lkft/linux-next-master - next-20250717 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 17, 2025, 10:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   34.581107] ==================================================================
[   34.581216] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.581216] 
[   34.581316] Use-after-free read at 0x00000000c3e386c6 (in kfence-#136):
[   34.581371]  test_use_after_free_read+0x114/0x248
[   34.581417]  kunit_try_run_case+0x170/0x3f0
[   34.581461]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.581503]  kthread+0x328/0x630
[   34.581544]  ret_from_fork+0x10/0x20
[   34.581582] 
[   34.581606] kfence-#136: 0x00000000c3e386c6-0x000000007eeb7709, size=32, cache=kmalloc-32
[   34.581606] 
[   34.581659] allocated by task 326 on cpu 1 at 34.580788s (0.000867s ago):
[   34.581733]  test_alloc+0x29c/0x628
[   34.581770]  test_use_after_free_read+0xd0/0x248
[   34.581811]  kunit_try_run_case+0x170/0x3f0
[   34.581848]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.581891]  kthread+0x328/0x630
[   34.581926]  ret_from_fork+0x10/0x20
[   34.581970] 
[   34.582115] freed by task 326 on cpu 1 at 34.580867s (0.001148s ago):
[   34.582232]  test_use_after_free_read+0x1c0/0x248
[   34.582275]  kunit_try_run_case+0x170/0x3f0
[   34.582317]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.582358]  kthread+0x328/0x630
[   34.582394]  ret_from_fork+0x10/0x20
[   34.582446] 
[   34.582495] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   34.582577] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.582607] Hardware name: linux,dummy-virt (DT)
[   34.582643] ==================================================================
[   34.684995] ==================================================================
[   34.685106] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   34.685106] 
[   34.685198] Use-after-free read at 0x00000000f5ed2f20 (in kfence-#137):
[   34.685253]  test_use_after_free_read+0x114/0x248
[   34.685299]  kunit_try_run_case+0x170/0x3f0
[   34.685343]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.685386]  kthread+0x328/0x630
[   34.685426]  ret_from_fork+0x10/0x20
[   34.685466] 
[   34.685491] kfence-#137: 0x00000000f5ed2f20-0x0000000041e8e864, size=32, cache=test
[   34.685491] 
[   34.685542] allocated by task 328 on cpu 0 at 34.684782s (0.000757s ago):
[   34.685614]  test_alloc+0x230/0x628
[   34.685653]  test_use_after_free_read+0xd0/0x248
[   34.685691]  kunit_try_run_case+0x170/0x3f0
[   34.685728]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.685772]  kthread+0x328/0x630
[   34.685807]  ret_from_fork+0x10/0x20
[   34.685846] 
[   34.685869] freed by task 328 on cpu 0 at 34.684852s (0.001014s ago):
[   34.685971]  test_use_after_free_read+0xf0/0x248
[   34.686011]  kunit_try_run_case+0x170/0x3f0
[   34.686051]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.686107]  kthread+0x328/0x630
[   34.686144]  ret_from_fork+0x10/0x20
[   34.686181] 
[   34.686226] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   34.686307] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.686337] Hardware name: linux,dummy-virt (DT)
[   34.686370] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwI23tpQTBG8fCn9UxRxbb3tr

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwI23tpQTBG8fCn9UxRxbb3tr

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/Image.gz
sha256sum	96fb88d4d7e7c3e6152876915e22498e21d41ed7aff45eb77676039904c4d08c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/modules.tar.xz
sha256sum	dcc013962c933691dd3d8528b3dca35a1d1690294b48c5891b1bcdd298eff6aa

durations

tests

boot	0
kunit	174.13

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   30.502778] ==================================================================
[   30.503239] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.503239] 
[   30.503759] Use-after-free read at 0x(____ptrval____) (in kfence-#90):
[   30.504067]  test_use_after_free_read+0x129/0x270
[   30.504273]  kunit_try_run_case+0x1a5/0x480
[   30.504420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.504716]  kthread+0x337/0x6f0
[   30.504898]  ret_from_fork+0x116/0x1d0
[   30.505065]  ret_from_fork_asm+0x1a/0x30
[   30.505210] 
[   30.505300] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   30.505300] 
[   30.505763] allocated by task 344 on cpu 0 at 30.502605s (0.003155s ago):
[   30.506051]  test_alloc+0x364/0x10f0
[   30.506220]  test_use_after_free_read+0xdc/0x270
[   30.507184]  kunit_try_run_case+0x1a5/0x480
[   30.507400]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.507811]  kthread+0x337/0x6f0
[   30.507980]  ret_from_fork+0x116/0x1d0
[   30.508299]  ret_from_fork_asm+0x1a/0x30
[   30.508502] 
[   30.508583] freed by task 344 on cpu 0 at 30.502666s (0.005915s ago):
[   30.508876]  test_use_after_free_read+0x1e7/0x270
[   30.509088]  kunit_try_run_case+0x1a5/0x480
[   30.509274]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.509486]  kthread+0x337/0x6f0
[   30.509630]  ret_from_fork+0x116/0x1d0
[   30.509792]  ret_from_fork_asm+0x1a/0x30
[   30.509963] 
[   30.510064] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   30.511048] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.511234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.511756] ==================================================================
[   30.606727] ==================================================================
[   30.607120] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.607120] 
[   30.607885] Use-after-free read at 0x(____ptrval____) (in kfence-#91):
[   30.608306]  test_use_after_free_read+0x129/0x270
[   30.608470]  kunit_try_run_case+0x1a5/0x480
[   30.608615]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.608783]  kthread+0x337/0x6f0
[   30.608900]  ret_from_fork+0x116/0x1d0
[   30.609028]  ret_from_fork_asm+0x1a/0x30
[   30.609181] 
[   30.609273] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   30.609273] 
[   30.609649] allocated by task 346 on cpu 1 at 30.606574s (0.003072s ago):
[   30.609903]  test_alloc+0x2a6/0x10f0
[   30.610036]  test_use_after_free_read+0xdc/0x270
[   30.610259]  kunit_try_run_case+0x1a5/0x480
[   30.610458]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.610712]  kthread+0x337/0x6f0
[   30.610826]  ret_from_fork+0x116/0x1d0
[   30.610950]  ret_from_fork_asm+0x1a/0x30
[   30.611146] 
[   30.611238] freed by task 346 on cpu 1 at 30.606611s (0.004625s ago):
[   30.611769]  test_use_after_free_read+0xfb/0x270
[   30.611966]  kunit_try_run_case+0x1a5/0x480
[   30.612151]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.612475]  kthread+0x337/0x6f0
[   30.612591]  ret_from_fork+0x116/0x1d0
[   30.612716]  ret_from_fork_asm+0x1a/0x30
[   30.612873] 
[   30.612987] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   30.613656] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.613790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.614223] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwJ32YYH3rsbvUvNRbDDLdWs9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwJ32YYH3rsbvUvNRbDDLdWs9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/bzImage
sha256sum	07a1e7c475fbe0d7581a28da7be9cafbb328e6becefa6ecbfcd42fdce3b22356

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/modules.tar.xz
sha256sum	651adbeb72ad9ee19188d99d2b877df4dd037d2a48b86a8a968b1eb4c3477806

durations

tests

boot	0
kunit	236.22

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit