Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 18.518028] ================================================================== [ 18.518173] BUG: KFENCE: use-after-free read in rcu_uaf_reclaim+0x48/0x70 [ 18.518173] [ 18.519451] Use-after-free read at 0x000000001a9dec98 (in kfence-#58): [ 18.519529] rcu_uaf_reclaim+0x48/0x70 [ 18.519575] rcu_core+0x9f4/0x1e20 [ 18.519913] rcu_core_si+0x18/0x30 [ 18.519982] handle_softirqs+0x374/0xb28 [ 18.520181] __do_softirq+0x1c/0x28 [ 18.520412] ____do_softirq+0x18/0x30 [ 18.520640] call_on_irq_stack+0x24/0x30 [ 18.520683] do_softirq_own_stack+0x24/0x38 [ 18.520896] __irq_exit_rcu+0x1fc/0x318 [ 18.521232] irq_exit_rcu+0x1c/0x80 [ 18.521433] el1_interrupt+0x38/0x58 [ 18.521665] el1h_64_irq_handler+0x18/0x28 [ 18.521884] el1h_64_irq+0x6c/0x70 [ 18.522149] arch_local_irq_enable+0x4/0x8 [ 18.522333] do_idle+0x384/0x4e8 [ 18.522401] cpu_startup_entry+0x64/0x80 [ 18.522478] rest_init+0x160/0x188 [ 18.522810] start_kernel+0x308/0x3d0 [ 18.523172] __primary_switched+0x8c/0xa0 [ 18.523435] [ 18.523524] kfence-#58: 0x000000001a9dec98-0x000000001dcc1adb, size=24, cache=kmalloc-32 [ 18.523524] [ 18.523898] allocated by task 200 on cpu 0 at 18.289606s (0.234271s ago): [ 18.524053] rcu_uaf+0xb0/0x2d8 [ 18.524273] kunit_try_run_case+0x170/0x3f0 [ 18.524350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.524397] kthread+0x328/0x630 [ 18.524771] ret_from_fork+0x10/0x20 [ 18.525128] [ 18.525367] freed by task 0 on cpu 0 at 18.516959s (0.008379s ago): [ 18.525668] rcu_uaf_reclaim+0x28/0x70 [ 18.525752] rcu_core+0x9f4/0x1e20 [ 18.525978] rcu_core_si+0x18/0x30 [ 18.526282] handle_softirqs+0x374/0xb28 [ 18.526586] __do_softirq+0x1c/0x28 [ 18.526716] ____do_softirq+0x18/0x30 [ 18.527104] call_on_irq_stack+0x24/0x30 [ 18.527175] do_softirq_own_stack+0x24/0x38 [ 18.527402] __irq_exit_rcu+0x1fc/0x318 [ 18.527702] irq_exit_rcu+0x1c/0x80 [ 18.527992] el1_interrupt+0x38/0x58 [ 18.528120] el1h_64_irq_handler+0x18/0x28 [ 18.528173] el1h_64_irq+0x6c/0x70 [ 18.528205] arch_local_irq_enable+0x4/0x8 [ 18.528240] do_idle+0x384/0x4e8 [ 18.528309] cpu_startup_entry+0x64/0x80 [ 18.528348] rest_init+0x160/0x188 [ 18.528402] start_kernel+0x308/0x3d0 [ 18.528446] __primary_switched+0x8c/0xa0 [ 18.528485] [ 18.528536] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 18.528623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.528662] Hardware name: linux,dummy-virt (DT) [ 18.528695] ==================================================================