lkft/linux-next-master - next-20250710 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   34.019925] ==================================================================
[   34.020085] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.020085] 
[   34.020222] Use-after-free read at 0x000000001dbcaa5c (in kfence-#124):
[   34.020276]  test_use_after_free_read+0x114/0x248
[   34.020326]  kunit_try_run_case+0x170/0x3f0
[   34.020372]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.020430]  kthread+0x328/0x630
[   34.020471]  ret_from_fork+0x10/0x20
[   34.020510] 
[   34.020533] kfence-#124: 0x000000001dbcaa5c-0x000000008672e5b9, size=32, cache=kmalloc-32
[   34.020533] 
[   34.020594] allocated by task 326 on cpu 0 at 34.019568s (0.001021s ago):
[   34.020664]  test_alloc+0x29c/0x628
[   34.020703]  test_use_after_free_read+0xd0/0x248
[   34.020745]  kunit_try_run_case+0x170/0x3f0
[   34.020796]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.020842]  kthread+0x328/0x630
[   34.020877]  ret_from_fork+0x10/0x20
[   34.020938] 
[   34.021083] freed by task 326 on cpu 0 at 34.019656s (0.001340s ago):
[   34.021215]  test_use_after_free_read+0x1c0/0x248
[   34.021274]  kunit_try_run_case+0x170/0x3f0
[   34.021323]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.021367]  kthread+0x328/0x630
[   34.021402]  ret_from_fork+0x10/0x20
[   34.021464] 
[   34.021515] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   34.021600] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.021631] Hardware name: linux,dummy-virt (DT)
[   34.021664] ==================================================================
[   34.128139] ==================================================================
[   34.128220] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.128220] 
[   34.128514] Use-after-free read at 0x000000005ec5a4bc (in kfence-#125):
[   34.128836]  test_use_after_free_read+0x114/0x248
[   34.128959]  kunit_try_run_case+0x170/0x3f0
[   34.129014]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.129060]  kthread+0x328/0x630
[   34.129477]  ret_from_fork+0x10/0x20
[   34.129707] 
[   34.129772] kfence-#125: 0x000000005ec5a4bc-0x000000002dc9fc65, size=32, cache=test
[   34.129772] 
[   34.129941] allocated by task 328 on cpu 0 at 34.127845s (0.002072s ago):
[   34.130271]  test_alloc+0x230/0x628
[   34.130395]  test_use_after_free_read+0xd0/0x248
[   34.130463]  kunit_try_run_case+0x170/0x3f0
[   34.130510]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.130565]  kthread+0x328/0x630
[   34.130601]  ret_from_fork+0x10/0x20
[   34.130640] 
[   34.130913] freed by task 328 on cpu 0 at 34.127930s (0.002922s ago):
[   34.131219]  test_use_after_free_read+0xf0/0x248
[   34.131316]  kunit_try_run_case+0x170/0x3f0
[   34.131426]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.131686]  kthread+0x328/0x630
[   34.131885]  ret_from_fork+0x10/0x20
[   34.132147] 
[   34.132203] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   34.132376] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.132496] Hardware name: linux,dummy-virt (DT)
[   34.132567] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2bsAOkg3wb79cd8Vo2Ft0I1T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2bsAOkg3wb79cd8Vo2Ft0I1T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/Image.gz
sha256sum	3f8bc09ed9f9b9b07dd9347c2471900b9e11e4d06f46c1535963c2786d616931

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/modules.tar.xz
sha256sum	18d47f695b0cc0ec439f0c595d58fd07556cd744245e3297b23baf9d55fb3bf2

durations

tests

boot	0
kunit	167.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   30.660220] ==================================================================
[   30.660691] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.660691] 
[   30.661101] Use-after-free read at 0x(____ptrval____) (in kfence-#99):
[   30.661389]  test_use_after_free_read+0x129/0x270
[   30.661612]  kunit_try_run_case+0x1a5/0x480
[   30.661772]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.662055]  kthread+0x337/0x6f0
[   30.662211]  ret_from_fork+0x116/0x1d0
[   30.662381]  ret_from_fork_asm+0x1a/0x30
[   30.662520] 
[   30.662589] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   30.662589] 
[   30.663016] allocated by task 345 on cpu 0 at 30.660087s (0.002926s ago):
[   30.663320]  test_alloc+0x2a6/0x10f0
[   30.663452]  test_use_after_free_read+0xdc/0x270
[   30.663841]  kunit_try_run_case+0x1a5/0x480
[   30.664022]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.664195]  kthread+0x337/0x6f0
[   30.664312]  ret_from_fork+0x116/0x1d0
[   30.664516]  ret_from_fork_asm+0x1a/0x30
[   30.664724] 
[   30.664817] freed by task 345 on cpu 0 at 30.660146s (0.004669s ago):
[   30.665143]  test_use_after_free_read+0xfb/0x270
[   30.665356]  kunit_try_run_case+0x1a5/0x480
[   30.665496]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.665677]  kthread+0x337/0x6f0
[   30.665852]  ret_from_fork+0x116/0x1d0
[   30.666063]  ret_from_fork_asm+0x1a/0x30
[   30.666234] 
[   30.666328] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   30.667043] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.667262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.667590] ==================================================================
[   30.556296] ==================================================================
[   30.556745] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.556745] 
[   30.557182] Use-after-free read at 0x(____ptrval____) (in kfence-#98):
[   30.557432]  test_use_after_free_read+0x129/0x270
[   30.557787]  kunit_try_run_case+0x1a5/0x480
[   30.557959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.558197]  kthread+0x337/0x6f0
[   30.558369]  ret_from_fork+0x116/0x1d0
[   30.558505]  ret_from_fork_asm+0x1a/0x30
[   30.558718] 
[   30.558804] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   30.558804] 
[   30.559595] allocated by task 343 on cpu 1 at 30.556068s (0.003523s ago):
[   30.559874]  test_alloc+0x364/0x10f0
[   30.560052]  test_use_after_free_read+0xdc/0x270
[   30.560255]  kunit_try_run_case+0x1a5/0x480
[   30.560437]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.561134]  kthread+0x337/0x6f0
[   30.561399]  ret_from_fork+0x116/0x1d0
[   30.561681]  ret_from_fork_asm+0x1a/0x30
[   30.562022] 
[   30.562237] freed by task 343 on cpu 1 at 30.556136s (0.006019s ago):
[   30.562553]  test_use_after_free_read+0x1e7/0x270
[   30.562778]  kunit_try_run_case+0x1a5/0x480
[   30.562967]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.563201]  kthread+0x337/0x6f0
[   30.563354]  ret_from_fork+0x116/0x1d0
[   30.563509]  ret_from_fork_asm+0x1a/0x30
[   30.563713] 
[   30.563813] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   30.564359] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.564792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.565169] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2chsWj6P6g4Yh42ScAolxoFf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2chsWj6P6g4Yh42ScAolxoFf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/bzImage
sha256sum	eb7410b0b69b19788d5882352e576aee30487b33703b12e52517fe201bd88014

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/modules.tar.xz
sha256sum	c3a441bb14076463ddc241205f7bbeb2eae739a3ece169faa37e10094e3dfd2b

durations

tests

boot	0
kunit	225.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit