lkft/linux-stable-rc-linux-6.15.y - v6.15.5-179-gb283c37b8f14 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 8, 2025, 4:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.039604] ==================================================================
[   22.039715] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.039715] 
[   22.039813] Use-after-free read at 0x00000000e61fd231 (in kfence-#88):
[   22.039916]  test_use_after_free_read+0x114/0x248
[   22.039970]  kunit_try_run_case+0x170/0x3f0
[   22.040038]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.040445]  kthread+0x328/0x630
[   22.040551]  ret_from_fork+0x10/0x20
[   22.040599] 
[   22.040625] kfence-#88: 0x00000000e61fd231-0x00000000c873faf0, size=32, cache=kmalloc-32
[   22.040625] 
[   22.041025] allocated by task 297 on cpu 0 at 22.038761s (0.002226s ago):
[   22.041134]  test_alloc+0x29c/0x628
[   22.041271]  test_use_after_free_read+0xd0/0x248
[   22.041318]  kunit_try_run_case+0x170/0x3f0
[   22.041898]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.041998]  kthread+0x328/0x630
[   22.042110]  ret_from_fork+0x10/0x20
[   22.042151] 
[   22.042186] freed by task 297 on cpu 0 at 22.039239s (0.002941s ago):
[   22.042310]  test_use_after_free_read+0x1c0/0x248
[   22.042398]  kunit_try_run_case+0x170/0x3f0
[   22.042440]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.042504]  kthread+0x328/0x630
[   22.042553]  ret_from_fork+0x10/0x20
[   22.042592] 
[   22.042642] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   22.042723] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.042771] Hardware name: linux,dummy-virt (DT)
[   22.042814] ==================================================================
[   22.142913] ==================================================================
[   22.143023] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.143023] 
[   22.143153] Use-after-free read at 0x00000000108af4e4 (in kfence-#89):
[   22.143579]  test_use_after_free_read+0x114/0x248
[   22.143649]  kunit_try_run_case+0x170/0x3f0
[   22.143777]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.143828]  kthread+0x328/0x630
[   22.143872]  ret_from_fork+0x10/0x20
[   22.144170] 
[   22.144216] kfence-#89: 0x00000000108af4e4-0x00000000b32968d4, size=32, cache=test
[   22.144216] 
[   22.144360] allocated by task 299 on cpu 0 at 22.142408s (0.001914s ago):
[   22.144652]  test_alloc+0x230/0x628
[   22.144820]  test_use_after_free_read+0xd0/0x248
[   22.144968]  kunit_try_run_case+0x170/0x3f0
[   22.145053]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.145295]  kthread+0x328/0x630
[   22.145587]  ret_from_fork+0x10/0x20
[   22.145797] 
[   22.146036] freed by task 299 on cpu 0 at 22.142503s (0.003519s ago):
[   22.146242]  test_use_after_free_read+0xf0/0x248
[   22.146331]  kunit_try_run_case+0x170/0x3f0
[   22.146674]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.147112]  kthread+0x328/0x630
[   22.147266]  ret_from_fork+0x10/0x20
[   22.147371] 
[   22.147624] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   22.147869] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.147942] Hardware name: linux,dummy-virt (DT)
[   22.147987] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHCHYqfIu4VBVZVnMqPbdHKQ6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHCHYqfIu4VBVZVnMqPbdHKQ6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/Image.gz
sha256sum	377fc1f956356f0192a0ae5a36f5141cc4f5c82f23686cbb581490c555233292

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/modules.tar.xz
sha256sum	63862ff5342865dbcabf053997348687cbf8c69b4178e317b99ac30d13bd68f5

durations

tests

boot	0
kunit	196.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.269460] ==================================================================
[   16.269997] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.269997] 
[   16.270437] Use-after-free read at 0x(____ptrval____) (in kfence-#68):
[   16.271062]  test_use_after_free_read+0x129/0x270
[   16.271457]  kunit_try_run_case+0x1a5/0x480
[   16.272021]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.272283]  kthread+0x337/0x6f0
[   16.272471]  ret_from_fork+0x41/0x80
[   16.272753]  ret_from_fork_asm+0x1a/0x30
[   16.273123] 
[   16.273319] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.273319] 
[   16.273792] allocated by task 315 on cpu 1 at 16.269232s (0.004557s ago):
[   16.274218]  test_alloc+0x364/0x10f0
[   16.274396]  test_use_after_free_read+0xdc/0x270
[   16.274795]  kunit_try_run_case+0x1a5/0x480
[   16.275114]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.275460]  kthread+0x337/0x6f0
[   16.275769]  ret_from_fork+0x41/0x80
[   16.276056]  ret_from_fork_asm+0x1a/0x30
[   16.276338] 
[   16.276523] freed by task 315 on cpu 1 at 16.269295s (0.007225s ago):
[   16.276932]  test_use_after_free_read+0x1e7/0x270
[   16.277160]  kunit_try_run_case+0x1a5/0x480
[   16.277488]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.277847]  kthread+0x337/0x6f0
[   16.278121]  ret_from_fork+0x41/0x80
[   16.278312]  ret_from_fork_asm+0x1a/0x30
[   16.278667] 
[   16.278907] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   16.279467] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.279692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.280087] ==================================================================
[   16.373424] ==================================================================
[   16.374048] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.374048] 
[   16.374428] Use-after-free read at 0x(____ptrval____) (in kfence-#69):
[   16.374706]  test_use_after_free_read+0x129/0x270
[   16.374998]  kunit_try_run_case+0x1a5/0x480
[   16.375192]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.375450]  kthread+0x337/0x6f0
[   16.376197]  ret_from_fork+0x41/0x80
[   16.376362]  ret_from_fork_asm+0x1a/0x30
[   16.376720] 
[   16.376920] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.376920] 
[   16.377414] allocated by task 317 on cpu 0 at 16.373204s (0.004206s ago):
[   16.377989]  test_alloc+0x2a6/0x10f0
[   16.378173]  test_use_after_free_read+0xdc/0x270
[   16.378381]  kunit_try_run_case+0x1a5/0x480
[   16.378579]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.379137]  kthread+0x337/0x6f0
[   16.379287]  ret_from_fork+0x41/0x80
[   16.379655]  ret_from_fork_asm+0x1a/0x30
[   16.379949] 
[   16.380038] freed by task 317 on cpu 0 at 16.373249s (0.006786s ago):
[   16.380530]  test_use_after_free_read+0xfb/0x270
[   16.380763]  kunit_try_run_case+0x1a5/0x480
[   16.380976]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.381216]  kthread+0x337/0x6f0
[   16.381371]  ret_from_fork+0x41/0x80
[   16.381843]  ret_from_fork_asm+0x1a/0x30
[   16.382055] 
[   16.382173] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   16.382805] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.383086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.383530] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHDX45bldMSBJpzmaNX6Oa8ya

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHDX45bldMSBJpzmaNX6Oa8ya

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/bzImage
sha256sum	f832e357085de19206056a035510bd43f1bc47badc4ae10b58ebab3542c23787

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/modules.tar.xz
sha256sum	ab3c5377b690ddf19fc7a14491556416ddf08419ceb427959995f1c420d461c9

durations

tests

boot	0
kunit	224.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit