lkft/linux-stable-rc-linux-6.15.y - v6.15.4-264-gd5e6f0c9ca48 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 3, 2025, 3:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.466720] ==================================================================
[   20.466818] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.466818] 
[   20.466906] Use-after-free read at 0x00000000055fc2f0 (in kfence-#96):
[   20.466973]  test_use_after_free_read+0x114/0x248
[   20.467019]  kunit_try_run_case+0x170/0x3f0
[   20.467064]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.467108]  kthread+0x328/0x630
[   20.467149]  ret_from_fork+0x10/0x20
[   20.467189] 
[   20.467215] kfence-#96: 0x00000000055fc2f0-0x000000004776c689, size=32, cache=test
[   20.467215] 
[   20.467265] allocated by task 300 on cpu 1 at 20.466544s (0.000717s ago):
[   20.467336]  test_alloc+0x230/0x628
[   20.467375]  test_use_after_free_read+0xd0/0x248
[   20.467420]  kunit_try_run_case+0x170/0x3f0
[   20.467462]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.467507]  kthread+0x328/0x630
[   20.467545]  ret_from_fork+0x10/0x20
[   20.467584] 
[   20.467608] freed by task 300 on cpu 1 at 20.466602s (0.001003s ago):
[   20.467704]  test_use_after_free_read+0xf0/0x248
[   20.467746]  kunit_try_run_case+0x170/0x3f0
[   20.467787]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.467832]  kthread+0x328/0x630
[   20.467869]  ret_from_fork+0x10/0x20
[   20.467908] 
[   20.467962] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   20.468039] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.468069] Hardware name: linux,dummy-virt (DT)
[   20.468101] ==================================================================
[   20.362914] ==================================================================
[   20.363049] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.363049] 
[   20.363156] Use-after-free read at 0x00000000f15cdb58 (in kfence-#95):
[   20.363210]  test_use_after_free_read+0x114/0x248
[   20.363256]  kunit_try_run_case+0x170/0x3f0
[   20.363303]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.363346]  kthread+0x328/0x630
[   20.363389]  ret_from_fork+0x10/0x20
[   20.363429] 
[   20.363454] kfence-#95: 0x00000000f15cdb58-0x00000000a6f5e360, size=32, cache=kmalloc-32
[   20.363454] 
[   20.363506] allocated by task 298 on cpu 1 at 20.362606s (0.000896s ago):
[   20.363578]  test_alloc+0x29c/0x628
[   20.363617]  test_use_after_free_read+0xd0/0x248
[   20.363656]  kunit_try_run_case+0x170/0x3f0
[   20.363699]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.363744]  kthread+0x328/0x630
[   20.363782]  ret_from_fork+0x10/0x20
[   20.363826] 
[   20.363976] freed by task 298 on cpu 1 at 20.362682s (0.001204s ago):
[   20.364085]  test_use_after_free_read+0x1c0/0x248
[   20.364126]  kunit_try_run_case+0x170/0x3f0
[   20.364167]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.364212]  kthread+0x328/0x630
[   20.364250]  ret_from_fork+0x10/0x20
[   20.364303] 
[   20.364351] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   20.364429] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.364459] Hardware name: linux,dummy-virt (DT)
[   20.364494] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzF16Z6vC8SBU5IjlfCa7naD2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzF16Z6vC8SBU5IjlfCa7naD2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/Image.gz
sha256sum	d34d37a275cf1c4a311c4e7f05818074baab15ba48579f286d9d01d393ed7e9c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/modules.tar.xz
sha256sum	9c89e8adf491cb2a422508baae089982fd64fb3878557b807536b4a091a3a0ca

durations

tests

boot	0
kunit	203.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.681729] ==================================================================
[   16.682108] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.682108] 
[   16.682875] Use-after-free read at 0x(____ptrval____) (in kfence-#73):
[   16.683563]  test_use_after_free_read+0x129/0x270
[   16.683791]  kunit_try_run_case+0x1a5/0x480
[   16.684269]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.684591]  kthread+0x337/0x6f0
[   16.684769]  ret_from_fork+0x41/0x80
[   16.685068]  ret_from_fork_asm+0x1a/0x30
[   16.685210] 
[   16.685297] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.685297] 
[   16.685566] allocated by task 317 on cpu 0 at 16.681598s (0.003965s ago):
[   16.686194]  test_alloc+0x2a6/0x10f0
[   16.686579]  test_use_after_free_read+0xdc/0x270
[   16.686853]  kunit_try_run_case+0x1a5/0x480
[   16.687067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.687336]  kthread+0x337/0x6f0
[   16.687576]  ret_from_fork+0x41/0x80
[   16.687777]  ret_from_fork_asm+0x1a/0x30
[   16.687974] 
[   16.688085] freed by task 317 on cpu 0 at 16.681641s (0.006442s ago):
[   16.688428]  test_use_after_free_read+0xfb/0x270
[   16.688703]  kunit_try_run_case+0x1a5/0x480
[   16.688922]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.689144]  kthread+0x337/0x6f0
[   16.689359]  ret_from_fork+0x41/0x80
[   16.689547]  ret_from_fork_asm+0x1a/0x30
[   16.689709] 
[   16.689832] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   16.690263] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.690476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.690910] ==================================================================
[   16.577814] ==================================================================
[   16.578262] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.578262] 
[   16.579033] Use-after-free read at 0x(____ptrval____) (in kfence-#72):
[   16.579345]  test_use_after_free_read+0x129/0x270
[   16.579566]  kunit_try_run_case+0x1a5/0x480
[   16.580171]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.580433]  kthread+0x337/0x6f0
[   16.580606]  ret_from_fork+0x41/0x80
[   16.580979]  ret_from_fork_asm+0x1a/0x30
[   16.581177] 
[   16.581276] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.581276] 
[   16.581675] allocated by task 315 on cpu 1 at 16.577609s (0.004064s ago):
[   16.581984]  test_alloc+0x364/0x10f0
[   16.582151]  test_use_after_free_read+0xdc/0x270
[   16.582376]  kunit_try_run_case+0x1a5/0x480
[   16.582570]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.583340]  kthread+0x337/0x6f0
[   16.583504]  ret_from_fork+0x41/0x80
[   16.583688]  ret_from_fork_asm+0x1a/0x30
[   16.584126] 
[   16.584358] freed by task 315 on cpu 1 at 16.577658s (0.006615s ago):
[   16.584845]  test_use_after_free_read+0x1e7/0x270
[   16.585159]  kunit_try_run_case+0x1a5/0x480
[   16.585374]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.585765]  kthread+0x337/0x6f0
[   16.586000]  ret_from_fork+0x41/0x80
[   16.586147]  ret_from_fork_asm+0x1a/0x30
[   16.586534] 
[   16.586671] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   16.587228] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.587495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.587936] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzGKQRfnDRM24c8Stupaj3rNM

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzGKQRfnDRM24c8Stupaj3rNM

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/bzImage
sha256sum	131f25972ccf6d3dc07ed6136378c45c710f56a35a63be51ac66f3e0e6b9356d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/modules.tar.xz
sha256sum	cdc15104f6ae1897761e61b0f8dc24b998aab0a2fc2653c5aa0cdafc3e2c29fc

durations

tests

boot	0
kunit	225.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit