lkft/linux-stable-rc-linux-6.15.y - v6.15.1-35-g04e133874a24 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   28.647634] ==================================================================
[   28.647796] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   28.647796] 
[   28.648002] Use-after-free read at 0x00000000a27834e6 (in kfence-#137):
[   28.648125]  test_use_after_free_read+0x114/0x248
[   28.648257]  kunit_try_run_case+0x170/0x3f0
[   28.648379]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.648517]  kthread+0x328/0x630
[   28.648617]  ret_from_fork+0x10/0x20
[   28.648713] 
[   28.648774] kfence-#137: 0x00000000a27834e6-0x00000000a2206f7a, size=32, cache=test
[   28.648774] 
[   28.648902] allocated by task 301 on cpu 1 at 28.644161s (0.004733s ago):
[   28.649067]  test_alloc+0x230/0x628
[   28.649164]  test_use_after_free_read+0xd0/0x248
[   28.649269]  kunit_try_run_case+0x170/0x3f0
[   28.649373]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.649483]  kthread+0x328/0x630
[   28.649568]  ret_from_fork+0x10/0x20
[   28.649656] 
[   28.649711] freed by task 301 on cpu 1 at 28.644270s (0.005432s ago):
[   28.649863]  test_use_after_free_read+0xf0/0x248
[   28.650451]  kunit_try_run_case+0x170/0x3f0
[   28.650966]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.651086]  kthread+0x328/0x630
[   28.651180]  ret_from_fork+0x10/0x20
[   28.651311] 
[   28.651448] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   28.652273] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.652500] Hardware name: linux,dummy-virt (DT)
[   28.652601] ==================================================================
[   28.543586] ==================================================================
[   28.543753] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   28.543753] 
[   28.543963] Use-after-free read at 0x000000003deb452f (in kfence-#136):
[   28.544084]  test_use_after_free_read+0x114/0x248
[   28.544216]  kunit_try_run_case+0x170/0x3f0
[   28.544338]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.544469]  kthread+0x328/0x630
[   28.544578]  ret_from_fork+0x10/0x20
[   28.544689] 
[   28.544751] kfence-#136: 0x000000003deb452f-0x00000000a086436e, size=32, cache=kmalloc-32
[   28.544751] 
[   28.544950] allocated by task 299 on cpu 1 at 28.541824s (0.003117s ago):
[   28.545112]  test_alloc+0x29c/0x628
[   28.545214]  test_use_after_free_read+0xd0/0x248
[   28.545319]  kunit_try_run_case+0x170/0x3f0
[   28.547109]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.547837]  kthread+0x328/0x630
[   28.548007]  ret_from_fork+0x10/0x20
[   28.548104] 
[   28.548399] freed by task 299 on cpu 1 at 28.541957s (0.006429s ago):
[   28.548614]  test_use_after_free_read+0x1c0/0x248
[   28.549001]  kunit_try_run_case+0x170/0x3f0
[   28.549474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.549607]  kthread+0x328/0x630
[   28.550182]  ret_from_fork+0x10/0x20
[   28.550349] 
[   28.550876] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   28.551358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.551449] Hardware name: linux,dummy-virt (DT)
[   28.551529] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0l1lM4PPUPWLjAP2OyhEuEu2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0l1lM4PPUPWLjAP2OyhEuEu2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/Image.gz
sha256sum	1b531226140e142190e4cd0e4f3862050b0e2c45e059974a53d69b2b25304bf8

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/modules.tar.xz
sha256sum	96aed9ab36b698bb4c9bf06650847db2adf83170cdf96c9ed9e744a15d7b27ec

durations

tests

boot	0
kunit	362.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   19.976403] ==================================================================
[   19.976999] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   19.976999] 
[   19.977410] Use-after-free read at 0x(____ptrval____) (in kfence-#94):
[   19.977744]  test_use_after_free_read+0x129/0x270
[   19.977882]  kunit_try_run_case+0x1a5/0x480
[   19.977992]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.978289]  kthread+0x337/0x6f0
[   19.978501]  ret_from_fork+0x41/0x80
[   19.978766]  ret_from_fork_asm+0x1a/0x30
[   19.979059] 
[   19.979329] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   19.979329] 
[   19.979581] allocated by task 315 on cpu 1 at 19.976143s (0.003435s ago):
[   19.980183]  test_alloc+0x364/0x10f0
[   19.980438]  test_use_after_free_read+0xdc/0x270
[   19.980809]  kunit_try_run_case+0x1a5/0x480
[   19.980949]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.981067]  kthread+0x337/0x6f0
[   19.981294]  ret_from_fork+0x41/0x80
[   19.981533]  ret_from_fork_asm+0x1a/0x30
[   19.981951] 
[   19.982310] freed by task 315 on cpu 1 at 19.976230s (0.005885s ago):
[   19.982670]  test_use_after_free_read+0x1e7/0x270
[   19.982938]  kunit_try_run_case+0x1a5/0x480
[   19.983170]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.983424]  kthread+0x337/0x6f0
[   19.983654]  ret_from_fork+0x41/0x80
[   19.983864]  ret_from_fork_asm+0x1a/0x30
[   19.984002] 
[   19.984531] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   19.984871] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.985107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.985361] ==================================================================
[   20.080285] ==================================================================
[   20.080651] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   20.080651] 
[   20.081051] Use-after-free read at 0x(____ptrval____) (in kfence-#95):
[   20.081182]  test_use_after_free_read+0x129/0x270
[   20.081371]  kunit_try_run_case+0x1a5/0x480
[   20.082112]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.082413]  kthread+0x337/0x6f0
[   20.082547]  ret_from_fork+0x41/0x80
[   20.082774]  ret_from_fork_asm+0x1a/0x30
[   20.082946] 
[   20.083424] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   20.083424] 
[   20.083659] allocated by task 317 on cpu 0 at 20.080116s (0.003540s ago):
[   20.084174]  test_alloc+0x2a6/0x10f0
[   20.084312]  test_use_after_free_read+0xdc/0x270
[   20.084500]  kunit_try_run_case+0x1a5/0x480
[   20.084671]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.085109]  kthread+0x337/0x6f0
[   20.085251]  ret_from_fork+0x41/0x80
[   20.085462]  ret_from_fork_asm+0x1a/0x30
[   20.085729] 
[   20.085826] freed by task 317 on cpu 0 at 20.080189s (0.005634s ago):
[   20.086255]  test_use_after_free_read+0xfb/0x270
[   20.086489]  kunit_try_run_case+0x1a5/0x480
[   20.086736]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.086940]  kthread+0x337/0x6f0
[   20.087089]  ret_from_fork+0x41/0x80
[   20.087225]  ret_from_fork_asm+0x1a/0x30
[   20.087390] 
[   20.087503] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   20.088275] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.088444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.088680] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0mjaDXA0CwqutKjQjRIFyOIe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0mjaDXA0CwqutKjQjRIFyOIe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/bzImage
sha256sum	47ba1de281267f956a3a48f9181f4c477feef4bcb70a0c3d7e92edaf4b0c05cf

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/modules.tar.xz
sha256sum	8e7e333ca033c5e02b3a17a5149fd9967683e83e27203dc8ee3885518ea01f50

durations

tests

boot	0
kunit	394.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit