lkft/linux-mainline-master - v6.15-rc7-142-g4856ebd99715 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

May 23, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   34.175101] ==================================================================
[   34.175305] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.175305] 
[   34.175609] Use-after-free read at 0x00000000e71315de (in kfence-#157):
[   34.176000]  test_use_after_free_read+0x114/0x248
[   34.176229]  kunit_try_run_case+0x170/0x3f0
[   34.176430]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.176617]  kthread+0x328/0x630
[   34.176791]  ret_from_fork+0x10/0x20
[   34.176933] 
[   34.176997] kfence-#157: 0x00000000e71315de-0x000000002a3fc74b, size=32, cache=kmalloc-32
[   34.176997] 
[   34.177517] allocated by task 297 on cpu 0 at 34.174108s (0.003396s ago):
[   34.178562]  test_alloc+0x29c/0x628
[   34.178698]  test_use_after_free_read+0xd0/0x248
[   34.178822]  kunit_try_run_case+0x170/0x3f0
[   34.178954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.179088]  kthread+0x328/0x630
[   34.179203]  ret_from_fork+0x10/0x20
[   34.179322] 
[   34.179404] freed by task 297 on cpu 0 at 34.174288s (0.005107s ago):
[   34.179600]  test_use_after_free_read+0x1c0/0x248
[   34.180783]  kunit_try_run_case+0x170/0x3f0
[   34.180934]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.181244]  kthread+0x328/0x630
[   34.181378]  ret_from_fork+0x10/0x20
[   34.181513] 
[   34.181581] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   34.181731] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.181777] Hardware name: linux,dummy-virt (DT)
[   34.181824] ==================================================================
[   34.282549] ==================================================================
[   34.282756] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.282756] 
[   34.283463] Use-after-free read at 0x00000000a238d7c0 (in kfence-#158):
[   34.283863]  test_use_after_free_read+0x114/0x248
[   34.284570]  kunit_try_run_case+0x170/0x3f0
[   34.285316]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.285603]  kthread+0x328/0x630
[   34.285746]  ret_from_fork+0x10/0x20
[   34.286222] 
[   34.286414] kfence-#158: 0x00000000a238d7c0-0x00000000c6365170, size=32, cache=test
[   34.286414] 
[   34.286725] allocated by task 299 on cpu 0 at 34.281289s (0.005424s ago):
[   34.286928]  test_alloc+0x230/0x628
[   34.287046]  test_use_after_free_read+0xd0/0x248
[   34.287163]  kunit_try_run_case+0x170/0x3f0
[   34.287309]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.287500]  kthread+0x328/0x630
[   34.287655]  ret_from_fork+0x10/0x20
[   34.287773] 
[   34.287839] freed by task 299 on cpu 0 at 34.281406s (0.006424s ago):
[   34.288054]  test_use_after_free_read+0xf0/0x248
[   34.288169]  kunit_try_run_case+0x170/0x3f0
[   34.288546]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.288724]  kthread+0x328/0x630
[   34.288924]  ret_from_fork+0x10/0x20
[   34.289030] 
[   34.289130] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   34.289347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.289438] Hardware name: linux,dummy-virt (DT)
[   34.289553] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6oKOcbQKiXvB9zY8T3TP346C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6oKOcbQKiXvB9zY8T3TP346C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/Image.gz
sha256sum	dc9d86ed0aa28c5a8c7aea5e5bbc5feee23ca57992b3a59f2660a2851e548fda

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/modules.tar.xz
sha256sum	bbf3712a920adb12a832cfcb69e456c8653dc36a192261fbeb4c1ef5e924a8d4

durations

tests

boot	0
kunit	423.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.734491] ==================================================================
[   17.734932] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.734932] 
[   17.735365] Use-after-free read at 0x(____ptrval____) (in kfence-#68):
[   17.735670]  test_use_after_free_read+0x129/0x270
[   17.735839]  kunit_try_run_case+0x1a5/0x480
[   17.736054]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.736331]  kthread+0x337/0x6f0
[   17.736509]  ret_from_fork+0x41/0x80
[   17.736702]  ret_from_fork_asm+0x1a/0x30
[   17.736862] 
[   17.736948] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.736948] 
[   17.737363] allocated by task 314 on cpu 0 at 17.734241s (0.003119s ago):
[   17.737825]  test_alloc+0x364/0x10f0
[   17.737963]  test_use_after_free_read+0xdc/0x270
[   17.738189]  kunit_try_run_case+0x1a5/0x480
[   17.738406]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.738716]  kthread+0x337/0x6f0
[   17.738859]  ret_from_fork+0x41/0x80
[   17.739030]  ret_from_fork_asm+0x1a/0x30
[   17.739223] 
[   17.739296] freed by task 314 on cpu 0 at 17.734328s (0.004966s ago):
[   17.739518]  test_use_after_free_read+0x1e7/0x270
[   17.739696]  kunit_try_run_case+0x1a5/0x480
[   17.739909]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.740290]  kthread+0x337/0x6f0
[   17.740434]  ret_from_fork+0x41/0x80
[   17.740570]  ret_from_fork_asm+0x1a/0x30
[   17.740828] 
[   17.740950] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   17.741452] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.741610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.741879] ==================================================================
[   17.838394] ==================================================================
[   17.838818] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.838818] 
[   17.839358] Use-after-free read at 0x(____ptrval____) (in kfence-#69):
[   17.839675]  test_use_after_free_read+0x129/0x270
[   17.839885]  kunit_try_run_case+0x1a5/0x480
[   17.840261]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.840466]  kthread+0x337/0x6f0
[   17.840593]  ret_from_fork+0x41/0x80
[   17.840779]  ret_from_fork_asm+0x1a/0x30
[   17.840984] 
[   17.841085] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.841085] 
[   17.841468] allocated by task 316 on cpu 1 at 17.838224s (0.003241s ago):
[   17.841774]  test_alloc+0x2a6/0x10f0
[   17.841905]  test_use_after_free_read+0xdc/0x270
[   17.842058]  kunit_try_run_case+0x1a5/0x480
[   17.842260]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.842547]  kthread+0x337/0x6f0
[   17.842742]  ret_from_fork+0x41/0x80
[   17.842941]  ret_from_fork_asm+0x1a/0x30
[   17.843173] 
[   17.843280] freed by task 316 on cpu 1 at 17.838283s (0.004995s ago):
[   17.843620]  test_use_after_free_read+0xfb/0x270
[   17.843892]  kunit_try_run_case+0x1a5/0x480
[   17.844099]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.844351]  kthread+0x337/0x6f0
[   17.844580]  ret_from_fork+0x41/0x80
[   17.844711]  ret_from_fork_asm+0x1a/0x30
[   17.844849] 
[   17.844949] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   17.845478] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.845802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.846187] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6pFlrRJjT7hepkB9aiMlUziD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6pFlrRJjT7hepkB9aiMlUziD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/bzImage
sha256sum	87310a5ce2e449ea32174d5c60c63ddcd1873527b924fc92af17800f3b6a0c85

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/modules.tar.xz
sha256sum	392011dc561b93e70d20c4f59de7bf990a438ea01b5984e8279d811e404b080b

durations

tests

boot	0
kunit	211.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit