lkft/linux-mainline-master - v6.16-rc4-49-gb4911fb0b060 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 2, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.699190] ==================================================================
[   22.699296] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.699296] 
[   22.699531] Use-after-free read at 0x0000000061140d50 (in kfence-#90):
[   22.699821]  test_use_after_free_read+0x114/0x248
[   22.700052]  kunit_try_run_case+0x170/0x3f0
[   22.700165]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.700453]  kthread+0x328/0x630
[   22.700561]  ret_from_fork+0x10/0x20
[   22.700664] 
[   22.700731] kfence-#90: 0x0000000061140d50-0x0000000004351b86, size=32, cache=kmalloc-32
[   22.700731] 
[   22.701105] allocated by task 295 on cpu 0 at 22.698160s (0.002926s ago):
[   22.701317]  test_alloc+0x29c/0x628
[   22.701413]  test_use_after_free_read+0xd0/0x248
[   22.701693]  kunit_try_run_case+0x170/0x3f0
[   22.701836]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.701923]  kthread+0x328/0x630
[   22.701960]  ret_from_fork+0x10/0x20
[   22.702048] 
[   22.702246] freed by task 295 on cpu 0 at 22.698244s (0.003892s ago):
[   22.702403]  test_use_after_free_read+0x1c0/0x248
[   22.702495]  kunit_try_run_case+0x170/0x3f0
[   22.702545]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.702609]  kthread+0x328/0x630
[   22.702665]  ret_from_fork+0x10/0x20
[   22.702721] 
[   22.702788] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.702893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.702924] Hardware name: linux,dummy-virt (DT)
[   22.702968] ==================================================================
[   22.803755] ==================================================================
[   22.803921] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.803921] 
[   22.804056] Use-after-free read at 0x0000000013865890 (in kfence-#91):
[   22.804131]  test_use_after_free_read+0x114/0x248
[   22.804182]  kunit_try_run_case+0x170/0x3f0
[   22.804561]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.804673]  kthread+0x328/0x630
[   22.804772]  ret_from_fork+0x10/0x20
[   22.804939] 
[   22.805038] kfence-#91: 0x0000000013865890-0x0000000025de78f4, size=32, cache=test
[   22.805038] 
[   22.805464] allocated by task 297 on cpu 0 at 22.803212s (0.002245s ago):
[   22.805592]  test_alloc+0x230/0x628
[   22.805895]  test_use_after_free_read+0xd0/0x248
[   22.806026]  kunit_try_run_case+0x170/0x3f0
[   22.806116]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.806221]  kthread+0x328/0x630
[   22.806294]  ret_from_fork+0x10/0x20
[   22.806672] 
[   22.806801] freed by task 297 on cpu 0 at 22.803328s (0.003453s ago):
[   22.807139]  test_use_after_free_read+0xf0/0x248
[   22.807517]  kunit_try_run_case+0x170/0x3f0
[   22.807700]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.807808]  kthread+0x328/0x630
[   22.807936]  ret_from_fork+0x10/0x20
[   22.808031] 
[   22.808084] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.808491] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.808570] Hardware name: linux,dummy-virt (DT)
[   22.808927] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zL5tkJx538LuS4CC9waWjZdK7d

job_id

TEST:linaro@lkft#2zL5ylmx7RUmOXetsb6wmQNCL9F

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zL5ylmx7RUmOXetsb6wmQNCL9F

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5vHipoBPqphspWb9Jr5L3zfM/Image.gz
sha256sum	46de3631a51390d3b1ef1f4d0f673673bc6fcd4a3090b598579b0620c3b1dd78

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5vHipoBPqphspWb9Jr5L3zfM/modules.tar.xz
sha256sum	d74cbfeb470e49b375c874ea6ef4751c3c1b7037bd9d5ae91e3faaa6801aa5c4

durations

tests

boot	0
kunit	180.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.926086] ==================================================================
[   16.926511] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.926511] 
[   16.926958] Use-after-free read at 0x(____ptrval____) (in kfence-#72):
[   16.927239]  test_use_after_free_read+0x129/0x270
[   16.927483]  kunit_try_run_case+0x1a5/0x480
[   16.927706]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.927971]  kthread+0x337/0x6f0
[   16.928103]  ret_from_fork+0x116/0x1d0
[   16.928317]  ret_from_fork_asm+0x1a/0x30
[   16.928526] 
[   16.928630] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.928630] 
[   16.929041] allocated by task 316 on cpu 1 at 16.925940s (0.003098s ago):
[   16.929289]  test_alloc+0x2a6/0x10f0
[   16.929449]  test_use_after_free_read+0xdc/0x270
[   16.929672]  kunit_try_run_case+0x1a5/0x480
[   16.929904]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.930126]  kthread+0x337/0x6f0
[   16.930250]  ret_from_fork+0x116/0x1d0
[   16.930393]  ret_from_fork_asm+0x1a/0x30
[   16.930592] 
[   16.930687] freed by task 316 on cpu 1 at 16.926000s (0.004684s ago):
[   16.931053]  test_use_after_free_read+0xfb/0x270
[   16.931285]  kunit_try_run_case+0x1a5/0x480
[   16.931505]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.931756]  kthread+0x337/0x6f0
[   16.931913]  ret_from_fork+0x116/0x1d0
[   16.932103]  ret_from_fork_asm+0x1a/0x30
[   16.932282] 
[   16.932419] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   16.932908] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.933076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.933362] ==================================================================
[   16.822159] ==================================================================
[   16.822636] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.822636] 
[   16.823378] Use-after-free read at 0x(____ptrval____) (in kfence-#71):
[   16.824043]  test_use_after_free_read+0x129/0x270
[   16.824277]  kunit_try_run_case+0x1a5/0x480
[   16.824503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.824911]  kthread+0x337/0x6f0
[   16.825188]  ret_from_fork+0x116/0x1d0
[   16.825451]  ret_from_fork_asm+0x1a/0x30
[   16.825690] 
[   16.825898] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.825898] 
[   16.826271] allocated by task 314 on cpu 0 at 16.821940s (0.004328s ago):
[   16.826604]  test_alloc+0x364/0x10f0
[   16.827048]  test_use_after_free_read+0xdc/0x270
[   16.827345]  kunit_try_run_case+0x1a5/0x480
[   16.827635]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.828023]  kthread+0x337/0x6f0
[   16.828297]  ret_from_fork+0x116/0x1d0
[   16.828509]  ret_from_fork_asm+0x1a/0x30
[   16.828947] 
[   16.829382] freed by task 314 on cpu 0 at 16.822002s (0.007274s ago):
[   16.829742]  test_use_after_free_read+0x1e7/0x270
[   16.829964]  kunit_try_run_case+0x1a5/0x480
[   16.830311]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.830671]  kthread+0x337/0x6f0
[   16.830946]  ret_from_fork+0x116/0x1d0
[   16.831149]  ret_from_fork_asm+0x1a/0x30
[   16.831498] 
[   16.831732] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   16.832204] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.832550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.833038] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zL5tkJx538LuS4CC9waWjZdK7d

job_id

TEST:linaro@lkft#2zL5zlszAixv4ecBxA6y5NBqJN9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zL5zlszAixv4ecBxA6y5NBqJN9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5wq7HD1gQUpnzhQ3oVfhXshA/bzImage
sha256sum	3bbeae719ec4e3d054aa4f7182084297f368dd78ad89b802ac2716a533024f9e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5wq7HD1gQUpnzhQ3oVfhXshA/modules.tar.xz
sha256sum	72afdabe9ed24c806af37874c7f2185119042be8fabeecff4d0a7e1fd5ed0d93

durations

tests

boot	0
kunit	218.60

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit