lkft/linux-next-master - next-20250704 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 4, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   34.126940] ==================================================================
[   34.127019] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.127019] 
[   34.127099] Use-after-free read at 0x00000000840a6eeb (in kfence-#127):
[   34.127199]  test_use_after_free_read+0x114/0x248
[   34.127276]  kunit_try_run_case+0x170/0x3f0
[   34.127325]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.127420]  kthread+0x328/0x630
[   34.127478]  ret_from_fork+0x10/0x20
[   34.127558] 
[   34.127584] kfence-#127: 0x00000000840a6eeb-0x000000003167a437, size=32, cache=test
[   34.127584] 
[   34.127703] allocated by task 330 on cpu 1 at 34.126482s (0.001189s ago):
[   34.127774]  test_alloc+0x230/0x628
[   34.127851]  test_use_after_free_read+0xd0/0x248
[   34.127936]  kunit_try_run_case+0x170/0x3f0
[   34.127979]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.128062]  kthread+0x328/0x630
[   34.128129]  ret_from_fork+0x10/0x20
[   34.128170] 
[   34.128194] freed by task 330 on cpu 1 at 34.126542s (0.001649s ago):
[   34.128297]  test_use_after_free_read+0xf0/0x248
[   34.128342]  kunit_try_run_case+0x170/0x3f0
[   34.128384]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.128428]  kthread+0x328/0x630
[   34.128600]  ret_from_fork+0x10/0x20
[   34.128667] 
[   34.128714] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   34.128800] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.128858] Hardware name: linux,dummy-virt (DT)
[   34.128893] ==================================================================
[   34.022761] ==================================================================
[   34.022857] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.022857] 
[   34.022966] Use-after-free read at 0x0000000010ca87c9 (in kfence-#126):
[   34.023018]  test_use_after_free_read+0x114/0x248
[   34.023069]  kunit_try_run_case+0x170/0x3f0
[   34.023118]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.023260]  kthread+0x328/0x630
[   34.023325]  ret_from_fork+0x10/0x20
[   34.023369] 
[   34.023394] kfence-#126: 0x0000000010ca87c9-0x00000000aa78842c, size=32, cache=kmalloc-32
[   34.023394] 
[   34.023510] allocated by task 328 on cpu 1 at 34.022454s (0.001045s ago):
[   34.023582]  test_alloc+0x29c/0x628
[   34.023625]  test_use_after_free_read+0xd0/0x248
[   34.023669]  kunit_try_run_case+0x170/0x3f0
[   34.023795]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.023880]  kthread+0x328/0x630
[   34.023978]  ret_from_fork+0x10/0x20
[   34.024031] 
[   34.024391] freed by task 328 on cpu 1 at 34.022526s (0.001580s ago):
[   34.024562]  test_use_after_free_read+0x1c0/0x248
[   34.024697]  kunit_try_run_case+0x170/0x3f0
[   34.024743]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.024831]  kthread+0x328/0x630
[   34.024872]  ret_from_fork+0x10/0x20
[   34.025010] 
[   34.025105] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   34.025217] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.025305] Hardware name: linux,dummy-virt (DT)
[   34.025344] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKilf5MKTJ7lMyJmtgN73Nko7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKilf5MKTJ7lMyJmtgN73Nko7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/Image.gz
sha256sum	4057f87f22aa3a0c494fa56ac397e1d4208c36e40a654cceb81a6ec11e19d6de

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/modules.tar.xz
sha256sum	4bc11cd26c298df52c7ec39846a2a9f44ea5a2eb53067e5bc4040ac2b938e942

durations

tests

boot	0
kunit	164.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   31.493710] ==================================================================
[   31.494158] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   31.494158] 
[   31.494561] Use-after-free read at 0x(____ptrval____) (in kfence-#107):
[   31.494935]  test_use_after_free_read+0x129/0x270
[   31.495203]  kunit_try_run_case+0x1a5/0x480
[   31.495364]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.495560]  kthread+0x337/0x6f0
[   31.495769]  ret_from_fork+0x116/0x1d0
[   31.495974]  ret_from_fork_asm+0x1a/0x30
[   31.496339] 
[   31.496666] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   31.496666] 
[   31.497351] allocated by task 346 on cpu 1 at 31.493558s (0.003790s ago):
[   31.497709]  test_alloc+0x2a6/0x10f0
[   31.497855]  test_use_after_free_read+0xdc/0x270
[   31.498117]  kunit_try_run_case+0x1a5/0x480
[   31.498309]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.498618]  kthread+0x337/0x6f0
[   31.498775]  ret_from_fork+0x116/0x1d0
[   31.498957]  ret_from_fork_asm+0x1a/0x30
[   31.499173] 
[   31.499271] freed by task 346 on cpu 1 at 31.493615s (0.005654s ago):
[   31.499592]  test_use_after_free_read+0xfb/0x270
[   31.499757]  kunit_try_run_case+0x1a5/0x480
[   31.500051]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.500324]  kthread+0x337/0x6f0
[   31.500539]  ret_from_fork+0x116/0x1d0
[   31.500763]  ret_from_fork_asm+0x1a/0x30
[   31.500968] 
[   31.501106] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   31.501692] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.501891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   31.502240] ==================================================================
[   31.389902] ==================================================================
[   31.390588] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   31.390588] 
[   31.391167] Use-after-free read at 0x(____ptrval____) (in kfence-#106):
[   31.391457]  test_use_after_free_read+0x129/0x270
[   31.391666]  kunit_try_run_case+0x1a5/0x480
[   31.391884]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.392117]  kthread+0x337/0x6f0
[   31.392331]  ret_from_fork+0x116/0x1d0
[   31.392485]  ret_from_fork_asm+0x1a/0x30
[   31.392687] 
[   31.392815] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   31.392815] 
[   31.393179] allocated by task 344 on cpu 0 at 31.389522s (0.003655s ago):
[   31.394013]  test_alloc+0x364/0x10f0
[   31.394195]  test_use_after_free_read+0xdc/0x270
[   31.394438]  kunit_try_run_case+0x1a5/0x480
[   31.394639]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.395361]  kthread+0x337/0x6f0
[   31.395562]  ret_from_fork+0x116/0x1d0
[   31.395720]  ret_from_fork_asm+0x1a/0x30
[   31.396168] 
[   31.396579] freed by task 344 on cpu 0 at 31.389579s (0.006734s ago):
[   31.396939]  test_use_after_free_read+0x1e7/0x270
[   31.397274]  kunit_try_run_case+0x1a5/0x480
[   31.397581]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.397952]  kthread+0x337/0x6f0
[   31.398130]  ret_from_fork+0x116/0x1d0
[   31.398411]  ret_from_fork_asm+0x1a/0x30
[   31.398711] 
[   31.398830] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   31.399578] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.399876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   31.400442] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKjpyJJfb0RHWMDdUonKtpYX7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKjpyJJfb0RHWMDdUonKtpYX7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/bzImage
sha256sum	3f0d1ff177ab5ba3055e740ba2cf1227dc4607b95078e840d6a28e4500986f57

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/modules.tar.xz
sha256sum	ead6c26eb094cd2228a8bb228bc9db0774422a83d6a7934109ba6612b5e4d45b

durations

tests

boot	0
kunit	260.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit