lkft/sashal-linus-next - v6.13-rc7-43113-gc1aa1031ff8a - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 1, 2025, 3:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.085953] ==================================================================
[   22.086047] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.086047] 
[   22.086132] Use-after-free read at 0x00000000b37d2e22 (in kfence-#98):
[   22.086185]  test_use_after_free_read+0x114/0x248
[   22.086232]  kunit_try_run_case+0x170/0x3f0
[   22.086275]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.086319]  kthread+0x328/0x630
[   22.086357]  ret_from_fork+0x10/0x20
[   22.086397] 
[   22.086420] kfence-#98: 0x00000000b37d2e22-0x00000000675138bb, size=32, cache=test
[   22.086420] 
[   22.086471] allocated by task 298 on cpu 1 at 22.085748s (0.000719s ago):
[   22.086540]  test_alloc+0x230/0x628
[   22.086593]  test_use_after_free_read+0xd0/0x248
[   22.086638]  kunit_try_run_case+0x170/0x3f0
[   22.086678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.086721]  kthread+0x328/0x630
[   22.086758]  ret_from_fork+0x10/0x20
[   22.086797] 
[   22.086820] freed by task 298 on cpu 1 at 22.085809s (0.001007s ago):
[   22.086919]  test_use_after_free_read+0xf0/0x248
[   22.086962]  kunit_try_run_case+0x170/0x3f0
[   22.087002]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.087047]  kthread+0x328/0x630
[   22.087084]  ret_from_fork+0x10/0x20
[   22.087123] 
[   22.087164] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.087242] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.087271] Hardware name: linux,dummy-virt (DT)
[   22.087306] ==================================================================
[   21.982072] ==================================================================
[   21.982166] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.982166] 
[   21.982268] Use-after-free read at 0x00000000cd4da5f5 (in kfence-#97):
[   21.982321]  test_use_after_free_read+0x114/0x248
[   21.982367]  kunit_try_run_case+0x170/0x3f0
[   21.982414]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.982458]  kthread+0x328/0x630
[   21.982496]  ret_from_fork+0x10/0x20
[   21.982536] 
[   21.982560] kfence-#97: 0x00000000cd4da5f5-0x00000000e4520b9a, size=32, cache=kmalloc-32
[   21.982560] 
[   21.982632] allocated by task 296 on cpu 1 at 21.981773s (0.000855s ago):
[   21.982702]  test_alloc+0x29c/0x628
[   21.982742]  test_use_after_free_read+0xd0/0x248
[   21.982783]  kunit_try_run_case+0x170/0x3f0
[   21.982823]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.982868]  kthread+0x328/0x630
[   21.982902]  ret_from_fork+0x10/0x20
[   21.982942] 
[   21.982965] freed by task 296 on cpu 1 at 21.981863s (0.001098s ago):
[   21.983027]  test_use_after_free_read+0x1c0/0x248
[   21.983068]  kunit_try_run_case+0x170/0x3f0
[   21.983107]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.983151]  kthread+0x328/0x630
[   21.983187]  ret_from_fork+0x10/0x20
[   21.983225] 
[   21.983272] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   21.983351] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.983379] Hardware name: linux,dummy-virt (DT)
[   21.983415] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zHKEi9O49DhNJUpxMLMiefbp3L

job_id

TEST:linaro@lkft#2zHKIIb7k2LkG7qRppW59lUrg8U

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zHKIIb7k2LkG7qRppW59lUrg8U

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKFl9sG3wnpHzZmfek4oLbn9j/Image.gz
sha256sum	e75e74df4814fa11846a7efec673873bef9c8756bbe2da22fe34e97c0541b174

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKFl9sG3wnpHzZmfek4oLbn9j/modules.tar.xz
sha256sum	674628aa7a27410086b2c333f185bc7f2390d598f63f5090de1b248066659744

durations

tests

boot	0
kunit	174.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.639243] ==================================================================
[   17.639658] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.639658] 
[   17.640035] Use-after-free read at 0x(____ptrval____) (in kfence-#78):
[   17.640324]  test_use_after_free_read+0x129/0x270
[   17.640494]  kunit_try_run_case+0x1a5/0x480
[   17.640716]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.640985]  kthread+0x337/0x6f0
[   17.641194]  ret_from_fork+0x116/0x1d0
[   17.641367]  ret_from_fork_asm+0x1a/0x30
[   17.641566] 
[   17.641656] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.641656] 
[   17.642016] allocated by task 314 on cpu 0 at 17.639071s (0.002943s ago):
[   17.642315]  test_alloc+0x2a6/0x10f0
[   17.642482]  test_use_after_free_read+0xdc/0x270
[   17.642740]  kunit_try_run_case+0x1a5/0x480
[   17.642888]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.643076]  kthread+0x337/0x6f0
[   17.643222]  ret_from_fork+0x116/0x1d0
[   17.643409]  ret_from_fork_asm+0x1a/0x30
[   17.643603] 
[   17.643716] freed by task 314 on cpu 0 at 17.639133s (0.004581s ago):
[   17.644055]  test_use_after_free_read+0xfb/0x270
[   17.644257]  kunit_try_run_case+0x1a5/0x480
[   17.644405]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.644601]  kthread+0x337/0x6f0
[   17.644852]  ret_from_fork+0x116/0x1d0
[   17.645055]  ret_from_fork_asm+0x1a/0x30
[   17.645253] 
[   17.645381] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.645827] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.645993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.646336] ==================================================================
[   17.535239] ==================================================================
[   17.535697] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.535697] 
[   17.536178] Use-after-free read at 0x(____ptrval____) (in kfence-#77):
[   17.536771]  test_use_after_free_read+0x129/0x270
[   17.537175]  kunit_try_run_case+0x1a5/0x480
[   17.537512]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.537803]  kthread+0x337/0x6f0
[   17.537939]  ret_from_fork+0x116/0x1d0
[   17.538094]  ret_from_fork_asm+0x1a/0x30
[   17.538243] 
[   17.538320] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.538320] 
[   17.538606] allocated by task 312 on cpu 1 at 17.535010s (0.003594s ago):
[   17.539463]  test_alloc+0x364/0x10f0
[   17.539732]  test_use_after_free_read+0xdc/0x270
[   17.540040]  kunit_try_run_case+0x1a5/0x480
[   17.540327]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.540630]  kthread+0x337/0x6f0
[   17.540787]  ret_from_fork+0x116/0x1d0
[   17.541098]  ret_from_fork_asm+0x1a/0x30
[   17.541378] 
[   17.541744] freed by task 312 on cpu 1 at 17.535082s (0.006497s ago):
[   17.542098]  test_use_after_free_read+0x1e7/0x270
[   17.542312]  kunit_try_run_case+0x1a5/0x480
[   17.542509]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.542909]  kthread+0x337/0x6f0
[   17.543098]  ret_from_fork+0x116/0x1d0
[   17.543389]  ret_from_fork_asm+0x1a/0x30
[   17.543685] 
[   17.543797] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.544405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.544702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.545144] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zHKEi9O49DhNJUpxMLMiefbp3L

job_id

TEST:linaro@lkft#2zHKJB7Vmr3YpZNtQVPcNXGc03Y

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zHKJB7Vmr3YpZNtQVPcNXGc03Y

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKGWUMhHSR70srczhDqbaHRzn/bzImage
sha256sum	dbd6c6ee080c42d4ab34ddd560f751df4f05ac57b1c1574c3e8dabbf75044859

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKGWUMhHSR70srczhDqbaHRzn/modules.tar.xz
sha256sum	40c807fc7c31b6ab24c7f1122956d75b22da72c0f5973ee582d05cc412c6f22f

durations

tests

boot	0
kunit	218.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit