lkft/linux-next-master - next-20250708 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 8, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   35.961647] ==================================================================
[   35.961813] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   35.961813] 
[   35.961978] Use-after-free read at 0x00000000e138ed8e (in kfence-#139):
[   35.962042]  test_use_after_free_read+0x114/0x248
[   35.962093]  kunit_try_run_case+0x170/0x3f0
[   35.962360]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.962425]  kthread+0x328/0x630
[   35.962465]  ret_from_fork+0x10/0x20
[   35.962549] 
[   35.962576] kfence-#139: 0x00000000e138ed8e-0x0000000054847e1c, size=32, cache=kmalloc-32
[   35.962576] 
[   35.962632] allocated by task 326 on cpu 0 at 35.961259s (0.001370s ago):
[   35.962719]  test_alloc+0x29c/0x628
[   35.962763]  test_use_after_free_read+0xd0/0x248
[   35.962806]  kunit_try_run_case+0x170/0x3f0
[   35.962994]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.963065]  kthread+0x328/0x630
[   35.963135]  ret_from_fork+0x10/0x20
[   35.963241] 
[   35.963620] freed by task 326 on cpu 0 at 35.961331s (0.001965s ago):
[   35.963831]  test_use_after_free_read+0x1c0/0x248
[   35.963916]  kunit_try_run_case+0x170/0x3f0
[   35.963978]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.964060]  kthread+0x328/0x630
[   35.964146]  ret_from_fork+0x10/0x20
[   35.964251] 
[   35.964344] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   35.964455] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.964486] Hardware name: linux,dummy-virt (DT)
[   35.964521] ==================================================================
[   36.071806] ==================================================================
[   36.071892] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.071892] 
[   36.071980] Use-after-free read at 0x00000000f6e68098 (in kfence-#140):
[   36.072035]  test_use_after_free_read+0x114/0x248
[   36.072085]  kunit_try_run_case+0x170/0x3f0
[   36.072963]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.073080]  kthread+0x328/0x630
[   36.073129]  ret_from_fork+0x10/0x20
[   36.073170] 
[   36.073197] kfence-#140: 0x00000000f6e68098-0x00000000af6ba70e, size=32, cache=test
[   36.073197] 
[   36.073358] allocated by task 328 on cpu 0 at 36.071061s (0.002293s ago):
[   36.073460]  test_alloc+0x230/0x628
[   36.073590]  test_use_after_free_read+0xd0/0x248
[   36.073856]  kunit_try_run_case+0x170/0x3f0
[   36.074124]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.074175]  kthread+0x328/0x630
[   36.074575]  ret_from_fork+0x10/0x20
[   36.074877] 
[   36.074905] freed by task 328 on cpu 0 at 36.071355s (0.003546s ago):
[   36.075515]  test_use_after_free_read+0xf0/0x248
[   36.075934]  kunit_try_run_case+0x170/0x3f0
[   36.076336]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.076479]  kthread+0x328/0x630
[   36.076762]  ret_from_fork+0x10/0x20
[   36.076848] 
[   36.076927] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   36.077441] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.077485] Hardware name: linux,dummy-virt (DT)
[   36.077519] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadI5o4clKZiIYYjTSUQR6tPrp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadI5o4clKZiIYYjTSUQR6tPrp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/Image.gz
sha256sum	1ceb4687a4dcb5a790d42769a050e5ac78ce871667067fed7f3e7960550875ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/modules.tar.xz
sha256sum	3f48606753fbd3c6f5640d868ed22ac5af7831da8fafeb95bd8b8818bbdbc1a9

durations

tests

boot	0
kunit	170.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   29.584358] ==================================================================
[   29.584801] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   29.584801] 
[   29.585280] Use-after-free read at 0x(____ptrval____) (in kfence-#99):
[   29.585558]  test_use_after_free_read+0x129/0x270
[   29.585774]  kunit_try_run_case+0x1a5/0x480
[   29.585938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.586206]  kthread+0x337/0x6f0
[   29.586413]  ret_from_fork+0x116/0x1d0
[   29.586600]  ret_from_fork_asm+0x1a/0x30
[   29.586767] 
[   29.586879] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   29.586879] 
[   29.587179] allocated by task 343 on cpu 0 at 29.584105s (0.003071s ago):
[   29.587509]  test_alloc+0x364/0x10f0
[   29.587701]  test_use_after_free_read+0xdc/0x270
[   29.587946]  kunit_try_run_case+0x1a5/0x480
[   29.588087]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.588298]  kthread+0x337/0x6f0
[   29.588467]  ret_from_fork+0x116/0x1d0
[   29.588658]  ret_from_fork_asm+0x1a/0x30
[   29.588844] 
[   29.588929] freed by task 343 on cpu 0 at 29.584186s (0.004740s ago):
[   29.589202]  test_use_after_free_read+0x1e7/0x270
[   29.589412]  kunit_try_run_case+0x1a5/0x480
[   29.589596]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.589845]  kthread+0x337/0x6f0
[   29.590012]  ret_from_fork+0x116/0x1d0
[   29.590175]  ret_from_fork_asm+0x1a/0x30
[   29.590345] 
[   29.590441] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   29.590856] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.591049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.591537] ==================================================================
[   29.688291] ==================================================================
[   29.688679] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   29.688679] 
[   29.689070] Use-after-free read at 0x(____ptrval____) (in kfence-#100):
[   29.689391]  test_use_after_free_read+0x129/0x270
[   29.689614]  kunit_try_run_case+0x1a5/0x480
[   29.689866]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.690106]  kthread+0x337/0x6f0
[   29.690271]  ret_from_fork+0x116/0x1d0
[   29.690444]  ret_from_fork_asm+0x1a/0x30
[   29.690658] 
[   29.690748] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   29.690748] 
[   29.691164] allocated by task 345 on cpu 1 at 29.688134s (0.003027s ago):
[   29.691406]  test_alloc+0x2a6/0x10f0
[   29.691555]  test_use_after_free_read+0xdc/0x270
[   29.691774]  kunit_try_run_case+0x1a5/0x480
[   29.692069]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.692364]  kthread+0x337/0x6f0
[   29.692537]  ret_from_fork+0x116/0x1d0
[   29.692673]  ret_from_fork_asm+0x1a/0x30
[   29.692888] 
[   29.692997] freed by task 345 on cpu 1 at 29.688188s (0.004806s ago):
[   29.693336]  test_use_after_free_read+0xfb/0x270
[   29.693569]  kunit_try_run_case+0x1a5/0x480
[   29.693757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.694101]  kthread+0x337/0x6f0
[   29.694261]  ret_from_fork+0x116/0x1d0
[   29.694439]  ret_from_fork_asm+0x1a/0x30
[   29.694640] 
[   29.694808] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   29.695358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.695608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.695948] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadJ2rDp4QF2EanzdxmWx6xbyw

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadJ2rDp4QF2EanzdxmWx6xbyw

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/bzImage
sha256sum	d2e0f1ca9d9f79d7d3d3df8bfa6136f501414ea8fca61dd648f312b7af92ba7e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/modules.tar.xz
sha256sum	ae1650227c5d0061093609bf5a55f56383843ed1e291a338f9fc46e881212983

durations

tests

boot	0
kunit	246.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit