lkft/linux-next-master - next-20250616 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 16, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   24.286530] ==================================================================
[   24.286685] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   24.286685] 
[   24.286881] Use-after-free read at 0x0000000094f13ee0 (in kfence-#125):
[   24.287003]  test_use_after_free_read+0x114/0x248
[   24.287113]  kunit_try_run_case+0x170/0x3f0
[   24.287217]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.287325]  kthread+0x328/0x630
[   24.287421]  ret_from_fork+0x10/0x20
[   24.287511] 
[   24.287570] kfence-#125: 0x0000000094f13ee0-0x00000000c80bc3a1, size=32, cache=test
[   24.287570] 
[   24.287693] allocated by task 306 on cpu 0 at 24.285970s (0.001715s ago):
[   24.287852]  test_alloc+0x230/0x628
[   24.287956]  test_use_after_free_read+0xd0/0x248
[   24.288055]  kunit_try_run_case+0x170/0x3f0
[   24.288154]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.288265]  kthread+0x328/0x630
[   24.288352]  ret_from_fork+0x10/0x20
[   24.288435] 
[   24.288751] freed by task 306 on cpu 0 at 24.286316s (0.002425s ago):
[   24.289247]  test_use_after_free_read+0xf0/0x248
[   24.289515]  kunit_try_run_case+0x170/0x3f0
[   24.289604]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.289734]  kthread+0x328/0x630
[   24.289831]  ret_from_fork+0x10/0x20
[   24.290131] 
[   24.290261] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   24.290479] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.290561] Hardware name: linux,dummy-virt (DT)
[   24.290657] ==================================================================
[   24.183967] ==================================================================
[   24.184365] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   24.184365] 
[   24.184574] Use-after-free read at 0x0000000003ad17ab (in kfence-#124):
[   24.184691]  test_use_after_free_read+0x114/0x248
[   24.185379]  kunit_try_run_case+0x170/0x3f0
[   24.185917]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.186124]  kthread+0x328/0x630
[   24.186287]  ret_from_fork+0x10/0x20
[   24.186407] 
[   24.186474] kfence-#124: 0x0000000003ad17ab-0x00000000e7a88a39, size=32, cache=kmalloc-32
[   24.186474] 
[   24.186963] allocated by task 304 on cpu 0 at 24.182958s (0.003992s ago):
[   24.187212]  test_alloc+0x29c/0x628
[   24.187365]  test_use_after_free_read+0xd0/0x248
[   24.187666]  kunit_try_run_case+0x170/0x3f0
[   24.187941]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.188242]  kthread+0x328/0x630
[   24.188501]  ret_from_fork+0x10/0x20
[   24.188628] 
[   24.189524] freed by task 304 on cpu 0 at 24.183096s (0.005649s ago):
[   24.189876]  test_use_after_free_read+0x1c0/0x248
[   24.190218]  kunit_try_run_case+0x170/0x3f0
[   24.190347]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.190472]  kthread+0x328/0x630
[   24.190753]  ret_from_fork+0x10/0x20
[   24.191093] 
[   24.191203] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   24.191396] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.191466] Hardware name: linux,dummy-virt (DT)
[   24.191550] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya0zPCLTsXcgMlhuwl4B74eGRP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya0zPCLTsXcgMlhuwl4B74eGRP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/Image.gz
sha256sum	a07f652b6ef2a3b23147f3c325e2115d921a305a0923eab0aef242be63afbe4f

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/modules.tar.xz
sha256sum	793787324999d0aa7d217eac21d3f904d0017c4f6b9bafdc8cd21afd90a18cf2

durations

tests

boot	0
kunit	252.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.524949] ==================================================================
[   17.525350] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.525350] 
[   17.525807] Use-after-free read at 0x(____ptrval____) (in kfence-#78):
[   17.526133]  test_use_after_free_read+0x129/0x270
[   17.526290]  kunit_try_run_case+0x1a5/0x480
[   17.526431]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.526675]  kthread+0x337/0x6f0
[   17.526890]  ret_from_fork+0x116/0x1d0
[   17.527087]  ret_from_fork_asm+0x1a/0x30
[   17.527323] 
[   17.527433] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.527433] 
[   17.527971] allocated by task 323 on cpu 0 at 17.524774s (0.003194s ago):
[   17.528206]  test_alloc+0x2a6/0x10f0
[   17.528327]  test_use_after_free_read+0xdc/0x270
[   17.528536]  kunit_try_run_case+0x1a5/0x480
[   17.528764]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.529073]  kthread+0x337/0x6f0
[   17.529296]  ret_from_fork+0x116/0x1d0
[   17.529497]  ret_from_fork_asm+0x1a/0x30
[   17.529699] 
[   17.529766] freed by task 323 on cpu 0 at 17.524831s (0.004933s ago):
[   17.529987]  test_use_after_free_read+0xfb/0x270
[   17.530173]  kunit_try_run_case+0x1a5/0x480
[   17.530379]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.530646]  kthread+0x337/0x6f0
[   17.530828]  ret_from_fork+0x116/0x1d0
[   17.531035]  ret_from_fork_asm+0x1a/0x30
[   17.531244] 
[   17.531338] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   17.531965] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.532149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.532624] ==================================================================
[   17.420846] ==================================================================
[   17.421290] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.421290] 
[   17.421991] Use-after-free read at 0x(____ptrval____) (in kfence-#77):
[   17.422313]  test_use_after_free_read+0x129/0x270
[   17.422574]  kunit_try_run_case+0x1a5/0x480
[   17.422781]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.422957]  kthread+0x337/0x6f0
[   17.423072]  ret_from_fork+0x116/0x1d0
[   17.423279]  ret_from_fork_asm+0x1a/0x30
[   17.423593] 
[   17.423691] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.423691] 
[   17.424138] allocated by task 321 on cpu 1 at 17.420634s (0.003501s ago):
[   17.424522]  test_alloc+0x364/0x10f0
[   17.424710]  test_use_after_free_read+0xdc/0x270
[   17.424938]  kunit_try_run_case+0x1a5/0x480
[   17.425164]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.425363]  kthread+0x337/0x6f0
[   17.425545]  ret_from_fork+0x116/0x1d0
[   17.425775]  ret_from_fork_asm+0x1a/0x30
[   17.426020] 
[   17.426241] freed by task 321 on cpu 1 at 17.420696s (0.005463s ago):
[   17.426682]  test_use_after_free_read+0x1e7/0x270
[   17.426969]  kunit_try_run_case+0x1a5/0x480
[   17.427199]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.427452]  kthread+0x337/0x6f0
[   17.427648]  ret_from_fork+0x116/0x1d0
[   17.427846]  ret_from_fork_asm+0x1a/0x30
[   17.428073] 
[   17.428197] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   17.428739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.428872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.429311] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya10TrtOeZqMJoigZUQQpnbsgW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya10TrtOeZqMJoigZUQQpnbsgW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/bzImage
sha256sum	4d3d55ec68ee13601f4cba6535beaaa179877198316f6d49c7d2754d39d25d99

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/modules.tar.xz
sha256sum	6a0e4a1142b545d837c764528373cb157bd626a8fd062931e1825203c7bce58f

durations

tests

boot	0
kunit	134.01

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit