lkft/linux-stable-rc-linux-6.15.y - v6.15.3-589-g0e4c88a0cd37 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 24, 2025, 12:47 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.457781] ==================================================================
[   30.458439] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   30.458439] 
[   30.458617] Use-after-free read at 0x000000005daa90f8 (in kfence-#124):
[   30.458680]  test_use_after_free_read+0x114/0x248
[   30.458778]  kunit_try_run_case+0x170/0x3f0
[   30.458904]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.459147]  kthread+0x328/0x630
[   30.459424]  ret_from_fork+0x10/0x20
[   30.460068] 
[   30.460165] kfence-#124: 0x000000005daa90f8-0x00000000926a8755, size=32, cache=kmalloc-32
[   30.460165] 
[   30.460349] allocated by task 297 on cpu 1 at 30.457033s (0.003303s ago):
[   30.461013]  test_alloc+0x29c/0x628
[   30.461116]  test_use_after_free_read+0xd0/0x248
[   30.461659]  kunit_try_run_case+0x170/0x3f0
[   30.461858]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.462414]  kthread+0x328/0x630
[   30.462517]  ret_from_fork+0x10/0x20
[   30.462960] 
[   30.463017] freed by task 297 on cpu 1 at 30.457151s (0.005858s ago):
[   30.463600]  test_use_after_free_read+0x1c0/0x248
[   30.464322]  kunit_try_run_case+0x170/0x3f0
[   30.464494]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.464656]  kthread+0x328/0x630
[   30.465020]  ret_from_fork+0x10/0x20
[   30.465427] 
[   30.465764] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   30.466076] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.466647] Hardware name: linux,dummy-virt (DT)
[   30.466779] ==================================================================
[   30.558224] ==================================================================
[   30.558555] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   30.558555] 
[   30.558919] Use-after-free read at 0x0000000084f26998 (in kfence-#125):
[   30.559171]  test_use_after_free_read+0x114/0x248
[   30.559289]  kunit_try_run_case+0x170/0x3f0
[   30.559416]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.559531]  kthread+0x328/0x630
[   30.559639]  ret_from_fork+0x10/0x20
[   30.559736] 
[   30.559792] kfence-#125: 0x0000000084f26998-0x000000002ac581e2, size=32, cache=test
[   30.559792] 
[   30.559921] allocated by task 299 on cpu 1 at 30.557587s (0.002315s ago):
[   30.560127]  test_alloc+0x230/0x628
[   30.560280]  test_use_after_free_read+0xd0/0x248
[   30.560425]  kunit_try_run_case+0x170/0x3f0
[   30.560920]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.561527]  kthread+0x328/0x630
[   30.561722]  ret_from_fork+0x10/0x20
[   30.561842] 
[   30.561901] freed by task 299 on cpu 1 at 30.557676s (0.004217s ago):
[   30.562824]  test_use_after_free_read+0xf0/0x248
[   30.563023]  kunit_try_run_case+0x170/0x3f0
[   30.563161]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.563284]  kthread+0x328/0x630
[   30.563780]  ret_from_fork+0x10/0x20
[   30.563990] 
[   30.564172] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   30.564584] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.564681] Hardware name: linux,dummy-virt (DT)
[   30.564767] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHLQauKmmDRvn1GR1ZUkvl3N9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHLQauKmmDRvn1GR1ZUkvl3N9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/Image.gz
sha256sum	5f569b7032e517b4206d440631e131cb31d81d7f365d610fec12fc249e3ecc88

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/modules.tar.xz
sha256sum	9a32a6e401d68f3ff82d0c47495efa6c9203238907e9ea48aee314ec659ae3fc

durations

tests

boot	0
kunit	329.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.867316] ==================================================================
[   17.867881] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.867881] 
[   17.868397] Use-after-free read at 0x(____ptrval____) (in kfence-#87):
[   17.868768]  test_use_after_free_read+0x129/0x270
[   17.869142]  kunit_try_run_case+0x1a5/0x480
[   17.869375]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.869786]  kthread+0x337/0x6f0
[   17.869931]  ret_from_fork+0x41/0x80
[   17.870101]  ret_from_fork_asm+0x1a/0x30
[   17.870281] 
[   17.870387] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.870387] 
[   17.870877] allocated by task 315 on cpu 1 at 17.866915s (0.003957s ago):
[   17.871462]  test_alloc+0x364/0x10f0
[   17.871839]  test_use_after_free_read+0xdc/0x270
[   17.872251]  kunit_try_run_case+0x1a5/0x480
[   17.872605]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.872927]  kthread+0x337/0x6f0
[   17.873085]  ret_from_fork+0x41/0x80
[   17.873247]  ret_from_fork_asm+0x1a/0x30
[   17.873466] 
[   17.873896] freed by task 315 on cpu 1 at 17.867033s (0.006650s ago):
[   17.874609]  test_use_after_free_read+0x1e7/0x270
[   17.874974]  kunit_try_run_case+0x1a5/0x480
[   17.875314]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.875749]  kthread+0x337/0x6f0
[   17.876017]  ret_from_fork+0x41/0x80
[   17.876293]  ret_from_fork_asm+0x1a/0x30
[   17.876726] 
[   17.876996] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   17.877768] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.878063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.878608] ==================================================================
[   17.971033] ==================================================================
[   17.971461] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.971461] 
[   17.971837] Use-after-free read at 0x(____ptrval____) (in kfence-#88):
[   17.972165]  test_use_after_free_read+0x129/0x270
[   17.972524]  kunit_try_run_case+0x1a5/0x480
[   17.972829]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.973073]  kthread+0x337/0x6f0
[   17.973238]  ret_from_fork+0x41/0x80
[   17.973476]  ret_from_fork_asm+0x1a/0x30
[   17.973654] 
[   17.973759] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.973759] 
[   17.974422] allocated by task 317 on cpu 1 at 17.970825s (0.003591s ago):
[   17.974950]  test_alloc+0x2a6/0x10f0
[   17.975120]  test_use_after_free_read+0xdc/0x270
[   17.975302]  kunit_try_run_case+0x1a5/0x480
[   17.975481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.975816]  kthread+0x337/0x6f0
[   17.976067]  ret_from_fork+0x41/0x80
[   17.976311]  ret_from_fork_asm+0x1a/0x30
[   17.976595] 
[   17.976772] freed by task 317 on cpu 1 at 17.970919s (0.005848s ago):
[   17.977327]  test_use_after_free_read+0xfb/0x270
[   17.977589]  kunit_try_run_case+0x1a5/0x480
[   17.977811]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.978071]  kthread+0x337/0x6f0
[   17.978324]  ret_from_fork+0x41/0x80
[   17.978496]  ret_from_fork_asm+0x1a/0x30
[   17.978686] 
[   17.978850] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   17.979330] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.979586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.980124] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHMkevU93EIqRtXZQ3tGY4itd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHMkevU93EIqRtXZQ3tGY4itd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/bzImage
sha256sum	453ec96a6544da365eca74576dbe75de49d576db4e04b528c27ab9d3cb251d29

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/modules.tar.xz
sha256sum	52055fb894ed1f3fdb3335393e3f2e81da91906b8281f913fc0885beb5e85fa3

durations

tests

boot	0
kunit	331.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit