lkft/linux-next-master - next-20250723 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 23, 2025, 3:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   35.261569] ==================================================================
[   35.261649] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   35.261649] 
[   35.261741] Use-after-free read at 0x00000000404d1b9d (in kfence-#126):
[   35.261816]  test_use_after_free_read+0x114/0x248
[   35.261894]  kunit_try_run_case+0x170/0x3f0
[   35.262052]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.262098]  kthread+0x328/0x630
[   35.262138]  ret_from_fork+0x10/0x20
[   35.262307] 
[   35.262509] kfence-#126: 0x00000000404d1b9d-0x00000000d618dd20, size=32, cache=test
[   35.262509] 
[   35.262616] allocated by task 330 on cpu 1 at 35.261338s (0.001267s ago):
[   35.262698]  test_alloc+0x230/0x628
[   35.262741]  test_use_after_free_read+0xd0/0x248
[   35.262817]  kunit_try_run_case+0x170/0x3f0
[   35.262860]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.262917]  kthread+0x328/0x630
[   35.262977]  ret_from_fork+0x10/0x20
[   35.263108] 
[   35.263239] freed by task 330 on cpu 1 at 35.261402s (0.001726s ago):
[   35.263387]  test_use_after_free_read+0xf0/0x248
[   35.263516]  kunit_try_run_case+0x170/0x3f0
[   35.263661]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.263716]  kthread+0x328/0x630
[   35.263752]  ret_from_fork+0x10/0x20
[   35.263792] 
[   35.264029] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   35.264150] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   35.264184] Hardware name: linux,dummy-virt (DT)
[   35.264253] ==================================================================
[   35.154045] ==================================================================
[   35.154147] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   35.154147] 
[   35.154442] Use-after-free read at 0x00000000efd0f0b6 (in kfence-#125):
[   35.154562]  test_use_after_free_read+0x114/0x248
[   35.154634]  kunit_try_run_case+0x170/0x3f0
[   35.154700]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.154754]  kthread+0x328/0x630
[   35.154794]  ret_from_fork+0x10/0x20
[   35.155035] 
[   35.155123] kfence-#125: 0x00000000efd0f0b6-0x0000000069a2a49e, size=32, cache=kmalloc-32
[   35.155123] 
[   35.155208] allocated by task 328 on cpu 1 at 35.153687s (0.001499s ago):
[   35.155311]  test_alloc+0x29c/0x628
[   35.155369]  test_use_after_free_read+0xd0/0x248
[   35.155443]  kunit_try_run_case+0x170/0x3f0
[   35.155491]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.155537]  kthread+0x328/0x630
[   35.155574]  ret_from_fork+0x10/0x20
[   35.155906] 
[   35.156131] freed by task 328 on cpu 1 at 35.153789s (0.002240s ago):
[   35.156292]  test_use_after_free_read+0x1c0/0x248
[   35.156350]  kunit_try_run_case+0x170/0x3f0
[   35.156393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.156673]  kthread+0x328/0x630
[   35.156732]  ret_from_fork+0x10/0x20
[   35.156797] 
[   35.156926] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   35.157056] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   35.157108] Hardware name: linux,dummy-virt (DT)
[   35.157481] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3i68xlwMFkooOhGrPcdOJwq6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3i68xlwMFkooOhGrPcdOJwq6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/Image.gz
sha256sum	b30e1898089cf202216a8d94747025c3be63110289f9fb6007e080b423a71d05

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/modules.tar.xz
sha256sum	eb69e4b4edadc912a9040d92071e298890d9adf22425e3972f798522efd0a9a6

durations

tests

boot	0
kunit	175.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   30.460982] ==================================================================
[   30.461428] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.461428] 
[   30.461885] Use-after-free read at 0x(____ptrval____) (in kfence-#97):
[   30.462191]  test_use_after_free_read+0x129/0x270
[   30.462404]  kunit_try_run_case+0x1a5/0x480
[   30.462596]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.462808]  kthread+0x337/0x6f0
[   30.463569]  ret_from_fork+0x116/0x1d0
[   30.463760]  ret_from_fork_asm+0x1a/0x30
[   30.463908] 
[   30.464080] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   30.464080] 
[   30.464448] allocated by task 344 on cpu 0 at 30.460736s (0.003710s ago):
[   30.464764]  test_alloc+0x364/0x10f0
[   30.464926]  test_use_after_free_read+0xdc/0x270
[   30.465576]  kunit_try_run_case+0x1a5/0x480
[   30.465744]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.466206]  kthread+0x337/0x6f0
[   30.466373]  ret_from_fork+0x116/0x1d0
[   30.466696]  ret_from_fork_asm+0x1a/0x30
[   30.466964] 
[   30.467057] freed by task 344 on cpu 0 at 30.460812s (0.006242s ago):
[   30.467345]  test_use_after_free_read+0x1e7/0x270
[   30.467719]  kunit_try_run_case+0x1a5/0x480
[   30.467986]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.468348]  kthread+0x337/0x6f0
[   30.468500]  ret_from_fork+0x116/0x1d0
[   30.468785]  ret_from_fork_asm+0x1a/0x30
[   30.468940] 
[   30.469066] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   30.469564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.469744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.470373] ==================================================================
[   30.564973] ==================================================================
[   30.565404] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.565404] 
[   30.566189] Use-after-free read at 0x(____ptrval____) (in kfence-#98):
[   30.566424]  test_use_after_free_read+0x129/0x270
[   30.566677]  kunit_try_run_case+0x1a5/0x480
[   30.567110]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.567487]  kthread+0x337/0x6f0
[   30.567639]  ret_from_fork+0x116/0x1d0
[   30.568005]  ret_from_fork_asm+0x1a/0x30
[   30.568329] 
[   30.568401] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   30.568401] 
[   30.569175] allocated by task 346 on cpu 1 at 30.564699s (0.004465s ago):
[   30.569650]  test_alloc+0x2a6/0x10f0
[   30.569779]  test_use_after_free_read+0xdc/0x270
[   30.569932]  kunit_try_run_case+0x1a5/0x480
[   30.570383]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.570776]  kthread+0x337/0x6f0
[   30.570931]  ret_from_fork+0x116/0x1d0
[   30.571158]  ret_from_fork_asm+0x1a/0x30
[   30.571339] 
[   30.571430] freed by task 346 on cpu 1 at 30.564756s (0.006672s ago):
[   30.571723]  test_use_after_free_read+0xfb/0x270
[   30.571946]  kunit_try_run_case+0x1a5/0x480
[   30.572176]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.572409]  kthread+0x337/0x6f0
[   30.572560]  ret_from_fork+0x116/0x1d0
[   30.572749]  ret_from_fork_asm+0x1a/0x30
[   30.572930] 
[   30.573068] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   30.573528] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.573924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.574313] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3j74iQKw0QFlrSngm0dpeaMJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3j74iQKw0QFlrSngm0dpeaMJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/bzImage
sha256sum	371f4f87cae012670505649e4e687713b51a0312ceeb0d149c78e0b6bf6d272b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/modules.tar.xz
sha256sum	1a60ff32537a1f4915659be5386778e0052a5e702d5e77815e3fc933dbd119e2

durations

tests

boot	0
kunit	253.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit