lkft/linux-next-master - next-20250702 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   35.097237] ==================================================================
[   35.097315] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   35.097315] 
[   35.097670] Use-after-free read at 0x000000007b04c569 (in kfence-#124):
[   35.097761]  test_use_after_free_read+0x114/0x248
[   35.097905]  kunit_try_run_case+0x170/0x3f0
[   35.097980]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.098088]  kthread+0x328/0x630
[   35.098134]  ret_from_fork+0x10/0x20
[   35.098173] 
[   35.098199] kfence-#124: 0x000000007b04c569-0x0000000052c533a9, size=32, cache=test
[   35.098199] 
[   35.098501] allocated by task 330 on cpu 1 at 35.096647s (0.001603s ago):
[   35.098593]  test_alloc+0x230/0x628
[   35.098637]  test_use_after_free_read+0xd0/0x248
[   35.098791]  kunit_try_run_case+0x170/0x3f0
[   35.098836]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.098896]  kthread+0x328/0x630
[   35.099022]  ret_from_fork+0x10/0x20
[   35.099065] 
[   35.099104] freed by task 330 on cpu 1 at 35.096975s (0.002119s ago):
[   35.099508]  test_use_after_free_read+0xf0/0x248
[   35.099650]  kunit_try_run_case+0x170/0x3f0
[   35.099740]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.099883]  kthread+0x328/0x630
[   35.099982]  ret_from_fork+0x10/0x20
[   35.100035] 
[   35.100359] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   35.100534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.100613] Hardware name: linux,dummy-virt (DT)
[   35.100996] ==================================================================
[   34.997921] ==================================================================
[   34.998110] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.998110] 
[   34.998244] Use-after-free read at 0x00000000680750e7 (in kfence-#123):
[   34.998654]  test_use_after_free_read+0x114/0x248
[   34.998728]  kunit_try_run_case+0x170/0x3f0
[   34.998782]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.998828]  kthread+0x328/0x630
[   34.998946]  ret_from_fork+0x10/0x20
[   34.999013] 
[   34.999039] kfence-#123: 0x00000000680750e7-0x000000004925b434, size=32, cache=kmalloc-32
[   34.999039] 
[   34.999501] allocated by task 328 on cpu 1 at 34.997274s (0.002218s ago):
[   34.999634]  test_alloc+0x29c/0x628
[   34.999817]  test_use_after_free_read+0xd0/0x248
[   34.999896]  kunit_try_run_case+0x170/0x3f0
[   35.000045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.000096]  kthread+0x328/0x630
[   35.000143]  ret_from_fork+0x10/0x20
[   35.000456] 
[   35.001657] freed by task 328 on cpu 1 at 34.997352s (0.003423s ago):
[   35.002333]  test_use_after_free_read+0x1c0/0x248
[   35.002390]  kunit_try_run_case+0x170/0x3f0
[   35.002435]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.002482]  kthread+0x328/0x630
[   35.002596]  ret_from_fork+0x10/0x20
[   35.002704] 
[   35.002821] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   35.002939] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.002972] Hardware name: linux,dummy-virt (DT)
[   35.003010] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   37.404015] ==================================================================
[   37.404114] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   37.404114] 
[   37.404232] Use-after-free read at 0x000000009f83198a (in kfence-#131):
[   37.404287]  test_use_after_free_read+0x114/0x248
[   37.404336]  kunit_try_run_case+0x170/0x3f0
[   37.404382]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.404429]  kthread+0x328/0x630
[   37.404470]  ret_from_fork+0x10/0x20
[   37.404509] 
[   37.404535] kfence-#131: 0x000000009f83198a-0x000000008126d92f, size=32, cache=test
[   37.404535] 
[   37.404589] allocated by task 328 on cpu 1 at 37.403834s (0.000750s ago):
[   37.404665]  test_alloc+0x230/0x628
[   37.404707]  test_use_after_free_read+0xd0/0x248
[   37.404751]  kunit_try_run_case+0x170/0x3f0
[   37.404792]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.404836]  kthread+0x328/0x630
[   37.404873]  ret_from_fork+0x10/0x20
[   37.404911] 
[   37.404937] freed by task 328 on cpu 1 at 37.403896s (0.001037s ago):
[   37.405037]  test_use_after_free_read+0xf0/0x248
[   37.405083]  kunit_try_run_case+0x170/0x3f0
[   37.405124]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.405179]  kthread+0x328/0x630
[   37.405215]  ret_from_fork+0x10/0x20
[   37.405256] 
[   37.405302] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   37.405386] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.405415] Hardware name: linux,dummy-virt (DT)
[   37.405451] ==================================================================
[   37.300987] ==================================================================
[   37.301096] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   37.301096] 
[   37.301217] Use-after-free read at 0x000000007e6e4c98 (in kfence-#130):
[   37.301274]  test_use_after_free_read+0x114/0x248
[   37.301325]  kunit_try_run_case+0x170/0x3f0
[   37.301370]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.301415]  kthread+0x328/0x630
[   37.301456]  ret_from_fork+0x10/0x20
[   37.301505] 
[   37.301531] kfence-#130: 0x000000007e6e4c98-0x00000000439a16c8, size=32, cache=kmalloc-32
[   37.301531] 
[   37.301585] allocated by task 326 on cpu 1 at 37.300725s (0.000856s ago):
[   37.301655]  test_alloc+0x29c/0x628
[   37.301697]  test_use_after_free_read+0xd0/0x248
[   37.301739]  kunit_try_run_case+0x170/0x3f0
[   37.301780]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.301825]  kthread+0x328/0x630
[   37.301860]  ret_from_fork+0x10/0x20
[   37.301906] 
[   37.302034] freed by task 326 on cpu 1 at 37.300794s (0.001159s ago):
[   37.302142]  test_use_after_free_read+0x1c0/0x248
[   37.302202]  kunit_try_run_case+0x170/0x3f0
[   37.302244]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.302289]  kthread+0x328/0x630
[   37.302327]  ret_from_fork+0x10/0x20
[   37.302382] 
[   37.302429] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   37.302516] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.302550] Hardware name: linux,dummy-virt (DT)
[   37.302587] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   28.010223] ==================================================================
[   28.010667] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   28.010667] 
[   28.011130] Use-after-free read at 0x(____ptrval____) (in kfence-#90):
[   28.011403]  test_use_after_free_read+0x129/0x270
[   28.011818]  kunit_try_run_case+0x1a5/0x480
[   28.011991]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.012215]  kthread+0x337/0x6f0
[   28.012393]  ret_from_fork+0x116/0x1d0
[   28.012600]  ret_from_fork_asm+0x1a/0x30
[   28.012737] 
[   28.012849] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   28.012849] 
[   28.013199] allocated by task 343 on cpu 0 at 28.010016s (0.003180s ago):
[   28.013428]  test_alloc+0x364/0x10f0
[   28.013588]  test_use_after_free_read+0xdc/0x270
[   28.013815]  kunit_try_run_case+0x1a5/0x480
[   28.014034]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.014249]  kthread+0x337/0x6f0
[   28.014373]  ret_from_fork+0x116/0x1d0
[   28.014776]  ret_from_fork_asm+0x1a/0x30
[   28.015581] 
[   28.015816] freed by task 343 on cpu 0 at 28.010067s (0.005664s ago):
[   28.016158]  test_use_after_free_read+0x1e7/0x270
[   28.016402]  kunit_try_run_case+0x1a5/0x480
[   28.016549]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.016861]  kthread+0x337/0x6f0
[   28.016979]  ret_from_fork+0x116/0x1d0
[   28.017159]  ret_from_fork_asm+0x1a/0x30
[   28.017356] 
[   28.017477] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   28.017949] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.018152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.018486] ==================================================================
[   28.114173] ==================================================================
[   28.114633] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   28.114633] 
[   28.115020] Use-after-free read at 0x(____ptrval____) (in kfence-#91):
[   28.115273]  test_use_after_free_read+0x129/0x270
[   28.115511]  kunit_try_run_case+0x1a5/0x480
[   28.115661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.115924]  kthread+0x337/0x6f0
[   28.116096]  ret_from_fork+0x116/0x1d0
[   28.116284]  ret_from_fork_asm+0x1a/0x30
[   28.116496] 
[   28.116600] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   28.116600] 
[   28.116953] allocated by task 345 on cpu 1 at 28.114036s (0.002915s ago):
[   28.117181]  test_alloc+0x2a6/0x10f0
[   28.117362]  test_use_after_free_read+0xdc/0x270
[   28.117607]  kunit_try_run_case+0x1a5/0x480
[   28.117840]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.118012]  kthread+0x337/0x6f0
[   28.118129]  ret_from_fork+0x116/0x1d0
[   28.118330]  ret_from_fork_asm+0x1a/0x30
[   28.118515] 
[   28.118610] freed by task 345 on cpu 1 at 28.114095s (0.004512s ago):
[   28.118841]  test_use_after_free_read+0xfb/0x270
[   28.118991]  kunit_try_run_case+0x1a5/0x480
[   28.119207]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.119475]  kthread+0x337/0x6f0
[   28.119715]  ret_from_fork+0x116/0x1d0
[   28.119894]  ret_from_fork_asm+0x1a/0x30
[   28.120073] 
[   28.120185] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   28.120560] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.120733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.121170] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   28.491710] ==================================================================
[   28.492244] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   28.492244] 
[   28.492588] Use-after-free read at 0x(____ptrval____) (in kfence-#94):
[   28.492887]  test_use_after_free_read+0x129/0x270
[   28.493047]  kunit_try_run_case+0x1a5/0x480
[   28.493270]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.493557]  kthread+0x337/0x6f0
[   28.493718]  ret_from_fork+0x116/0x1d0
[   28.493853]  ret_from_fork_asm+0x1a/0x30
[   28.494026] 
[   28.494131] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   28.494131] 
[   28.494969] allocated by task 346 on cpu 0 at 28.491563s (0.003402s ago):
[   28.495236]  test_alloc+0x2a6/0x10f0
[   28.495388]  test_use_after_free_read+0xdc/0x270
[   28.495557]  kunit_try_run_case+0x1a5/0x480
[   28.495766]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.495939]  kthread+0x337/0x6f0
[   28.496079]  ret_from_fork+0x116/0x1d0
[   28.496265]  ret_from_fork_asm+0x1a/0x30
[   28.496548] 
[   28.496639] freed by task 346 on cpu 0 at 28.491621s (0.005015s ago):
[   28.496908]  test_use_after_free_read+0xfb/0x270
[   28.497164]  kunit_try_run_case+0x1a5/0x480
[   28.497358]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.497585]  kthread+0x337/0x6f0
[   28.497740]  ret_from_fork+0x116/0x1d0
[   28.497916]  ret_from_fork_asm+0x1a/0x30
[   28.498181] 
[   28.498303] CPU: 0 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   28.498780] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.498975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.499251] ==================================================================
[   28.387833] ==================================================================
[   28.388349] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   28.388349] 
[   28.389118] Use-after-free read at 0x(____ptrval____) (in kfence-#93):
[   28.389389]  test_use_after_free_read+0x129/0x270
[   28.389617]  kunit_try_run_case+0x1a5/0x480
[   28.389804]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.390476]  kthread+0x337/0x6f0
[   28.390638]  ret_from_fork+0x116/0x1d0
[   28.390827]  ret_from_fork_asm+0x1a/0x30
[   28.391287] 
[   28.391389] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   28.391389] 
[   28.391916] allocated by task 344 on cpu 1 at 28.387561s (0.004352s ago):
[   28.392273]  test_alloc+0x364/0x10f0
[   28.392438]  test_use_after_free_read+0xdc/0x270
[   28.392641]  kunit_try_run_case+0x1a5/0x480
[   28.392822]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.393048]  kthread+0x337/0x6f0
[   28.393568]  ret_from_fork+0x116/0x1d0
[   28.393733]  ret_from_fork_asm+0x1a/0x30
[   28.394046] 
[   28.394484] freed by task 344 on cpu 1 at 28.387655s (0.006659s ago):
[   28.394839]  test_use_after_free_read+0x1e7/0x270
[   28.395173]  kunit_try_run_case+0x1a5/0x480
[   28.395386]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.395728]  kthread+0x337/0x6f0
[   28.395961]  ret_from_fork+0x116/0x1d0
[   28.396236]  ret_from_fork_asm+0x1a/0x30
[   28.396527] 
[   28.396665] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   28.397359] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.397545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.398094] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit