lkft/linux-next-master - next-20250619 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 19, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   36.316587] ==================================================================
[   36.316758] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.316758] 
[   36.316869] Use-after-free read at 0x0000000084d5b522 (in kfence-#123):
[   36.317003]  test_use_after_free_read+0x114/0x248
[   36.317138]  kunit_try_run_case+0x170/0x3f0
[   36.317275]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.317445]  kthread+0x328/0x630
[   36.317730]  ret_from_fork+0x10/0x20
[   36.317847] 
[   36.318034] kfence-#123: 0x0000000084d5b522-0x0000000052d2ee76, size=32, cache=test
[   36.318034] 
[   36.318218] allocated by task 308 on cpu 0 at 36.316022s (0.002187s ago):
[   36.318358]  test_alloc+0x230/0x628
[   36.318446]  test_use_after_free_read+0xd0/0x248
[   36.318519]  kunit_try_run_case+0x170/0x3f0
[   36.318592]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.318695]  kthread+0x328/0x630
[   36.319805]  ret_from_fork+0x10/0x20
[   36.320372] 
[   36.320471] freed by task 308 on cpu 0 at 36.316140s (0.004309s ago):
[   36.321127]  test_use_after_free_read+0xf0/0x248
[   36.321443]  kunit_try_run_case+0x170/0x3f0
[   36.321644]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.321802]  kthread+0x328/0x630
[   36.322088]  ret_from_fork+0x10/0x20
[   36.322236] 
[   36.322345] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   36.322970] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.323089] Hardware name: linux,dummy-virt (DT)
[   36.323176] ==================================================================
[   36.209865] ==================================================================
[   36.210089] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.210089] 
[   36.210290] Use-after-free read at 0x00000000b080261e (in kfence-#122):
[   36.210412]  test_use_after_free_read+0x114/0x248
[   36.210527]  kunit_try_run_case+0x170/0x3f0
[   36.210631]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.210737]  kthread+0x328/0x630
[   36.210832]  ret_from_fork+0x10/0x20
[   36.210936] 
[   36.211013] kfence-#122: 0x00000000b080261e-0x0000000098823f00, size=32, cache=kmalloc-32
[   36.211013] 
[   36.211149] allocated by task 306 on cpu 0 at 36.208427s (0.002713s ago):
[   36.211313]  test_alloc+0x29c/0x628
[   36.211396]  test_use_after_free_read+0xd0/0x248
[   36.211482]  kunit_try_run_case+0x170/0x3f0
[   36.211570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.212001]  kthread+0x328/0x630
[   36.212134]  ret_from_fork+0x10/0x20
[   36.212448] 
[   36.213219] freed by task 306 on cpu 0 at 36.208724s (0.003999s ago):
[   36.213680]  test_use_after_free_read+0x1c0/0x248
[   36.214144]  kunit_try_run_case+0x170/0x3f0
[   36.214544]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.214773]  kthread+0x328/0x630
[   36.215145]  ret_from_fork+0x10/0x20
[   36.215349] 
[   36.215531] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   36.215809] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.215972] Hardware name: linux,dummy-virt (DT)
[   36.216059] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4slvCaWR7XA8VuGcBZKW5SLX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4slvCaWR7XA8VuGcBZKW5SLX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/Image.gz
sha256sum	cb4663d0b05232347d68f7b3df67b018135c7f12ebc05b698352eab6f347f59e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/modules.tar.xz
sha256sum	9e286508840b9f94a2e5b2ba487385dccd8eb18c626ab265ff4eb5e7c0991772

durations

tests

boot	0
kunit	312.66

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   32.724881] ==================================================================
[   32.725468] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   32.725468] 
[   32.725987] Use-after-free read at 0x(____ptrval____) (in kfence-#113):
[   32.726552]  test_use_after_free_read+0x129/0x270
[   32.726836]  kunit_try_run_case+0x1a5/0x480
[   32.727358]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.727665]  kthread+0x337/0x6f0
[   32.727900]  ret_from_fork+0x116/0x1d0
[   32.728257]  ret_from_fork_asm+0x1a/0x30
[   32.728670] 
[   32.728890] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   32.728890] 
[   32.729449] allocated by task 326 on cpu 0 at 32.724652s (0.004791s ago):
[   32.730136]  test_alloc+0x2a6/0x10f0
[   32.730449]  test_use_after_free_read+0xdc/0x270
[   32.730872]  kunit_try_run_case+0x1a5/0x480
[   32.731257]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.731699]  kthread+0x337/0x6f0
[   32.732089]  ret_from_fork+0x116/0x1d0
[   32.732459]  ret_from_fork_asm+0x1a/0x30
[   32.732659] 
[   32.732768] freed by task 326 on cpu 0 at 32.724726s (0.008037s ago):
[   32.733390]  test_use_after_free_read+0xfb/0x270
[   32.733820]  kunit_try_run_case+0x1a5/0x480
[   32.734286]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.734693]  kthread+0x337/0x6f0
[   32.734904]  ret_from_fork+0x116/0x1d0
[   32.735350]  ret_from_fork_asm+0x1a/0x30
[   32.735730] 
[   32.735980] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   32.736565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.736955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   32.737596] ==================================================================
[   32.621055] ==================================================================
[   32.621635] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   32.621635] 
[   32.622399] Use-after-free read at 0x(____ptrval____) (in kfence-#112):
[   32.622738]  test_use_after_free_read+0x129/0x270
[   32.623167]  kunit_try_run_case+0x1a5/0x480
[   32.623410]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.623872]  kthread+0x337/0x6f0
[   32.624140]  ret_from_fork+0x116/0x1d0
[   32.624339]  ret_from_fork_asm+0x1a/0x30
[   32.624542] 
[   32.624722] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   32.624722] 
[   32.625691] allocated by task 324 on cpu 1 at 32.620669s (0.005016s ago):
[   32.626389]  test_alloc+0x364/0x10f0
[   32.626795]  test_use_after_free_read+0xdc/0x270
[   32.627081]  kunit_try_run_case+0x1a5/0x480
[   32.627530]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.627958]  kthread+0x337/0x6f0
[   32.628332]  ret_from_fork+0x116/0x1d0
[   32.628681]  ret_from_fork_asm+0x1a/0x30
[   32.629026] 
[   32.629184] freed by task 324 on cpu 1 at 32.620797s (0.008382s ago):
[   32.629702]  test_use_after_free_read+0x1e7/0x270
[   32.630250]  kunit_try_run_case+0x1a5/0x480
[   32.630647]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.631097]  kthread+0x337/0x6f0
[   32.631458]  ret_from_fork+0x116/0x1d0
[   32.631778]  ret_from_fork_asm+0x1a/0x30
[   32.632262] 
[   32.632466] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   32.633320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.633728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   32.634467] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4tpeX02P5Qv7yMYQfk5TPyOp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4tpeX02P5Qv7yMYQfk5TPyOp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/bzImage
sha256sum	4e5e94ad4354f161d77bcbc08c44e2168e9a60b8ed77b02dccbd1516012d08e7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/modules.tar.xz
sha256sum	df747848e67907f2c678e62de10d5f90ecb5dd3d11ceec5de3846ce6e4a57e52

durations

tests

boot	0
kunit	248.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit