lkft/linux-next-master - next-20250617 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 17, 2025, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   21.615365] ==================================================================
[   21.615443] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.615443] 
[   21.615552] Use-after-free read at 0x000000007aaff54e (in kfence-#90):
[   21.615604]  test_use_after_free_read+0x114/0x248
[   21.615671]  kunit_try_run_case+0x170/0x3f0
[   21.615733]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.615779]  kthread+0x328/0x630
[   21.615819]  ret_from_fork+0x10/0x20
[   21.615885] 
[   21.615911] kfence-#90: 0x000000007aaff54e-0x000000007f946e6b, size=32, cache=test
[   21.615911] 
[   21.616237] allocated by task 306 on cpu 1 at 21.615050s (0.001110s ago):
[   21.616482]  test_alloc+0x230/0x628
[   21.616532]  test_use_after_free_read+0xd0/0x248
[   21.616717]  kunit_try_run_case+0x170/0x3f0
[   21.616778]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.616824]  kthread+0x328/0x630
[   21.616861]  ret_from_fork+0x10/0x20
[   21.616920] 
[   21.617018] freed by task 306 on cpu 1 at 21.615130s (0.001841s ago):
[   21.617142]  test_use_after_free_read+0xf0/0x248
[   21.617206]  kunit_try_run_case+0x170/0x3f0
[   21.617248]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.617309]  kthread+0x328/0x630
[   21.617366]  ret_from_fork+0x10/0x20
[   21.617411] 
[   21.617495] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   21.617587] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.617617] Hardware name: linux,dummy-virt (DT)
[   21.617651] ==================================================================
[   21.507982] ==================================================================
[   21.508134] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.508134] 
[   21.508241] Use-after-free read at 0x0000000077b01c1b (in kfence-#89):
[   21.508291]  test_use_after_free_read+0x114/0x248
[   21.508358]  kunit_try_run_case+0x170/0x3f0
[   21.508405]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.508473]  kthread+0x328/0x630
[   21.508530]  ret_from_fork+0x10/0x20
[   21.508588] 
[   21.508613] kfence-#89: 0x0000000077b01c1b-0x0000000084b7c886, size=32, cache=kmalloc-32
[   21.508613] 
[   21.508683] allocated by task 304 on cpu 1 at 21.507322s (0.001340s ago):
[   21.508776]  test_alloc+0x29c/0x628
[   21.508826]  test_use_after_free_read+0xd0/0x248
[   21.508870]  kunit_try_run_case+0x170/0x3f0
[   21.508943]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.508988]  kthread+0x328/0x630
[   21.509025]  ret_from_fork+0x10/0x20
[   21.509072] 
[   21.509214] freed by task 304 on cpu 1 at 21.507400s (0.001728s ago):
[   21.509326]  test_use_after_free_read+0x1c0/0x248
[   21.509557]  kunit_try_run_case+0x170/0x3f0
[   21.509615]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.509661]  kthread+0x328/0x630
[   21.509744]  ret_from_fork+0x10/0x20
[   21.509806] 
[   21.509855] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   21.510133] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.510312] Hardware name: linux,dummy-virt (DT)
[   21.510379] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmGBohWgwDt0q1MSJxRxJ46Gq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmGBohWgwDt0q1MSJxRxJ46Gq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/Image.gz
sha256sum	0e75f247fcfca828bae2c74673e3187b2cb142639542a20241767255dd2a989b

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/modules.tar.xz
sha256sum	18ad61734b8ac92476de265f77917a21b448a5c78baec17abc62599dfb00aad0

durations

tests

boot	0
kunit	171.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.796106] ==================================================================
[   26.796738] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   26.796738] 
[   26.797507] Use-after-free read at 0x(____ptrval____) (in kfence-#111):
[   26.798130]  test_use_after_free_read+0x129/0x270
[   26.798454]  kunit_try_run_case+0x1a5/0x480
[   26.798922]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.799441]  kthread+0x337/0x6f0
[   26.799928]  ret_from_fork+0x116/0x1d0
[   26.800367]  ret_from_fork_asm+0x1a/0x30
[   26.800669] 
[   26.800872] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   26.800872] 
[   26.801992] allocated by task 322 on cpu 1 at 26.795754s (0.006232s ago):
[   26.802581]  test_alloc+0x364/0x10f0
[   26.802955]  test_use_after_free_read+0xdc/0x270
[   26.803501]  kunit_try_run_case+0x1a5/0x480
[   26.804018]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.804506]  kthread+0x337/0x6f0
[   26.804764]  ret_from_fork+0x116/0x1d0
[   26.805186]  ret_from_fork_asm+0x1a/0x30
[   26.805605] 
[   26.805861] freed by task 322 on cpu 1 at 26.795882s (0.009973s ago):
[   26.806553]  test_use_after_free_read+0x1e7/0x270
[   26.807073]  kunit_try_run_case+0x1a5/0x480
[   26.807583]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.808026]  kthread+0x337/0x6f0
[   26.808296]  ret_from_fork+0x116/0x1d0
[   26.808581]  ret_from_fork_asm+0x1a/0x30
[   26.809010] 
[   26.809279] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   26.810347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.810624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.811773] ==================================================================
[   26.899955] ==================================================================
[   26.900525] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   26.900525] 
[   26.901311] Use-after-free read at 0x(____ptrval____) (in kfence-#112):
[   26.901899]  test_use_after_free_read+0x129/0x270
[   26.902251]  kunit_try_run_case+0x1a5/0x480
[   26.902708]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.903261]  kthread+0x337/0x6f0
[   26.903608]  ret_from_fork+0x116/0x1d0
[   26.904000]  ret_from_fork_asm+0x1a/0x30
[   26.904637] 
[   26.904894] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   26.904894] 
[   26.905532] allocated by task 324 on cpu 1 at 26.899735s (0.005792s ago):
[   26.906205]  test_alloc+0x2a6/0x10f0
[   26.906625]  test_use_after_free_read+0xdc/0x270
[   26.907075]  kunit_try_run_case+0x1a5/0x480
[   26.907529]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.908039]  kthread+0x337/0x6f0
[   26.908418]  ret_from_fork+0x116/0x1d0
[   26.908844]  ret_from_fork_asm+0x1a/0x30
[   26.909199] 
[   26.909478] freed by task 324 on cpu 1 at 26.899820s (0.009652s ago):
[   26.910039]  test_use_after_free_read+0xfb/0x270
[   26.910670]  kunit_try_run_case+0x1a5/0x480
[   26.911107]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.911613]  kthread+0x337/0x6f0
[   26.911984]  ret_from_fork+0x116/0x1d0
[   26.912386]  ret_from_fork_asm+0x1a/0x30
[   26.913064] 
[   26.913325] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   26.914493] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.914770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.915757] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmHIv4OjqzuY4se718cLGQLXs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmHIv4OjqzuY4se718cLGQLXs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/bzImage
sha256sum	e8ff53ed1294ecb6e3942f69c9702cf67245fcd535135359b70f78a45efa657a

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/modules.tar.xz
sha256sum	4b7f7ee9385141e7d851b6b43f3ef6c0857845282181ddc6cfac1e13c3ff02a7

durations

tests

boot	0
kunit	223.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit