Date
July 20, 2025, 8:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 15.593289] ================================================================== [ 15.593585] BUG: KFENCE: use-after-free read in workqueue_uaf+0x270/0x4a8 [ 15.593585] [ 15.593786] Use-after-free read at 0x00000000b0101e7f (in kfence-#56): [ 15.594118] workqueue_uaf+0x270/0x4a8 [ 15.594200] kunit_try_run_case+0x170/0x3f0 [ 15.594249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.594295] kthread+0x328/0x630 [ 15.594351] ret_from_fork+0x10/0x20 [ 15.594394] [ 15.595174] kfence-#56: 0x00000000b0101e7f-0x000000000d206ab9, size=32, cache=kmalloc-32 [ 15.595174] [ 15.595725] allocated by task 201 on cpu 1 at 15.590363s (0.005221s ago): [ 15.596684] workqueue_uaf+0x13c/0x4a8 [ 15.597050] kunit_try_run_case+0x170/0x3f0 [ 15.597194] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.597289] kthread+0x328/0x630 [ 15.597405] ret_from_fork+0x10/0x20 [ 15.597504] [ 15.597618] freed by task 24 on cpu 1 at 15.590629s (0.006916s ago): [ 15.597760] workqueue_uaf_work+0x18/0x30 [ 15.597802] process_one_work+0x530/0xf98 [ 15.598049] worker_thread+0x618/0xf38 [ 15.598139] kthread+0x328/0x630 [ 15.598268] ret_from_fork+0x10/0x20 [ 15.598423] [ 15.598543] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.598693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.598772] Hardware name: linux,dummy-virt (DT) [ 15.598811] ==================================================================