-
Notifications
You must be signed in to change notification settings - Fork 12
/
CVE-2022-42720-decoded.log
105 lines (104 loc) · 8.22 KB
/
CVE-2022-42720-decoded.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
[ 72.817828] ==================================================================rame_data+0xb20-use-after-free-read-8-0001-wifi.pcap
[ 72.818808] BUG: KASAN: use-after-free in cfg80211_inform_bss_frame_data (net/wireless/scan.c:2536)
[ 72.819747] Read of size 8 at addr ffff888008d04478 by task ksoftirqd/1/20
[ 72.820572]
[ 72.821728] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 72.823094] Call Trace:
[ 72.823403] <TASK>
[ 72.823646] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))
[ 72.824047] print_report.cold (mm/kasan/report.c:318 mm/kasan/report.c:433)
[ 72.824484] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:497)
[ 72.824869] ? cfg80211_inform_bss_frame_data (net/wireless/scan.c:2536)
[ 72.825450] ? cfg80211_inform_bss_frame_data (net/wireless/scan.c:2536)
[ 72.826029] cfg80211_inform_bss_frame_data (net/wireless/scan.c:2536)
[ 72.826659] ? find_held_lock (kernel/locking/lockdep.c:5156)
[ 72.827231] ? lock_release (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5688)
[ 72.827780] ? ieee80211_bss_info_update (./include/linux/rcupdate.h:738 net/mac80211/scan.c:188)
[ 72.828414] ? cfg80211_inform_single_bss_frame_data (net/wireless/scan.c:2509)
[ 72.829064] ? mark_lock (./arch/x86/include/asm/bitops.h:228 ./arch/x86/include/asm/bitops.h:240 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:227 kernel/locking/lockdep.c:4610)
[ 72.829508] ? lock_is_held_type (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5710)
[ 72.829972] ieee80211_bss_info_update (net/mac80211/scan.c:190)
[ 72.830493] ? ieee80211_rx_bss_put (net/mac80211/scan.c:148)
[ 72.830972] ? reacquire_held_locks (kernel/locking/lockdep.c:5674)
[ 72.831469] ? lock_is_held_type (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5710)
[ 72.831939] ieee80211_scan_rx (net/mac80211/scan.c:328)
[ 72.832450] ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131)
[ 72.832986] ? ieee80211_rx_for_interface (net/mac80211/rx.c:5022)
[ 72.833607] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5668 kernel/locking/lockdep.c:5631)
[ 72.834082] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5668 kernel/locking/lockdep.c:5631)
[ 72.834557] ? lock_downgrade (kernel/locking/lockdep.c:5634)
[ 72.835054] ? lock_release (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5688)
[ 72.835532] ? skb_dequeue (net/core/skbuff.c:3299)
[ 72.836013] ? reacquire_held_locks (kernel/locking/lockdep.c:5674)
[ 72.836580] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155)
[ 72.837073] ? ieee80211_rx_list (net/mac80211/rx.c:5143)
[ 72.837620] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4383)
[ 72.838157] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:103 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
[ 72.838763] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315)
[ 72.839340] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801)
[ 72.840010] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 72.840440] ? smpboot_thread_fn (kernel/smpboot.c:112)
[ 72.840880] ? __entry_text_end (kernel/softirq.c:529)
[ 72.841383] ? run_ksoftirqd (kernel/softirq.c:420 kernel/softirq.c:928)
[ 72.841783] ? lockdep_hardirqs_off (./arch/x86/include/asm/current.h:15 kernel/locking/lockdep.c:4415)
[ 72.842268] ? smpboot_thread_fn (kernel/smpboot.c:112)
[ 72.842725] run_ksoftirqd (kernel/softirq.c:425 kernel/softirq.c:935 kernel/softirq.c:926)
[ 72.843125] smpboot_thread_fn (kernel/smpboot.c:164 (discriminator 3))
[ 72.843570] ? sort_range (kernel/smpboot.c:109)
[ 72.843960] kthread (kernel/kthread.c:376)
[ 72.844324] ? kthread_complete_and_exit (kernel/kthread.c:335)
[ 72.844833] ret_from_fork (arch/x86/entry/entry_64.S:312)
[ 72.845189] </TASK>
[ 72.845439]
[ 72.845618] Allocated by task 20:
[ 72.845980] kasan_save_stack (mm/kasan/common.c:39)
[ 72.846339] __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525)
[ 72.846698] cfg80211_bss_update (./include/linux/slab.h:605 ./include/linux/slab.h:733 net/wireless/scan.c:1738)
[ 72.847147] cfg80211_inform_single_bss_frame_data (net/wireless/scan.c:2484 (discriminator 10))
[ 72.847793] cfg80211_inform_bss_frame_data (net/wireless/scan.c:2517)
[ 72.848331] ieee80211_bss_info_update (net/mac80211/scan.c:190)
[ 72.848847] ieee80211_scan_rx (net/mac80211/scan.c:328)
[ 72.849273] ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131)
[ 72.849701] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155)
[ 72.850115] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315)
[ 72.850622] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801)
[ 72.851202] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 72.851600]
[ 72.851752] Freed by task 20:
[ 72.852069] kasan_save_stack (mm/kasan/common.c:39)
[ 72.852462] kasan_set_track (mm/kasan/common.c:45)
[ 72.852837] kasan_set_free_info (mm/kasan/generic.c:372)
[ 72.853269] __kasan_slab_free (mm/kasan/common.c:369 mm/kasan/common.c:329 mm/kasan/common.c:375)
[ 72.853712] kfree (mm/slub.c:1785 mm/slub.c:3539 mm/slub.c:4567)
[ 72.854057] cfg80211_put_bss (net/wireless/scan.c:183 net/wireless/scan.c:2582)
[ 72.854452] cfg80211_parse_mbssid_data (net/wireless/scan.c:2157)
[ 72.854960] cfg80211_inform_bss_frame_data (net/wireless/core.h:119 net/wireless/scan.c:2531)
[ 72.855481] ieee80211_bss_info_update (net/mac80211/scan.c:190)
[ 72.856012] ieee80211_scan_rx (net/mac80211/scan.c:328)
[ 72.856467] ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131)
[ 72.856870] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155)
[ 72.857306] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315)
[ 72.857820] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801)
[ 72.858411] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 72.858813]
[ 72.858991] The buggy address belongs to the object at ffff888008d04400
[ 72.858991] which belongs to the cache kmalloc-512 of size 512
[ 72.860361] The buggy address is located 120 bytes inside of
[ 72.860361] 512-byte region [ffff888008d04400, ffff888008d04600)
[ 72.861606]
[ 72.861782] The buggy address belongs to the physical page:
[ 72.862385] page:ffffea0000234000 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888008d07a00 pfn:0x8d00
[ 72.863460] head:ffffea0000234000 order:3 compound_mapcount:0 compound_pincount:0
[ 72.864231] flags: 0x100000000010200(slab|head|node=0|zone=1)
[ 72.864828] raw: 0100000000010200 ffff888007040d08 ffff888007040d08 ffff888007042f40
[ 72.865612] raw: ffff888008d07a00 0000000000150014 00000001ffffffff 0000000000000000
[ 72.866582] page dumped because: kasan: bad access detected
[ 72.867196]
[ 72.867418] Memory state around the buggy address:
[ 72.867984] ffff888008d04300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.868679] ffff888008d04380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.869352] >ffff888008d04400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.870082] ^
[ 72.870765] ffff888008d04480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.871491] ffff888008d04500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.872277] ==================================================================