lkft/linux-mainline-master - v6.16-rc5-224-g379f604cc3dc - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 12, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   25.613989] ==================================================================
[   25.614091] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   25.614091] 
[   25.614203] Use-after-free read at 0x00000000a87746b8 (in kfence-#133):
[   25.614264]  test_use_after_free_read+0x114/0x248
[   25.614325]  kunit_try_run_case+0x170/0x3f0
[   25.614377]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.614427]  kthread+0x328/0x630
[   25.614471]  ret_from_fork+0x10/0x20
[   25.614517] 
[   25.614561] kfence-#133: 0x00000000a87746b8-0x00000000410a09a1, size=32, cache=test
[   25.614561] 
[   25.614623] allocated by task 298 on cpu 1 at 25.611663s (0.002955s ago):
[   25.614709]  test_alloc+0x230/0x628
[   25.614759]  test_use_after_free_read+0xd0/0x248
[   25.614805]  kunit_try_run_case+0x170/0x3f0
[   25.614873]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.614924]  kthread+0x328/0x630
[   25.614966]  ret_from_fork+0x10/0x20
[   25.615011] 
[   25.615038] freed by task 298 on cpu 1 at 25.611784s (0.003249s ago):
[   25.615112]  test_use_after_free_read+0xf0/0x248
[   25.615160]  kunit_try_run_case+0x170/0x3f0
[   25.615205]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.615255]  kthread+0x328/0x630
[   25.615296]  ret_from_fork+0x10/0x20
[   25.615339] 
[   25.615390] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   25.615483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.615516] Hardware name: linux,dummy-virt (DT)
[   25.615556] ==================================================================
[   25.507014] ==================================================================
[   25.507199] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   25.507199] 
[   25.507389] Use-after-free read at 0x00000000b0219fa1 (in kfence-#132):
[   25.507550]  test_use_after_free_read+0x114/0x248
[   25.507726]  kunit_try_run_case+0x170/0x3f0
[   25.507897]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.508049]  kthread+0x328/0x630
[   25.508177]  ret_from_fork+0x10/0x20
[   25.508319] 
[   25.508383] kfence-#132: 0x00000000b0219fa1-0x00000000575235aa, size=32, cache=kmalloc-32
[   25.508383] 
[   25.508521] allocated by task 296 on cpu 1 at 25.506339s (0.002169s ago):
[   25.508754]  test_alloc+0x29c/0x628
[   25.509143]  test_use_after_free_read+0xd0/0x248
[   25.509271]  kunit_try_run_case+0x170/0x3f0
[   25.509376]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.509577]  kthread+0x328/0x630
[   25.509683]  ret_from_fork+0x10/0x20
[   25.509762] 
[   25.509807] freed by task 296 on cpu 1 at 25.506502s (0.003298s ago):
[   25.509981]  test_use_after_free_read+0x1c0/0x248
[   25.510101]  kunit_try_run_case+0x170/0x3f0
[   25.510188]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.510285]  kthread+0x328/0x630
[   25.510363]  ret_from_fork+0x10/0x20
[   25.510445] 
[   25.510608] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   25.510898] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.510995] Hardware name: linux,dummy-virt (DT)
[   25.511101] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlverRb5fPdptEkZ6zMvlyzm1I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlverRb5fPdptEkZ6zMvlyzm1I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/Image.gz
sha256sum	c9e48236e89d2de4ae2e1bd084878fc8548c676082f395c1121631c860b60412

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/modules.tar.xz
sha256sum	e24d92e515f54e515d26355283c0915768fc78096b724afb30cb660de602c681

durations

tests

boot	0
kunit	290.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.217084] ==================================================================
[   18.217468] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.217468] 
[   18.217972] Use-after-free read at 0x(____ptrval____) (in kfence-#70):
[   18.219040]  test_use_after_free_read+0x129/0x270
[   18.219275]  kunit_try_run_case+0x1a5/0x480
[   18.219480]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.220025]  kthread+0x337/0x6f0
[   18.220197]  ret_from_fork+0x116/0x1d0
[   18.220535]  ret_from_fork_asm+0x1a/0x30
[   18.220857] 
[   18.220955] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   18.220955] 
[   18.221468] allocated by task 313 on cpu 1 at 18.216902s (0.004563s ago):
[   18.221953]  test_alloc+0x364/0x10f0
[   18.222222]  test_use_after_free_read+0xdc/0x270
[   18.222459]  kunit_try_run_case+0x1a5/0x480
[   18.222890]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.223231]  kthread+0x337/0x6f0
[   18.223489]  ret_from_fork+0x116/0x1d0
[   18.223674]  ret_from_fork_asm+0x1a/0x30
[   18.223887] 
[   18.223961] freed by task 313 on cpu 1 at 18.216970s (0.006988s ago):
[   18.224259]  test_use_after_free_read+0x1e7/0x270
[   18.224464]  kunit_try_run_case+0x1a5/0x480
[   18.225036]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.225288]  kthread+0x337/0x6f0
[   18.225531]  ret_from_fork+0x116/0x1d0
[   18.225857]  ret_from_fork_asm+0x1a/0x30
[   18.226145] 
[   18.226292] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.226912] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.227199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.227582] ==================================================================
[   18.321139] ==================================================================
[   18.321595] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.321595] 
[   18.322029] Use-after-free read at 0x(____ptrval____) (in kfence-#71):
[   18.322305]  test_use_after_free_read+0x129/0x270
[   18.322477]  kunit_try_run_case+0x1a5/0x480
[   18.322691]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.323058]  kthread+0x337/0x6f0
[   18.323244]  ret_from_fork+0x116/0x1d0
[   18.323414]  ret_from_fork_asm+0x1a/0x30
[   18.323605] 
[   18.323758] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.323758] 
[   18.324040] allocated by task 315 on cpu 0 at 18.320994s (0.003044s ago):
[   18.324367]  test_alloc+0x2a6/0x10f0
[   18.324553]  test_use_after_free_read+0xdc/0x270
[   18.324939]  kunit_try_run_case+0x1a5/0x480
[   18.325103]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.325324]  kthread+0x337/0x6f0
[   18.325448]  ret_from_fork+0x116/0x1d0
[   18.325605]  ret_from_fork_asm+0x1a/0x30
[   18.325830] 
[   18.325927] freed by task 315 on cpu 0 at 18.321051s (0.004874s ago):
[   18.326247]  test_use_after_free_read+0xfb/0x270
[   18.326415]  kunit_try_run_case+0x1a5/0x480
[   18.326629]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.326913]  kthread+0x337/0x6f0
[   18.327079]  ret_from_fork+0x116/0x1d0
[   18.327244]  ret_from_fork_asm+0x1a/0x30
[   18.327395] 
[   18.327520] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.327918] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.328056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.328816] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlvfyTmTyminRKXkr1Gwqf6AqT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlvfyTmTyminRKXkr1Gwqf6AqT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/bzImage
sha256sum	f2525a42db3db7704392b60a0a7b6300b86c21d1b4e3f0c9a4ee165428e9e2ac

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/modules.tar.xz
sha256sum	3e7e7b5cd868a19ceea397cd34a8ca08bcda09aac07bf76e95a38de35372b59a

durations

tests

boot	0
kunit	211.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit