lkft/sashal-linus-next - v6.13-rc7-43165-gcfb37db724c4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 3, 2025, 6:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   21.458332] ==================================================================
[   21.458427] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.458427] 
[   21.458520] Use-after-free read at 0x00000000c1b5c335 (in kfence-#88):
[   21.458568]  test_use_after_free_read+0x114/0x248
[   21.458617]  kunit_try_run_case+0x170/0x3f0
[   21.458660]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.458703]  kthread+0x328/0x630
[   21.458740]  ret_from_fork+0x10/0x20
[   21.458779] 
[   21.458802] kfence-#88: 0x00000000c1b5c335-0x00000000adeb2697, size=32, cache=kmalloc-32
[   21.458802] 
[   21.458879] allocated by task 295 on cpu 1 at 21.458068s (0.000806s ago):
[   21.458947]  test_alloc+0x29c/0x628
[   21.458985]  test_use_after_free_read+0xd0/0x248
[   21.459026]  kunit_try_run_case+0x170/0x3f0
[   21.459506]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.460236]  kthread+0x328/0x630
[   21.460296]  ret_from_fork+0x10/0x20
[   21.460431] 
[   21.460823] freed by task 295 on cpu 1 at 21.458142s (0.002355s ago):
[   21.461456]  test_use_after_free_read+0x1c0/0x248
[   21.461619]  kunit_try_run_case+0x170/0x3f0
[   21.461731]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.461893]  kthread+0x328/0x630
[   21.462014]  ret_from_fork+0x10/0x20
[   21.462341] 
[   21.462641] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   21.462857] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.462914] Hardware name: linux,dummy-virt (DT)
[   21.462957] ==================================================================
[   21.566323] ==================================================================
[   21.566413] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.566413] 
[   21.566684] Use-after-free read at 0x000000007a378c48 (in kfence-#89):
[   21.566796]  test_use_after_free_read+0x114/0x248
[   21.566935]  kunit_try_run_case+0x170/0x3f0
[   21.567172]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.567287]  kthread+0x328/0x630
[   21.567375]  ret_from_fork+0x10/0x20
[   21.567431] 
[   21.567482] kfence-#89: 0x000000007a378c48-0x00000000f4fff264, size=32, cache=test
[   21.567482] 
[   21.567581] allocated by task 297 on cpu 1 at 21.565964s (0.001596s ago):
[   21.567653]  test_alloc+0x230/0x628
[   21.567694]  test_use_after_free_read+0xd0/0x248
[   21.567734]  kunit_try_run_case+0x170/0x3f0
[   21.567802]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.567846]  kthread+0x328/0x630
[   21.567880]  ret_from_fork+0x10/0x20
[   21.567918] 
[   21.567988] freed by task 297 on cpu 1 at 21.566026s (0.001952s ago):
[   21.568107]  test_use_after_free_read+0xf0/0x248
[   21.568161]  kunit_try_run_case+0x170/0x3f0
[   21.568202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.568378]  kthread+0x328/0x630
[   21.568563]  ret_from_fork+0x10/0x20
[   21.568739] 
[   21.568860] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   21.568960] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.569005] Hardware name: linux,dummy-virt (DT)
[   21.569077] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL5oRbEmqaoyhMhEOvLzS6IfC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL5oRbEmqaoyhMhEOvLzS6IfC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/Image.gz
sha256sum	75bd93f2a9f934a99efc331115dacf43cd61683d1338c69f56928f4e505c4b9f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/modules.tar.xz
sha256sum	ba9b1a7bf6af40dbc6b67719635e8125d452a6738f5e6a1c543b4789f281320d

durations

tests

boot	0
kunit	167.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.624672] ==================================================================
[   16.625112] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.625112] 
[   16.625673] Use-after-free read at 0x(____ptrval____) (in kfence-#70):
[   16.625915]  test_use_after_free_read+0x129/0x270
[   16.626143]  kunit_try_run_case+0x1a5/0x480
[   16.626422]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.626616]  kthread+0x337/0x6f0
[   16.626798]  ret_from_fork+0x116/0x1d0
[   16.626992]  ret_from_fork_asm+0x1a/0x30
[   16.627173] 
[   16.627276] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.627276] 
[   16.627575] allocated by task 313 on cpu 0 at 16.624453s (0.003120s ago):
[   16.627938]  test_alloc+0x364/0x10f0
[   16.628168]  test_use_after_free_read+0xdc/0x270
[   16.628352]  kunit_try_run_case+0x1a5/0x480
[   16.628562]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.628785]  kthread+0x337/0x6f0
[   16.628908]  ret_from_fork+0x116/0x1d0
[   16.629079]  ret_from_fork_asm+0x1a/0x30
[   16.629295] 
[   16.629476] freed by task 313 on cpu 0 at 16.624518s (0.004956s ago):
[   16.629740]  test_use_after_free_read+0x1e7/0x270
[   16.629957]  kunit_try_run_case+0x1a5/0x480
[   16.630144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.630326]  kthread+0x337/0x6f0
[   16.630449]  ret_from_fork+0x116/0x1d0
[   16.630638]  ret_from_fork_asm+0x1a/0x30
[   16.630875] 
[   16.631050] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   16.631516] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.631660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.632061] ==================================================================
[   16.728565] ==================================================================
[   16.729053] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.729053] 
[   16.729493] Use-after-free read at 0x(____ptrval____) (in kfence-#71):
[   16.729723]  test_use_after_free_read+0x129/0x270
[   16.730388]  kunit_try_run_case+0x1a5/0x480
[   16.730587]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.730830]  kthread+0x337/0x6f0
[   16.730997]  ret_from_fork+0x116/0x1d0
[   16.731191]  ret_from_fork_asm+0x1a/0x30
[   16.731891] 
[   16.732141] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.732141] 
[   16.732674] allocated by task 315 on cpu 1 at 16.728429s (0.004242s ago):
[   16.732982]  test_alloc+0x2a6/0x10f0
[   16.733151]  test_use_after_free_read+0xdc/0x270
[   16.733337]  kunit_try_run_case+0x1a5/0x480
[   16.733531]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.733884]  kthread+0x337/0x6f0
[   16.734039]  ret_from_fork+0x116/0x1d0
[   16.734224]  ret_from_fork_asm+0x1a/0x30
[   16.734382] 
[   16.734479] freed by task 315 on cpu 1 at 16.728482s (0.005995s ago):
[   16.734790]  test_use_after_free_read+0xfb/0x270
[   16.734965]  kunit_try_run_case+0x1a5/0x480
[   16.735190]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.735471]  kthread+0x337/0x6f0
[   16.735651]  ret_from_fork+0x116/0x1d0
[   16.735809]  ret_from_fork_asm+0x1a/0x30
[   16.735972] 
[   16.736071] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   16.736589] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.736737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.737066] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL6lw8QpiLx2X80bHtYDEoIkO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL6lw8QpiLx2X80bHtYDEoIkO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/bzImage
sha256sum	f913311db6c7753aa3ccadda2e754832cad135a441849c4a73d7959c2b6c87e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/modules.tar.xz
sha256sum	43ae06e48ef12e1aba423c47b6cdbc55af315831d6ed3f78d515cc08d1dc28a1

durations

tests

boot	0
kunit	204.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit