### udev rules ########################

##### dmesg #############################

[    3.854913] systemd[1]: Starting systemd-timesyncd.service - Network Time Synchronization...
[    4.624738] rtw_8812au 2-6:1.0: Firmware version 52.14.0, H2C version 0
[    5.041123] rtw_8812au 1-10:1.0: Firmware version 52.14.0, H2C version 0
[    8.308919] e1000e 0000:00:1f.6 eth0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
[ 5552.540415] rtw_8812au 1-10:1.0: Firmware version 52.14.0, H2C version 0 (repeated 4 times)
[ 6487.946491] warning: `aireplay-ng' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 6487.946581] rtw_8812au 1-10:1.0 wlan0mon: entered promiscuous mode
[ 6487.946583] rtw_8812au 1-10:1.0 wlan0mon: entered allmulticast mode
[ 7036.094245] rtw_8812au 1-10:1.0: error beacon valid
[ 7036.094325] rtw_8812au 1-10:1.0: failed to download drv rsvd page

########## wireless info END ############

Additional Notes:

• The issue continues to occur across various tools, including aireplay-ng, mdk, and hcxdumptool.
• There are similar reports from other devices, though I'm uncertain if they're directly related:
  Linux stable >= 6.9.0 & Linux longterm >= 6.4.1: monitor mode and frame injection broken on mt76 series devices ZerBea/hcxdumptool#465
  Deauth has stop working for 5GHz on MediaTek chipsets since kernel linux-image-6.1.0-12-amd64 morrownr/USB-WiFi#390
• I considered bisecting, but it's just not feasible with my current PC setup and I am fairly new to Linux.

[dubhater]

Please report it to the linux-wireless mailing list.

[ZerBea]

hcxdumptool won't work as expected if running on a virtual interface.
This is mentioned in "--help":

Important recommendation:
-------------------------
Do not set monitor mode by third party tools or third party scripts!
Do not use virtual interfaces (monx, wlanxmon, prismx, ...)!
Do not use virtual machines or emulators!
Do not run other tools that take access to the interface in parallel (except: tshark, wireshark, tcpdump)!
Do not use tools to change the virtual MAC (like macchanger)!
Do not merge (pcapng) dump files, because this destroys assigned hash values!

Exclusive access to the physical interface is mandatory. If these conditions are met, everything is fine:

$ uname -r
6.13.1.arch1-1

$ hcxdumptool -l
  0	  3	706655781d9f	dc7014b24c2a	+	wlp4s0          	rtw_8821ce	NETLINK

$ sudo hcxdumptool --rcascan=active
...
81 Packet(s) captured by kernel
0 Packet(s) dropped by kernel
33 PROBERESPONSE(s) captured

exit on sigterm

This is the output of iw:

$ iw list
...
software interface modes (can always be added):
		 * AP/VLAN
		 * monitor
interface combinations are not supported

Compared to an ALFA AWUS036ACHM

$ iw list
...
software interface modes (can always be added):
		 * AP/VLAN
		 * monitor
valid interface combinations:
		 * #{ IBSS } <= 1, #{ managed, AP, mesh point, P2P-client, P2P-GO } <= 2,
		   total <= 2, #channels <= 1, STA/AP BI must match

In most of the cases, the restrictions (running interface combinations) are enormous.