lkft/sashal-linus-next - v6.13-rc7-43418-g558c6dd4d863 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 5, 2025, 5:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.727928] ==================================================================
[   22.728044] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.728044] 
[   22.728216] Use-after-free read at 0x0000000023756843 (in kfence-#92):
[   22.728270]  test_use_after_free_read+0x114/0x248
[   22.728346]  kunit_try_run_case+0x170/0x3f0
[   22.728614]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.728694]  kthread+0x328/0x630
[   22.728743]  ret_from_fork+0x10/0x20
[   22.728845] 
[   22.728936] kfence-#92: 0x0000000023756843-0x000000004382e9bf, size=32, cache=test
[   22.728936] 
[   22.729024] allocated by task 297 on cpu 0 at 22.727439s (0.001574s ago):
[   22.729148]  test_alloc+0x230/0x628
[   22.729381]  test_use_after_free_read+0xd0/0x248
[   22.729500]  kunit_try_run_case+0x170/0x3f0
[   22.729544]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.729588]  kthread+0x328/0x630
[   22.729624]  ret_from_fork+0x10/0x20
[   22.729682] 
[   22.729811] freed by task 297 on cpu 0 at 22.727513s (0.002246s ago):
[   22.730170]  test_use_after_free_read+0xf0/0x248
[   22.730266]  kunit_try_run_case+0x170/0x3f0
[   22.730309]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.730353]  kthread+0x328/0x630
[   22.730390]  ret_from_fork+0x10/0x20
[   22.730471] 
[   22.730557] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.731015] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.731049] Hardware name: linux,dummy-virt (DT)
[   22.731108] ==================================================================
[   22.620049] ==================================================================
[   22.620147] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.620147] 
[   22.620342] Use-after-free read at 0x000000004458ae5c (in kfence-#91):
[   22.620398]  test_use_after_free_read+0x114/0x248
[   22.620447]  kunit_try_run_case+0x170/0x3f0
[   22.620738]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.620893]  kthread+0x328/0x630
[   22.620937]  ret_from_fork+0x10/0x20
[   22.621023] 
[   22.621048] kfence-#91: 0x000000004458ae5c-0x0000000020e3dcf9, size=32, cache=kmalloc-32
[   22.621048] 
[   22.621165] allocated by task 295 on cpu 0 at 22.619458s (0.001685s ago):
[   22.621237]  test_alloc+0x29c/0x628
[   22.621367]  test_use_after_free_read+0xd0/0x248
[   22.621413]  kunit_try_run_case+0x170/0x3f0
[   22.621467]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.621512]  kthread+0x328/0x630
[   22.621683]  ret_from_fork+0x10/0x20
[   22.621735] 
[   22.621947] freed by task 295 on cpu 0 at 22.619743s (0.002085s ago):
[   22.622095]  test_use_after_free_read+0x1c0/0x248
[   22.622171]  kunit_try_run_case+0x170/0x3f0
[   22.622239]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.622358]  kthread+0x328/0x630
[   22.622395]  ret_from_fork+0x10/0x20
[   22.622673] 
[   22.622767] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.622988] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.623039] Hardware name: linux,dummy-virt (DT)
[   22.623101] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrWDq0bEi1EjtPufprycAKDeO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrWDq0bEi1EjtPufprycAKDeO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/Image.gz
sha256sum	c37d8937dcd7669a560694b12aa880cb8a3fca13f19914a1dd4b319a7759a1c4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/modules.tar.xz
sha256sum	54680ff2ac79b5b7aaf875ee8ccdcad9cb40402efd743a3b1747b89f302da86f

durations

tests

boot	0
kunit	171.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.346667] ==================================================================
[   17.347063] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.347063] 
[   17.347436] Use-after-free read at 0x(____ptrval____) (in kfence-#75):
[   17.348171]  test_use_after_free_read+0x129/0x270
[   17.348392]  kunit_try_run_case+0x1a5/0x480
[   17.348626]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.349178]  kthread+0x337/0x6f0
[   17.349355]  ret_from_fork+0x116/0x1d0
[   17.349552]  ret_from_fork_asm+0x1a/0x30
[   17.349741] 
[   17.350073] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   17.350073] 
[   17.350518] allocated by task 316 on cpu 0 at 17.346549s (0.003966s ago):
[   17.351027]  test_alloc+0x2a6/0x10f0
[   17.351207]  test_use_after_free_read+0xdc/0x270
[   17.351420]  kunit_try_run_case+0x1a5/0x480
[   17.351624]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.352092]  kthread+0x337/0x6f0
[   17.352326]  ret_from_fork+0x116/0x1d0
[   17.352573]  ret_from_fork_asm+0x1a/0x30
[   17.352780] 
[   17.352994] freed by task 316 on cpu 0 at 17.346602s (0.006389s ago):
[   17.353339]  test_use_after_free_read+0xfb/0x270
[   17.353541]  kunit_try_run_case+0x1a5/0x480
[   17.353938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.354249]  kthread+0x337/0x6f0
[   17.354420]  ret_from_fork+0x116/0x1d0
[   17.354616]  ret_from_fork_asm+0x1a/0x30
[   17.354952] 
[   17.355083] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.355622] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.355949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.356381] ==================================================================
[   17.242741] ==================================================================
[   17.243164] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.243164] 
[   17.243634] Use-after-free read at 0x(____ptrval____) (in kfence-#74):
[   17.244296]  test_use_after_free_read+0x129/0x270
[   17.244545]  kunit_try_run_case+0x1a5/0x480
[   17.244941]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.245179]  kthread+0x337/0x6f0
[   17.245339]  ret_from_fork+0x116/0x1d0
[   17.245527]  ret_from_fork_asm+0x1a/0x30
[   17.245960] 
[   17.246066] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.246066] 
[   17.246580] allocated by task 314 on cpu 0 at 17.242535s (0.004042s ago):
[   17.246992]  test_alloc+0x364/0x10f0
[   17.247159]  test_use_after_free_read+0xdc/0x270
[   17.247499]  kunit_try_run_case+0x1a5/0x480
[   17.247837]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.248142]  kthread+0x337/0x6f0
[   17.248277]  ret_from_fork+0x116/0x1d0
[   17.248481]  ret_from_fork_asm+0x1a/0x30
[   17.248684] 
[   17.249160] freed by task 314 on cpu 0 at 17.242599s (0.006477s ago):
[   17.249506]  test_use_after_free_read+0x1e7/0x270
[   17.249834]  kunit_try_run_case+0x1a5/0x480
[   17.250101]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.250305]  kthread+0x337/0x6f0
[   17.250598]  ret_from_fork+0x116/0x1d0
[   17.250791]  ret_from_fork_asm+0x1a/0x30
[   17.250987] 
[   17.251098] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   17.251485] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.251687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.252140] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrX3orQWFDB1hBYGYI2ScAyiH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrX3orQWFDB1hBYGYI2ScAyiH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/bzImage
sha256sum	4a2ec3783c3fcf44f65d4d40ee2c81be96bf4d87b6db1ab01308c5fbd0723b99

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/modules.tar.xz
sha256sum	9f0760e2bc35f8a8e1fdf686c304d05bf0ea231e498a0100efa46359e97d8474

durations

tests

boot	0
kunit	205.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit