lkft/linux-mainline-master - v6.16-rc6-253-g4871b7cb27f4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 19, 2025, 11:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.611998] ==================================================================
[   19.612359] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   19.612359] 
[   19.612463] Use-after-free read at 0x00000000e3df1cbe (in kfence-#86):
[   19.612776]  test_use_after_free_read+0x114/0x248
[   19.612847]  kunit_try_run_case+0x170/0x3f0
[   19.612891]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.613066]  kthread+0x328/0x630
[   19.613118]  ret_from_fork+0x10/0x20
[   19.613196] 
[   19.613308] kfence-#86: 0x00000000e3df1cbe-0x000000007fe10ce8, size=32, cache=test
[   19.613308] 
[   19.613386] allocated by task 298 on cpu 1 at 19.611034s (0.002331s ago):
[   19.613466]  test_alloc+0x230/0x628
[   19.613509]  test_use_after_free_read+0xd0/0x248
[   19.613862]  kunit_try_run_case+0x170/0x3f0
[   19.614030]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.614117]  kthread+0x328/0x630
[   19.614317]  ret_from_fork+0x10/0x20
[   19.614707] 
[   19.614987] freed by task 298 on cpu 1 at 19.611094s (0.003799s ago):
[   19.615362]  test_use_after_free_read+0xf0/0x248
[   19.615556]  kunit_try_run_case+0x170/0x3f0
[   19.615908]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.616078]  kthread+0x328/0x630
[   19.616120]  ret_from_fork+0x10/0x20
[   19.616318] 
[   19.616600] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.616712] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.616821] Hardware name: linux,dummy-virt (DT)
[   19.616977] ==================================================================
[   19.507746] ==================================================================
[   19.507845] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   19.507845] 
[   19.508567] Use-after-free read at 0x0000000085a1795e (in kfence-#85):
[   19.508671]  test_use_after_free_read+0x114/0x248
[   19.509019]  kunit_try_run_case+0x170/0x3f0
[   19.509081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.509164]  kthread+0x328/0x630
[   19.509215]  ret_from_fork+0x10/0x20
[   19.509525] 
[   19.509628] kfence-#85: 0x0000000085a1795e-0x00000000bb32d74a, size=32, cache=kmalloc-32
[   19.509628] 
[   19.509687] allocated by task 296 on cpu 1 at 19.507178s (0.002505s ago):
[   19.509772]  test_alloc+0x29c/0x628
[   19.510105]  test_use_after_free_read+0xd0/0x248
[   19.510241]  kunit_try_run_case+0x170/0x3f0
[   19.510286]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.510330]  kthread+0x328/0x630
[   19.510625]  ret_from_fork+0x10/0x20
[   19.510824] 
[   19.511423] freed by task 296 on cpu 1 at 19.507521s (0.003583s ago):
[   19.512227]  test_use_after_free_read+0x1c0/0x248
[   19.512397]  kunit_try_run_case+0x170/0x3f0
[   19.512461]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.512513]  kthread+0x328/0x630
[   19.512603]  ret_from_fork+0x10/0x20
[   19.512685] 
[   19.512753] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.512844] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.512884] Hardware name: linux,dummy-virt (DT)
[   19.512932] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hjrHVuMhrP4C74zJJY45Voxp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hjrHVuMhrP4C74zJJY45Voxp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/Image.gz
sha256sum	c169ac4c7e9b0e4bbf64da467768ab89f00b0225b3c522460b0d6d662bcd1ac5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/modules.tar.xz
sha256sum	999d2f5e28bad9d0877e65fac807375f30017fd2497321fa0aded245299f46f3

durations

tests

boot	0
kunit	166.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   17.333686] ==================================================================
[   17.334133] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.334133] 
[   17.335072] Use-after-free read at 0x(____ptrval____) (in kfence-#69):
[   17.335712]  test_use_after_free_read+0x129/0x270
[   17.335969]  kunit_try_run_case+0x1a5/0x480
[   17.336380]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.336668]  kthread+0x337/0x6f0
[   17.336982]  ret_from_fork+0x116/0x1d0
[   17.337296]  ret_from_fork_asm+0x1a/0x30
[   17.337599] 
[   17.337720] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.337720] 
[   17.338257] allocated by task 313 on cpu 1 at 17.333418s (0.004837s ago):
[   17.338734]  test_alloc+0x364/0x10f0
[   17.338997]  test_use_after_free_read+0xdc/0x270
[   17.339330]  kunit_try_run_case+0x1a5/0x480
[   17.339518]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.339934]  kthread+0x337/0x6f0
[   17.340189]  ret_from_fork+0x116/0x1d0
[   17.340389]  ret_from_fork_asm+0x1a/0x30
[   17.340827] 
[   17.341080] freed by task 313 on cpu 1 at 17.333493s (0.007497s ago):
[   17.341594]  test_use_after_free_read+0x1e7/0x270
[   17.341843]  kunit_try_run_case+0x1a5/0x480
[   17.342189]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.342547]  kthread+0x337/0x6f0
[   17.342838]  ret_from_fork+0x116/0x1d0
[   17.343016]  ret_from_fork_asm+0x1a/0x30
[   17.343457] 
[   17.343688] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   17.344148] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.344637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.345033] ==================================================================
[   17.437584] ==================================================================
[   17.437979] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.437979] 
[   17.438914] Use-after-free read at 0x(____ptrval____) (in kfence-#70):
[   17.439217]  test_use_after_free_read+0x129/0x270
[   17.439535]  kunit_try_run_case+0x1a5/0x480
[   17.439691]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.439868]  kthread+0x337/0x6f0
[   17.439993]  ret_from_fork+0x116/0x1d0
[   17.440128]  ret_from_fork_asm+0x1a/0x30
[   17.440494] 
[   17.440666] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.440666] 
[   17.441409] allocated by task 315 on cpu 0 at 17.437459s (0.003948s ago):
[   17.442113]  test_alloc+0x2a6/0x10f0
[   17.442454]  test_use_after_free_read+0xdc/0x270
[   17.442710]  kunit_try_run_case+0x1a5/0x480
[   17.442859]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.443034]  kthread+0x337/0x6f0
[   17.443154]  ret_from_fork+0x116/0x1d0
[   17.443513]  ret_from_fork_asm+0x1a/0x30
[   17.443864] 
[   17.444021] freed by task 315 on cpu 0 at 17.437494s (0.006524s ago):
[   17.444623]  test_use_after_free_read+0xfb/0x270
[   17.444797]  kunit_try_run_case+0x1a5/0x480
[   17.444946]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.445213]  kthread+0x337/0x6f0
[   17.445381]  ret_from_fork+0x116/0x1d0
[   17.445548]  ret_from_fork_asm+0x1a/0x30
[   17.445716] 
[   17.445812] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   17.446298] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.446436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.446991] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hkxk4umYymvAHR1enE6Lr0J7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hkxk4umYymvAHR1enE6Lr0J7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/bzImage
sha256sum	4b79c38ff9b1d3fd5b9bc01d29127c64ba58368915842f230bb5db740b0e37c2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/modules.tar.xz
sha256sum	3ef36255dcc209be48379112d67feb901ccf616788896aa1facf84baa027e63e

durations

tests

boot	0
kunit	219.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit