lkft/linux-mainline-master - v6.16-rc5-121-gbc9ff192a6c9 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 10, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.667088] ==================================================================
[   20.667164] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.667164] 
[   20.667249] Use-after-free read at 0x0000000022771073 (in kfence-#91):
[   20.667300]  test_use_after_free_read+0x114/0x248
[   20.667520]  kunit_try_run_case+0x170/0x3f0
[   20.667649]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.667720]  kthread+0x328/0x630
[   20.667777]  ret_from_fork+0x10/0x20
[   20.667819] 
[   20.667881] kfence-#91: 0x0000000022771073-0x0000000066df7540, size=32, cache=test
[   20.667881] 
[   20.668011] allocated by task 297 on cpu 0 at 20.666846s (0.001136s ago):
[   20.668226]  test_alloc+0x230/0x628
[   20.668297]  test_use_after_free_read+0xd0/0x248
[   20.668369]  kunit_try_run_case+0x170/0x3f0
[   20.668426]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.668472]  kthread+0x328/0x630
[   20.668595]  ret_from_fork+0x10/0x20
[   20.668636] 
[   20.668894] freed by task 297 on cpu 0 at 20.666941s (0.001740s ago):
[   20.669029]  test_use_after_free_read+0xf0/0x248
[   20.669114]  kunit_try_run_case+0x170/0x3f0
[   20.669159]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.669210]  kthread+0x328/0x630
[   20.669333]  ret_from_fork+0x10/0x20
[   20.669373] 
[   20.669419] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   20.669507] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.669535] Hardware name: linux,dummy-virt (DT)
[   20.669585] ==================================================================
[   20.567642] ==================================================================
[   20.568725] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.568725] 
[   20.569775] Use-after-free read at 0x0000000012bec72f (in kfence-#90):
[   20.570135]  test_use_after_free_read+0x114/0x248
[   20.570355]  kunit_try_run_case+0x170/0x3f0
[   20.571234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.571600]  kthread+0x328/0x630
[   20.572358]  ret_from_fork+0x10/0x20
[   20.572521] 
[   20.573361] kfence-#90: 0x0000000012bec72f-0x0000000040966d38, size=32, cache=kmalloc-32
[   20.573361] 
[   20.573534] allocated by task 295 on cpu 0 at 20.564765s (0.008765s ago):
[   20.573973]  test_alloc+0x29c/0x628
[   20.574190]  test_use_after_free_read+0xd0/0x248
[   20.575075]  kunit_try_run_case+0x170/0x3f0
[   20.575471]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.575783]  kthread+0x328/0x630
[   20.575909]  ret_from_fork+0x10/0x20
[   20.576241] 
[   20.577931] freed by task 295 on cpu 0 at 20.564855s (0.011969s ago):
[   20.578768]  test_use_after_free_read+0x1c0/0x248
[   20.579116]  kunit_try_run_case+0x170/0x3f0
[   20.579279]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.579700]  kthread+0x328/0x630
[   20.580193]  ret_from_fork+0x10/0x20
[   20.580331] 
[   20.580483] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   20.581428] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.581473] Hardware name: linux,dummy-virt (DT)
[   20.581510] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zhh1TJxKKGPTGH75tVSg7ZQ5K3

job_id

TEST:linaro@lkft#2zhh6X6WqdeLDmlh57VpXaQEIUm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zhh6X6WqdeLDmlh57VpXaQEIUm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh2whOnzYxMMUeqyuTKj9MhA1/Image.gz
sha256sum	6a33a49c12017576e8ec763ec43b279cc0364750541d180ab972292e17b20e1f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh2whOnzYxMMUeqyuTKj9MhA1/modules.tar.xz
sha256sum	763eb41fbf87dbccc620abd6da1c60b3280f435cb05c0722314c5afc56c818a8

durations

tests

boot	0
kunit	169.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.509821] ==================================================================
[   18.510233] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.510233] 
[   18.510789] Use-after-free read at 0x(____ptrval____) (in kfence-#76):
[   18.511069]  test_use_after_free_read+0x129/0x270
[   18.511267]  kunit_try_run_case+0x1a5/0x480
[   18.511513]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.511786]  kthread+0x337/0x6f0
[   18.511987]  ret_from_fork+0x116/0x1d0
[   18.512160]  ret_from_fork_asm+0x1a/0x30
[   18.512326] 
[   18.512438] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   18.512438] 
[   18.512870] allocated by task 313 on cpu 1 at 18.509623s (0.003245s ago):
[   18.513130]  test_alloc+0x364/0x10f0
[   18.513265]  test_use_after_free_read+0xdc/0x270
[   18.513467]  kunit_try_run_case+0x1a5/0x480
[   18.513677]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.513962]  kthread+0x337/0x6f0
[   18.514104]  ret_from_fork+0x116/0x1d0
[   18.514239]  ret_from_fork_asm+0x1a/0x30
[   18.514389] 
[   18.514467] freed by task 313 on cpu 1 at 18.509674s (0.004791s ago):
[   18.514806]  test_use_after_free_read+0x1e7/0x270
[   18.515038]  kunit_try_run_case+0x1a5/0x480
[   18.515207]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.515512]  kthread+0x337/0x6f0
[   18.515634]  ret_from_fork+0x116/0x1d0
[   18.515768]  ret_from_fork_asm+0x1a/0x30
[   18.515945] 
[   18.516075] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.516872] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.517068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.517512] ==================================================================
[   18.613787] ==================================================================
[   18.614185] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.614185] 
[   18.614750] Use-after-free read at 0x(____ptrval____) (in kfence-#77):
[   18.615012]  test_use_after_free_read+0x129/0x270
[   18.615229]  kunit_try_run_case+0x1a5/0x480
[   18.615393]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.615703]  kthread+0x337/0x6f0
[   18.615881]  ret_from_fork+0x116/0x1d0
[   18.616062]  ret_from_fork_asm+0x1a/0x30
[   18.616215] 
[   18.616315] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.616315] 
[   18.616701] allocated by task 315 on cpu 1 at 18.613670s (0.003029s ago):
[   18.616989]  test_alloc+0x2a6/0x10f0
[   18.617171]  test_use_after_free_read+0xdc/0x270
[   18.617507]  kunit_try_run_case+0x1a5/0x480
[   18.617707]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.617902]  kthread+0x337/0x6f0
[   18.618025]  ret_from_fork+0x116/0x1d0
[   18.618215]  ret_from_fork_asm+0x1a/0x30
[   18.618431] 
[   18.618529] freed by task 315 on cpu 1 at 18.613714s (0.004813s ago):
[   18.618789]  test_use_after_free_read+0xfb/0x270
[   18.618979]  kunit_try_run_case+0x1a5/0x480
[   18.619191]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.619472]  kthread+0x337/0x6f0
[   18.619618]  ret_from_fork+0x116/0x1d0
[   18.619808]  ret_from_fork_asm+0x1a/0x30
[   18.619953] 
[   18.620045] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.620506] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.620711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.621164] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zhh1TJxKKGPTGH75tVSg7ZQ5K3

job_id

TEST:linaro@lkft#2zhh7dPmlkqdlppZDQ6XzM0iF30

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zhh7dPmlkqdlppZDQ6XzM0iF30

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh4brPbFRP8L5HT7aQLwDEuSt/bzImage
sha256sum	51ed52f1f68ba5ea27b558c10c847ec34107981e2f70718cbc1574acf045c7d6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh4brPbFRP8L5HT7aQLwDEuSt/modules.tar.xz
sha256sum	39c646aa7715edec9a01d30f4285c974624ae561cc143942bb43adde90a6040d

durations

tests

boot	0
kunit	203.16

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit