lkft/linux-mainline-master - v6.15-rc7-142-g4856ebd99715 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-kmem_cache_destroy

Date

May 23, 2025, 11:07 p.m.

Environment
qemu-arm64

[   29.557879] ==================================================================
[   29.558134] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x50/0x218
[   29.558134] 
[   29.558365] Use-after-free read at 0x0000000081c36094 (in kfence-#124):
[   29.562242]  kmem_cache_destroy+0x50/0x218
[   29.562509]  kmem_cache_double_destroy+0x174/0x300
[   29.562667]  kunit_try_run_case+0x170/0x3f0
[   29.562825]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.562994]  kthread+0x328/0x630
[   29.563136]  ret_from_fork+0x10/0x20
[   29.563283] 
[   29.563362] kfence-#124: 0x000000007e2f2ffa-0x0000000077174264, size=208, cache=kmem_cache
[   29.563362] 
[   29.564189] allocated by task 217 on cpu 0 at 29.526895s (0.037149s ago):
[   29.565392]  __kmem_cache_create_args+0x178/0x280
[   29.566303]  kmem_cache_double_destroy+0xc0/0x300
[   29.566928]  kunit_try_run_case+0x170/0x3f0
[   29.567113]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.567284]  kthread+0x328/0x630
[   29.567442]  ret_from_fork+0x10/0x20
[   29.567605] 
[   29.567712] freed by task 217 on cpu 0 at 29.551974s (0.015700s ago):
[   29.569199]  slab_kmem_cache_release+0x38/0x50
[   29.569592]  kmem_cache_release+0x1c/0x30
[   29.570033]  kobject_put+0x17c/0x430
[   29.570286]  sysfs_slab_release+0x1c/0x30
[   29.570419]  kmem_cache_destroy+0x118/0x218
[   29.570653]  kmem_cache_double_destroy+0x128/0x300
[   29.570777]  kunit_try_run_case+0x170/0x3f0
[   29.570895]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.571027]  kthread+0x328/0x630
[   29.571655]  ret_from_fork+0x10/0x20
[   29.572314] 
[   29.572468] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   29.572987] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.573180] Hardware name: linux,dummy-virt (DT)
[   29.573298] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6oKOcbQKiXvB9zY8T3TP346C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6oKOcbQKiXvB9zY8T3TP346C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/Image.gz
sha256sum	dc9d86ed0aa28c5a8c7aea5e5bbc5feee23ca57992b3a59f2660a2851e548fda

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/modules.tar.xz
sha256sum	bbf3712a920adb12a832cfcb69e456c8653dc36a192261fbeb4c1ef5e924a8d4

durations

tests

boot	0
kunit	423.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit