Date
June 20, 2025, 12:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 32.363187] ================================================================== [ 32.363449] BUG: KFENCE: use-after-free write in __memset+0xc/0x20 [ 32.363449] [ 32.363700] Use-after-free write at 0x000000004423a747 (in kfence-#94): [ 32.363934] __memset+0xc/0x20 [ 32.364041] kmalloc_double_kzfree+0x168/0x308 [ 32.364219] kunit_try_run_case+0x170/0x3f0 [ 32.364532] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.364681] kthread+0x328/0x630 [ 32.364813] ret_from_fork+0x10/0x20 [ 32.364909] [ 32.364955] kfence-#94: 0x000000004423a747-0x0000000035fd8b96, size=16, cache=kmalloc-16 [ 32.364955] [ 32.365077] allocated by task 203 on cpu 1 at 32.362221s (0.002847s ago): [ 32.365259] kmalloc_double_kzfree+0xb8/0x308 [ 32.365363] kunit_try_run_case+0x170/0x3f0 [ 32.365552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.365681] kthread+0x328/0x630 [ 32.365841] ret_from_fork+0x10/0x20 [ 32.365949] [ 32.366063] freed by task 203 on cpu 1 at 32.362433s (0.003617s ago): [ 32.366235] kfree_sensitive+0x80/0xb0 [ 32.366606] kmalloc_double_kzfree+0x11c/0x308 [ 32.366741] kunit_try_run_case+0x170/0x3f0 [ 32.366837] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.367027] kthread+0x328/0x630 [ 32.367111] ret_from_fork+0x10/0x20 [ 32.367290] [ 32.367483] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 32.368206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.368349] Hardware name: linux,dummy-virt (DT) [ 32.368442] ==================================================================