lkft/linux-stable-rc-linux-6.15.y - v6.15.3-593-gde19bfa00d6f - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 23, 2025, 1:39 p.m.

Environment
qemu-arm64
qemu-x86_64

[   32.004191] ==================================================================
[   32.004339] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   32.004339] 
[   32.004538] Use-after-free read at 0x00000000a39c1eed (in kfence-#132):
[   32.004660]  test_use_after_free_read+0x114/0x248
[   32.004814]  kunit_try_run_case+0x170/0x3f0
[   32.004940]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.005057]  kthread+0x328/0x630
[   32.005197]  ret_from_fork+0x10/0x20
[   32.005363] 
[   32.005447] kfence-#132: 0x00000000a39c1eed-0x00000000998054fb, size=32, cache=test
[   32.005447] 
[   32.005608] allocated by task 299 on cpu 0 at 32.003847s (0.001734s ago):
[   32.005779]  test_alloc+0x230/0x628
[   32.005883]  test_use_after_free_read+0xd0/0x248
[   32.005991]  kunit_try_run_case+0x170/0x3f0
[   32.006101]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.006218]  kthread+0x328/0x630
[   32.006322]  ret_from_fork+0x10/0x20
[   32.006507] 
[   32.006601] freed by task 299 on cpu 0 at 32.003958s (0.002611s ago):
[   32.007187]  test_use_after_free_read+0xf0/0x248
[   32.008010]  kunit_try_run_case+0x170/0x3f0
[   32.008689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.008779]  kthread+0x328/0x630
[   32.008828]  ret_from_fork+0x10/0x20
[   32.008893] 
[   32.009028] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   32.009328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.009419] Hardware name: linux,dummy-virt (DT)
[   32.009551] ==================================================================
[   31.897559] ==================================================================
[   31.897740] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   31.897740] 
[   31.897930] Use-after-free read at 0x000000002d1d4567 (in kfence-#131):
[   31.898042]  test_use_after_free_read+0x114/0x248
[   31.898152]  kunit_try_run_case+0x170/0x3f0
[   31.898254]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.898358]  kthread+0x328/0x630
[   31.898480]  ret_from_fork+0x10/0x20
[   31.898597] 
[   31.898668] kfence-#131: 0x000000002d1d4567-0x000000000e0aff95, size=32, cache=kmalloc-32
[   31.898668] 
[   31.898959] allocated by task 297 on cpu 0 at 31.896292s (0.002658s ago):
[   31.899511]  test_alloc+0x29c/0x628
[   31.900104]  test_use_after_free_read+0xd0/0x248
[   31.900413]  kunit_try_run_case+0x170/0x3f0
[   31.900523]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.901262]  kthread+0x328/0x630
[   31.901577]  ret_from_fork+0x10/0x20
[   31.901735] 
[   31.901800] freed by task 297 on cpu 0 at 31.897005s (0.004785s ago):
[   31.902448]  test_use_after_free_read+0x1c0/0x248
[   31.902653]  kunit_try_run_case+0x170/0x3f0
[   31.902778]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.902959]  kthread+0x328/0x630
[   31.903524]  ret_from_fork+0x10/0x20
[   31.903782] 
[   31.904169] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   31.904517] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.904710] Hardware name: linux,dummy-virt (DT)
[   31.904799] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYT6Pinx8XSymaWNp6cpzl3Cl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYT6Pinx8XSymaWNp6cpzl3Cl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/Image.gz
sha256sum	57e05c75085917e237c36a1c6300a885b5a4018f7a22df0831ee3761434117fe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/modules.tar.xz
sha256sum	08df30bc44d3238a22959b8095bcf790b77fb8886fd1b3a26e269eaac34e9502

durations

tests

boot	0
kunit	345.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.906416] ==================================================================
[   25.907139] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   25.907139] 
[   25.907895] Use-after-free read at 0x(____ptrval____) (in kfence-#109):
[   25.908533]  test_use_after_free_read+0x129/0x270
[   25.908897]  kunit_try_run_case+0x1a5/0x480
[   25.909330]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.909932]  kthread+0x337/0x6f0
[   25.910400]  ret_from_fork+0x41/0x80
[   25.910801]  ret_from_fork_asm+0x1a/0x30
[   25.911219] 
[   25.911409] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   25.911409] 
[   25.912216] allocated by task 316 on cpu 0 at 25.906101s (0.006110s ago):
[   25.912897]  test_alloc+0x364/0x10f0
[   25.913248]  test_use_after_free_read+0xdc/0x270
[   25.913724]  kunit_try_run_case+0x1a5/0x480
[   25.914058]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.914900]  kthread+0x337/0x6f0
[   25.915242]  ret_from_fork+0x41/0x80
[   25.915645]  ret_from_fork_asm+0x1a/0x30
[   25.916101] 
[   25.916582] freed by task 316 on cpu 0 at 25.906212s (0.010210s ago):
[   25.917177]  test_use_after_free_read+0x1e7/0x270
[   25.917662]  kunit_try_run_case+0x1a5/0x480
[   25.918112]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.918492]  kthread+0x337/0x6f0
[   25.918869]  ret_from_fork+0x41/0x80
[   25.919497]  ret_from_fork_asm+0x1a/0x30
[   25.919925] 
[   25.920199] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   25.920947] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.921409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.922157] ==================================================================
[   26.010334] ==================================================================
[   26.010970] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   26.010970] 
[   26.011785] Use-after-free read at 0x(____ptrval____) (in kfence-#110):
[   26.012236]  test_use_after_free_read+0x129/0x270
[   26.012775]  kunit_try_run_case+0x1a5/0x480
[   26.013210]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.013847]  kthread+0x337/0x6f0
[   26.014275]  ret_from_fork+0x41/0x80
[   26.014730]  ret_from_fork_asm+0x1a/0x30
[   26.015122] 
[   26.015408] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   26.015408] 
[   26.016214] allocated by task 318 on cpu 0 at 26.010145s (0.006063s ago):
[   26.016873]  test_alloc+0x2a6/0x10f0
[   26.017324]  test_use_after_free_read+0xdc/0x270
[   26.017852]  kunit_try_run_case+0x1a5/0x480
[   26.018277]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.018748]  kthread+0x337/0x6f0
[   26.019163]  ret_from_fork+0x41/0x80
[   26.019567]  ret_from_fork_asm+0x1a/0x30
[   26.020049] 
[   26.020281] freed by task 318 on cpu 0 at 26.010210s (0.010065s ago):
[   26.020982]  test_use_after_free_read+0xfb/0x270
[   26.021512]  kunit_try_run_case+0x1a5/0x480
[   26.021996]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.022559]  kthread+0x337/0x6f0
[   26.022949]  ret_from_fork+0x41/0x80
[   26.023436]  ret_from_fork_asm+0x1a/0x30
[   26.023769] 
[   26.024052] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   26.025518] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.025852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.026514] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYUHT0D3sQNOGwBtcXKr5K4Y5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYUHT0D3sQNOGwBtcXKr5K4Y5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/bzImage
sha256sum	464d852aa65e55fe849c2032fadc39c92d3f1038148deeeb5153bf785edfb3cb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/modules.tar.xz
sha256sum	48ba027071f05b733fc6db58a63b00001d03de4c8de4a7d017582fc3ae9eedfe

durations

tests

boot	0
kunit	357.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit