Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 182.157993] ================================================================== [ 182.160396] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x5c/0x178 [ 182.160396] [ 182.162323] Use-after-free read at 0x0000000013294b9f (in kfence-#245): [ 182.163809] kmem_cache_destroy+0x5c/0x178 [ 182.165099] kmem_cache_double_destroy+0xd0/0x1b8 [ 182.166501] kunit_try_run_case+0xf8/0x260 [ 182.168155] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 182.169615] kthread+0x18c/0x1a8 [ 182.170644] ret_from_fork+0x10/0x20 [ 182.171766] [ 182.172559] kfence-#245: 0x00000000b96a458b-0x00000000fb4c16d6, size=208, cache=kmem_cache [ 182.172559] [ 182.175009] allocated by task 198 on cpu 1 at 182.132607s: [ 182.177233] kmem_cache_create_usercopy+0x170/0x260 [ 182.178529] kmem_cache_create+0x24/0x38 [ 182.179671] kmem_cache_double_destroy+0xa4/0x1b8 [ 182.181084] kunit_try_run_case+0xf8/0x260 [ 182.182404] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 182.184529] kthread+0x18c/0x1a8 [ 182.185399] ret_from_fork+0x10/0x20 [ 182.186673] [ 182.187314] freed by task 198 on cpu 1 at 182.152269s: [ 182.189086] slab_kmem_cache_release+0x38/0x50 [ 182.190847] kmem_cache_release+0x1c/0x30 [ 182.192201] kobject_put+0x104/0x2d0 [ 182.193292] sysfs_slab_release+0x30/0x48 [ 182.194477] kmem_cache_destroy+0xd8/0x178 [ 182.195625] kmem_cache_double_destroy+0xc0/0x1b8 [ 182.197227] kunit_try_run_case+0xf8/0x260 [ 182.198812] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 182.200599] kthread+0x18c/0x1a8 [ 182.201378] ret_from_fork+0x10/0x20 [ 182.202585] [ 182.203181] CPU: 1 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 182.205364] Hardware name: linux,dummy-virt (DT) [ 182.207382] ==================================================================