Hay
Date
July 8, 2025, 11:09 p.m.

Environment
qemu-arm64

[   19.778109] ==================================================================
[   19.778212] BUG: KFENCE: use-after-free read in workqueue_uaf+0x270/0x4a8
[   19.778212] 
[   19.778288] Use-after-free read at 0x00000000b61e4c14 (in kfence-#59):
[   19.778470]  workqueue_uaf+0x270/0x4a8
[   19.778510]  kunit_try_run_case+0x170/0x3f0
[   19.778551]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.778596]  kthread+0x328/0x630
[   19.779007]  ret_from_fork+0x10/0x20
[   19.779272] 
[   19.780040] kfence-#59: 0x00000000b61e4c14-0x000000007f06e0df, size=32, cache=kmalloc-32
[   19.780040] 
[   19.780375] allocated by task 200 on cpu 1 at 19.771481s (0.008833s ago):
[   19.781146]  workqueue_uaf+0x13c/0x4a8
[   19.781220]  kunit_try_run_case+0x170/0x3f0
[   19.781260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.781666]  kthread+0x328/0x630
[   19.781733]  ret_from_fork+0x10/0x20
[   19.781882] 
[   19.782215] freed by task 48 on cpu 1 at 19.771707s (0.010297s ago):
[   19.782519]  workqueue_uaf_work+0x18/0x30
[   19.782566]  process_one_work+0x530/0xf98
[   19.782918]  worker_thread+0x618/0xf38
[   19.783048]  kthread+0x328/0x630
[   19.783080]  ret_from_fork+0x10/0x20
[   19.783142] 
[   19.783228] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.783472] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.783543] Hardware name: linux,dummy-virt (DT)
[   19.783586] ==================================================================