lkft/linux-mainline-master - v6.16-rc6-37-ge2291551827f - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 17, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.944237] ==================================================================
[   19.944570] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   19.944570] 
[   19.944703] Use-after-free read at 0x00000000f821d117 (in kfence-#86):
[   19.944760]  test_use_after_free_read+0x114/0x248
[   19.945073]  kunit_try_run_case+0x170/0x3f0
[   19.945233]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.945593]  kthread+0x328/0x630
[   19.945649]  ret_from_fork+0x10/0x20
[   19.945778] 
[   19.945888] kfence-#86: 0x00000000f821d117-0x0000000041b7e6e8, size=32, cache=test
[   19.945888] 
[   19.946097] allocated by task 298 on cpu 0 at 19.943689s (0.002382s ago):
[   19.946538]  test_alloc+0x230/0x628
[   19.946686]  test_use_after_free_read+0xd0/0x248
[   19.946910]  kunit_try_run_case+0x170/0x3f0
[   19.947125]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.947261]  kthread+0x328/0x630
[   19.947342]  ret_from_fork+0x10/0x20
[   19.947615] 
[   19.947817] freed by task 298 on cpu 0 at 19.943776s (0.003999s ago):
[   19.948064]  test_use_after_free_read+0xf0/0x248
[   19.948308]  kunit_try_run_case+0x170/0x3f0
[   19.948487]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.948613]  kthread+0x328/0x630
[   19.948681]  ret_from_fork+0x10/0x20
[   19.948923] 
[   19.948992] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.949223] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.949255] Hardware name: linux,dummy-virt (DT)
[   19.949318] ==================================================================
[   19.834316] ==================================================================
[   19.834698] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   19.834698] 
[   19.834806] Use-after-free read at 0x0000000078a12d3d (in kfence-#85):
[   19.834861]  test_use_after_free_read+0x114/0x248
[   19.834908]  kunit_try_run_case+0x170/0x3f0
[   19.834953]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.835007]  kthread+0x328/0x630
[   19.835043]  ret_from_fork+0x10/0x20
[   19.835085] 
[   19.835108] kfence-#85: 0x0000000078a12d3d-0x00000000ddb1bee2, size=32, cache=kmalloc-32
[   19.835108] 
[   19.835181] allocated by task 296 on cpu 0 at 19.833787s (0.001389s ago):
[   19.835251]  test_alloc+0x29c/0x628
[   19.835298]  test_use_after_free_read+0xd0/0x248
[   19.835350]  kunit_try_run_case+0x170/0x3f0
[   19.835389]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.835438]  kthread+0x328/0x630
[   19.835474]  ret_from_fork+0x10/0x20
[   19.835521] 
[   19.835680] freed by task 296 on cpu 0 at 19.834024s (0.001544s ago):
[   19.835798]  test_use_after_free_read+0x1c0/0x248
[   19.835857]  kunit_try_run_case+0x170/0x3f0
[   19.835897]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.835940]  kthread+0x328/0x630
[   19.835974]  ret_from_fork+0x10/0x20
[   19.836928] 
[   19.837117] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   19.837305] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.837391] Hardware name: linux,dummy-virt (DT)
[   19.837458] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3003M942ob4BTLEn8Aseea5B8RJ

job_id

TEST:linaro@lkft#3003QRiEnhxBi5vhC0jxaNVXmcS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3003QRiEnhxBi5vhC0jxaNVXmcS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003NHs0B68ZGBetkLilYavuDFy/Image.gz
sha256sum	9ef31b16479117b68c0f561eaeaa8823716042fb27d398853ce96cfca127f95e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003NHs0B68ZGBetkLilYavuDFy/modules.tar.xz
sha256sum	6dda0b757b3bcf288fc6551d8e2b1e653bdd9378e1cef459bf5759205275c144

durations

tests

boot	0
kunit	172.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.986898] ==================================================================
[   17.987452] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.987452] 
[   17.987929] Use-after-free read at 0x(____ptrval____) (in kfence-#66):
[   17.988198]  test_use_after_free_read+0x129/0x270
[   17.988441]  kunit_try_run_case+0x1a5/0x480
[   17.988684]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.988970]  kthread+0x337/0x6f0
[   17.989148]  ret_from_fork+0x116/0x1d0
[   17.989340]  ret_from_fork_asm+0x1a/0x30
[   17.989486] 
[   17.989575] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.989575] 
[   17.990102] allocated by task 312 on cpu 1 at 17.986693s (0.003406s ago):
[   17.990577]  test_alloc+0x364/0x10f0
[   17.990795]  test_use_after_free_read+0xdc/0x270
[   17.991019]  kunit_try_run_case+0x1a5/0x480
[   17.991199]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.991373]  kthread+0x337/0x6f0
[   17.991493]  ret_from_fork+0x116/0x1d0
[   17.991722]  ret_from_fork_asm+0x1a/0x30
[   17.991938] 
[   17.992434] freed by task 312 on cpu 1 at 17.986744s (0.005512s ago):
[   17.993456]  test_use_after_free_read+0x1e7/0x270
[   17.993691]  kunit_try_run_case+0x1a5/0x480
[   17.994113]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.994400]  kthread+0x337/0x6f0
[   17.994866]  ret_from_fork+0x116/0x1d0
[   17.995008]  ret_from_fork_asm+0x1a/0x30
[   17.995169] 
[   17.995273] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   17.995813] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.996306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.996857] ==================================================================
[   18.090756] ==================================================================
[   18.091153] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.091153] 
[   18.091593] Use-after-free read at 0x(____ptrval____) (in kfence-#67):
[   18.091897]  test_use_after_free_read+0x129/0x270
[   18.092144]  kunit_try_run_case+0x1a5/0x480
[   18.092357]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.092658]  kthread+0x337/0x6f0
[   18.092843]  ret_from_fork+0x116/0x1d0
[   18.093033]  ret_from_fork_asm+0x1a/0x30
[   18.093177] 
[   18.093252] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.093252] 
[   18.093594] allocated by task 314 on cpu 0 at 18.090591s (0.003001s ago):
[   18.093990]  test_alloc+0x2a6/0x10f0
[   18.094223]  test_use_after_free_read+0xdc/0x270
[   18.094489]  kunit_try_run_case+0x1a5/0x480
[   18.094713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.094975]  kthread+0x337/0x6f0
[   18.095120]  ret_from_fork+0x116/0x1d0
[   18.095254]  ret_from_fork_asm+0x1a/0x30
[   18.095402] 
[   18.095528] freed by task 314 on cpu 0 at 18.090655s (0.004870s ago):
[   18.095889]  test_use_after_free_read+0xfb/0x270
[   18.096156]  kunit_try_run_case+0x1a5/0x480
[   18.096368]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.096692]  kthread+0x337/0x6f0
[   18.096858]  ret_from_fork+0x116/0x1d0
[   18.097028]  ret_from_fork_asm+0x1a/0x30
[   18.097251] 
[   18.097389] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   18.097864] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.098043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.098487] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3003M942ob4BTLEn8Aseea5B8RJ

job_id

TEST:linaro@lkft#3003RZF7XnQmdPtM5cUiAwKFtCz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3003RZF7XnQmdPtM5cUiAwKFtCz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003OTpuRWvyGUlL7jaPEGEgnga/bzImage
sha256sum	9e432f7c2ce284ae4c046a3c28b251bd05c2eeee0552939f78c78f7dfd4e4b62

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003OTpuRWvyGUlL7jaPEGEgnga/modules.tar.xz
sha256sum	0463dd5e8a00ad40cd4bcdb9cac1553cc5906788b61bb36c5984bb82fa7d83ab

durations

tests

boot	0
kunit	247.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit