Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 26.968567] ================================================================== [ 26.968657] BUG: KFENCE: use-after-free read in kmalloc_uaf2+0x1dc/0x468 [ 26.968657] [ 26.968970] Use-after-free read at 0x00000000953835b2 (in kfence-#57): [ 26.969456] kmalloc_uaf2+0x1dc/0x468 [ 26.969594] kunit_try_run_case+0x170/0x3f0 [ 26.969768] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.969872] kthread+0x328/0x630 [ 26.969917] ret_from_fork+0x10/0x20 [ 26.970141] [ 26.970378] kfence-#57: 0x000000007e8cec2b-0x00000000582a89c3, size=43, cache=kmalloc-64 [ 26.970378] [ 26.970823] allocated by task 200 on cpu 0 at 26.962661s (0.008092s ago): [ 26.971708] kmalloc_uaf2+0xc4/0x468 [ 26.971960] kunit_try_run_case+0x170/0x3f0 [ 26.972206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.972263] kthread+0x328/0x630 [ 26.972297] ret_from_fork+0x10/0x20 [ 26.972384] [ 26.972900] freed by task 200 on cpu 0 at 26.962728s (0.009696s ago): [ 26.973468] kmalloc_uaf2+0x134/0x468 [ 26.973517] kunit_try_run_case+0x170/0x3f0 [ 26.973555] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.973853] kthread+0x328/0x630 [ 26.973912] ret_from_fork+0x10/0x20 [ 26.974007] [ 26.974385] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 26.974484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.974512] Hardware name: linux,dummy-virt (DT) [ 26.975071] ==================================================================