-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathCVE-2022-42719-decoded.log
102 lines (101 loc) · 7.66 KB
/
CVE-2022-42719-decoded.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
[ 26.383005] ==================================================================
[ 26.383611] BUG: KASAN: use-after-free in ieee80211_update_bss_from_elems (net/mac80211/scan.c:104)
[ 26.384260] Read of size 1 at addr ffff88800befa00a by task ksoftirqd/1/20
[ 26.384847]
[ 26.385622] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 26.386546] Call Trace:
[ 26.386762] <TASK>
[ 26.386948] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))
[ 26.387292] print_report.cold (mm/kasan/report.c:318 mm/kasan/report.c:433)
[ 26.387727] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:497)
[ 26.388115] ? ieee80211_update_bss_from_elems (net/mac80211/scan.c:104)
[ 26.388694] ? ieee80211_update_bss_from_elems (net/mac80211/scan.c:104)
[ 26.389270] kasan_check_range (mm/kasan/generic.c:190)
[ 26.389707] memcpy (mm/kasan/shadow.c:65)
[ 26.390033] ieee80211_update_bss_from_elems (net/mac80211/scan.c:104)
[ 26.390593] ? ieee80211_bss_info_update (net/mac80211/scan.c:225 (discriminator 2))
[ 26.391118] ieee80211_bss_info_update (net/mac80211/scan.c:235)
[ 26.391626] ? ieee80211_rx_bss_put (net/mac80211/scan.c:148)
[ 26.392104] ? reacquire_held_locks (kernel/locking/lockdep.c:5674)
[ 26.392604] ? lock_is_held_type (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5710)
[ 26.393145] ieee80211_scan_rx (net/mac80211/scan.c:328)
[ 26.393667] ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131)
[ 26.394290] ? ieee80211_rx_for_interface (net/mac80211/rx.c:5022)
[ 26.394863] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5668 kernel/locking/lockdep.c:5631)
[ 26.395339] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5668 kernel/locking/lockdep.c:5631)
[ 26.395813] ? lock_downgrade (kernel/locking/lockdep.c:5634)
[ 26.396306] ? lock_release (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5688)
[ 26.396778] ? skb_dequeue (net/core/skbuff.c:3299)
[ 26.397239] ? reacquire_held_locks (kernel/locking/lockdep.c:5674)
[ 26.397791] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155)
[ 26.398281] ? ieee80211_rx_list (net/mac80211/rx.c:5143)
[ 26.398824] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4383)
[ 26.399356] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:103 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
[ 26.399960] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315)
[ 26.400535] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801)
[ 26.401218] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 26.401648] ? smpboot_thread_fn (kernel/smpboot.c:112)
[ 26.402007] ? __entry_text_end (kernel/softirq.c:529)
[ 26.402401] ? run_ksoftirqd (kernel/softirq.c:420 kernel/softirq.c:928)
[ 26.402717] ? lockdep_hardirqs_off (./arch/x86/include/asm/current.h:15 kernel/locking/lockdep.c:4415)
[ 26.403084] ? smpboot_thread_fn (kernel/smpboot.c:112)
[ 26.403432] run_ksoftirqd (kernel/softirq.c:425 kernel/softirq.c:935 kernel/softirq.c:926)
[ 26.403734] smpboot_thread_fn (kernel/smpboot.c:164 (discriminator 3))
[ 26.404115] ? sort_range (kernel/smpboot.c:109)
[ 26.404553] kthread (kernel/kthread.c:376)
[ 26.404844] ? kthread_complete_and_exit (kernel/kthread.c:335)
[ 26.405243] ret_from_fork (arch/x86/entry/entry_64.S:312)
[ 26.405547] </TASK>
[ 26.405738]
[ 26.405875] Allocated by task 20:
[ 26.406155] kasan_save_stack (mm/kasan/common.c:39)
[ 26.406478] __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525)
[ 26.406793] ieee802_11_parse_elems_full (net/mac80211/util.c:1510)
[ 26.407212] ieee802_11_parse_elems_crc.constprop.0 (net/mac80211/ieee80211_i.h:2210)
[ 26.407687] ieee80211_bss_info_update (net/mac80211/ieee80211_i.h:2231 net/mac80211/scan.c:228)
[ 26.408085] ieee80211_scan_rx (net/mac80211/scan.c:328)
[ 26.408426] ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131)
[ 26.408800] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155)
[ 26.409136] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315)
[ 26.409529] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801)
[ 26.409983] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 26.410291]
[ 26.410427] Freed by task 20:
[ 26.410682] kasan_save_stack (mm/kasan/common.c:39)
[ 26.411004] kasan_set_track (mm/kasan/common.c:45)
[ 26.411320] kasan_set_free_info (mm/kasan/generic.c:372)
[ 26.411662] __kasan_slab_free (mm/kasan/common.c:369 mm/kasan/common.c:329 mm/kasan/common.c:375)
[ 26.412008] kfree (mm/slub.c:1785 mm/slub.c:3539 mm/slub.c:4567)
[ 26.412262] ieee802_11_parse_elems_full (net/mac80211/util.c:1499)
[ 26.412681] ieee802_11_parse_elems_crc.constprop.0 (net/mac80211/ieee80211_i.h:2210)
[ 26.413156] ieee80211_bss_info_update (net/mac80211/ieee80211_i.h:2231 net/mac80211/scan.c:228)
[ 26.413554] ieee80211_scan_rx (net/mac80211/scan.c:328)
[ 26.413899] ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131)
[ 26.414259] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155)
[ 26.414596] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315)
[ 26.414994] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801)
[ 26.415449] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 26.415761]
[ 26.415898] The buggy address belongs to the object at ffff88800befa000
[ 26.415898] which belongs to the cache kmalloc-512 of size 512
[ 26.416979] The buggy address is located 10 bytes inside of
[ 26.416979] 512-byte region [ffff88800befa000, ffff88800befa200)
[ 26.417968]
[ 26.418106] The buggy address belongs to the physical page:
[ 26.418571] page:ffffea00002fbe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbef8
[ 26.419374] head:ffffea00002fbe00 order:3 compound_mapcount:0 compound_pincount:0
[ 26.420155] flags: 0x100000000010200(slab|head|node=0|zone=1)
[ 26.420764] raw: 0100000000010200 ffffea00002f6808 ffff888007040d28 ffff888007042f40
[ 26.421567] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
[ 26.422377] page dumped because: kasan: bad access detected
[ 26.422960]
[ 26.423135] Memory state around the buggy address:
[ 26.423641] ffff88800bef9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.424393] ffff88800bef9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.425261] >ffff88800befa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.425986] ^
[ 26.426291] ffff88800befa080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.426957] ffff88800befa100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.427786] ==================================================================
[ 26.428698] Disabling lock debugging due to kernel taint
[ 26.429334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium