Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 106.830549] ================================================================== [ 106.832072] BUG: KFENCE: use-after-free read in ksize_uaf+0xe8/0x330 [ 106.832072] [ 106.833159] Use-after-free read at 0x000000003a195194 (in kfence-#125): [ 106.833776] ksize_uaf+0xe8/0x330 [ 106.834276] kunit_try_run_case+0x8c/0x124 [ 106.834796] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 106.835355] kthread+0x15c/0x170 [ 106.835815] ret_from_fork+0x10/0x20 [ 106.836243] [ 106.836829] kfence-#125: 0x000000003a195194-0x000000004805e587, size=120, cache=kmalloc-128 [ 106.836829] [ 106.837684] allocated by task 242 on cpu 1 at 106.825393s: [ 106.838842] __kmem_cache_alloc_node+0x2dc/0x32c [ 106.839341] kmalloc_trace+0x58/0x150 [ 106.839788] ksize_uaf+0x9c/0x330 [ 106.840205] kunit_try_run_case+0x8c/0x124 [ 106.840877] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 106.841466] kthread+0x15c/0x170 [ 106.841895] ret_from_fork+0x10/0x20 [ 106.842325] [ 106.842585] freed by task 242 on cpu 1 at 106.825894s: [ 106.843299] ksize_uaf+0xbc/0x330 [ 106.843716] kunit_try_run_case+0x8c/0x124 [ 106.844198] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 106.845003] kthread+0x15c/0x170 [ 106.845402] ret_from_fork+0x10/0x20 [ 106.845871] [ 106.846109] CPU: 1 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 106.846866] Hardware name: linux,dummy-virt (DT) [ 106.847305] ==================================================================