lkft/sashal-linus-next - v6.13-rc7-43514-gb6b19ce74be8 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 10, 2025, 6:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   21.039040] ==================================================================
[   21.039366] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   21.039366] 
[   21.039488] Use-after-free read at 0x00000000dd1da1bb (in kfence-#88):
[   21.039567]  test_use_after_free_read+0x114/0x248
[   21.039658]  kunit_try_run_case+0x170/0x3f0
[   21.039723]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.039798]  kthread+0x328/0x630
[   21.039839]  ret_from_fork+0x10/0x20
[   21.039913] 
[   21.039938] kfence-#88: 0x00000000dd1da1bb-0x00000000b559433e, size=32, cache=test
[   21.039938] 
[   21.040015] allocated by task 297 on cpu 0 at 21.038836s (0.001168s ago):
[   21.040137]  test_alloc+0x230/0x628
[   21.040180]  test_use_after_free_read+0xd0/0x248
[   21.040223]  kunit_try_run_case+0x170/0x3f0
[   21.040283]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.040571]  kthread+0x328/0x630
[   21.040648]  ret_from_fork+0x10/0x20
[   21.040718] 
[   21.040836] freed by task 297 on cpu 0 at 21.038904s (0.001891s ago):
[   21.040945]  test_use_after_free_read+0xf0/0x248
[   21.040991]  kunit_try_run_case+0x170/0x3f0
[   21.041043]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.041089]  kthread+0x328/0x630
[   21.041127]  ret_from_fork+0x10/0x20
[   21.041165] 
[   21.041222] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   21.041304] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.041331] Hardware name: linux,dummy-virt (DT)
[   21.041373] ==================================================================
[   20.937580] ==================================================================
[   20.937683] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.937683] 
[   20.938094] Use-after-free read at 0x00000000ec98d562 (in kfence-#87):
[   20.938385]  test_use_after_free_read+0x114/0x248
[   20.938472]  kunit_try_run_case+0x170/0x3f0
[   20.938540]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.938593]  kthread+0x328/0x630
[   20.938633]  ret_from_fork+0x10/0x20
[   20.938675] 
[   20.938700] kfence-#87: 0x00000000ec98d562-0x00000000733f52d9, size=32, cache=kmalloc-32
[   20.938700] 
[   20.938985] allocated by task 295 on cpu 0 at 20.936617s (0.002336s ago):
[   20.939098]  test_alloc+0x29c/0x628
[   20.939247]  test_use_after_free_read+0xd0/0x248
[   20.939288]  kunit_try_run_case+0x170/0x3f0
[   20.939349]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.939576]  kthread+0x328/0x630
[   20.939612]  ret_from_fork+0x10/0x20
[   20.939652] 
[   20.939964] freed by task 295 on cpu 0 at 20.936862s (0.003086s ago):
[   20.940051]  test_use_after_free_read+0x1c0/0x248
[   20.940319]  kunit_try_run_case+0x170/0x3f0
[   20.940411]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.940458]  kthread+0x328/0x630
[   20.940495]  ret_from_fork+0x10/0x20
[   20.940560] 
[   20.940640] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   20.940955] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.940990] Hardware name: linux,dummy-virt (DT)
[   20.941125] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zh6UUpn8TXCNL7MIo1zG1gJYsm

job_id

TEST:linaro@lkft#2zh6YfNos6w8xohFb8qFQv3OHbb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zh6YfNos6w8xohFb8qFQv3OHbb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6Vqcc0A9XVY6JZOMLf3Bp13a/Image.gz
sha256sum	5777f0c14b003f9164a55cf9da149f541eebfde18dd695220d32c2a687f9babe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6Vqcc0A9XVY6JZOMLf3Bp13a/modules.tar.xz
sha256sum	3d1cdbe99292ade1bea537f77888a5f86577293975d366777e0dc375bac545b3

durations

tests

boot	0
kunit	172.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.004223] ==================================================================
[   18.004659] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.004659] 
[   18.005187] Use-after-free read at 0x(____ptrval____) (in kfence-#71):
[   18.005423]  test_use_after_free_read+0x129/0x270
[   18.005663]  kunit_try_run_case+0x1a5/0x480
[   18.005823]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.006111]  kthread+0x337/0x6f0
[   18.006303]  ret_from_fork+0x116/0x1d0
[   18.006491]  ret_from_fork_asm+0x1a/0x30
[   18.006635] 
[   18.006711] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   18.006711] 
[   18.007292] allocated by task 314 on cpu 0 at 18.004094s (0.003196s ago):
[   18.007589]  test_alloc+0x2a6/0x10f0
[   18.007732]  test_use_after_free_read+0xdc/0x270
[   18.007891]  kunit_try_run_case+0x1a5/0x480
[   18.008112]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.008438]  kthread+0x337/0x6f0
[   18.008590]  ret_from_fork+0x116/0x1d0
[   18.008724]  ret_from_fork_asm+0x1a/0x30
[   18.008903] 
[   18.009089] freed by task 314 on cpu 0 at 18.004140s (0.004947s ago):
[   18.009407]  test_use_after_free_read+0xfb/0x270
[   18.009605]  kunit_try_run_case+0x1a5/0x480
[   18.009782]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.009972]  kthread+0x337/0x6f0
[   18.010163]  ret_from_fork+0x116/0x1d0
[   18.010409]  ret_from_fork_asm+0x1a/0x30
[   18.010647] 
[   18.010742] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   18.011345] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.011509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.011776] ==================================================================
[   17.900356] ==================================================================
[   17.900779] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   17.900779] 
[   17.901354] Use-after-free read at 0x(____ptrval____) (in kfence-#70):
[   17.901638]  test_use_after_free_read+0x129/0x270
[   17.901866]  kunit_try_run_case+0x1a5/0x480
[   17.902183]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.902424]  kthread+0x337/0x6f0
[   17.902589]  ret_from_fork+0x116/0x1d0
[   17.902747]  ret_from_fork_asm+0x1a/0x30
[   17.902961] 
[   17.903079] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   17.903079] 
[   17.903462] allocated by task 312 on cpu 1 at 17.900149s (0.003311s ago):
[   17.903799]  test_alloc+0x364/0x10f0
[   17.903983]  test_use_after_free_read+0xdc/0x270
[   17.904447]  kunit_try_run_case+0x1a5/0x480
[   17.904639]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.904870]  kthread+0x337/0x6f0
[   17.905512]  ret_from_fork+0x116/0x1d0
[   17.905725]  ret_from_fork_asm+0x1a/0x30
[   17.906025] 
[   17.906374] freed by task 312 on cpu 1 at 17.900203s (0.006088s ago):
[   17.906712]  test_use_after_free_read+0x1e7/0x270
[   17.906953]  kunit_try_run_case+0x1a5/0x480
[   17.907145]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.907353]  kthread+0x337/0x6f0
[   17.907522]  ret_from_fork+0x116/0x1d0
[   17.907680]  ret_from_fork_asm+0x1a/0x30
[   17.907858] 
[   17.907997] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   17.908426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.908560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.908935] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zh6UUpn8TXCNL7MIo1zG1gJYsm

job_id

TEST:linaro@lkft#2zh6ZNztcGXg2O8uNeKx6V5kr88

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zh6ZNztcGXg2O8uNeKx6V5kr88

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6WsWI7Bm0SUy5pTvvvknXRZJ/bzImage
sha256sum	1e1574ecc8c4221677c1bc00b6aa400c5a95520bd7b8881c6e36fd86dc7a4db6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6WsWI7Bm0SUy5pTvvvknXRZJ/modules.tar.xz
sha256sum	56cebba46b14ff78df64e8cde24854df1e7692bca96ad63f09d123563bd0e53d

durations

tests

boot	0
kunit	218.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit