lkft/linux-next-master - next-20250618 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 18, 2025, 6:43 a.m.

Environment
qemu-arm64
qemu-x86_64

[   26.445336] ==================================================================
[   26.445631] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   26.445631] 
[   26.445906] Use-after-free read at 0x00000000c0889b1e (in kfence-#118):
[   26.446111]  test_use_after_free_read+0x114/0x248
[   26.446231]  kunit_try_run_case+0x170/0x3f0
[   26.446511]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.447059]  kthread+0x328/0x630
[   26.447186]  ret_from_fork+0x10/0x20
[   26.447277] 
[   26.447337] kfence-#118: 0x00000000c0889b1e-0x00000000c38675c2, size=32, cache=kmalloc-32
[   26.447337] 
[   26.447523] allocated by task 305 on cpu 0 at 26.444078s (0.003422s ago):
[   26.447778]  test_alloc+0x29c/0x628
[   26.448087]  test_use_after_free_read+0xd0/0x248
[   26.448655]  kunit_try_run_case+0x170/0x3f0
[   26.449122]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.449350]  kthread+0x328/0x630
[   26.449552]  ret_from_fork+0x10/0x20
[   26.449972] 
[   26.450472] freed by task 305 on cpu 0 at 26.444202s (0.005953s ago):
[   26.450778]  test_use_after_free_read+0x1c0/0x248
[   26.450929]  kunit_try_run_case+0x170/0x3f0
[   26.451056]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.451142]  kthread+0x328/0x630
[   26.451258]  ret_from_fork+0x10/0x20
[   26.451414] 
[   26.451569] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   26.451778] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.451861] Hardware name: linux,dummy-virt (DT)
[   26.451978] ==================================================================
[   26.547141] ==================================================================
[   26.547294] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   26.547294] 
[   26.547401] Use-after-free read at 0x00000000460ab3d8 (in kfence-#119):
[   26.547460]  test_use_after_free_read+0x114/0x248
[   26.547511]  kunit_try_run_case+0x170/0x3f0
[   26.547555]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.547599]  kthread+0x328/0x630
[   26.547635]  ret_from_fork+0x10/0x20
[   26.547674] 
[   26.547701] kfence-#119: 0x00000000460ab3d8-0x000000005d08bfd4, size=32, cache=test
[   26.547701] 
[   26.547756] allocated by task 307 on cpu 0 at 26.546819s (0.000933s ago):
[   26.547830]  test_alloc+0x230/0x628
[   26.547872]  test_use_after_free_read+0xd0/0x248
[   26.547915]  kunit_try_run_case+0x170/0x3f0
[   26.547954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.547998]  kthread+0x328/0x630
[   26.548060]  ret_from_fork+0x10/0x20
[   26.548101] 
[   26.548127] freed by task 307 on cpu 0 at 26.546926s (0.001197s ago):
[   26.548241]  test_use_after_free_read+0xf0/0x248
[   26.548289]  kunit_try_run_case+0x170/0x3f0
[   26.548330]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.548376]  kthread+0x328/0x630
[   26.548416]  ret_from_fork+0x10/0x20
[   26.548459] 
[   26.548510] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   26.548620] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.548659] Hardware name: linux,dummy-virt (DT)
[   26.548694] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcKukFQMOtwGu89FbiLnnYMcv

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcKukFQMOtwGu89FbiLnnYMcv

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/Image.gz
sha256sum	79b35f965911e8ff982969cf0605b0bd2094f0c42bb36563e2c84399e66104a2

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/modules.tar.xz
sha256sum	103eda217975c92326d72877fbd7b01adb7c5cccd1ce9b6932689a978eb4696f

durations

tests

boot	0
kunit	333.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.129906] ==================================================================
[   16.130374] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.130374] 
[   16.130855] Use-after-free read at 0x(____ptrval____) (in kfence-#70):
[   16.131088]  test_use_after_free_read+0x129/0x270
[   16.131326]  kunit_try_run_case+0x1a5/0x480
[   16.131582]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.131797]  kthread+0x337/0x6f0
[   16.131940]  ret_from_fork+0x116/0x1d0
[   16.132115]  ret_from_fork_asm+0x1a/0x30
[   16.132389] 
[   16.132484] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.132484] 
[   16.132792] allocated by task 323 on cpu 1 at 16.129744s (0.003046s ago):
[   16.133106]  test_alloc+0x2a6/0x10f0
[   16.133294]  test_use_after_free_read+0xdc/0x270
[   16.133510]  kunit_try_run_case+0x1a5/0x480
[   16.133744]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.133979]  kthread+0x337/0x6f0
[   16.134362]  ret_from_fork+0x116/0x1d0
[   16.134511]  ret_from_fork_asm+0x1a/0x30
[   16.134641] 
[   16.134721] freed by task 323 on cpu 1 at 16.129795s (0.004924s ago):
[   16.134985]  test_use_after_free_read+0xfb/0x270
[   16.135595]  kunit_try_run_case+0x1a5/0x480
[   16.135870]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.136408]  kthread+0x337/0x6f0
[   16.136637]  ret_from_fork+0x116/0x1d0
[   16.136926]  ret_from_fork_asm+0x1a/0x30
[   16.137228] 
[   16.137349] CPU: 1 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   16.137790] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.137968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.138525] ==================================================================
[   16.025979] ==================================================================
[   16.026447] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.026447] 
[   16.026926] Use-after-free read at 0x(____ptrval____) (in kfence-#69):
[   16.027190]  test_use_after_free_read+0x129/0x270
[   16.027420]  kunit_try_run_case+0x1a5/0x480
[   16.027625]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.027940]  kthread+0x337/0x6f0
[   16.028225]  ret_from_fork+0x116/0x1d0
[   16.028372]  ret_from_fork_asm+0x1a/0x30
[   16.028566] 
[   16.028661] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.028661] 
[   16.029061] allocated by task 321 on cpu 0 at 16.025769s (0.003290s ago):
[   16.029549]  test_alloc+0x364/0x10f0
[   16.029730]  test_use_after_free_read+0xdc/0x270
[   16.029960]  kunit_try_run_case+0x1a5/0x480
[   16.030176]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.030382]  kthread+0x337/0x6f0
[   16.030495]  ret_from_fork+0x116/0x1d0
[   16.030618]  ret_from_fork_asm+0x1a/0x30
[   16.030824] 
[   16.031038] freed by task 321 on cpu 0 at 16.025823s (0.005128s ago):
[   16.031457]  test_use_after_free_read+0x1e7/0x270
[   16.031637]  kunit_try_run_case+0x1a5/0x480
[   16.031773]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.031935]  kthread+0x337/0x6f0
[   16.032046]  ret_from_fork+0x116/0x1d0
[   16.032168]  ret_from_fork_asm+0x1a/0x30
[   16.032406] 
[   16.032526] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   16.033350] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.033479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.033861] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcLjszgvK081YlwHCPjcp2e2j

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcLjszgvK081YlwHCPjcp2e2j

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/bzImage
sha256sum	080c75ae0012d41783d523aad25761b97c23573ef70fd83b5b4ab34093a5f110

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/modules.tar.xz
sha256sum	7b460ce6a60b82c553c794703a10ad3e9db2ff894128eec130bd388dacdd428e

durations

tests

boot	0
kunit	123.89

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit