lkft/linux-stable-rc-linux-6.15.y - v6.15.7-188-g81bcc8b99854 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 22, 2025, 2:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   21.644209] ==================================================================
[   21.644297] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.644297] 
[   21.644713] Use-after-free read at 0x00000000bed58b57 (in kfence-#89):
[   21.644822]  test_use_after_free_read+0x114/0x248
[   21.644878]  kunit_try_run_case+0x170/0x3f0
[   21.644922]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.645004]  kthread+0x328/0x630
[   21.645339]  ret_from_fork+0x10/0x20
[   21.645409] 
[   21.645442] kfence-#89: 0x00000000bed58b57-0x000000002854108e, size=32, cache=test
[   21.645442] 
[   21.645593] allocated by task 299 on cpu 0 at 21.643762s (0.001823s ago):
[   21.645698]  test_alloc+0x230/0x628
[   21.645797]  test_use_after_free_read+0xd0/0x248
[   21.645840]  kunit_try_run_case+0x170/0x3f0
[   21.645900]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.645993]  kthread+0x328/0x630
[   21.646046]  ret_from_fork+0x10/0x20
[   21.646094] 
[   21.646118] freed by task 299 on cpu 0 at 21.643965s (0.002149s ago):
[   21.646229]  test_use_after_free_read+0xf0/0x248
[   21.646272]  kunit_try_run_case+0x170/0x3f0
[   21.646327]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.646368]  kthread+0x328/0x630
[   21.646408]  ret_from_fork+0x10/0x20
[   21.646447] 
[   21.646489] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   21.646577] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.646612] Hardware name: linux,dummy-virt (DT)
[   21.646650] ==================================================================
[   21.540011] ==================================================================
[   21.540443] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.540443] 
[   21.540569] Use-after-free read at 0x000000008b8bfb66 (in kfence-#88):
[   21.540933]  test_use_after_free_read+0x114/0x248
[   21.541021]  kunit_try_run_case+0x170/0x3f0
[   21.541107]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.541150]  kthread+0x328/0x630
[   21.541500]  ret_from_fork+0x10/0x20
[   21.541593] 
[   21.541623] kfence-#88: 0x000000008b8bfb66-0x000000004b3c6ddf, size=32, cache=kmalloc-32
[   21.541623] 
[   21.541711] allocated by task 297 on cpu 0 at 21.539509s (0.002162s ago):
[   21.542092]  test_alloc+0x29c/0x628
[   21.542148]  test_use_after_free_read+0xd0/0x248
[   21.542437]  kunit_try_run_case+0x170/0x3f0
[   21.542630]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.542711]  kthread+0x328/0x630
[   21.542895]  ret_from_fork+0x10/0x20
[   21.543015] 
[   21.543345] freed by task 297 on cpu 0 at 21.539589s (0.003592s ago):
[   21.543472]  test_use_after_free_read+0x1c0/0x248
[   21.543516]  kunit_try_run_case+0x170/0x3f0
[   21.543843]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.544069]  kthread+0x328/0x630
[   21.544173]  ret_from_fork+0x10/0x20
[   21.544757] 
[   21.544857] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   21.545032] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.545162] Hardware name: linux,dummy-virt (DT)
[   21.545250] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaWVUHqFABEKnxRbofWz5vTxK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaWVUHqFABEKnxRbofWz5vTxK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/Image.gz
sha256sum	6f108bf41d35f1fce19b9f3dd48bea0e689f69bd759e1a3761fef3bdacebcbc1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/modules.tar.xz
sha256sum	076bc5627f64b7f8fa64e90c5d7ade67331e333d4f3c6ec9ca7d6c88fba26e07

durations

tests

boot	0
kunit	199.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   16.456179] ==================================================================
[   16.456639] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.456639] 
[   16.457059] Use-after-free read at 0x(____ptrval____) (in kfence-#74):
[   16.457349]  test_use_after_free_read+0x129/0x270
[   16.458012]  kunit_try_run_case+0x1a5/0x480
[   16.458256]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.458527]  kthread+0x337/0x6f0
[   16.458676]  ret_from_fork+0x41/0x80
[   16.458831]  ret_from_fork_asm+0x1a/0x30
[   16.459030] 
[   16.459103] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.459103] 
[   16.459883] allocated by task 315 on cpu 1 at 16.455957s (0.003923s ago):
[   16.460277]  test_alloc+0x364/0x10f0
[   16.460595]  test_use_after_free_read+0xdc/0x270
[   16.460863]  kunit_try_run_case+0x1a5/0x480
[   16.461138]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.461347]  kthread+0x337/0x6f0
[   16.461628]  ret_from_fork+0x41/0x80
[   16.461902]  ret_from_fork_asm+0x1a/0x30
[   16.462101] 
[   16.462498] freed by task 315 on cpu 1 at 16.456009s (0.006398s ago):
[   16.462827]  test_use_after_free_read+0x1e7/0x270
[   16.463003]  kunit_try_run_case+0x1a5/0x480
[   16.463177]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.463442]  kthread+0x337/0x6f0
[   16.463616]  ret_from_fork+0x41/0x80
[   16.463844]  ret_from_fork_asm+0x1a/0x30
[   16.464046] 
[   16.464147] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   16.464701] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.464927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.465214] ==================================================================
[   16.560095] ==================================================================
[   16.560627] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.560627] 
[   16.561150] Use-after-free read at 0x(____ptrval____) (in kfence-#75):
[   16.561384]  test_use_after_free_read+0x129/0x270
[   16.561616]  kunit_try_run_case+0x1a5/0x480
[   16.561784]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.562039]  kthread+0x337/0x6f0
[   16.562159]  ret_from_fork+0x41/0x80
[   16.562384]  ret_from_fork_asm+0x1a/0x30
[   16.562600] 
[   16.562700] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.562700] 
[   16.563030] allocated by task 317 on cpu 0 at 16.559954s (0.003074s ago):
[   16.563260]  test_alloc+0x2a6/0x10f0
[   16.563551]  test_use_after_free_read+0xdc/0x270
[   16.563793]  kunit_try_run_case+0x1a5/0x480
[   16.564019]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.564303]  kthread+0x337/0x6f0
[   16.564691]  ret_from_fork+0x41/0x80
[   16.565001]  ret_from_fork_asm+0x1a/0x30
[   16.565832] 
[   16.565939] freed by task 317 on cpu 0 at 16.560001s (0.005935s ago):
[   16.566264]  test_use_after_free_read+0xfb/0x270
[   16.566670]  kunit_try_run_case+0x1a5/0x480
[   16.566877]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.567259]  kthread+0x337/0x6f0
[   16.567560]  ret_from_fork+0x41/0x80
[   16.567765]  ret_from_fork_asm+0x1a/0x30
[   16.568070] 
[   16.568218] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   16.568838] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.569052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.569645] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaY1yQOqV4JySRXFsKWTVrukm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaY1yQOqV4JySRXFsKWTVrukm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/bzImage
sha256sum	215211c9ffbc30f7da06e446c23393cbd85dd0dce6cfc2e76dfe983268e0fd6f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/modules.tar.xz
sha256sum	a7c1adb8beea2d29cd88ecba2f3d585aa904241bd0d61a861fcebc67fa6cd397

durations

tests

boot	0
kunit	220.14

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit