lkft/linux-next-master - next-20250717 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-kmem_cache_destroy

Date

July 17, 2025, 10:12 a.m.

Environment
qemu-x86_64

[   26.513501] ==================================================================
[   26.514031] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x37/0x1d0
[   26.514031] 
[   26.514521] Use-after-free read at 0x(____ptrval____) (in kfence-#68):
[   26.515107]  kmem_cache_destroy+0x37/0x1d0
[   26.515377]  kmem_cache_double_destroy+0x1bf/0x380
[   26.515627]  kunit_try_run_case+0x1a5/0x480
[   26.515796]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.515975]  kthread+0x337/0x6f0
[   26.516151]  ret_from_fork+0x116/0x1d0
[   26.516507]  ret_from_fork_asm+0x1a/0x30
[   26.516717] 
[   26.516966] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=208, cache=kmem_cache
[   26.516966] 
[   26.517788] allocated by task 264 on cpu 1 at 26.510835s (0.006895s ago):
[   26.518536]  __kmem_cache_create_args+0x169/0x240
[   26.518773]  kmem_cache_double_destroy+0xd5/0x380
[   26.519001]  kunit_try_run_case+0x1a5/0x480
[   26.519200]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.519445]  kthread+0x337/0x6f0
[   26.519643]  ret_from_fork+0x116/0x1d0
[   26.519855]  ret_from_fork_asm+0x1a/0x30
[   26.520092] 
[   26.520386] freed by task 264 on cpu 1 at 26.512401s (0.007811s ago):
[   26.520744]  slab_kmem_cache_release+0x2e/0x40
[   26.520908]  kmem_cache_release+0x16/0x20
[   26.521115]  kobject_put+0x181/0x450
[   26.521316]  sysfs_slab_release+0x16/0x20
[   26.521712]  kmem_cache_destroy+0xf0/0x1d0
[   26.522186]  kmem_cache_double_destroy+0x14e/0x380
[   26.522538]  kunit_try_run_case+0x1a5/0x480
[   26.522888]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.523153]  kthread+0x337/0x6f0
[   26.523542]  ret_from_fork+0x116/0x1d0
[   26.523755]  ret_from_fork_asm+0x1a/0x30
[   26.524097] 
[   26.524479] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   26.525004] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.525205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.525880] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwJ32YYH3rsbvUvNRbDDLdWs9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwJ32YYH3rsbvUvNRbDDLdWs9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/bzImage
sha256sum	07a1e7c475fbe0d7581a28da7be9cafbb328e6becefa6ecbfcd42fdce3b22356

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/modules.tar.xz
sha256sum	651adbeb72ad9ee19188d99d2b877df4dd037d2a48b86a8a968b1eb4c3477806

durations

tests

boot	0
kunit	236.22

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit