lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-rcu_uaf_reclaim

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64

[   15.599421] ==================================================================
[   15.602942] BUG: KFENCE: use-after-free read in rcu_uaf_reclaim+0x48/0x70
[   15.602942] 
[   15.603466] Use-after-free read at 0x0000000088637f4a (in kfence-#55):
[   15.603685]  rcu_uaf_reclaim+0x48/0x70
[   15.603731]  rcu_core+0x9f4/0x1e20
[   15.603773]  rcu_core_si+0x18/0x30
[   15.603808]  handle_softirqs+0x374/0xb28
[   15.605201]  __do_softirq+0x1c/0x28
[   15.605394]  ____do_softirq+0x18/0x30
[   15.606307]  call_on_irq_stack+0x24/0x30
[   15.606428]  do_softirq_own_stack+0x24/0x38
[   15.607150]  __irq_exit_rcu+0x1fc/0x318
[   15.607227]  irq_exit_rcu+0x1c/0x80
[   15.607284]  el1_interrupt+0x38/0x58
[   15.607356]  el1h_64_irq_handler+0x18/0x28
[   15.607480]  el1h_64_irq+0x6c/0x70
[   15.607512]  arch_local_irq_enable+0x4/0x8
[   15.607555]  do_idle+0x384/0x4e8
[   15.607758]  cpu_startup_entry+0x64/0x80
[   15.608360]  rest_init+0x160/0x188
[   15.608427]  start_kernel+0x30c/0x3d0
[   15.608475]  __primary_switched+0x8c/0xa0
[   15.608513] 
[   15.608535] kfence-#55: 0x0000000088637f4a-0x000000000fcceb00, size=24, cache=kmalloc-32
[   15.608535] 
[   15.610353] allocated by task 198 on cpu 0 at 15.580197s (0.028395s ago):
[   15.610788]  rcu_uaf+0xb0/0x2d8
[   15.610835]  kunit_try_run_case+0x170/0x3f0
[   15.610874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.611170]  kthread+0x328/0x630
[   15.611386]  ret_from_fork+0x10/0x20
[   15.611443] 
[   15.611465] freed by task 0 on cpu 0 at 15.595963s (0.015498s ago):
[   15.612095]  rcu_uaf_reclaim+0x28/0x70
[   15.612137]  rcu_core+0x9f4/0x1e20
[   15.612171]  rcu_core_si+0x18/0x30
[   15.612208]  handle_softirqs+0x374/0xb28
[   15.613253]  __do_softirq+0x1c/0x28
[   15.613300]  ____do_softirq+0x18/0x30
[   15.613768]  call_on_irq_stack+0x24/0x30
[   15.613954]  do_softirq_own_stack+0x24/0x38
[   15.614371]  __irq_exit_rcu+0x1fc/0x318
[   15.615334]  irq_exit_rcu+0x1c/0x80
[   15.615810]  el1_interrupt+0x38/0x58
[   15.615930]  el1h_64_irq_handler+0x18/0x28
[   15.615993]  el1h_64_irq+0x6c/0x70
[   15.616039]  arch_local_irq_enable+0x4/0x8
[   15.616485]  do_idle+0x384/0x4e8
[   15.616591]  cpu_startup_entry+0x64/0x80
[   15.616629]  rest_init+0x160/0x188
[   15.616672]  start_kernel+0x30c/0x3d0
[   15.616709]  __primary_switched+0x8c/0xa0
[   15.618365] 
[   15.618442] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.618871] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.618947] Hardware name: linux,dummy-virt (DT)
[   15.619054] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit