lkft/linux-next-master - next-20250623 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 23, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   38.875906] ==================================================================
[   38.876060] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   38.876060] 
[   38.876226] Use-after-free read at 0x00000000abd44aef (in kfence-#123):
[   38.876339]  test_use_after_free_read+0x114/0x248
[   38.876456]  kunit_try_run_case+0x170/0x3f0
[   38.876561]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.876667]  kthread+0x328/0x630
[   38.876758]  ret_from_fork+0x10/0x20
[   38.876849] 
[   38.876904] kfence-#123: 0x00000000abd44aef-0x0000000056336da7, size=32, cache=test
[   38.876904] 
[   38.877052] allocated by task 309 on cpu 0 at 38.875449s (0.001561s ago):
[   38.877239]  test_alloc+0x230/0x628
[   38.877363]  test_use_after_free_read+0xd0/0x248
[   38.877486]  kunit_try_run_case+0x170/0x3f0
[   38.877644]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.877775]  kthread+0x328/0x630
[   38.877883]  ret_from_fork+0x10/0x20
[   38.878002] 
[   38.878125] freed by task 309 on cpu 0 at 38.875540s (0.002553s ago):
[   38.878530]  test_use_after_free_read+0xf0/0x248
[   38.878808]  kunit_try_run_case+0x170/0x3f0
[   38.878920]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.879099]  kthread+0x328/0x630
[   38.879221]  ret_from_fork+0x10/0x20
[   38.879341] 
[   38.879442] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   38.879771] Tainted: [B]=BAD_PAGE, [N]=TEST
[   38.879854] Hardware name: linux,dummy-virt (DT)
[   38.879957] ==================================================================
[   38.773528] ==================================================================
[   38.773677] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   38.773677] 
[   38.773888] Use-after-free read at 0x000000009ddcc803 (in kfence-#122):
[   38.774534]  test_use_after_free_read+0x114/0x248
[   38.774837]  kunit_try_run_case+0x170/0x3f0
[   38.774989]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.775313]  kthread+0x328/0x630
[   38.775599]  ret_from_fork+0x10/0x20
[   38.775883] 
[   38.776009] kfence-#122: 0x000000009ddcc803-0x00000000bb47c840, size=32, cache=kmalloc-32
[   38.776009] 
[   38.776157] allocated by task 307 on cpu 0 at 38.772468s (0.003679s ago):
[   38.776923]  test_alloc+0x29c/0x628
[   38.777054]  test_use_after_free_read+0xd0/0x248
[   38.777463]  kunit_try_run_case+0x170/0x3f0
[   38.777669]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.777777]  kthread+0x328/0x630
[   38.778629]  ret_from_fork+0x10/0x20
[   38.779204] 
[   38.779518] freed by task 307 on cpu 0 at 38.772561s (0.006947s ago):
[   38.779681]  test_use_after_free_read+0x1c0/0x248
[   38.780452]  kunit_try_run_case+0x170/0x3f0
[   38.781307]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.782073]  kthread+0x328/0x630
[   38.782692]  ret_from_fork+0x10/0x20
[   38.783587] 
[   38.783835] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   38.785581] Tainted: [B]=BAD_PAGE, [N]=TEST
[   38.785698] Hardware name: linux,dummy-virt (DT)
[   38.786463] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmtaMTLcPEn4w4FcozR6WSC8v

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmtaMTLcPEn4w4FcozR6WSC8v

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/Image.gz
sha256sum	8babb9b25d008158739b204767b25f2683bd6714a94fb69277dbb95712e03026

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/modules.tar.xz
sha256sum	6a716a814d9729621b3aef13f694d9d6b53e23d3c12c6a026a54d81f80d3f12c

durations

tests

boot	0
kunit	290.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   28.028654] ==================================================================
[   28.029075] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   28.029075] 
[   28.029559] Use-after-free read at 0x(____ptrval____) (in kfence-#90):
[   28.030041]  test_use_after_free_read+0x129/0x270
[   28.030406]  kunit_try_run_case+0x1a5/0x480
[   28.030577]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.030800]  kthread+0x337/0x6f0
[   28.031042]  ret_from_fork+0x116/0x1d0
[   28.031188]  ret_from_fork_asm+0x1a/0x30
[   28.031480] 
[   28.031598] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   28.031598] 
[   28.032061] allocated by task 324 on cpu 0 at 28.028373s (0.003683s ago):
[   28.032313]  test_alloc+0x364/0x10f0
[   28.032597]  test_use_after_free_read+0xdc/0x270
[   28.032866]  kunit_try_run_case+0x1a5/0x480
[   28.033132]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.033447]  kthread+0x337/0x6f0
[   28.033590]  ret_from_fork+0x116/0x1d0
[   28.033727]  ret_from_fork_asm+0x1a/0x30
[   28.034131] 
[   28.034533] freed by task 324 on cpu 0 at 28.028470s (0.005887s ago):
[   28.035097]  test_use_after_free_read+0x1e7/0x270
[   28.035308]  kunit_try_run_case+0x1a5/0x480
[   28.035561]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.035741]  kthread+0x337/0x6f0
[   28.035877]  ret_from_fork+0x116/0x1d0
[   28.036113]  ret_from_fork_asm+0x1a/0x30
[   28.036452] 
[   28.036627] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   28.037250] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.037474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.037865] ==================================================================
[   28.132548] ==================================================================
[   28.132776] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   28.132776] 
[   28.132983] Use-after-free read at 0x(____ptrval____) (in kfence-#91):
[   28.133167]  test_use_after_free_read+0x129/0x270
[   28.133765]  kunit_try_run_case+0x1a5/0x480
[   28.134400]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.134646]  kthread+0x337/0x6f0
[   28.135149]  ret_from_fork+0x116/0x1d0
[   28.135290]  ret_from_fork_asm+0x1a/0x30
[   28.135594] 
[   28.135982] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   28.135982] 
[   28.136238] allocated by task 326 on cpu 0 at 28.132406s (0.003828s ago):
[   28.136855]  test_alloc+0x2a6/0x10f0
[   28.137101]  test_use_after_free_read+0xdc/0x270
[   28.137366]  kunit_try_run_case+0x1a5/0x480
[   28.137693]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.137868]  kthread+0x337/0x6f0
[   28.138103]  ret_from_fork+0x116/0x1d0
[   28.138417]  ret_from_fork_asm+0x1a/0x30
[   28.138635] 
[   28.138798] freed by task 326 on cpu 0 at 28.132464s (0.006329s ago):
[   28.139102]  test_use_after_free_read+0xfb/0x270
[   28.139404]  kunit_try_run_case+0x1a5/0x480
[   28.139955]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.140227]  kthread+0x337/0x6f0
[   28.140414]  ret_from_fork+0x116/0x1d0
[   28.140589]  ret_from_fork_asm+0x1a/0x30
[   28.140766] 
[   28.141324] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   28.141779] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.142256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.142599] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmubRIV1JPUllhZ47JmxJvXDc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmubRIV1JPUllhZ47JmxJvXDc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/bzImage
sha256sum	b03452fcb75b3b14cf8383cc19f407b3f7a1f0ee70432185dec0e489b10cb3a4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/modules.tar.xz
sha256sum	e4532e2fb00e2e4b26601276ccbbe81c48edd0570f10fd066f50509a42a73673

durations

tests

boot	0
kunit	172.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit