lkft/linux-mainline-master - v6.16-rc4-324-g1f988d0788f5 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 6, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.822693] ==================================================================
[   22.822788] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.822788] 
[   22.822953] Use-after-free read at 0x00000000cc7f0e75 (in kfence-#92):
[   22.823006]  test_use_after_free_read+0x114/0x248
[   22.823327]  kunit_try_run_case+0x170/0x3f0
[   22.823468]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.823557]  kthread+0x328/0x630
[   22.823602]  ret_from_fork+0x10/0x20
[   22.823696] 
[   22.823724] kfence-#92: 0x00000000cc7f0e75-0x00000000c946a745, size=32, cache=test
[   22.823724] 
[   22.823776] allocated by task 297 on cpu 0 at 22.822103s (0.001669s ago):
[   22.823845]  test_alloc+0x230/0x628
[   22.823885]  test_use_after_free_read+0xd0/0x248
[   22.823927]  kunit_try_run_case+0x170/0x3f0
[   22.823979]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.824028]  kthread+0x328/0x630
[   22.824065]  ret_from_fork+0x10/0x20
[   22.824103] 
[   22.824133] freed by task 297 on cpu 0 at 22.822162s (0.001967s ago):
[   22.824251]  test_use_after_free_read+0xf0/0x248
[   22.824553]  kunit_try_run_case+0x170/0x3f0
[   22.824621]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.824667]  kthread+0x328/0x630
[   22.824702]  ret_from_fork+0x10/0x20
[   22.825330] 
[   22.825499] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.825689] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.825793] Hardware name: linux,dummy-virt (DT)
[   22.825859] ==================================================================
[   22.719189] ==================================================================
[   22.719726] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.719726] 
[   22.720148] Use-after-free read at 0x00000000a579c59c (in kfence-#91):
[   22.720263]  test_use_after_free_read+0x114/0x248
[   22.720441]  kunit_try_run_case+0x170/0x3f0
[   22.720502]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.720548]  kthread+0x328/0x630
[   22.720592]  ret_from_fork+0x10/0x20
[   22.720671] 
[   22.720698] kfence-#91: 0x00000000a579c59c-0x0000000014bf1f98, size=32, cache=kmalloc-32
[   22.720698] 
[   22.720762] allocated by task 295 on cpu 0 at 22.718461s (0.002287s ago):
[   22.720831]  test_alloc+0x29c/0x628
[   22.720876]  test_use_after_free_read+0xd0/0x248
[   22.720927]  kunit_try_run_case+0x170/0x3f0
[   22.720967]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.721010]  kthread+0x328/0x630
[   22.721046]  ret_from_fork+0x10/0x20
[   22.721097] 
[   22.721247] freed by task 295 on cpu 0 at 22.718532s (0.002616s ago):
[   22.721361]  test_use_after_free_read+0x1c0/0x248
[   22.721406]  kunit_try_run_case+0x170/0x3f0
[   22.721446]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.721489]  kthread+0x328/0x630
[   22.721524]  ret_from_fork+0x10/0x20
[   22.721574] 
[   22.721639] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.721718] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.721747] Hardware name: linux,dummy-virt (DT)
[   22.721788] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zUyns4bBvJgsOeHTwSzB14BtXy

job_id

TEST:linaro@lkft#2zUyssrHyt2jcP8yPQqYdfR4u49

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zUyssrHyt2jcP8yPQqYdfR4u49

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUypMiNO3jFX9e8gXLicpOScyJ/Image.gz
sha256sum	20138ff04fbdb8b45f1eeb9004b1d0cf48a53b032c3e8f76779495b2c7e2954a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUypMiNO3jFX9e8gXLicpOScyJ/modules.tar.xz
sha256sum	ae84c0452ffc57473194b7ff1a0410047a3c87f102f4efa2c73a07bec335e1f4

durations

tests

boot	0
kunit	172.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.136886] ==================================================================
[   17.137418] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.137418] 
[   17.137800] Use-after-free read at 0x(____ptrval____) (in kfence-#72):
[   17.138199]  test_use_after_free_read+0x129/0x270
[   17.138789]  kunit_try_run_case+0x1a5/0x480
[   17.139282]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.139739]  kthread+0x337/0x6f0
[   17.139894]  ret_from_fork+0x116/0x1d0
[   17.140309]  ret_from_fork_asm+0x1a/0x30
[   17.140537] 
[   17.140654] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.140654] 
[   17.141249] allocated by task 314 on cpu 0 at 17.136758s (0.004488s ago):
[   17.141722]  test_alloc+0x2a6/0x10f0
[   17.141903]  test_use_after_free_read+0xdc/0x270
[   17.142321]  kunit_try_run_case+0x1a5/0x480
[   17.142621]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.142878]  kthread+0x337/0x6f0
[   17.143218]  ret_from_fork+0x116/0x1d0
[   17.143500]  ret_from_fork_asm+0x1a/0x30
[   17.143719] 
[   17.143823] freed by task 314 on cpu 0 at 17.136800s (0.007020s ago):
[   17.144358]  test_use_after_free_read+0xfb/0x270
[   17.144573]  kunit_try_run_case+0x1a5/0x480
[   17.144841]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.145234]  kthread+0x337/0x6f0
[   17.145488]  ret_from_fork+0x116/0x1d0
[   17.145690]  ret_from_fork_asm+0x1a/0x30
[   17.146016] 
[   17.146276] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.146740] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.147128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.147613] ==================================================================
[   17.032994] ==================================================================
[   17.033429] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.033429] 
[   17.033933] Use-after-free read at 0x(____ptrval____) (in kfence-#71):
[   17.034243]  test_use_after_free_read+0x129/0x270
[   17.034454]  kunit_try_run_case+0x1a5/0x480
[   17.034663]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.034846]  kthread+0x337/0x6f0
[   17.035045]  ret_from_fork+0x116/0x1d0
[   17.035288]  ret_from_fork_asm+0x1a/0x30
[   17.035552] 
[   17.035662] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.035662] 
[   17.036051] allocated by task 312 on cpu 1 at 17.032748s (0.003301s ago):
[   17.036308]  test_alloc+0x364/0x10f0
[   17.036475]  test_use_after_free_read+0xdc/0x270
[   17.036706]  kunit_try_run_case+0x1a5/0x480
[   17.036925]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.037143]  kthread+0x337/0x6f0
[   17.037267]  ret_from_fork+0x116/0x1d0
[   17.037659]  ret_from_fork_asm+0x1a/0x30
[   17.037870] 
[   17.038094] freed by task 312 on cpu 1 at 17.032819s (0.005195s ago):
[   17.038432]  test_use_after_free_read+0x1e7/0x270
[   17.038606]  kunit_try_run_case+0x1a5/0x480
[   17.038794]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.039062]  kthread+0x337/0x6f0
[   17.039242]  ret_from_fork+0x116/0x1d0
[   17.039509]  ret_from_fork_asm+0x1a/0x30
[   17.039686] 
[   17.039791] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.040365] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.040566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.040916] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zUyns4bBvJgsOeHTwSzB14BtXy

job_id

TEST:linaro@lkft#2zUyu2HzOIhrWdigGxE1n02NgIH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zUyu2HzOIhrWdigGxE1n02NgIH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUyqpSVEGJuU14lZjYbktxi5ks/bzImage
sha256sum	eb3a236ffe04c7b8cec8d887ec6c90f532d889cb3e6061e4be63b00dbfbee3e8

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUyqpSVEGJuU14lZjYbktxi5ks/modules.tar.xz
sha256sum	5901b75e8ac24e9b96c3260a67030d9eb9e0418b66a6907ac121941a493d3a5e

durations

tests

boot	0
kunit	227.24

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit