lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-kmem_cache_destroy

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64

[   16.648437] ==================================================================
[   16.649075] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x50/0x218
[   16.649075] 
[   16.649547] Use-after-free read at 0x000000000ed34f3e (in kfence-#62):
[   16.649676]  kmem_cache_destroy+0x50/0x218
[   16.649939]  kmem_cache_double_destroy+0x174/0x300
[   16.650008]  kunit_try_run_case+0x170/0x3f0
[   16.650051]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.650094]  kthread+0x328/0x630
[   16.650129]  ret_from_fork+0x10/0x20
[   16.650166] 
[   16.650187] kfence-#62: 0x00000000bf5ae28f-0x00000000cd4ed60a, size=208, cache=kmem_cache
[   16.650187] 
[   16.650243] allocated by task 215 on cpu 0 at 16.644113s (0.006127s ago):
[   16.650355]  __kmem_cache_create_args+0x178/0x280
[   16.650396]  kmem_cache_double_destroy+0xc0/0x300
[   16.650437]  kunit_try_run_case+0x170/0x3f0
[   16.650473]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.650516]  kthread+0x328/0x630
[   16.650546]  ret_from_fork+0x10/0x20
[   16.650581] 
[   16.651209] freed by task 215 on cpu 0 at 16.647971s (0.003142s ago):
[   16.652129]  slab_kmem_cache_release+0x38/0x50
[   16.652347]  kmem_cache_release+0x1c/0x30
[   16.652522]  kobject_put+0x17c/0x420
[   16.652570]  sysfs_slab_release+0x1c/0x30
[   16.652610]  kmem_cache_destroy+0x118/0x218
[   16.652645]  kmem_cache_double_destroy+0x128/0x300
[   16.652797]  kunit_try_run_case+0x170/0x3f0
[   16.652849]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.652906]  kthread+0x328/0x630
[   16.652992]  ret_from_fork+0x10/0x20
[   16.653031] 
[   16.653439] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.653801] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.653993] Hardware name: linux,dummy-virt (DT)
[   16.654098] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit