lkft/sashal-linus-next - v6.13-rc7-43108-gb6b7fc407c99 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-kmem_cache_destroy

Date

July 1, 2025, 12:10 a.m.

Environment
qemu-arm64

[   18.775428] ==================================================================
[   18.775553] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x50/0x218
[   18.775553] 
[   18.775651] Use-after-free read at 0x000000009f16f94f (in kfence-#68):
[   18.775844]  kmem_cache_destroy+0x50/0x218
[   18.775890]  kmem_cache_double_destroy+0x174/0x300
[   18.775952]  kunit_try_run_case+0x170/0x3f0
[   18.775996]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.776042]  kthread+0x328/0x630
[   18.776078]  ret_from_fork+0x10/0x20
[   18.776120] 
[   18.776278] kfence-#68: 0x00000000d256800a-0x0000000045a62457, size=208, cache=kmem_cache
[   18.776278] 
[   18.776464] allocated by task 215 on cpu 1 at 18.771686s (0.004708s ago):
[   18.776815]  __kmem_cache_create_args+0x178/0x280
[   18.776887]  kmem_cache_double_destroy+0xc0/0x300
[   18.776928]  kunit_try_run_case+0x170/0x3f0
[   18.776965]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.777011]  kthread+0x328/0x630
[   18.777042]  ret_from_fork+0x10/0x20
[   18.777114] 
[   18.777217] freed by task 215 on cpu 1 at 18.774252s (0.002898s ago):
[   18.777330]  slab_kmem_cache_release+0x38/0x50
[   18.777370]  kmem_cache_release+0x1c/0x30
[   18.777407]  kobject_put+0x17c/0x420
[   18.777474]  sysfs_slab_release+0x1c/0x30
[   18.777514]  kmem_cache_destroy+0x118/0x218
[   18.777567]  kmem_cache_double_destroy+0x128/0x300
[   18.777607]  kunit_try_run_case+0x170/0x3f0
[   18.777656]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.777700]  kthread+0x328/0x630
[   18.777731]  ret_from_fork+0x10/0x20
[   18.777786] 
[   18.777850] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.777935] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.777962] Hardware name: linux,dummy-virt (DT)
[   18.777999] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZAgR4HGSChCPu8KuJLPt15ei

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZAgR4HGSChCPu8KuJLPt15ei

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/Image.gz
sha256sum	f21f2f7031b771bca830a5b3afef9252dc911b1937cfdab3c3cb3770ee1dfdef

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/modules.tar.xz
sha256sum	373376c87789d93a6bf9062ae250416e65b9f0b18e5cf538a39cc351f73c170d

durations

tests

boot	0
kunit	175.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit