lkft/linux-next-master - next-20250725 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 25, 2025, 3:13 a.m.

Environment
qemu-arm64
qemu-x86_64

[   36.969861] ==================================================================
[   36.970020] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.970020] 
[   36.970129] Use-after-free read at 0x000000002149d620 (in kfence-#130):
[   36.970420]  test_use_after_free_read+0x114/0x248
[   36.970487]  kunit_try_run_case+0x170/0x3f0
[   36.970724]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.970818]  kthread+0x328/0x630
[   36.970865]  ret_from_fork+0x10/0x20
[   36.970997] 
[   36.971055] kfence-#130: 0x000000002149d620-0x0000000020883beb, size=32, cache=test
[   36.971055] 
[   36.971185] allocated by task 329 on cpu 0 at 36.969069s (0.002099s ago):
[   36.971381]  test_alloc+0x230/0x628
[   36.971538]  test_use_after_free_read+0xd0/0x248
[   36.971895]  kunit_try_run_case+0x170/0x3f0
[   36.971981]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.972029]  kthread+0x328/0x630
[   36.972100]  ret_from_fork+0x10/0x20
[   36.972164] 
[   36.972199] freed by task 329 on cpu 0 at 36.969663s (0.002532s ago):
[   36.972627]  test_use_after_free_read+0xf0/0x248
[   36.972729]  kunit_try_run_case+0x170/0x3f0
[   36.972775]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.972950]  kthread+0x328/0x630
[   36.973163]  ret_from_fork+0x10/0x20
[   36.973455] 
[   36.973636] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   36.974130] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   36.974197] Hardware name: linux,dummy-virt (DT)
[   36.974258] ==================================================================
[   36.865249] ==================================================================
[   36.865376] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   36.865376] 
[   36.865490] Use-after-free read at 0x0000000015bad9b4 (in kfence-#129):
[   36.865548]  test_use_after_free_read+0x114/0x248
[   36.865594]  kunit_try_run_case+0x170/0x3f0
[   36.865652]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.865700]  kthread+0x328/0x630
[   36.865740]  ret_from_fork+0x10/0x20
[   36.865783] 
[   36.865818] kfence-#129: 0x0000000015bad9b4-0x000000002ebecb11, size=32, cache=kmalloc-32
[   36.865818] 
[   36.865877] allocated by task 327 on cpu 0 at 36.864412s (0.001460s ago):
[   36.865952]  test_alloc+0x29c/0x628
[   36.865998]  test_use_after_free_read+0xd0/0x248
[   36.866040]  kunit_try_run_case+0x170/0x3f0
[   36.866087]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.866134]  kthread+0x328/0x630
[   36.866172]  ret_from_fork+0x10/0x20
[   36.866212] 
[   36.866245] freed by task 327 on cpu 0 at 36.864922s (0.001310s ago):
[   36.866313]  test_use_after_free_read+0x1c0/0x248
[   36.866355]  kunit_try_run_case+0x170/0x3f0
[   36.866395]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.866439]  kthread+0x328/0x630
[   36.866476]  ret_from_fork+0x10/0x20
[   36.866517] 
[   36.866575] CPU: 0 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   36.866679] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   36.866712] Hardware name: linux,dummy-virt (DT)
[   36.866749] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30LiGXj2ae9l37rDh9ES2ygGLcy

job_id

TEST:linaro@lkft#30LiLIPqWNQvRNRqDtBDxUwGxZz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30LiLIPqWNQvRNRqDtBDxUwGxZz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiHjVcRKNbgRBrU4jkvDoxC50/Image.gz
sha256sum	1f162015f4a75f9e6216abaa8065e831691a375e1ff18255465960f4188e179e

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/arm64/rootfs.ext4.xz
sha256sum	4416595f610fe19a3fb374a6dd0942354bf27ddb827c7f1e8e5524ec95492466

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiHjVcRKNbgRBrU4jkvDoxC50/modules.tar.xz
sha256sum	874d5b7c11e52abbdf6f386f72a342d5a69f5ce0dd54af8193144a32e6d2a204

durations

tests

boot	0
kunit	181.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   31.124290] ==================================================================
[   31.124743] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   31.124743] 
[   31.125321] Use-after-free read at 0x(____ptrval____) (in kfence-#92):
[   31.125582]  test_use_after_free_read+0x129/0x270
[   31.125789]  kunit_try_run_case+0x1a5/0x480
[   31.125954]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.126271]  kthread+0x337/0x6f0
[   31.126455]  ret_from_fork+0x116/0x1d0
[   31.126599]  ret_from_fork_asm+0x1a/0x30
[   31.126764] 
[   31.126862] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   31.126862] 
[   31.127288] allocated by task 344 on cpu 1 at 31.124076s (0.003209s ago):
[   31.127595]  test_alloc+0x364/0x10f0
[   31.127741]  test_use_after_free_read+0xdc/0x270
[   31.127900]  kunit_try_run_case+0x1a5/0x480
[   31.128119]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.128558]  kthread+0x337/0x6f0
[   31.128732]  ret_from_fork+0x116/0x1d0
[   31.128890]  ret_from_fork_asm+0x1a/0x30
[   31.129131] 
[   31.129327] freed by task 344 on cpu 1 at 31.124137s (0.005111s ago):
[   31.129618]  test_use_after_free_read+0x1e7/0x270
[   31.129856]  kunit_try_run_case+0x1a5/0x480
[   31.130044]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.130270]  kthread+0x337/0x6f0
[   31.130473]  ret_from_fork+0x116/0x1d0
[   31.130608]  ret_from_fork_asm+0x1a/0x30
[   31.130761] 
[   31.130854] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   31.131390] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.131566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   31.131842] ==================================================================
[   31.228202] ==================================================================
[   31.228592] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   31.228592] 
[   31.229064] Use-after-free read at 0x(____ptrval____) (in kfence-#93):
[   31.229533]  test_use_after_free_read+0x129/0x270
[   31.229787]  kunit_try_run_case+0x1a5/0x480
[   31.229967]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.230332]  kthread+0x337/0x6f0
[   31.230894]  ret_from_fork+0x116/0x1d0
[   31.231075]  ret_from_fork_asm+0x1a/0x30
[   31.231280] 
[   31.231445] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   31.231445] 
[   31.231977] allocated by task 346 on cpu 1 at 31.228095s (0.003879s ago):
[   31.232471]  test_alloc+0x2a6/0x10f0
[   31.232619]  test_use_after_free_read+0xdc/0x270
[   31.232989]  kunit_try_run_case+0x1a5/0x480
[   31.233313]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.233555]  kthread+0x337/0x6f0
[   31.233700]  ret_from_fork+0x116/0x1d0
[   31.233874]  ret_from_fork_asm+0x1a/0x30
[   31.234293] 
[   31.234402] freed by task 346 on cpu 1 at 31.228135s (0.006265s ago):
[   31.234774]  test_use_after_free_read+0xfb/0x270
[   31.234989]  kunit_try_run_case+0x1a5/0x480
[   31.235337]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   31.235582]  kthread+0x337/0x6f0
[   31.235869]  ret_from_fork+0x116/0x1d0
[   31.236072]  ret_from_fork_asm+0x1a/0x30
[   31.236373] 
[   31.236482] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   31.237006] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.237445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   31.237879] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30LiGXj2ae9l37rDh9ES2ygGLcy

job_id

TEST:linaro@lkft#30LiMSmAFBIdZSnFjQilSiHXbFX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30LiMSmAFBIdZSnFjQilSiHXbFX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiIkEIWzwcOizdgCfJhHvoQ2t/bzImage
sha256sum	cb04a09100e7bb1b25ec1cd9eb8a6652066b7b698c4172d9166a486dc8b0154b

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/amd64/rootfs.ext4.xz
sha256sum	f011d4ee6daca8ff6eb107b3ab1eb085d1f77f9019361779f04403719dd7a135

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiIkEIWzwcOizdgCfJhHvoQ2t/modules.tar.xz
sha256sum	3b07c3dc3b89c919b40bced1758d16b0994c9e96155d8408ee1a634b63ef2280

durations

tests

boot	0
kunit	227.73

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit