lkft/linux-next-master - next-20250709 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 9, 2025, 1:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   34.094602] ==================================================================
[   34.094743] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.094743] 
[   34.094844] Use-after-free read at 0x000000007314f1fc (in kfence-#128):
[   34.094896]  test_use_after_free_read+0x114/0x248
[   34.094998]  kunit_try_run_case+0x170/0x3f0
[   34.095045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.095266]  kthread+0x328/0x630
[   34.095388]  ret_from_fork+0x10/0x20
[   34.095434] 
[   34.095671] kfence-#128: 0x000000007314f1fc-0x0000000094af55f6, size=32, cache=kmalloc-32
[   34.095671] 
[   34.095872] allocated by task 327 on cpu 1 at 34.093964s (0.001819s ago):
[   34.096126]  test_alloc+0x29c/0x628
[   34.096225]  test_use_after_free_read+0xd0/0x248
[   34.096344]  kunit_try_run_case+0x170/0x3f0
[   34.096385]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.096582]  kthread+0x328/0x630
[   34.096735]  ret_from_fork+0x10/0x20
[   34.096778] 
[   34.096953] freed by task 327 on cpu 1 at 34.094041s (0.002792s ago):
[   34.097296]  test_use_after_free_read+0x1c0/0x248
[   34.097434]  kunit_try_run_case+0x170/0x3f0
[   34.097595]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.097693]  kthread+0x328/0x630
[   34.097846]  ret_from_fork+0x10/0x20
[   34.097977] 
[   34.098121] CPU: 1 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   34.098296] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.098346] Hardware name: linux,dummy-virt (DT)
[   34.098381] ==================================================================
[   34.198164] ==================================================================
[   34.198453] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.198453] 
[   34.198570] Use-after-free read at 0x000000005da92860 (in kfence-#129):
[   34.198624]  test_use_after_free_read+0x114/0x248
[   34.199094]  kunit_try_run_case+0x170/0x3f0
[   34.199173]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.199783]  kthread+0x328/0x630
[   34.199939]  ret_from_fork+0x10/0x20
[   34.200008] 
[   34.200308] kfence-#129: 0x000000005da92860-0x000000006fdc1fa5, size=32, cache=test
[   34.200308] 
[   34.200406] allocated by task 329 on cpu 1 at 34.197805s (0.002570s ago):
[   34.200484]  test_alloc+0x230/0x628
[   34.200986]  test_use_after_free_read+0xd0/0x248
[   34.201181]  kunit_try_run_case+0x170/0x3f0
[   34.201304]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.201458]  kthread+0x328/0x630
[   34.201514]  ret_from_fork+0x10/0x20
[   34.201881] 
[   34.202031] freed by task 329 on cpu 1 at 34.197906s (0.004032s ago):
[   34.202960]  test_use_after_free_read+0xf0/0x248
[   34.203168]  kunit_try_run_case+0x170/0x3f0
[   34.203230]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.203277]  kthread+0x328/0x630
[   34.203316]  ret_from_fork+0x10/0x20
[   34.203383] 
[   34.203430] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   34.203543] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.203600] Hardware name: linux,dummy-virt (DT)
[   34.203869] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdghTlh69PR1QDjNegFtBHq55A

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdghTlh69PR1QDjNegFtBHq55A

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/Image.gz
sha256sum	9f5eee9957545548ea4e1a38f001ee4d49216581a9ba43dfa3ccfa9e44a80665

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/modules.tar.xz
sha256sum	a00a8fd80d7c3e7553673b7b34ffa080501292edf8c4877ba00c110d5f08ed8f

durations

tests

boot	0
kunit	163.99

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   29.460371] ==================================================================
[   29.460788] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   29.460788] 
[   29.461206] Use-after-free read at 0x(____ptrval____) (in kfence-#97):
[   29.461520]  test_use_after_free_read+0x129/0x270
[   29.461727]  kunit_try_run_case+0x1a5/0x480
[   29.461923]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.462164]  kthread+0x337/0x6f0
[   29.462284]  ret_from_fork+0x116/0x1d0
[   29.462413]  ret_from_fork_asm+0x1a/0x30
[   29.462609] 
[   29.462713] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   29.462713] 
[   29.463164] allocated by task 347 on cpu 1 at 29.460233s (0.002929s ago):
[   29.463398]  test_alloc+0x2a6/0x10f0
[   29.463570]  test_use_after_free_read+0xdc/0x270
[   29.463825]  kunit_try_run_case+0x1a5/0x480
[   29.464027]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.464214]  kthread+0x337/0x6f0
[   29.464328]  ret_from_fork+0x116/0x1d0
[   29.464479]  ret_from_fork_asm+0x1a/0x30
[   29.464675] 
[   29.464789] freed by task 347 on cpu 1 at 29.460291s (0.004483s ago):
[   29.465114]  test_use_after_free_read+0xfb/0x270
[   29.465343]  kunit_try_run_case+0x1a5/0x480
[   29.465492]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.465684]  kthread+0x337/0x6f0
[   29.465942]  ret_from_fork+0x116/0x1d0
[   29.466101]  ret_from_fork_asm+0x1a/0x30
[   29.466283] 
[   29.466395] CPU: 1 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   29.466894] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   29.467117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.467477] ==================================================================
[   29.356492] ==================================================================
[   29.356968] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   29.356968] 
[   29.357455] Use-after-free read at 0x(____ptrval____) (in kfence-#96):
[   29.357740]  test_use_after_free_read+0x129/0x270
[   29.357952]  kunit_try_run_case+0x1a5/0x480
[   29.358160]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.358667]  kthread+0x337/0x6f0
[   29.358894]  ret_from_fork+0x116/0x1d0
[   29.359453]  ret_from_fork_asm+0x1a/0x30
[   29.359718] 
[   29.359964] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   29.359964] 
[   29.360361] allocated by task 345 on cpu 0 at 29.356232s (0.004126s ago):
[   29.360653]  test_alloc+0x364/0x10f0
[   29.361144]  test_use_after_free_read+0xdc/0x270
[   29.361387]  kunit_try_run_case+0x1a5/0x480
[   29.361568]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.361837]  kthread+0x337/0x6f0
[   29.362134]  ret_from_fork+0x116/0x1d0
[   29.362288]  ret_from_fork_asm+0x1a/0x30
[   29.362511] 
[   29.362752] freed by task 345 on cpu 0 at 29.356325s (0.006323s ago):
[   29.363406]  test_use_after_free_read+0x1e7/0x270
[   29.363732]  kunit_try_run_case+0x1a5/0x480
[   29.363978]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.364342]  kthread+0x337/0x6f0
[   29.364521]  ret_from_fork+0x116/0x1d0
[   29.364840]  ret_from_fork_asm+0x1a/0x30
[   29.365229] 
[   29.365389] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   29.365764] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   29.366390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.367258] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdgiR4lYmFolv6VtPNpXUv6c4T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdgiR4lYmFolv6VtPNpXUv6c4T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/bzImage
sha256sum	f7e62367d136756fd78b141e5190ae396942c5b5fabd4fda00971c136430b59f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/modules.tar.xz
sha256sum	4b09f4cdde291b6f441ef91e7389f5ff9bff86967f27fcee3276d7367dea1cc6

durations

tests

boot	0
kunit	223.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit