lkft/linux-stable-rc-linux-6.15.y - v6.15.1-35-g04e133874a24 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-kmem_cache_destroy

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64

[   24.338615] ==================================================================
[   24.339581] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x50/0x218
[   24.339581] 
[   24.339853] Use-after-free read at 0x000000001cc6e260 (in kfence-#105):
[   24.339983]  kmem_cache_destroy+0x50/0x218
[   24.340099]  kmem_cache_double_destroy+0x174/0x300
[   24.340216]  kunit_try_run_case+0x170/0x3f0
[   24.340337]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.340474]  kthread+0x328/0x630
[   24.340575]  ret_from_fork+0x10/0x20
[   24.340669] 
[   24.340726] kfence-#105: 0x0000000092c46ec6-0x000000008ba0fe75, size=208, cache=kmem_cache
[   24.340726] 
[   24.340882] allocated by task 219 on cpu 0 at 24.309253s (0.031620s ago):
[   24.341121]  __kmem_cache_create_args+0x178/0x280
[   24.341239]  kmem_cache_double_destroy+0xc0/0x300
[   24.341354]  kunit_try_run_case+0x170/0x3f0
[   24.341719]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.342329]  kthread+0x328/0x630
[   24.342641]  ret_from_fork+0x10/0x20
[   24.342719] 
[   24.342758] freed by task 219 on cpu 0 at 24.328686s (0.014065s ago):
[   24.342950]  slab_kmem_cache_release+0x38/0x50
[   24.343023]  kmem_cache_release+0x1c/0x30
[   24.343115]  kobject_put+0x17c/0x420
[   24.345367]  sysfs_slab_release+0x1c/0x30
[   24.346368]  kmem_cache_destroy+0x118/0x218
[   24.346891]  kmem_cache_double_destroy+0x128/0x300
[   24.347563]  kunit_try_run_case+0x170/0x3f0
[   24.348158]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.348528]  kthread+0x328/0x630
[   24.348819]  ret_from_fork+0x10/0x20
[   24.349049] 
[   24.349975] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   24.350528] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.350725] Hardware name: linux,dummy-virt (DT)
[   24.350884] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0l1lM4PPUPWLjAP2OyhEuEu2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0l1lM4PPUPWLjAP2OyhEuEu2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/Image.gz
sha256sum	1b531226140e142190e4cd0e4f3862050b0e2c45e059974a53d69b2b25304bf8

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/modules.tar.xz
sha256sum	96aed9ab36b698bb4c9bf06650847db2adf83170cdf96c9ed9e744a15d7b27ec

durations

tests

boot	0
kunit	362.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit