Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 24.142088] ================================================================== [ 24.142318] BUG: KFENCE: use-after-free read in kmalloc_uaf2+0x1dc/0x468 [ 24.142318] [ 24.142561] Use-after-free read at 0x0000000085ca8120 (in kfence-#81): [ 24.143506] kmalloc_uaf2+0x1dc/0x468 [ 24.143636] kunit_try_run_case+0x170/0x3f0 [ 24.143910] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.144047] kthread+0x328/0x630 [ 24.144198] ret_from_fork+0x10/0x20 [ 24.144373] [ 24.144781] kfence-#81: 0x00000000872f2b7d-0x0000000033f75e13, size=43, cache=kmalloc-64 [ 24.144781] [ 24.145467] allocated by task 190 on cpu 0 at 24.138743s (0.006598s ago): [ 24.146896] kmalloc_uaf2+0xc4/0x468 [ 24.148303] kunit_try_run_case+0x170/0x3f0 [ 24.148606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.148731] kthread+0x328/0x630 [ 24.148833] ret_from_fork+0x10/0x20 [ 24.149027] [ 24.149264] freed by task 190 on cpu 0 at 24.138875s (0.010249s ago): [ 24.149727] kmalloc_uaf2+0x134/0x468 [ 24.149829] kunit_try_run_case+0x170/0x3f0 [ 24.149934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.150051] kthread+0x328/0x630 [ 24.150140] ret_from_fork+0x10/0x20 [ 24.150311] [ 24.150484] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 24.150719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.150798] Hardware name: linux,dummy-virt (DT) [ 24.150898] ==================================================================