Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 184.381939] ================================================================== [ 184.384909] BUG: KFENCE: use-after-free write in __memset+0x84/0x188 [ 184.384909] [ 184.386492] Use-after-free write at 0x00000000203be2d1 (in kfence-#250): [ 184.389597] __memset+0x84/0x188 [ 184.390550] kmalloc_double_kzfree+0xc8/0x1d8 [ 184.392230] kunit_try_run_case+0xf8/0x260 [ 184.393646] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 184.395285] kthread+0x18c/0x1a8 [ 184.396413] ret_from_fork+0x10/0x20 [ 184.397461] [ 184.398250] kfence-#250: 0x00000000203be2d1-0x00000000c32f07e1, size=16, cache=kmalloc-16 [ 184.398250] [ 184.400457] allocated by task 210 on cpu 1 at 184.380311s: [ 184.402944] __kmem_cache_alloc_node+0x288/0x2d0 [ 184.404142] kmalloc_trace+0x48/0x130 [ 184.405414] kmalloc_double_kzfree+0x9c/0x1d8 [ 184.406756] kunit_try_run_case+0xf8/0x260 [ 184.408244] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 184.409914] kthread+0x18c/0x1a8 [ 184.410948] ret_from_fork+0x10/0x20 [ 184.412049] [ 184.412669] freed by task 210 on cpu 1 at 184.380632s: [ 184.414586] kfree_sensitive+0x80/0xb0 [ 184.415718] kmalloc_double_kzfree+0xb8/0x1d8 [ 184.416897] kunit_try_run_case+0xf8/0x260 [ 184.418251] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 184.419959] kthread+0x18c/0x1a8 [ 184.420923] ret_from_fork+0x10/0x20 [ 184.422108] [ 184.422683] CPU: 1 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 184.424770] Hardware name: linux,dummy-virt (DT) [ 184.426034] ==================================================================