lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

April 20, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   30.093328] ==================================================================
[   30.093458] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   30.093458] 
[   30.093625] Use-after-free read at 0x000000008b86ebb3 (in kfence-#125):
[   30.093744]  test_use_after_free_read+0x114/0x248
[   30.094049]  kunit_try_run_case+0x170/0x3f0
[   30.094283]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.094475]  kthread+0x328/0x630
[   30.094772]  ret_from_fork+0x10/0x20
[   30.094876] 
[   30.094947] kfence-#125: 0x000000008b86ebb3-0x0000000022c3df39, size=32, cache=kmalloc-32
[   30.094947] 
[   30.095072] allocated by task 297 on cpu 0 at 30.092816s (0.002247s ago):
[   30.095424]  test_alloc+0x29c/0x628
[   30.095795]  test_use_after_free_read+0xd0/0x248
[   30.096140]  kunit_try_run_case+0x170/0x3f0
[   30.096467]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.097272]  kthread+0x328/0x630
[   30.097373]  ret_from_fork+0x10/0x20
[   30.097817] 
[   30.097901] freed by task 297 on cpu 0 at 30.092910s (0.004982s ago):
[   30.099161]  test_use_after_free_read+0x1c0/0x248
[   30.099677]  kunit_try_run_case+0x170/0x3f0
[   30.099793]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.099906]  kthread+0x328/0x630
[   30.101009]  ret_from_fork+0x10/0x20
[   30.101141] 
[   30.101458] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   30.102177] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.102269] Hardware name: linux,dummy-virt (DT)
[   30.102567] ==================================================================
[   30.201653] ==================================================================
[   30.201758] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   30.201758] 
[   30.201918] Use-after-free read at 0x0000000077b66f62 (in kfence-#126):
[   30.202057]  test_use_after_free_read+0x114/0x248
[   30.202338]  kunit_try_run_case+0x170/0x3f0
[   30.202607]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.202802]  kthread+0x328/0x630
[   30.203038]  ret_from_fork+0x10/0x20
[   30.203319] 
[   30.203410] kfence-#126: 0x0000000077b66f62-0x00000000c05922d5, size=32, cache=test
[   30.203410] 
[   30.203546] allocated by task 299 on cpu 0 at 30.201202s (0.002319s ago):
[   30.203736]  test_alloc+0x230/0x628
[   30.204085]  test_use_after_free_read+0xd0/0x248
[   30.204209]  kunit_try_run_case+0x170/0x3f0
[   30.204359]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.204476]  kthread+0x328/0x630
[   30.204596]  ret_from_fork+0x10/0x20
[   30.204753] 
[   30.204813] freed by task 299 on cpu 0 at 30.201267s (0.003538s ago):
[   30.205123]  test_use_after_free_read+0xf0/0x248
[   30.205274]  kunit_try_run_case+0x170/0x3f0
[   30.205396]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.205603]  kthread+0x328/0x630
[   30.205740]  ret_from_fork+0x10/0x20
[   30.205943] 
[   30.206110] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   30.206581] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.206683] Hardware name: linux,dummy-virt (DT)
[   30.206895] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2w0twD46JnbM3uuwFzFr96Mv09c

job_id

TEST:linaro@lkft#2w0u011gxc9rP28xjZn2LW9dmkk

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w0u011gxc9rP28xjZn2LW9dmkk

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0txFB8nKL1zwrJEbIPml6sHmA/Image.gz
sha256sum	640e60b3f9e880e210b277ab8a14be609af2709a64df1bea735a73952e0c6d8f

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	6e7d093e93027c909f889e69aec109c9a1b0ec1ca5f1beffa4bce78be31bff20

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0txFB8nKL1zwrJEbIPml6sHmA/modules.tar.xz
sha256sum	34ed11929e5ab442ddd8b3a4d64f3a51c04d9299dcf90df066391ed31be24330

durations

tests

boot	0
kunit	130.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   17.000844] ==================================================================
[   17.001255] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.001255] 
[   17.001822] Use-after-free read at 0x(____ptrval____) (in kfence-#70):
[   17.002162]  test_use_after_free_read+0x129/0x270
[   17.002362]  kunit_try_run_case+0x1a5/0x480
[   17.002573]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.002777]  kthread+0x337/0x6f0
[   17.002930]  ret_from_fork+0x41/0x80
[   17.003067]  ret_from_fork_asm+0x1a/0x30
[   17.003210] 
[   17.003341] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.003341] 
[   17.003600] allocated by task 318 on cpu 0 at 17.000712s (0.002886s ago):
[   17.003922]  test_alloc+0x2a6/0x10f0
[   17.004099]  test_use_after_free_read+0xdc/0x270
[   17.004536]  kunit_try_run_case+0x1a5/0x480
[   17.004825]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.005006]  kthread+0x337/0x6f0
[   17.005127]  ret_from_fork+0x41/0x80
[   17.005255]  ret_from_fork_asm+0x1a/0x30
[   17.005404] 
[   17.005475] freed by task 318 on cpu 0 at 17.000768s (0.004705s ago):
[   17.005696]  test_use_after_free_read+0xfb/0x270
[   17.005858]  kunit_try_run_case+0x1a5/0x480
[   17.006001]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.007474]  kthread+0x337/0x6f0
[   17.007697]  ret_from_fork+0x41/0x80
[   17.007831]  ret_from_fork_asm+0x1a/0x30
[   17.008569] 
[   17.008833] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.009844] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.009997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.010256] ==================================================================
[   16.896978] ==================================================================
[   16.897530] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.897530] 
[   16.897949] Use-after-free read at 0x(____ptrval____) (in kfence-#69):
[   16.898188]  test_use_after_free_read+0x129/0x270
[   16.898537]  kunit_try_run_case+0x1a5/0x480
[   16.898729]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.898931]  kthread+0x337/0x6f0
[   16.899104]  ret_from_fork+0x41/0x80
[   16.899262]  ret_from_fork_asm+0x1a/0x30
[   16.899493] 
[   16.899566] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.899566] 
[   16.900126] allocated by task 316 on cpu 1 at 16.896678s (0.003446s ago):
[   16.900358]  test_alloc+0x364/0x10f0
[   16.900558]  test_use_after_free_read+0xdc/0x270
[   16.900785]  kunit_try_run_case+0x1a5/0x480
[   16.900969]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.901141]  kthread+0x337/0x6f0
[   16.901280]  ret_from_fork+0x41/0x80
[   16.901481]  ret_from_fork_asm+0x1a/0x30
[   16.901679] 
[   16.901787] freed by task 316 on cpu 1 at 16.896730s (0.005054s ago):
[   16.902099]  test_use_after_free_read+0x1e7/0x270
[   16.902333]  kunit_try_run_case+0x1a5/0x480
[   16.902506]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.902681]  kthread+0x337/0x6f0
[   16.902854]  ret_from_fork+0x41/0x80
[   16.903038]  ret_from_fork_asm+0x1a/0x30
[   16.903254] 
[   16.903440] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   16.903775] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.903940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.904361] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2w0twD46JnbM3uuwFzFr96Mv09c

job_id

TEST:linaro@lkft#2w0u14eQR7px5dmrFCgo4vyETYO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w0u14eQR7px5dmrFCgo4vyETYO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0tyFt71oC7hJPjO2Lp1z5eNSk/bzImage
sha256sum	e1a0a670e3284fb549fd95960a226bdbc1a4af89130c9d16d29bf73d85314532

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	46d08c6812c5a56498fb2daa39090f5328578b27d1cc7e901eb03c5578fd0198

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0tyFt71oC7hJPjO2Lp1z5eNSk/modules.tar.xz
sha256sum	da9e898c86df01bfb1c22097602c3f24707b53ff8e5ee0c9842a12edfaa298c0

durations

tests

boot	0
kunit	26.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   26.758046] ==================================================================
[   26.758715] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   26.758715] 
[   26.759546] Use-after-free read at 0x(____ptrval____) (in kfence-#92):
[   26.760128]  test_use_after_free_read+0x114/0x248
[   26.760555]  kunit_try_run_case+0x170/0x3f0
[   26.760938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.761433]  kthread+0x328/0x630
[   26.761733]  ret_from_fork+0x10/0x20
[   26.762061] 
[   26.762201] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   26.762201] 
[   26.763047] allocated by task 349 on cpu 4 at 26.758006s (0.005040s ago):
[   26.763659]  test_alloc+0x29c/0x628
[   26.763978]  test_use_after_free_read+0xd0/0x248
[   26.764393]  kunit_try_run_case+0x170/0x3f0
[   26.764774]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.765268]  kthread+0x328/0x630
[   26.765564]  ret_from_fork+0x10/0x20
[   26.765889] 
[   26.766030] freed by task 349 on cpu 4 at 26.758015s (0.008014s ago):
[   26.766612]  test_use_after_free_read+0x1c0/0x248
[   26.767035]  kunit_try_run_case+0x170/0x3f0
[   26.767415]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.767907]  kthread+0x328/0x630
[   26.768205]  ret_from_fork+0x10/0x20
[   26.768531] 
[   26.768676] CPU: 4 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   26.769559] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.769933] Hardware name: Radxa ROCK Pi 4B (DT)
[   26.770346] ==================================================================
[   26.862109] ==================================================================
[   26.862774] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   26.862774] 
[   26.863603] Use-after-free read at 0x(____ptrval____) (in kfence-#93):
[   26.864184]  test_use_after_free_read+0x114/0x248
[   26.864606]  kunit_try_run_case+0x170/0x3f0
[   26.864987]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.865479]  kthread+0x328/0x630
[   26.865776]  ret_from_fork+0x10/0x20
[   26.866100] 
[   26.866238] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   26.866238] 
[   26.867035] allocated by task 351 on cpu 4 at 26.862070s (0.004964s ago):
[   26.867643]  test_alloc+0x230/0x628
[   26.867958]  test_use_after_free_read+0xd0/0x248
[   26.868370]  kunit_try_run_case+0x170/0x3f0
[   26.868746]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.869236]  kthread+0x328/0x630
[   26.869529]  ret_from_fork+0x10/0x20
[   26.869851] 
[   26.869989] freed by task 351 on cpu 4 at 26.862078s (0.007910s ago):
[   26.870564]  test_use_after_free_read+0xf0/0x248
[   26.870977]  kunit_try_run_case+0x170/0x3f0
[   26.871352]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.871842]  kthread+0x328/0x630
[   26.872135]  ret_from_fork+0x10/0x20
[   26.872457] 
[   26.872601] CPU: 4 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   26.873478] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.873851] Hardware name: Radxa ROCK Pi 4B (DT)
[   26.874261] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit