lkft/linux-mainline-master - v6.16-rc4-319-g05df91921da6 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 5, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.738341] ==================================================================
[   22.738628] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.738628] 
[   22.738741] Use-after-free read at 0x00000000ee9fe3b2 (in kfence-#87):
[   22.738837]  test_use_after_free_read+0x114/0x248
[   22.738891]  kunit_try_run_case+0x170/0x3f0
[   22.738935]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.739279]  kthread+0x328/0x630
[   22.739342]  ret_from_fork+0x10/0x20
[   22.739387] 
[   22.739412] kfence-#87: 0x00000000ee9fe3b2-0x00000000b351db43, size=32, cache=kmalloc-32
[   22.739412] 
[   22.739634] allocated by task 295 on cpu 0 at 22.737830s (0.001772s ago):
[   22.740977]  test_alloc+0x29c/0x628
[   22.742385]  test_use_after_free_read+0xd0/0x248
[   22.743227]  kunit_try_run_case+0x170/0x3f0
[   22.743286]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.743332]  kthread+0x328/0x630
[   22.743368]  ret_from_fork+0x10/0x20
[   22.743423] 
[   22.743572] freed by task 295 on cpu 0 at 22.737951s (0.005525s ago):
[   22.743688]  test_use_after_free_read+0x1c0/0x248
[   22.743735]  kunit_try_run_case+0x170/0x3f0
[   22.743773]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.743820]  kthread+0x328/0x630
[   22.743858]  ret_from_fork+0x10/0x20
[   22.743910] 
[   22.745509] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.746255] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.746290] Hardware name: linux,dummy-virt (DT)
[   22.746326] ==================================================================
[   22.844955] ==================================================================
[   22.845036] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.845036] 
[   22.845187] Use-after-free read at 0x0000000083a7e1f4 (in kfence-#88):
[   22.845283]  test_use_after_free_read+0x114/0x248
[   22.845359]  kunit_try_run_case+0x170/0x3f0
[   22.845403]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.845448]  kthread+0x328/0x630
[   22.845484]  ret_from_fork+0x10/0x20
[   22.845633] 
[   22.845767] kfence-#88: 0x0000000083a7e1f4-0x000000008ef0e3f4, size=32, cache=test
[   22.845767] 
[   22.845828] allocated by task 297 on cpu 0 at 22.844576s (0.001240s ago):
[   22.845899]  test_alloc+0x230/0x628
[   22.845981]  test_use_after_free_read+0xd0/0x248
[   22.846026]  kunit_try_run_case+0x170/0x3f0
[   22.846066]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.846109]  kthread+0x328/0x630
[   22.846145]  ret_from_fork+0x10/0x20
[   22.846266] 
[   22.846407] freed by task 297 on cpu 0 at 22.844732s (0.001669s ago):
[   22.846515]  test_use_after_free_read+0xf0/0x248
[   22.846579]  kunit_try_run_case+0x170/0x3f0
[   22.846628]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.846671]  kthread+0x328/0x630
[   22.846708]  ret_from_fork+0x10/0x20
[   22.846849] 
[   22.847004] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.847083] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.847111] Hardware name: linux,dummy-virt (DT)
[   22.847245] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zTZX5aSUAhJVwr3xqAbJP8OBr6

job_id

TEST:linaro@lkft#2zTZbHzCE6ZylZlp0lglLTGuydp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zTZbHzCE6ZylZlp0lglLTGuydp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZYHU8IyXjvuXMYZoizjQZyTc/Image.gz
sha256sum	f49ecf90b386c92e37781079e5c76c8827d858d3a69ba7e84f2b1cbecb73deae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZYHU8IyXjvuXMYZoizjQZyTc/modules.tar.xz
sha256sum	e009b646d141517f47e4a42f0b55703fe9065c966bd6ab95f60ff2cbbb32d2c4

durations

tests

boot	0
kunit	177.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   19.871694] ==================================================================
[   19.872201] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   19.872201] 
[   19.872692] Use-after-free read at 0x(____ptrval____) (in kfence-#86):
[   19.873053]  test_use_after_free_read+0x129/0x270
[   19.873367]  kunit_try_run_case+0x1a5/0x480
[   19.873541]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.873734]  kthread+0x337/0x6f0
[   19.873948]  ret_from_fork+0x116/0x1d0
[   19.874221]  ret_from_fork_asm+0x1a/0x30
[   19.874504] 
[   19.874627] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   19.874627] 
[   19.875235] allocated by task 315 on cpu 0 at 19.871530s (0.003701s ago):
[   19.876352]  test_alloc+0x2a6/0x10f0
[   19.876571]  test_use_after_free_read+0xdc/0x270
[   19.876871]  kunit_try_run_case+0x1a5/0x480
[   19.877111]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.877699]  kthread+0x337/0x6f0
[   19.877919]  ret_from_fork+0x116/0x1d0
[   19.878269]  ret_from_fork_asm+0x1a/0x30
[   19.878608] 
[   19.878709] freed by task 315 on cpu 0 at 19.871599s (0.007107s ago):
[   19.879363]  test_use_after_free_read+0xfb/0x270
[   19.879639]  kunit_try_run_case+0x1a5/0x480
[   19.880083]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.880464]  kthread+0x337/0x6f0
[   19.880759]  ret_from_fork+0x116/0x1d0
[   19.880994]  ret_from_fork_asm+0x1a/0x30
[   19.881383] 
[   19.881718] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   19.882267] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.882515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.882958] ==================================================================
[   19.767771] ==================================================================
[   19.768378] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   19.768378] 
[   19.768916] Use-after-free read at 0x(____ptrval____) (in kfence-#85):
[   19.769326]  test_use_after_free_read+0x129/0x270
[   19.769549]  kunit_try_run_case+0x1a5/0x480
[   19.769722]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.770028]  kthread+0x337/0x6f0
[   19.770234]  ret_from_fork+0x116/0x1d0
[   19.770482]  ret_from_fork_asm+0x1a/0x30
[   19.770943] 
[   19.771046] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   19.771046] 
[   19.771809] allocated by task 313 on cpu 1 at 19.767536s (0.004270s ago):
[   19.772579]  test_alloc+0x364/0x10f0
[   19.772801]  test_use_after_free_read+0xdc/0x270
[   19.773036]  kunit_try_run_case+0x1a5/0x480
[   19.773481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.773843]  kthread+0x337/0x6f0
[   19.774008]  ret_from_fork+0x116/0x1d0
[   19.774387]  ret_from_fork_asm+0x1a/0x30
[   19.774608] 
[   19.774867] freed by task 313 on cpu 1 at 19.767597s (0.007266s ago):
[   19.775247]  test_use_after_free_read+0x1e7/0x270
[   19.775498]  kunit_try_run_case+0x1a5/0x480
[   19.775717]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.776001]  kthread+0x337/0x6f0
[   19.776185]  ret_from_fork+0x116/0x1d0
[   19.776751]  ret_from_fork_asm+0x1a/0x30
[   19.776977] 
[   19.777350] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   19.778013] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.778706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.779054] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zTZX5aSUAhJVwr3xqAbJP8OBr6

job_id

TEST:linaro@lkft#2zTZcFbN6XeQzYXjm7UmlxHMasy

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zTZcFbN6XeQzYXjm7UmlxHMasy

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZZFZAMBT45oZ2s8wBIxmVp9n/bzImage
sha256sum	a2b57e07193da995daf026b5840aa05cee4f700ac8e7cbccc02c96a1257e68ad

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZZFZAMBT45oZ2s8wBIxmVp9n/modules.tar.xz
sha256sum	335a214650c08e1986ed91f91f100ecc17a4575dda8f8222f7bc05b16bc937f5

durations

tests

boot	0
kunit	257.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit