lkft/linux-mainline-master - v6.16-rc4-308-ga79a588fc176 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   24.413990] ==================================================================
[   24.414173] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   24.414173] 
[   24.414504] Use-after-free read at 0x0000000014b2c949 (in kfence-#117):
[   24.414608]  test_use_after_free_read+0x114/0x248
[   24.414992]  kunit_try_run_case+0x170/0x3f0
[   24.415493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.415844]  kthread+0x328/0x630
[   24.416285]  ret_from_fork+0x10/0x20
[   24.416404] 
[   24.416458] kfence-#117: 0x0000000014b2c949-0x000000009713ff7d, size=32, cache=kmalloc-32
[   24.416458] 
[   24.416993] allocated by task 296 on cpu 1 at 24.413530s (0.003452s ago):
[   24.417885]  test_alloc+0x29c/0x628
[   24.418045]  test_use_after_free_read+0xd0/0x248
[   24.418167]  kunit_try_run_case+0x170/0x3f0
[   24.418437]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.418618]  kthread+0x328/0x630
[   24.418904]  ret_from_fork+0x10/0x20
[   24.419052] 
[   24.419107] freed by task 296 on cpu 1 at 24.413646s (0.005453s ago):
[   24.419506]  test_use_after_free_read+0x1c0/0x248
[   24.419838]  kunit_try_run_case+0x170/0x3f0
[   24.420299]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.420421]  kthread+0x328/0x630
[   24.420503]  ret_from_fork+0x10/0x20
[   24.420941] 
[   24.421384] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   24.421660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.421893] Hardware name: linux,dummy-virt (DT)
[   24.422162] ==================================================================
[   24.516944] ==================================================================
[   24.517301] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   24.517301] 
[   24.517668] Use-after-free read at 0x00000000b01fdd1e (in kfence-#118):
[   24.517967]  test_use_after_free_read+0x114/0x248
[   24.518114]  kunit_try_run_case+0x170/0x3f0
[   24.518257]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.518381]  kthread+0x328/0x630
[   24.518470]  ret_from_fork+0x10/0x20
[   24.518548] 
[   24.518614] kfence-#118: 0x00000000b01fdd1e-0x00000000981370e1, size=32, cache=test
[   24.518614] 
[   24.518722] allocated by task 298 on cpu 1 at 24.516690s (0.002025s ago):
[   24.518980]  test_alloc+0x230/0x628
[   24.519075]  test_use_after_free_read+0xd0/0x248
[   24.519341]  kunit_try_run_case+0x170/0x3f0
[   24.519576]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.519852]  kthread+0x328/0x630
[   24.519943]  ret_from_fork+0x10/0x20
[   24.520033] 
[   24.520085] freed by task 298 on cpu 1 at 24.516774s (0.003304s ago):
[   24.520235]  test_use_after_free_read+0xf0/0x248
[   24.520350]  kunit_try_run_case+0x170/0x3f0
[   24.520500]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.520642]  kthread+0x328/0x630
[   24.520731]  ret_from_fork+0x10/0x20
[   24.520829] 
[   24.520954] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   24.521202] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.521293] Hardware name: linux,dummy-virt (DT)
[   24.521399] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9lY7pmzTyF5GZT87TbkuZzBC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9lY7pmzTyF5GZT87TbkuZzBC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/Image.gz
sha256sum	d911e61984c5ccbd01c648abc160f807c2efba8f94f7c18dc8b8d0a36d529c56

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/modules.tar.xz
sha256sum	229f6c9e52037b561fbd9dc9141868d0d6dc0d1d276f92a71b0be16dd31c079a

durations

tests

boot	0
kunit	261.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   19.652410] ==================================================================
[   19.652915] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   19.652915] 
[   19.653455] Use-after-free read at 0x(____ptrval____) (in kfence-#79):
[   19.653771]  test_use_after_free_read+0x129/0x270
[   19.654109]  kunit_try_run_case+0x1a5/0x480
[   19.654390]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.654658]  kthread+0x337/0x6f0
[   19.654927]  ret_from_fork+0x116/0x1d0
[   19.655157]  ret_from_fork_asm+0x1a/0x30
[   19.655393] 
[   19.655497] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   19.655497] 
[   19.655963] allocated by task 315 on cpu 0 at 19.652183s (0.003777s ago):
[   19.656237]  test_alloc+0x2a6/0x10f0
[   19.656488]  test_use_after_free_read+0xdc/0x270
[   19.656800]  kunit_try_run_case+0x1a5/0x480
[   19.657221]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.657552]  kthread+0x337/0x6f0
[   19.657778]  ret_from_fork+0x116/0x1d0
[   19.657967]  ret_from_fork_asm+0x1a/0x30
[   19.658138] 
[   19.658284] freed by task 315 on cpu 0 at 19.652232s (0.006050s ago):
[   19.658719]  test_use_after_free_read+0xfb/0x270
[   19.659078]  kunit_try_run_case+0x1a5/0x480
[   19.659336]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.659653]  kthread+0x337/0x6f0
[   19.659886]  ret_from_fork+0x116/0x1d0
[   19.660072]  ret_from_fork_asm+0x1a/0x30
[   19.660340] 
[   19.660518] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   19.661078] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.661338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.661795] ==================================================================
[   19.548451] ==================================================================
[   19.548996] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   19.548996] 
[   19.549523] Use-after-free read at 0x(____ptrval____) (in kfence-#78):
[   19.549847]  test_use_after_free_read+0x129/0x270
[   19.550132]  kunit_try_run_case+0x1a5/0x480
[   19.550318]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.550626]  kthread+0x337/0x6f0
[   19.551085]  ret_from_fork+0x116/0x1d0
[   19.551319]  ret_from_fork_asm+0x1a/0x30
[   19.551524] 
[   19.551630] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   19.551630] 
[   19.552684] allocated by task 313 on cpu 1 at 19.548209s (0.004472s ago):
[   19.553199]  test_alloc+0x364/0x10f0
[   19.553502]  test_use_after_free_read+0xdc/0x270
[   19.553816]  kunit_try_run_case+0x1a5/0x480
[   19.554242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.554464]  kthread+0x337/0x6f0
[   19.554610]  ret_from_fork+0x116/0x1d0
[   19.554793]  ret_from_fork_asm+0x1a/0x30
[   19.555302] 
[   19.555577] freed by task 313 on cpu 1 at 19.548268s (0.007208s ago):
[   19.556151]  test_use_after_free_read+0x1e7/0x270
[   19.556514]  kunit_try_run_case+0x1a5/0x480
[   19.556847]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.557130]  kthread+0x337/0x6f0
[   19.557321]  ret_from_fork+0x116/0x1d0
[   19.557517]  ret_from_fork_asm+0x1a/0x30
[   19.558063] 
[   19.558201] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   19.558970] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.559293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.559853] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9mkQQgPe0x67T169Rj4E3EKb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9mkQQgPe0x67T169Rj4E3EKb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/bzImage
sha256sum	e6462f167ba39a4560973d29e3ca2b81ea2e7cac79fe6da863e3a5afb12c21c7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/modules.tar.xz
sha256sum	f0ef2394c8d178534891fc564988b24b7b350755baf7b1a12ef32113ab0e4297

durations

tests

boot	0
kunit	252.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit