Date
July 5, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 20.500748] ================================================================== [ 20.501406] BUG: KFENCE: use-after-free read in kmem_cache_rcu_uaf+0x1f4/0x468 [ 20.501406] [ 20.502864] Use-after-free read at 0x000000003ea1bd46 (in kfence-#86): [ 20.503616] kmem_cache_rcu_uaf+0x1f4/0x468 [ 20.503737] kunit_try_run_case+0x170/0x3f0 [ 20.504210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.504849] kthread+0x328/0x630 [ 20.505339] ret_from_fork+0x10/0x20 [ 20.506009] [ 20.506147] kfence-#86: 0x000000003ea1bd46-0x000000001853a2fa, size=200, cache=test_cache [ 20.506147] [ 20.506790] allocated by task 214 on cpu 0 at 20.349545s (0.157194s ago): [ 20.507014] kmem_cache_rcu_uaf+0x12c/0x468 [ 20.507789] kunit_try_run_case+0x170/0x3f0 [ 20.508340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.508697] kthread+0x328/0x630 [ 20.509214] ret_from_fork+0x10/0x20 [ 20.509772] [ 20.509869] freed by task 214 on cpu 0 at 20.349901s (0.159957s ago): [ 20.511085] kmem_cache_rcu_uaf+0x16c/0x468 [ 20.511457] kunit_try_run_case+0x170/0x3f0 [ 20.512077] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.512598] kthread+0x328/0x630 [ 20.512697] ret_from_fork+0x10/0x20 [ 20.512783] [ 20.512873] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.513064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.513130] Hardware name: linux,dummy-virt (DT) [ 20.513205] ==================================================================