lkft/linux-mainline-master - v6.16-rc5-53-g8c2e52ebbe88 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 9, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   21.293683] ==================================================================
[   21.293969] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.293969] 
[   21.294212] Use-after-free read at 0x000000007e6fe073 (in kfence-#93):
[   21.294309]  test_use_after_free_read+0x114/0x248
[   21.294362]  kunit_try_run_case+0x170/0x3f0
[   21.294464]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.294551]  kthread+0x328/0x630
[   21.294616]  ret_from_fork+0x10/0x20
[   21.294659] 
[   21.294683] kfence-#93: 0x000000007e6fe073-0x000000001e6f4785, size=32, cache=kmalloc-32
[   21.294683] 
[   21.294735] allocated by task 295 on cpu 0 at 21.293213s (0.001519s ago):
[   21.295036]  test_alloc+0x29c/0x628
[   21.295092]  test_use_after_free_read+0xd0/0x248
[   21.295147]  kunit_try_run_case+0x170/0x3f0
[   21.295335]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.295380]  kthread+0x328/0x630
[   21.295414]  ret_from_fork+0x10/0x20
[   21.295651] 
[   21.296387] freed by task 295 on cpu 0 at 21.293355s (0.002643s ago):
[   21.296750]  test_use_after_free_read+0x1c0/0x248
[   21.296797]  kunit_try_run_case+0x170/0x3f0
[   21.296860]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.297211]  kthread+0x328/0x630
[   21.297573]  ret_from_fork+0x10/0x20
[   21.297714] 
[   21.297929] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   21.298099] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.298199] Hardware name: linux,dummy-virt (DT)
[   21.298234] ==================================================================
[   21.401281] ==================================================================
[   21.401361] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.401361] 
[   21.401447] Use-after-free read at 0x00000000ea0486a0 (in kfence-#94):
[   21.401501]  test_use_after_free_read+0x114/0x248
[   21.401560]  kunit_try_run_case+0x170/0x3f0
[   21.401603]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.401647]  kthread+0x328/0x630
[   21.401688]  ret_from_fork+0x10/0x20
[   21.401729] 
[   21.401754] kfence-#94: 0x00000000ea0486a0-0x000000008a6dc20d, size=32, cache=test
[   21.401754] 
[   21.403166] allocated by task 297 on cpu 0 at 21.400454s (0.002703s ago):
[   21.403255]  test_alloc+0x230/0x628
[   21.403298]  test_use_after_free_read+0xd0/0x248
[   21.403390]  kunit_try_run_case+0x170/0x3f0
[   21.403571]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.404170]  kthread+0x328/0x630
[   21.404275]  ret_from_fork+0x10/0x20
[   21.404737] 
[   21.404813] freed by task 297 on cpu 0 at 21.400937s (0.003835s ago):
[   21.405240]  test_use_after_free_read+0xf0/0x248
[   21.405291]  kunit_try_run_case+0x170/0x3f0
[   21.405332]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.405376]  kthread+0x328/0x630
[   21.405412]  ret_from_fork+0x10/0x20
[   21.405840] 
[   21.406745] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   21.407011] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.407436] Hardware name: linux,dummy-virt (DT)
[   21.407567] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zerdbOsDmJGhDOOfcn5MGLINr4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zerdbOsDmJGhDOOfcn5MGLINr4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/Image.gz
sha256sum	89f9acb15fbf6e84801bacbda6894745389368cc1918c11b82840929e5945e84

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/modules.tar.xz
sha256sum	5b8f2c09ed37ecf5f0d0ccdea1b4979c0eea6c192632c1613f6c12550875e5c5

durations

tests

boot	0
kunit	180.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.011520] ==================================================================
[   18.011964] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.011964] 
[   18.012476] Use-after-free read at 0x(____ptrval____) (in kfence-#72):
[   18.012735]  test_use_after_free_read+0x129/0x270
[   18.012919]  kunit_try_run_case+0x1a5/0x480
[   18.013127]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.013500]  kthread+0x337/0x6f0
[   18.013678]  ret_from_fork+0x116/0x1d0
[   18.013897]  ret_from_fork_asm+0x1a/0x30
[   18.014131] 
[   18.014208] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   18.014208] 
[   18.014602] allocated by task 312 on cpu 0 at 18.011304s (0.003296s ago):
[   18.014952]  test_alloc+0x364/0x10f0
[   18.015178]  test_use_after_free_read+0xdc/0x270
[   18.015331]  kunit_try_run_case+0x1a5/0x480
[   18.015525]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.015818]  kthread+0x337/0x6f0
[   18.016019]  ret_from_fork+0x116/0x1d0
[   18.016299]  ret_from_fork_asm+0x1a/0x30
[   18.016501] 
[   18.016573] freed by task 312 on cpu 0 at 18.011361s (0.005210s ago):
[   18.016870]  test_use_after_free_read+0x1e7/0x270
[   18.017079]  kunit_try_run_case+0x1a5/0x480
[   18.017341]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.017538]  kthread+0x337/0x6f0
[   18.017741]  ret_from_fork+0x116/0x1d0
[   18.017954]  ret_from_fork_asm+0x1a/0x30
[   18.018148] 
[   18.018246] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.018771] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.018976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.019361] ==================================================================
[   18.115467] ==================================================================
[   18.115915] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.115915] 
[   18.116423] Use-after-free read at 0x(____ptrval____) (in kfence-#73):
[   18.116656]  test_use_after_free_read+0x129/0x270
[   18.116833]  kunit_try_run_case+0x1a5/0x480
[   18.117061]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.117346]  kthread+0x337/0x6f0
[   18.117525]  ret_from_fork+0x116/0x1d0
[   18.117662]  ret_from_fork_asm+0x1a/0x30
[   18.117891] 
[   18.117987] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.117987] 
[   18.118442] allocated by task 314 on cpu 1 at 18.115327s (0.003113s ago):
[   18.118672]  test_alloc+0x2a6/0x10f0
[   18.118868]  test_use_after_free_read+0xdc/0x270
[   18.119121]  kunit_try_run_case+0x1a5/0x480
[   18.119454]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.119691]  kthread+0x337/0x6f0
[   18.119860]  ret_from_fork+0x116/0x1d0
[   18.120075]  ret_from_fork_asm+0x1a/0x30
[   18.120252] 
[   18.120329] freed by task 314 on cpu 1 at 18.115387s (0.004939s ago):
[   18.120574]  test_use_after_free_read+0xfb/0x270
[   18.120838]  kunit_try_run_case+0x1a5/0x480
[   18.121044]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.121381]  kthread+0x337/0x6f0
[   18.121504]  ret_from_fork+0x116/0x1d0
[   18.121695]  ret_from_fork_asm+0x1a/0x30
[   18.121903] 
[   18.122029] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.122527] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.122667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.123044] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zereWNnRLZAeOdMUNpobIiLjyq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zereWNnRLZAeOdMUNpobIiLjyq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/bzImage
sha256sum	268854fffad98cae17f08a82775371eb2820b0ac8cc4163845be9ad2651ac2eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/modules.tar.xz
sha256sum	3fdcd4639617aa7b9c8fff27fe84557c223c48cd8b5930857481938554180465

durations

tests

boot	0
kunit	211.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit