lkft/linux-next-master - next-20250724 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 24, 2025, 4:41 a.m.

Environment
qemu-arm64
qemu-x86_64

[   36.911946] ==================================================================
[   36.912034] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.912034] 
[   36.912172] Use-after-free read at 0x0000000082be0eff (in kfence-#133):
[   36.912232]  test_use_after_free_read+0x114/0x248
[   36.912278]  kunit_try_run_case+0x170/0x3f0
[   36.912595]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.912696]  kthread+0x328/0x630
[   36.912741]  ret_from_fork+0x10/0x20
[   36.912811] 
[   36.912837] kfence-#133: 0x0000000082be0eff-0x0000000041af37b7, size=32, cache=test
[   36.912837] 
[   36.912926] allocated by task 328 on cpu 1 at 36.911600s (0.001315s ago):
[   36.913000]  test_alloc+0x230/0x628
[   36.913038]  test_use_after_free_read+0xd0/0x248
[   36.913079]  kunit_try_run_case+0x170/0x3f0
[   36.913301]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.913363]  kthread+0x328/0x630
[   36.913400]  ret_from_fork+0x10/0x20
[   36.913527] 
[   36.913610] freed by task 328 on cpu 1 at 36.911700s (0.001878s ago):
[   36.914048]  test_use_after_free_read+0xf0/0x248
[   36.914149]  kunit_try_run_case+0x170/0x3f0
[   36.914194]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.914239]  kthread+0x328/0x630
[   36.914304]  ret_from_fork+0x10/0x20
[   36.914346] 
[   36.914596] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   36.914777] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.914835] Hardware name: linux,dummy-virt (DT)
[   36.914891] ==================================================================
[   36.804575] ==================================================================
[   36.804681] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.804681] 
[   36.804834] Use-after-free read at 0x00000000555555e0 (in kfence-#132):
[   36.804912]  test_use_after_free_read+0x114/0x248
[   36.804966]  kunit_try_run_case+0x170/0x3f0
[   36.805015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.805059]  kthread+0x328/0x630
[   36.805099]  ret_from_fork+0x10/0x20
[   36.805140] 
[   36.805166] kfence-#132: 0x00000000555555e0-0x0000000077d5c124, size=32, cache=kmalloc-32
[   36.805166] 
[   36.805402] allocated by task 326 on cpu 1 at 36.803917s (0.001473s ago):
[   36.805646]  test_alloc+0x29c/0x628
[   36.805728]  test_use_after_free_read+0xd0/0x248
[   36.805844]  kunit_try_run_case+0x170/0x3f0
[   36.805891]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.805957]  kthread+0x328/0x630
[   36.806001]  ret_from_fork+0x10/0x20
[   36.806103] 
[   36.806544] freed by task 326 on cpu 1 at 36.804274s (0.001909s ago):
[   36.806784]  test_use_after_free_read+0x1c0/0x248
[   36.806851]  kunit_try_run_case+0x170/0x3f0
[   36.806895]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.806940]  kthread+0x328/0x630
[   36.806978]  ret_from_fork+0x10/0x20
[   36.807097] 
[   36.807161] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   36.807263] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.807294] Hardware name: linux,dummy-virt (DT)
[   36.807587] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30J3nY7QtuR6zFySSP24ERynb1Z

job_id

TEST:linaro@lkft#30J3tHAcCAzoumluJGVN0kuxFDU

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30J3tHAcCAzoumluJGVN0kuxFDU

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3pDsC9KNl7rr3iXBXH40Gq9W/Image.gz
sha256sum	544207c1b5a9d2840223bd62064127622ccefa2f812415650f45a51bca8475e6

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/arm64/rootfs.ext4.xz
sha256sum	4416595f610fe19a3fb374a6dd0942354bf27ddb827c7f1e8e5524ec95492466

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3pDsC9KNl7rr3iXBXH40Gq9W/modules.tar.xz
sha256sum	ae69e33cdc746370be45d97b12d0ee81e77ef54ca003ba881eec2f93d7e2865c

durations

tests

boot	0
kunit	170.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   33.025238] ==================================================================
[   33.025653] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   33.025653] 
[   33.026033] Use-after-free read at 0x(____ptrval____) (in kfence-#102):
[   33.026351]  test_use_after_free_read+0x129/0x270
[   33.026587]  kunit_try_run_case+0x1a5/0x480
[   33.026736]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.027086]  kthread+0x337/0x6f0
[   33.027305]  ret_from_fork+0x116/0x1d0
[   33.027457]  ret_from_fork_asm+0x1a/0x30
[   33.027647] 
[   33.027723] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   33.027723] 
[   33.028139] allocated by task 345 on cpu 1 at 33.025097s (0.003040s ago):
[   33.028433]  test_alloc+0x2a6/0x10f0
[   33.028594]  test_use_after_free_read+0xdc/0x270
[   33.028744]  kunit_try_run_case+0x1a5/0x480
[   33.028884]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.029092]  kthread+0x337/0x6f0
[   33.029274]  ret_from_fork+0x116/0x1d0
[   33.029457]  ret_from_fork_asm+0x1a/0x30
[   33.029613] 
[   33.029680] freed by task 345 on cpu 1 at 33.025159s (0.004518s ago):
[   33.029923]  test_use_after_free_read+0xfb/0x270
[   33.030147]  kunit_try_run_case+0x1a5/0x480
[   33.030351]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.030610]  kthread+0x337/0x6f0
[   33.030775]  ret_from_fork+0x116/0x1d0
[   33.030911]  ret_from_fork_asm+0x1a/0x30
[   33.031118] 
[   33.031219] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   33.031677] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   33.031911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.032240] ==================================================================
[   32.921345] ==================================================================
[   32.921808] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   32.921808] 
[   32.922280] Use-after-free read at 0x(____ptrval____) (in kfence-#101):
[   32.922611]  test_use_after_free_read+0x129/0x270
[   32.922787]  kunit_try_run_case+0x1a5/0x480
[   32.922997]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.923278]  kthread+0x337/0x6f0
[   32.923406]  ret_from_fork+0x116/0x1d0
[   32.923588]  ret_from_fork_asm+0x1a/0x30
[   32.923790] 
[   32.923882] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   32.923882] 
[   32.924262] allocated by task 343 on cpu 0 at 32.921102s (0.003157s ago):
[   32.924565]  test_alloc+0x364/0x10f0
[   32.924761]  test_use_after_free_read+0xdc/0x270
[   32.925033]  kunit_try_run_case+0x1a5/0x480
[   32.925254]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.925459]  kthread+0x337/0x6f0
[   32.925597]  ret_from_fork+0x116/0x1d0
[   32.925726]  ret_from_fork_asm+0x1a/0x30
[   32.925905] 
[   32.926152] freed by task 343 on cpu 0 at 32.921175s (0.004893s ago):
[   32.926521]  test_use_after_free_read+0x1e7/0x270
[   32.926806]  kunit_try_run_case+0x1a5/0x480
[   32.926971]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   32.927143]  kthread+0x337/0x6f0
[   32.927319]  ret_from_fork+0x116/0x1d0
[   32.927539]  ret_from_fork_asm+0x1a/0x30
[   32.927767] 
[   32.927914] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   32.928540] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.928723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   32.928991] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30J3nY7QtuR6zFySSP24ERynb1Z

job_id

TEST:linaro@lkft#30J3uLzhpviDmlOWY3P9BXfcBAH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30J3uLzhpviDmlOWY3P9BXfcBAH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3qksL4GBwzrde5mtPKhFeFEL/bzImage
sha256sum	af4ccad1f72d598f267023cce1cb43d5ed4bda226a707e01686be85dd90634f7

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/amd64/rootfs.ext4.xz
sha256sum	f011d4ee6daca8ff6eb107b3ab1eb085d1f77f9019361779f04403719dd7a135

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3qksL4GBwzrde5mtPKhFeFEL/modules.tar.xz
sha256sum	7c95098d7c3fc4ab7a627a48c0cdbf1fa3d50531e33653f38a4f14abeedf82da

durations

tests

boot	0
kunit	254.60

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit