lkft/sashal-linus-next - v6.13-rc7-43689-g85c2c095929a - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

July 16, 2025, 3:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   22.128024] ==================================================================
[   22.128145] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.128145] 
[   22.128261] Use-after-free read at 0x0000000000e49ab7 (in kfence-#99):
[   22.128316]  test_use_after_free_read+0x114/0x248
[   22.128365]  kunit_try_run_case+0x170/0x3f0
[   22.128409]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.128452]  kthread+0x328/0x630
[   22.128494]  ret_from_fork+0x10/0x20
[   22.128534] 
[   22.128558] kfence-#99: 0x0000000000e49ab7-0x00000000a77ea623, size=32, cache=kmalloc-32
[   22.128558] 
[   22.128612] allocated by task 295 on cpu 0 at 22.127697s (0.000911s ago):
[   22.128684]  test_alloc+0x29c/0x628
[   22.128742]  test_use_after_free_read+0xd0/0x248
[   22.128784]  kunit_try_run_case+0x170/0x3f0
[   22.128824]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.128866]  kthread+0x328/0x630
[   22.128903]  ret_from_fork+0x10/0x20
[   22.128955] 
[   22.129080] freed by task 295 on cpu 0 at 22.127788s (0.001214s ago):
[   22.129187]  test_use_after_free_read+0x1c0/0x248
[   22.129228]  kunit_try_run_case+0x170/0x3f0
[   22.129269]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.129311]  kthread+0x328/0x630
[   22.129348]  ret_from_fork+0x10/0x20
[   22.129399] 
[   22.129451] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   22.129532] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.129562] Hardware name: linux,dummy-virt (DT)
[   22.129596] ==================================================================
[   22.231819] ==================================================================
[   22.231913] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   22.231913] 
[   22.232001] Use-after-free read at 0x000000009ac1888e (in kfence-#100):
[   22.232055]  test_use_after_free_read+0x114/0x248
[   22.232103]  kunit_try_run_case+0x170/0x3f0
[   22.232147]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.232192]  kthread+0x328/0x630
[   22.232230]  ret_from_fork+0x10/0x20
[   22.232271] 
[   22.232295] kfence-#100: 0x000000009ac1888e-0x00000000a3b6211d, size=32, cache=test
[   22.232295] 
[   22.232347] allocated by task 297 on cpu 0 at 22.231617s (0.000726s ago):
[   22.232418]  test_alloc+0x230/0x628
[   22.232459]  test_use_after_free_read+0xd0/0x248
[   22.232501]  kunit_try_run_case+0x170/0x3f0
[   22.232541]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.232586]  kthread+0x328/0x630
[   22.232622]  ret_from_fork+0x10/0x20
[   22.232661] 
[   22.232686] freed by task 297 on cpu 0 at 22.231677s (0.001005s ago):
[   22.232799]  test_use_after_free_read+0xf0/0x248
[   22.232843]  kunit_try_run_case+0x170/0x3f0
[   22.232883]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.232935]  kthread+0x328/0x630
[   22.232970]  ret_from_fork+0x10/0x20
[   22.233009] 
[   22.233053] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   22.233134] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.233162] Hardware name: linux,dummy-virt (DT)
[   22.233196] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhPau2yAblffjobEYDaYG9UHu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhPau2yAblffjobEYDaYG9UHu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/Image.gz
sha256sum	2b0debcad36297881bc624782cf0edc33acb46b91709a8f0c31c1d114a03cebe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/modules.tar.xz
sha256sum	0b414e42fe2c93d65e38e631ab86e7681d93e88e3b96220c05e8c582fa2dd427

durations

tests

boot	0
kunit	186.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   19.044547] ==================================================================
[   19.044991] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   19.044991] 
[   19.045408] Use-after-free read at 0x(____ptrval____) (in kfence-#82):
[   19.046581]  test_use_after_free_read+0x129/0x270
[   19.046811]  kunit_try_run_case+0x1a5/0x480
[   19.047017]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.047205]  kthread+0x337/0x6f0
[   19.047332]  ret_from_fork+0x116/0x1d0
[   19.047706]  ret_from_fork_asm+0x1a/0x30
[   19.048002] 
[   19.048108] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   19.048108] 
[   19.048385] allocated by task 314 on cpu 1 at 19.044379s (0.004004s ago):
[   19.048616]  test_alloc+0x2a6/0x10f0
[   19.048748]  test_use_after_free_read+0xdc/0x270
[   19.049362]  kunit_try_run_case+0x1a5/0x480
[   19.049662]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.050814]  kthread+0x337/0x6f0
[   19.051000]  ret_from_fork+0x116/0x1d0
[   19.051149]  ret_from_fork_asm+0x1a/0x30
[   19.051295] 
[   19.051369] freed by task 314 on cpu 1 at 19.044421s (0.006946s ago):
[   19.051607]  test_use_after_free_read+0xfb/0x270
[   19.051765]  kunit_try_run_case+0x1a5/0x480
[   19.052610]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.053255]  kthread+0x337/0x6f0
[   19.053621]  ret_from_fork+0x116/0x1d0
[   19.054048]  ret_from_fork_asm+0x1a/0x30
[   19.054208] 
[   19.054312] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   19.055619] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.056111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.056688] ==================================================================
[   18.940458] ==================================================================
[   18.940879] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   18.940879] 
[   18.941430] Use-after-free read at 0x(____ptrval____) (in kfence-#81):
[   18.941657]  test_use_after_free_read+0x129/0x270
[   18.941927]  kunit_try_run_case+0x1a5/0x480
[   18.942138]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.942387]  kthread+0x337/0x6f0
[   18.942532]  ret_from_fork+0x116/0x1d0
[   18.942672]  ret_from_fork_asm+0x1a/0x30
[   18.942903] 
[   18.943005] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   18.943005] 
[   18.943417] allocated by task 312 on cpu 0 at 18.940251s (0.003164s ago):
[   18.943670]  test_alloc+0x364/0x10f0
[   18.943872]  test_use_after_free_read+0xdc/0x270
[   18.944095]  kunit_try_run_case+0x1a5/0x480
[   18.944246]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.944518]  kthread+0x337/0x6f0
[   18.944760]  ret_from_fork+0x116/0x1d0
[   18.944931]  ret_from_fork_asm+0x1a/0x30
[   18.945099] 
[   18.945316] freed by task 312 on cpu 0 at 18.940310s (0.004924s ago):
[   18.945779]  test_use_after_free_read+0x1e7/0x270
[   18.945979]  kunit_try_run_case+0x1a5/0x480
[   18.946162]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.946344]  kthread+0x337/0x6f0
[   18.946600]  ret_from_fork+0x116/0x1d0
[   18.946804]  ret_from_fork_asm+0x1a/0x30
[   18.947023] 
[   18.947127] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   18.947585] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.947848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.948216] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhQRPGZHbRb85n8CYDdoCjSy0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhQRPGZHbRb85n8CYDdoCjSy0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/bzImage
sha256sum	94877b9cad13014eacc1b841cafb46b2097b45d947e8687ced9818c2ce733fa2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/modules.tar.xz
sha256sum	6702e05d8ba94a91e49ea6d51a35ae017a4bc99ef9af93b264bfdbdbbf2ed2bf

durations

tests

boot	0
kunit	207.16

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit