lkft/linux-mainline-master - v6.16-rc6-237-gc7de79e662b8 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 18, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.696413] ==================================================================
[   19.696825] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   19.696825] 
[   19.697222] Use-after-free read at 0x0000000092a1220c (in kfence-#85):
[   19.697295]  test_use_after_free_read+0x114/0x248
[   19.697672]  kunit_try_run_case+0x170/0x3f0
[   19.697800]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.697850]  kthread+0x328/0x630
[   19.697900]  ret_from_fork+0x10/0x20
[   19.698437] 
[   19.698926] kfence-#85: 0x0000000092a1220c-0x000000000b2383d1, size=32, cache=kmalloc-32
[   19.698926] 
[   19.699499] allocated by task 295 on cpu 0 at 19.695999s (0.003453s ago):
[   19.699707]  test_alloc+0x29c/0x628
[   19.699814]  test_use_after_free_read+0xd0/0x248
[   19.700243]  kunit_try_run_case+0x170/0x3f0
[   19.700679]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.700737]  kthread+0x328/0x630
[   19.700786]  ret_from_fork+0x10/0x20
[   19.700837] 
[   19.700893] freed by task 295 on cpu 0 at 19.696086s (0.004794s ago):
[   19.700971]  test_use_after_free_read+0x1c0/0x248
[   19.701024]  kunit_try_run_case+0x170/0x3f0
[   19.701082]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.701127]  kthread+0x328/0x630
[   19.701172]  ret_from_fork+0x10/0x20
[   19.701214] 
[   19.701280] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.701502] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.701836] Hardware name: linux,dummy-virt (DT)
[   19.702121] ==================================================================
[   19.799543] ==================================================================
[   19.799626] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   19.799626] 
[   19.800048] Use-after-free read at 0x000000001c04bd14 (in kfence-#86):
[   19.800128]  test_use_after_free_read+0x114/0x248
[   19.800367]  kunit_try_run_case+0x170/0x3f0
[   19.800536]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.800591]  kthread+0x328/0x630
[   19.800632]  ret_from_fork+0x10/0x20
[   19.800816] 
[   19.800858] kfence-#86: 0x000000001c04bd14-0x000000001fa2beeb, size=32, cache=test
[   19.800858] 
[   19.800915] allocated by task 297 on cpu 0 at 19.799268s (0.001643s ago):
[   19.800995]  test_alloc+0x230/0x628
[   19.801039]  test_use_after_free_read+0xd0/0x248
[   19.801083]  kunit_try_run_case+0x170/0x3f0
[   19.801125]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.801173]  kthread+0x328/0x630
[   19.801210]  ret_from_fork+0x10/0x20
[   19.801250] 
[   19.801344] freed by task 297 on cpu 0 at 19.799401s (0.001872s ago):
[   19.801457]  test_use_after_free_read+0xf0/0x248
[   19.801503]  kunit_try_run_case+0x170/0x3f0
[   19.801545]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.801591]  kthread+0x328/0x630
[   19.801629]  ret_from_fork+0x10/0x20
[   19.801683] 
[   19.801728] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.801807] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.801841] Hardware name: linux,dummy-virt (DT)
[   19.801874] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

304I74qE3r0xJScpa5F21DtNBKi

job_id

TEST:linaro@lkft#304IAoS8ehJbrsRCCdrQhkPrtZI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/304IAoS8ehJbrsRCCdrQhkPrtZI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I87Uo6xzzZ3NSNcslasZfSRN/Image.gz
sha256sum	2327c644062cfbec906717af44c5e27e8b69bcddd820709922f2265ba777660d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I87Uo6xzzZ3NSNcslasZfSRN/modules.tar.xz
sha256sum	eeb00a0e627a7c6809728a0593d4dbfc62943b3f4d5fd935f13ba3f570db6496

durations

tests

boot	0
kunit	171.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   17.846467] ==================================================================
[   17.846893] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.846893] 
[   17.847496] Use-after-free read at 0x(____ptrval____) (in kfence-#73):
[   17.848136]  test_use_after_free_read+0x129/0x270
[   17.848374]  kunit_try_run_case+0x1a5/0x480
[   17.848812]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.849161]  kthread+0x337/0x6f0
[   17.849370]  ret_from_fork+0x116/0x1d0
[   17.849752]  ret_from_fork_asm+0x1a/0x30
[   17.849967] 
[   17.850246] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.850246] 
[   17.850649] allocated by task 316 on cpu 1 at 17.846327s (0.004319s ago):
[   17.851059]  test_alloc+0x2a6/0x10f0
[   17.851405]  test_use_after_free_read+0xdc/0x270
[   17.851738]  kunit_try_run_case+0x1a5/0x480
[   17.852035]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.852288]  kthread+0x337/0x6f0
[   17.852675]  ret_from_fork+0x116/0x1d0
[   17.852948]  ret_from_fork_asm+0x1a/0x30
[   17.853231] 
[   17.853359] freed by task 316 on cpu 1 at 17.846390s (0.006966s ago):
[   17.853794]  test_use_after_free_read+0xfb/0x270
[   17.854027]  kunit_try_run_case+0x1a5/0x480
[   17.854235]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.854492]  kthread+0x337/0x6f0
[   17.854916]  ret_from_fork+0x116/0x1d0
[   17.855087]  ret_from_fork_asm+0x1a/0x30
[   17.855411] 
[   17.855654] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   17.856183] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.856387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.857012] ==================================================================
[   17.742541] ==================================================================
[   17.743036] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.743036] 
[   17.743590] Use-after-free read at 0x(____ptrval____) (in kfence-#72):
[   17.743844]  test_use_after_free_read+0x129/0x270
[   17.744099]  kunit_try_run_case+0x1a5/0x480
[   17.744311]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.744555]  kthread+0x337/0x6f0
[   17.744744]  ret_from_fork+0x116/0x1d0
[   17.744923]  ret_from_fork_asm+0x1a/0x30
[   17.745075] 
[   17.745175] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.745175] 
[   17.745603] allocated by task 314 on cpu 0 at 17.742309s (0.003292s ago):
[   17.746075]  test_alloc+0x364/0x10f0
[   17.746254]  test_use_after_free_read+0xdc/0x270
[   17.746492]  kunit_try_run_case+0x1a5/0x480
[   17.746711]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.747042]  kthread+0x337/0x6f0
[   17.747240]  ret_from_fork+0x116/0x1d0
[   17.747389]  ret_from_fork_asm+0x1a/0x30
[   17.747692] 
[   17.747937] freed by task 314 on cpu 0 at 17.742394s (0.005431s ago):
[   17.748301]  test_use_after_free_read+0x1e7/0x270
[   17.748580]  kunit_try_run_case+0x1a5/0x480
[   17.748752]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.748929]  kthread+0x337/0x6f0
[   17.749068]  ret_from_fork+0x116/0x1d0
[   17.749278]  ret_from_fork_asm+0x1a/0x30
[   17.749496] 
[   17.749616] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   17.750285] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.750485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.750867] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

304I74qE3r0xJScpa5F21DtNBKi

job_id

TEST:linaro@lkft#304IBtjw5gAFiQFtjheOZVsLnJd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/304IBtjw5gAFiQFtjheOZVsLnJd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I8v4gAXANgVsBFBP9Xgpwo9H/bzImage
sha256sum	74b158d3087b541db14488f1c5db89bcaabd464c1e74c13c892d531ea76b1c6d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I8v4gAXANgVsBFBP9Xgpwo9H/modules.tar.xz
sha256sum	82d2eca680645b0e05a8b7307d7b91914de6f6b8f19a6a17cfb131cfaa8719a0

durations

tests

boot	0
kunit	221.87

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit