lkft/linux-mainline-master - v6.16-rc5-193-g40f92e79b0aa - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 11, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.709886] ==================================================================
[   20.710157] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.710157] 
[   20.710279] Use-after-free read at 0x00000000454d10b2 (in kfence-#90):
[   20.710635]  test_use_after_free_read+0x114/0x248
[   20.710710]  kunit_try_run_case+0x170/0x3f0
[   20.710917]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.710965]  kthread+0x328/0x630
[   20.711003]  ret_from_fork+0x10/0x20
[   20.711374] 
[   20.711421] kfence-#90: 0x00000000454d10b2-0x00000000d91a6a87, size=32, cache=kmalloc-32
[   20.711421] 
[   20.711478] allocated by task 296 on cpu 1 at 20.708908s (0.002567s ago):
[   20.711583]  test_alloc+0x29c/0x628
[   20.711633]  test_use_after_free_read+0xd0/0x248
[   20.711674]  kunit_try_run_case+0x170/0x3f0
[   20.711714]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.711759]  kthread+0x328/0x630
[   20.711804]  ret_from_fork+0x10/0x20
[   20.711878] 
[   20.712077] freed by task 296 on cpu 1 at 20.709478s (0.002471s ago):
[   20.712200]  test_use_after_free_read+0x1c0/0x248
[   20.712263]  kunit_try_run_case+0x170/0x3f0
[   20.712311]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.712361]  kthread+0x328/0x630
[   20.712397]  ret_from_fork+0x10/0x20
[   20.712457] 
[   20.712533] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   20.712635] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.712664] Hardware name: linux,dummy-virt (DT)
[   20.712719] ==================================================================
[   20.814139] ==================================================================
[   20.814270] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.814270] 
[   20.814364] Use-after-free read at 0x000000006cc31829 (in kfence-#91):
[   20.814433]  test_use_after_free_read+0x114/0x248
[   20.814915]  kunit_try_run_case+0x170/0x3f0
[   20.815074]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.815121]  kthread+0x328/0x630
[   20.815395]  ret_from_fork+0x10/0x20
[   20.816100] 
[   20.816169] kfence-#91: 0x000000006cc31829-0x000000009221e2b0, size=32, cache=test
[   20.816169] 
[   20.816429] allocated by task 298 on cpu 1 at 20.813600s (0.002825s ago):
[   20.816538]  test_alloc+0x230/0x628
[   20.816886]  test_use_after_free_read+0xd0/0x248
[   20.817018]  kunit_try_run_case+0x170/0x3f0
[   20.817286]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.817462]  kthread+0x328/0x630
[   20.817550]  ret_from_fork+0x10/0x20
[   20.817653] 
[   20.817708] freed by task 298 on cpu 1 at 20.813784s (0.003921s ago):
[   20.818267]  test_use_after_free_read+0xf0/0x248
[   20.818382]  kunit_try_run_case+0x170/0x3f0
[   20.818903]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.819016]  kthread+0x328/0x630
[   20.819258]  ret_from_fork+0x10/0x20
[   20.819413] 
[   20.819763] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   20.819877] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.819946] Hardware name: linux,dummy-virt (DT)
[   20.819985] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW7UZxPiH1T464u20hwJIzMWq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW7UZxPiH1T464u20hwJIzMWq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/Image.gz
sha256sum	73455ba8c867cc31230938836185eba847c55da4ba6373a74526940ec423a2fc

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/modules.tar.xz
sha256sum	b3a38b7dc2158aa4df654dd76a8d8d3385fffbddc38ddea05f97ea9d33ec2580

durations

tests

boot	0
kunit	180.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.583482] ==================================================================
[   18.584066] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.584066] 
[   18.584429] Use-after-free read at 0x(____ptrval____) (in kfence-#77):
[   18.584744]  test_use_after_free_read+0x129/0x270
[   18.584928]  kunit_try_run_case+0x1a5/0x480
[   18.585179]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.585449]  kthread+0x337/0x6f0
[   18.585577]  ret_from_fork+0x116/0x1d0
[   18.585765]  ret_from_fork_asm+0x1a/0x30
[   18.585968] 
[   18.586070] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.586070] 
[   18.586432] allocated by task 314 on cpu 0 at 18.583340s (0.003089s ago):
[   18.586665]  test_alloc+0x2a6/0x10f0
[   18.586985]  test_use_after_free_read+0xdc/0x270
[   18.587254]  kunit_try_run_case+0x1a5/0x480
[   18.587493]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.587750]  kthread+0x337/0x6f0
[   18.587932]  ret_from_fork+0x116/0x1d0
[   18.588091]  ret_from_fork_asm+0x1a/0x30
[   18.588294] 
[   18.588399] freed by task 314 on cpu 0 at 18.583392s (0.005004s ago):
[   18.588689]  test_use_after_free_read+0xfb/0x270
[   18.589113]  kunit_try_run_case+0x1a5/0x480
[   18.589270]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.589448]  kthread+0x337/0x6f0
[   18.589583]  ret_from_fork+0x116/0x1d0
[   18.589782]  ret_from_fork_asm+0x1a/0x30
[   18.590003] 
[   18.590125] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.590549] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.590758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.591183] ==================================================================
[   18.479591] ==================================================================
[   18.480215] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.480215] 
[   18.480562] Use-after-free read at 0x(____ptrval____) (in kfence-#76):
[   18.480952]  test_use_after_free_read+0x129/0x270
[   18.481185]  kunit_try_run_case+0x1a5/0x480
[   18.481491]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.481724]  kthread+0x337/0x6f0
[   18.481859]  ret_from_fork+0x116/0x1d0
[   18.482062]  ret_from_fork_asm+0x1a/0x30
[   18.482235] 
[   18.482334] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   18.482334] 
[   18.482722] allocated by task 312 on cpu 0 at 18.479365s (0.003355s ago):
[   18.483023]  test_alloc+0x364/0x10f0
[   18.483212]  test_use_after_free_read+0xdc/0x270
[   18.483404]  kunit_try_run_case+0x1a5/0x480
[   18.483588]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.483864]  kthread+0x337/0x6f0
[   18.484042]  ret_from_fork+0x116/0x1d0
[   18.484231]  ret_from_fork_asm+0x1a/0x30
[   18.484401] 
[   18.484497] freed by task 312 on cpu 0 at 18.479435s (0.005060s ago):
[   18.484763]  test_use_after_free_read+0x1e7/0x270
[   18.484980]  kunit_try_run_case+0x1a5/0x480
[   18.485180]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.485368]  kthread+0x337/0x6f0
[   18.485490]  ret_from_fork+0x116/0x1d0
[   18.485622]  ret_from_fork_asm+0x1a/0x30
[   18.485828] 
[   18.485960] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.486387] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.486537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.486973] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW8T0rf8x1xNcZqJ5ltfUVkWA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW8T0rf8x1xNcZqJ5ltfUVkWA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/bzImage
sha256sum	7f21af14d55a2a6c00657897b5a61581bc03fb7498328917a2f2ae35737ec23d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/modules.tar.xz
sha256sum	390422b5b27780b5bdc518a6075ef4179367a706b7d88bc8e5416986229d72fd

durations

tests

boot	0
kunit	209.86

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit