lkft/linux-mainline-master - v6.16-rc4-286-gc435a4f487e8 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 4, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.215850] ==================================================================
[   22.215961] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.215961] 
[   22.216060] Use-after-free read at 0x00000000bc2391a5 (in kfence-#86):
[   22.216760]  test_use_after_free_read+0x114/0x248
[   22.217076]  kunit_try_run_case+0x170/0x3f0
[   22.217215]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.217267]  kthread+0x328/0x630
[   22.217307]  ret_from_fork+0x10/0x20
[   22.217348] 
[   22.217686] kfence-#86: 0x00000000bc2391a5-0x000000008ed0e063, size=32, cache=kmalloc-32
[   22.217686] 
[   22.217912] allocated by task 295 on cpu 1 at 22.215463s (0.002357s ago):
[   22.218124]  test_alloc+0x29c/0x628
[   22.218174]  test_use_after_free_read+0xd0/0x248
[   22.218543]  kunit_try_run_case+0x170/0x3f0
[   22.218610]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.218657]  kthread+0x328/0x630
[   22.218989]  ret_from_fork+0x10/0x20
[   22.219152] 
[   22.219363] freed by task 295 on cpu 1 at 22.215579s (0.003744s ago):
[   22.219602]  test_use_after_free_read+0x1c0/0x248
[   22.219672]  kunit_try_run_case+0x170/0x3f0
[   22.219712]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.220570]  kthread+0x328/0x630
[   22.220815]  ret_from_fork+0x10/0x20
[   22.220861] 
[   22.221255] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.221466] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.221714] Hardware name: linux,dummy-virt (DT)
[   22.222039] ==================================================================
[   22.324361] ==================================================================
[   22.324436] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.324436] 
[   22.324935] Use-after-free read at 0x000000003e14ec0c (in kfence-#87):
[   22.325070]  test_use_after_free_read+0x114/0x248
[   22.325218]  kunit_try_run_case+0x170/0x3f0
[   22.325297]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.325484]  kthread+0x328/0x630
[   22.325721]  ret_from_fork+0x10/0x20
[   22.325781] 
[   22.325834] kfence-#87: 0x000000003e14ec0c-0x000000008b8ec671, size=32, cache=test
[   22.325834] 
[   22.326129] allocated by task 297 on cpu 1 at 22.324093s (0.002031s ago):
[   22.326513]  test_alloc+0x230/0x628
[   22.326593]  test_use_after_free_read+0xd0/0x248
[   22.326726]  kunit_try_run_case+0x170/0x3f0
[   22.326883]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.326930]  kthread+0x328/0x630
[   22.327050]  ret_from_fork+0x10/0x20
[   22.327091] 
[   22.327114] freed by task 297 on cpu 1 at 22.324155s (0.002956s ago):
[   22.327228]  test_use_after_free_read+0xf0/0x248
[   22.327273]  kunit_try_run_case+0x170/0x3f0
[   22.327648]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.327836]  kthread+0x328/0x630
[   22.328007]  ret_from_fork+0x10/0x20
[   22.328163] 
[   22.328227] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.328670] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.328777] Hardware name: linux,dummy-virt (DT)
[   22.328848] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkRTcOxNG0RjFqEvXKm3x6sPC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkRTcOxNG0RjFqEvXKm3x6sPC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/Image.gz
sha256sum	5fbd8c3970ae36e29a834ce01bc6e4bd25f6cdde84c4785eddd5944e7fac6f3e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/modules.tar.xz
sha256sum	dab8e8682ec9a5cba2412ad5c71233241414072bbb9a1ce395053c4d1adb684f

durations

tests

boot	0
kunit	176.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.898794] ==================================================================
[   17.899280] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.899280] 
[   17.899688] Use-after-free read at 0x(____ptrval____) (in kfence-#80):
[   17.899974]  test_use_after_free_read+0x129/0x270
[   17.900187]  kunit_try_run_case+0x1a5/0x480
[   17.900367]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.900586]  kthread+0x337/0x6f0
[   17.900714]  ret_from_fork+0x116/0x1d0
[   17.900859]  ret_from_fork_asm+0x1a/0x30
[   17.901203] 
[   17.901316] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.901316] 
[   17.901724] allocated by task 312 on cpu 1 at 17.898579s (0.003143s ago):
[   17.901952]  test_alloc+0x364/0x10f0
[   17.902352]  test_use_after_free_read+0xdc/0x270
[   17.902552]  kunit_try_run_case+0x1a5/0x480
[   17.902740]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.902915]  kthread+0x337/0x6f0
[   17.903038]  ret_from_fork+0x116/0x1d0
[   17.903206]  ret_from_fork_asm+0x1a/0x30
[   17.903670] 
[   17.903974] freed by task 312 on cpu 1 at 17.898634s (0.005221s ago):
[   17.904643]  test_use_after_free_read+0x1e7/0x270
[   17.905434]  kunit_try_run_case+0x1a5/0x480
[   17.905663]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.905927]  kthread+0x337/0x6f0
[   17.906303]  ret_from_fork+0x116/0x1d0
[   17.906506]  ret_from_fork_asm+0x1a/0x30
[   17.906863] 
[   17.907020] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.907745] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.908067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.908558] ==================================================================
[   18.002741] ==================================================================
[   18.003173] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.003173] 
[   18.003933] Use-after-free read at 0x(____ptrval____) (in kfence-#81):
[   18.004145]  test_use_after_free_read+0x129/0x270
[   18.004354]  kunit_try_run_case+0x1a5/0x480
[   18.004509]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.004683]  kthread+0x337/0x6f0
[   18.004817]  ret_from_fork+0x116/0x1d0
[   18.004953]  ret_from_fork_asm+0x1a/0x30
[   18.005094] 
[   18.005172] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.005172] 
[   18.005525] allocated by task 314 on cpu 0 at 18.002596s (0.002927s ago):
[   18.005761]  test_alloc+0x2a6/0x10f0
[   18.005895]  test_use_after_free_read+0xdc/0x270
[   18.006051]  kunit_try_run_case+0x1a5/0x480
[   18.006200]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.006652]  kthread+0x337/0x6f0
[   18.006949]  ret_from_fork+0x116/0x1d0
[   18.007306]  ret_from_fork_asm+0x1a/0x30
[   18.007657] 
[   18.007817] freed by task 314 on cpu 0 at 18.002655s (0.005160s ago):
[   18.008454]  test_use_after_free_read+0xfb/0x270
[   18.008867]  kunit_try_run_case+0x1a5/0x480
[   18.009288]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.009658]  kthread+0x337/0x6f0
[   18.009783]  ret_from_fork+0x116/0x1d0
[   18.009917]  ret_from_fork_asm+0x1a/0x30
[   18.010057] 
[   18.010166] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   18.010638] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.010812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.011167] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkSQgslXQ0Ma2lkWOt6lQxZV2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkSQgslXQ0Ma2lkWOt6lQxZV2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/bzImage
sha256sum	5c9564af88356106f181c7ebae8640f61710877fc0d04924c2c06faa7f0185e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/modules.tar.xz
sha256sum	61c61d46d81ee697a25111ed181eb7917f8709c9a7ef58842accb53e5ed282f2

durations

tests

boot	0
kunit	245.23

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit