Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 30.347487] ================================================================== [ 30.347591] BUG: KFENCE: use-after-free read in kmalloc_uaf_16+0x1fc/0x438 [ 30.347591] [ 30.347677] Use-after-free read at 0x00000000ad07e3e8 (in kfence-#98): [ 30.347878] kmalloc_uaf_16+0x1fc/0x438 [ 30.347919] kunit_try_run_case+0x170/0x3f0 [ 30.347959] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.347997] kthread+0x328/0x630 [ 30.348031] ret_from_fork+0x10/0x20 [ 30.348070] [ 30.348232] kfence-#98: 0x00000000ad07e3e8-0x00000000d9f8c6bb, size=16, cache=kmalloc-16 [ 30.348232] [ 30.348536] allocated by task 199 on cpu 1 at 30.346060s (0.002374s ago): [ 30.349797] kmalloc_uaf_16+0x140/0x438 [ 30.349865] kunit_try_run_case+0x170/0x3f0 [ 30.350621] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.350674] kthread+0x328/0x630 [ 30.350707] ret_from_fork+0x10/0x20 [ 30.350925] [ 30.351825] freed by task 199 on cpu 1 at 30.346424s (0.004550s ago): [ 30.352171] kmalloc_uaf_16+0x190/0x438 [ 30.352215] kunit_try_run_case+0x170/0x3f0 [ 30.352491] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.352548] kthread+0x328/0x630 [ 30.352581] ret_from_fork+0x10/0x20 [ 30.352639] [ 30.353150] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.353557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.353710] Hardware name: linux,dummy-virt (DT) [ 30.353882] ==================================================================