lkft/linux-mainline-master - v6.15-rc3-8-ga33b5a08cbbd - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

April 22, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   23.300652] ==================================================================
[   23.300872] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   23.300872] 
[   23.301074] Use-after-free read at 0x00000000e756a986 (in kfence-#112):
[   23.301228]  test_use_after_free_read+0x114/0x248
[   23.301367]  kunit_try_run_case+0x170/0x3f0
[   23.301491]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.301637]  kthread+0x328/0x630
[   23.301762]  ret_from_fork+0x10/0x20
[   23.301879] 
[   23.301953] kfence-#112: 0x00000000e756a986-0x000000004dc4f555, size=32, cache=test
[   23.301953] 
[   23.302091] allocated by task 299 on cpu 0 at 23.300278s (0.001806s ago):
[   23.302267]  test_alloc+0x230/0x628
[   23.302390]  test_use_after_free_read+0xd0/0x248
[   23.302510]  kunit_try_run_case+0x170/0x3f0
[   23.302603]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.302692]  kthread+0x328/0x630
[   23.302774]  ret_from_fork+0x10/0x20
[   23.302863] 
[   23.302916] freed by task 299 on cpu 0 at 23.300377s (0.002530s ago):
[   23.303125]  test_use_after_free_read+0xf0/0x248
[   23.303222]  kunit_try_run_case+0x170/0x3f0
[   23.303312]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.303400]  kthread+0x328/0x630
[   23.303483]  ret_from_fork+0x10/0x20
[   23.303582] 
[   23.303769] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   23.303942] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.303997] Hardware name: linux,dummy-virt (DT)
[   23.304215] ==================================================================
[   23.198908] ==================================================================
[   23.199221] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   23.199221] 
[   23.199714] Use-after-free read at 0x000000008356e26b (in kfence-#111):
[   23.199813]  test_use_after_free_read+0x114/0x248
[   23.200092]  kunit_try_run_case+0x170/0x3f0
[   23.200520]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.200663]  kthread+0x328/0x630
[   23.200782]  ret_from_fork+0x10/0x20
[   23.200890] 
[   23.200974] kfence-#111: 0x000000008356e26b-0x0000000061cdbf12, size=32, cache=kmalloc-32
[   23.200974] 
[   23.201108] allocated by task 297 on cpu 0 at 23.197754s (0.003345s ago):
[   23.201270]  test_alloc+0x29c/0x628
[   23.201363]  test_use_after_free_read+0xd0/0x248
[   23.201472]  kunit_try_run_case+0x170/0x3f0
[   23.201600]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.201758]  kthread+0x328/0x630
[   23.201885]  ret_from_fork+0x10/0x20
[   23.201996] 
[   23.202063] freed by task 297 on cpu 0 at 23.197880s (0.004171s ago):
[   23.202268]  test_use_after_free_read+0x1c0/0x248
[   23.202402]  kunit_try_run_case+0x170/0x3f0
[   23.202502]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.202607]  kthread+0x328/0x630
[   23.202690]  ret_from_fork+0x10/0x20
[   23.202783] 
[   23.202890] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   23.203047] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.203121] Hardware name: linux,dummy-virt (DT)
[   23.203201] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2w58bPRPTycbz1vmAdBLBc0aa6B

job_id

TEST:linaro@lkft#2w58fxq4bKj9vp73CIYpItcyxn6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w58fxq4bKj9vp73CIYpItcyxn6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58cme5gejaHmq4RPVvp3S5u7p/Image.gz
sha256sum	4b4388c6f3ff4d9d5f37e24b5dd96bcea12d5773962644bca64d76518d1261ab

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	6e7d093e93027c909f889e69aec109c9a1b0ec1ca5f1beffa4bce78be31bff20

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58cme5gejaHmq4RPVvp3S5u7p/modules.tar.xz
sha256sum	ea868b19cf381ec631b74a7beed07667a57ebf8839290b6192a6a06165583a43

durations

tests

boot	0
kunit	115.30

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   27.226248] ==================================================================
[   27.227007] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   27.227007] 
[   27.227866] Use-after-free read at 0x(____ptrval____) (in kfence-#105):
[   27.228455]  test_use_after_free_read+0x129/0x270
[   27.229817]  kunit_try_run_case+0x1a5/0x480
[   27.230314]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.230812]  kthread+0x337/0x6f0
[   27.231200]  ret_from_fork+0x41/0x80
[   27.231634]  ret_from_fork_asm+0x1a/0x30
[   27.232019] 
[   27.232249] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   27.232249] 
[   27.233308] allocated by task 317 on cpu 1 at 27.226045s (0.007257s ago):
[   27.234189]  test_alloc+0x2a6/0x10f0
[   27.234541]  test_use_after_free_read+0xdc/0x270
[   27.235257]  kunit_try_run_case+0x1a5/0x480
[   27.235886]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.236326]  kthread+0x337/0x6f0
[   27.236915]  ret_from_fork+0x41/0x80
[   27.237332]  ret_from_fork_asm+0x1a/0x30
[   27.237819] 
[   27.238058] freed by task 317 on cpu 1 at 27.226110s (0.011941s ago):
[   27.238783]  test_use_after_free_read+0xfb/0x270
[   27.239191]  kunit_try_run_case+0x1a5/0x480
[   27.239993]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.240778]  kthread+0x337/0x6f0
[   27.241190]  ret_from_fork+0x41/0x80
[   27.241654]  ret_from_fork_asm+0x1a/0x30
[   27.242269] 
[   27.242532] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   27.243565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.244091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.244842] ==================================================================
[   27.122496] ==================================================================
[   27.123150] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   27.123150] 
[   27.124504] Use-after-free read at 0x(____ptrval____) (in kfence-#104):
[   27.124983]  test_use_after_free_read+0x129/0x270
[   27.125350]  kunit_try_run_case+0x1a5/0x480
[   27.126956]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.127656]  kthread+0x337/0x6f0
[   27.128195]  ret_from_fork+0x41/0x80
[   27.128750]  ret_from_fork_asm+0x1a/0x30
[   27.129293] 
[   27.129786] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   27.129786] 
[   27.130744] allocated by task 315 on cpu 0 at 27.122107s (0.008633s ago):
[   27.131412]  test_alloc+0x364/0x10f0
[   27.132154]  test_use_after_free_read+0xdc/0x270
[   27.132850]  kunit_try_run_case+0x1a5/0x480
[   27.133411]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.133920]  kthread+0x337/0x6f0
[   27.134281]  ret_from_fork+0x41/0x80
[   27.134688]  ret_from_fork_asm+0x1a/0x30
[   27.135153] 
[   27.135723] freed by task 315 on cpu 0 at 27.122215s (0.013279s ago):
[   27.136296]  test_use_after_free_read+0x1e7/0x270
[   27.137110]  kunit_try_run_case+0x1a5/0x480
[   27.137782]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.138331]  kthread+0x337/0x6f0
[   27.138710]  ret_from_fork+0x41/0x80
[   27.139086]  ret_from_fork_asm+0x1a/0x30
[   27.139841] 
[   27.140368] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   27.141318] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.141711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.142246] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2w58bPRPTycbz1vmAdBLBc0aa6B

job_id

TEST:linaro@lkft#2w58gtgABx34QfpACxxt1FW8tt4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w58gtgABx34QfpACxxt1FW8tt4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58e0U5Ru8v4eqp9FzDEGsLRcM/bzImage
sha256sum	f59986011cb969c7a1cdd138a2f9f0805d494458126148234385e9c958ff6025

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	46d08c6812c5a56498fb2daa39090f5328578b27d1cc7e901eb03c5578fd0198

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58e0U5Ru8v4eqp9FzDEGsLRcM/modules.tar.xz
sha256sum	8a4ca15b5d29d47a50af2e54c5fa80863c1756101b85f2c14a51465bf17dc7f1

durations

tests

boot	0
kunit	46.19

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   26.001999] ==================================================================
[   26.002668] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   26.002668] 
[   26.003503] Use-after-free read at 0x(____ptrval____) (in kfence-#105):
[   26.004097]  test_use_after_free_read+0x114/0x248
[   26.004526]  kunit_try_run_case+0x170/0x3f0
[   26.004913]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.005411]  kthread+0x328/0x630
[   26.005715]  ret_from_fork+0x10/0x20
[   26.006045] 
[   26.006187] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   26.006187] 
[   26.007043] allocated by task 353 on cpu 4 at 26.001960s (0.005081s ago):
[   26.007659]  test_alloc+0x29c/0x628
[   26.007979]  test_use_after_free_read+0xd0/0x248
[   26.008398]  kunit_try_run_case+0x170/0x3f0
[   26.008781]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.009278]  kthread+0x328/0x630
[   26.009577]  ret_from_fork+0x10/0x20
[   26.009905] 
[   26.010046] freed by task 353 on cpu 4 at 26.001969s (0.008076s ago):
[   26.010631]  test_use_after_free_read+0x1c0/0x248
[   26.011057]  kunit_try_run_case+0x170/0x3f0
[   26.011440]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.011936]  kthread+0x328/0x630
[   26.012236]  ret_from_fork+0x10/0x20
[   26.012564] 
[   26.012711] CPU: 4 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   26.013599] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.013976] Hardware name: Radxa ROCK Pi 4B (DT)
[   26.014391] ==================================================================
[   26.105972] ==================================================================
[   26.106640] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   26.106640] 
[   26.107470] Use-after-free read at 0x(____ptrval____) (in kfence-#106):
[   26.108058]  test_use_after_free_read+0x114/0x248
[   26.108483]  kunit_try_run_case+0x170/0x3f0
[   26.108865]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.109359]  kthread+0x328/0x630
[   26.109657]  ret_from_fork+0x10/0x20
[   26.109983] 
[   26.110123] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   26.110123] 
[   26.110929] allocated by task 355 on cpu 4 at 26.105931s (0.004997s ago):
[   26.111539]  test_alloc+0x230/0x628
[   26.111856]  test_use_after_free_read+0xd0/0x248
[   26.112270]  kunit_try_run_case+0x170/0x3f0
[   26.112649]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.113140]  kthread+0x328/0x630
[   26.113435]  ret_from_fork+0x10/0x20
[   26.113759] 
[   26.113896] freed by task 355 on cpu 4 at 26.105939s (0.007956s ago):
[   26.114474]  test_use_after_free_read+0xf0/0x248
[   26.114887]  kunit_try_run_case+0x170/0x3f0
[   26.115264]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.115755]  kthread+0x328/0x630
[   26.116049]  ret_from_fork+0x10/0x20
[   26.116373] 
[   26.116518] CPU: 4 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   26.117398] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.117770] Hardware name: Radxa ROCK Pi 4B (DT)
[   26.118181] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit