lkft/linux-stable-rc-linux-6.15.y - v6.15.1-816-gd878a60be557 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 17, 2025, 3:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   27.593367] ==================================================================
[   27.593535] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   27.593535] 
[   27.594024] Use-after-free read at 0x000000004551e860 (in kfence-#126):
[   27.594388]  test_use_after_free_read+0x114/0x248
[   27.595003]  kunit_try_run_case+0x170/0x3f0
[   27.595509]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.595678]  kthread+0x328/0x630
[   27.595870]  ret_from_fork+0x10/0x20
[   27.595974] 
[   27.596500] kfence-#126: 0x000000004551e860-0x00000000abd9f729, size=32, cache=test
[   27.596500] 
[   27.596894] allocated by task 299 on cpu 0 at 27.592398s (0.004485s ago):
[   27.597365]  test_alloc+0x230/0x628
[   27.597468]  test_use_after_free_read+0xd0/0x248
[   27.597564]  kunit_try_run_case+0x170/0x3f0
[   27.597660]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.598045]  kthread+0x328/0x630
[   27.598266]  ret_from_fork+0x10/0x20
[   27.598371] 
[   27.598841] freed by task 299 on cpu 0 at 27.592553s (0.006277s ago):
[   27.599616]  test_use_after_free_read+0xf0/0x248
[   27.600021]  kunit_try_run_case+0x170/0x3f0
[   27.600407]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.600546]  kthread+0x328/0x630
[   27.601204]  ret_from_fork+0x10/0x20
[   27.601850] 
[   27.602216] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   27.602534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.602713] Hardware name: linux,dummy-virt (DT)
[   27.603147] ==================================================================
[   27.486840] ==================================================================
[   27.487334] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   27.487334] 
[   27.487868] Use-after-free read at 0x0000000064b1224c (in kfence-#125):
[   27.488460]  test_use_after_free_read+0x114/0x248
[   27.488616]  kunit_try_run_case+0x170/0x3f0
[   27.488742]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.489322]  kthread+0x328/0x630
[   27.489886]  ret_from_fork+0x10/0x20
[   27.490045] 
[   27.490108] kfence-#125: 0x0000000064b1224c-0x0000000099a3d578, size=32, cache=kmalloc-32
[   27.490108] 
[   27.490490] allocated by task 297 on cpu 0 at 27.485246s (0.005233s ago):
[   27.490949]  test_alloc+0x29c/0x628
[   27.491057]  test_use_after_free_read+0xd0/0x248
[   27.491161]  kunit_try_run_case+0x170/0x3f0
[   27.491267]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.491852]  kthread+0x328/0x630
[   27.492071]  ret_from_fork+0x10/0x20
[   27.492191] 
[   27.492678] freed by task 297 on cpu 0 at 27.486302s (0.006365s ago):
[   27.493108]  test_use_after_free_read+0x1c0/0x248
[   27.493222]  kunit_try_run_case+0x170/0x3f0
[   27.493327]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.493849]  kthread+0x328/0x630
[   27.493951]  ret_from_fork+0x10/0x20
[   27.494027] 
[   27.494400] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   27.494876] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.495069] Hardware name: linux,dummy-virt (DT)
[   27.495424] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ydqNQrhsJ2o3nRcu0jJt1pJPAN

job_id

TEST:linaro@lkft#2ydqRXA7BZt3FYFyyVtfHApec53

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ydqRXA7BZt3FYFyyVtfHApec53

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqOQvh8FZMWVTqNBBZW6j0IZ9/Image.gz
sha256sum	7242332481f9356c5933d0de1be88bb7412a90d205771a7f71dcbe5c7be41d51

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqOQvh8FZMWVTqNBBZW6j0IZ9/modules.tar.xz
sha256sum	7d68a204448ffa43aa8312ab431e97fd284c4240b83f9cb05c5040addb3de16f

durations

tests

boot	0
kunit	371.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   27.995985] ==================================================================
[   27.996742] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   27.996742] 
[   27.997464] Use-after-free read at 0x(____ptrval____) (in kfence-#111):
[   27.997943]  test_use_after_free_read+0x129/0x270
[   27.999097]  kunit_try_run_case+0x1a5/0x480
[   27.999834]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.000791]  kthread+0x337/0x6f0
[   28.001517]  ret_from_fork+0x41/0x80
[   28.001881]  ret_from_fork_asm+0x1a/0x30
[   28.002646] 
[   28.002924] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   28.002924] 
[   28.003769] allocated by task 317 on cpu 0 at 27.995647s (0.008116s ago):
[   28.004678]  test_alloc+0x2a6/0x10f0
[   28.005026]  test_use_after_free_read+0xdc/0x270
[   28.005438]  kunit_try_run_case+0x1a5/0x480
[   28.005782]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.006708]  kthread+0x337/0x6f0
[   28.007396]  ret_from_fork+0x41/0x80
[   28.008001]  ret_from_fork_asm+0x1a/0x30
[   28.008405] 
[   28.008627] freed by task 317 on cpu 0 at 27.995737s (0.012884s ago):
[   28.009173]  test_use_after_free_read+0xfb/0x270
[   28.009693]  kunit_try_run_case+0x1a5/0x480
[   28.010077]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.010590]  kthread+0x337/0x6f0
[   28.010968]  ret_from_fork+0x41/0x80
[   28.011348]  ret_from_fork_asm+0x1a/0x30
[   28.011773] 
[   28.012095] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   28.013014] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.013812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.014934] ==================================================================
[   27.891991] ==================================================================
[   27.892714] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   27.892714] 
[   27.893504] Use-after-free read at 0x(____ptrval____) (in kfence-#110):
[   27.894074]  test_use_after_free_read+0x129/0x270
[   27.895462]  kunit_try_run_case+0x1a5/0x480
[   27.895890]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.896744]  kthread+0x337/0x6f0
[   27.897046]  ret_from_fork+0x41/0x80
[   27.897913]  ret_from_fork_asm+0x1a/0x30
[   27.898506] 
[   27.898713] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   27.898713] 
[   27.899608] allocated by task 315 on cpu 1 at 27.891664s (0.007938s ago):
[   27.900650]  test_alloc+0x364/0x10f0
[   27.900829]  test_use_after_free_read+0xdc/0x270
[   27.901014]  kunit_try_run_case+0x1a5/0x480
[   27.901732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.902773]  kthread+0x337/0x6f0
[   27.903112]  ret_from_fork+0x41/0x80
[   27.903628]  ret_from_fork_asm+0x1a/0x30
[   27.904037] 
[   27.904692] freed by task 315 on cpu 1 at 27.891745s (0.012944s ago):
[   27.905365]  test_use_after_free_read+0x1e7/0x270
[   27.906008]  kunit_try_run_case+0x1a5/0x480
[   27.906446]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.906962]  kthread+0x337/0x6f0
[   27.907525]  ret_from_fork+0x41/0x80
[   27.908230]  ret_from_fork_asm+0x1a/0x30
[   27.909069] 
[   27.909631] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   27.910863] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.911267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.912006] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ydqNQrhsJ2o3nRcu0jJt1pJPAN

job_id

TEST:linaro@lkft#2ydqSbVLJtfnoiVqBGRBZxOjffu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ydqSbVLJtfnoiVqBGRBZxOjffu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqPMPGuVJPcn1D8Y3KCmDNOXg/bzImage
sha256sum	05c6a85227d1e1a6c6c693a793fa53ba9f00416208a2562d45c58d329bf85dcb

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqPMPGuVJPcn1D8Y3KCmDNOXg/modules.tar.xz
sha256sum	52374c846bbd7392e4144d2522f592e5e135b33632071d46c9f4403fe0600d03

durations

tests

boot	0
kunit	437.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit