lkft/linux-next-master - next-20250626 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
juno-r2
qemu-arm64
qemu-x86_64

[   82.799399] ==================================================================
[   82.806736] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   82.806736] 
[   82.816079] Use-after-free read at 0x(____ptrval____) (in kfence-#199):
[   82.822781]  test_use_after_free_read+0x114/0x248
[   82.827562]  kunit_try_run_case+0x170/0x3f0
[   82.831822]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   82.837392]  kthread+0x328/0x630
[   82.840681]  ret_from_fork+0x10/0x20
[   82.844318] 
[   82.845844] kfence-#199: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   82.845844] 
[   82.855083] allocated by task 383 on cpu 5 at 82.799365s (0.055717s ago):
[   82.861976]  test_alloc+0x230/0x628
[   82.865525]  test_use_after_free_read+0xd0/0x248
[   82.870215]  kunit_try_run_case+0x170/0x3f0
[   82.874469]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   82.880037]  kthread+0x328/0x630
[   82.883322]  ret_from_fork+0x10/0x20
[   82.886956] 
[   82.888481] freed by task 383 on cpu 5 at 82.799374s (0.089105s ago):
[   82.895012]  test_use_after_free_read+0xf0/0x248
[   82.899702]  kunit_try_run_case+0x170/0x3f0
[   82.903956]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   82.909525]  kthread+0x328/0x630
[   82.912810]  ret_from_fork+0x10/0x20
[   82.916445] 
[   82.917976] CPU: 5 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   82.929244] Tainted: [B]=BAD_PAGE, [N]=TEST
[   82.933493] Hardware name: Thundercomm Dragonboard 845c (DT)
[   82.939232] ==================================================================
[   82.547431] ==================================================================
[   82.554777] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   82.554777] 
[   82.564126] Use-after-free read at 0x(____ptrval____) (in kfence-#197):
[   82.570825]  test_use_after_free_read+0x114/0x248
[   82.575607]  kunit_try_run_case+0x170/0x3f0
[   82.579866]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   82.585426]  kthread+0x328/0x630
[   82.588715]  ret_from_fork+0x10/0x20
[   82.592353] 
[   82.593878] kfence-#197: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   82.593878] 
[   82.603649] allocated by task 381 on cpu 7 at 82.547392s (0.056255s ago):
[   82.610533]  test_alloc+0x29c/0x628
[   82.614082]  test_use_after_free_read+0xd0/0x248
[   82.618772]  kunit_try_run_case+0x170/0x3f0
[   82.623025]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   82.628593]  kthread+0x328/0x630
[   82.631879]  ret_from_fork+0x10/0x20
[   82.635514] 
[   82.637038] freed by task 381 on cpu 7 at 82.547402s (0.089635s ago):
[   82.643570]  test_use_after_free_read+0x1c0/0x248
[   82.648346]  kunit_try_run_case+0x170/0x3f0
[   82.652599]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   82.658169]  kthread+0x328/0x630
[   82.661454]  ret_from_fork+0x10/0x20
[   82.665088] 
[   82.666618] CPU: 7 UID: 0 PID: 381 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   82.677888] Tainted: [B]=BAD_PAGE, [N]=TEST
[   82.682136] Hardware name: Thundercomm Dragonboard 845c (DT)
[   82.687875] ==================================================================

Metadata Full log Test run details

[ 1526.904171] ==================================================================
[ 1526.904185] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[ 1526.904185] 
[ 1526.904211] Use-after-free read at 0x000000006fe7c169 (in kfence-#36):
[ 1526.904224]  test_use_after_free_read+0x114/0x248
[ 1526.904242]  kunit_try_run_case+0x170/0x3f0
[ 1526.904257]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1526.904272]  kthread+0x328/0x630
[ 1526.904282]  ret_from_fork+0x10/0x20
[ 1526.904295] 
[ 1526.904301] kfence-#36: 0x000000006fe7c169-0x000000002600da61, size=32, cache=kmalloc-32
[ 1526.904301] 
[ 1526.904316] allocated by task 366 on cpu 2 at 1526.904146s (0.000170s ago):
[ 1526.904339]  test_alloc+0x29c/0x628
[ 1526.904353]  test_use_after_free_read+0xd0/0x248
[ 1526.904368]  kunit_try_run_case+0x170/0x3f0
[ 1526.904381]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1526.904396]  kthread+0x328/0x630
[ 1526.904406]  ret_from_fork+0x10/0x20
[ 1526.904418] 
[ 1526.904423] freed by task 366 on cpu 2 at 1526.904153s (0.000268s ago):
[ 1526.904446]  test_use_after_free_read+0x1c0/0x248
[ 1526.904461]  kunit_try_run_case+0x170/0x3f0
[ 1526.904474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1526.904489]  kthread+0x328/0x630
[ 1526.904498]  ret_from_fork+0x10/0x20
[ 1526.904511] 
[ 1526.904518] CPU: 2 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1526.904544] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1526.904551] Hardware name: ARM Juno development board (r2) (DT)
[ 1526.904560] ==================================================================
[ 1527.008144] ==================================================================
[ 1527.008159] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[ 1527.008159] 
[ 1527.008187] Use-after-free read at 0x00000000187f2aa1 (in kfence-#37):
[ 1527.008202]  test_use_after_free_read+0x114/0x248
[ 1527.008218]  kunit_try_run_case+0x170/0x3f0
[ 1527.008233]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1527.008249]  kthread+0x328/0x630
[ 1527.008259]  ret_from_fork+0x10/0x20
[ 1527.008273] 
[ 1527.008279] kfence-#37: 0x00000000187f2aa1-0x000000003fb99b1b, size=32, cache=test
[ 1527.008279] 
[ 1527.008294] allocated by task 368 on cpu 2 at 1527.008116s (0.000177s ago):
[ 1527.008318]  test_alloc+0x230/0x628
[ 1527.008332]  test_use_after_free_read+0xd0/0x248
[ 1527.008346]  kunit_try_run_case+0x170/0x3f0
[ 1527.008359]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1527.008374]  kthread+0x328/0x630
[ 1527.008384]  ret_from_fork+0x10/0x20
[ 1527.008396] 
[ 1527.008401] freed by task 368 on cpu 2 at 1527.008124s (0.000275s ago):
[ 1527.008424]  test_use_after_free_read+0xf0/0x248
[ 1527.008439]  kunit_try_run_case+0x170/0x3f0
[ 1527.008451]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1527.008466]  kthread+0x328/0x630
[ 1527.008476]  ret_from_fork+0x10/0x20
[ 1527.008488] 
[ 1527.008497] CPU: 2 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1527.008523] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1527.008531] Hardware name: ARM Juno development board (r2) (DT)
[ 1527.008541] ==================================================================

Metadata Full log Test run details

[   32.296335] ==================================================================
[   32.296434] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   32.296434] 
[   32.296527] Use-after-free read at 0x000000005ec7a20b (in kfence-#98):
[   32.296578]  test_use_after_free_read+0x114/0x248
[   32.296626]  kunit_try_run_case+0x170/0x3f0
[   32.296670]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.296716]  kthread+0x328/0x630
[   32.296756]  ret_from_fork+0x10/0x20
[   32.296795] 
[   32.296819] kfence-#98: 0x000000005ec7a20b-0x0000000003bf2e4f, size=32, cache=test
[   32.296819] 
[   32.296869] allocated by task 309 on cpu 0 at 32.296148s (0.000718s ago):
[   32.296939]  test_alloc+0x230/0x628
[   32.296981]  test_use_after_free_read+0xd0/0x248
[   32.297022]  kunit_try_run_case+0x170/0x3f0
[   32.297077]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.297121]  kthread+0x328/0x630
[   32.297156]  ret_from_fork+0x10/0x20
[   32.297196] 
[   32.297219] freed by task 309 on cpu 0 at 32.296210s (0.001005s ago):
[   32.297322]  test_use_after_free_read+0xf0/0x248
[   32.297366]  kunit_try_run_case+0x170/0x3f0
[   32.297405]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.297449]  kthread+0x328/0x630
[   32.297486]  ret_from_fork+0x10/0x20
[   32.297526] 
[   32.297567] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   32.297650] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.297679] Hardware name: linux,dummy-virt (DT)
[   32.297712] ==================================================================
[   32.192482] ==================================================================
[   32.192578] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   32.192578] 
[   32.192675] Use-after-free read at 0x00000000a7b6b200 (in kfence-#97):
[   32.192726]  test_use_after_free_read+0x114/0x248
[   32.192774]  kunit_try_run_case+0x170/0x3f0
[   32.192817]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.192861]  kthread+0x328/0x630
[   32.192900]  ret_from_fork+0x10/0x20
[   32.192939] 
[   32.192964] kfence-#97: 0x00000000a7b6b200-0x000000001cb8b366, size=32, cache=kmalloc-32
[   32.192964] 
[   32.193016] allocated by task 307 on cpu 0 at 32.192219s (0.000794s ago):
[   32.193105]  test_alloc+0x29c/0x628
[   32.193145]  test_use_after_free_read+0xd0/0x248
[   32.193188]  kunit_try_run_case+0x170/0x3f0
[   32.193227]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.193271]  kthread+0x328/0x630
[   32.193307]  ret_from_fork+0x10/0x20
[   32.193348] 
[   32.193373] freed by task 307 on cpu 0 at 32.192296s (0.001073s ago):
[   32.193434]  test_use_after_free_read+0x1c0/0x248
[   32.193477]  kunit_try_run_case+0x170/0x3f0
[   32.193517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.193562]  kthread+0x328/0x630
[   32.193598]  ret_from_fork+0x10/0x20
[   32.193639] 
[   32.193686] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   32.193771] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.193800] Hardware name: linux,dummy-virt (DT)
[   32.193834] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VBWOwNE7tln7ibBWNJtNgCdd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VBWOwNE7tln7ibBWNJtNgCdd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/Image.gz
sha256sum	42e36f6e4a060d5f9a1060b857a02a69294fe7d2a27b0731adb370bcbc85f1e6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/modules.tar.xz
sha256sum	890b3fa8e09fb90f169b09d75de24714d8b16adf2b500a29a27124602d4970e9

durations

tests

boot	0
kunit	167.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   27.403442] ==================================================================
[   27.403922] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   27.403922] 
[   27.404497] Use-after-free read at 0x(____ptrval____) (in kfence-#77):
[   27.404704]  test_use_after_free_read+0x129/0x270
[   27.404940]  kunit_try_run_case+0x1a5/0x480
[   27.405258]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.405503]  kthread+0x337/0x6f0
[   27.405712]  ret_from_fork+0x116/0x1d0
[   27.405900]  ret_from_fork_asm+0x1a/0x30
[   27.406192] 
[   27.406294] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   27.406294] 
[   27.406679] allocated by task 324 on cpu 1 at 27.403151s (0.003525s ago):
[   27.406906]  test_alloc+0x364/0x10f0
[   27.407108]  test_use_after_free_read+0xdc/0x270
[   27.407356]  kunit_try_run_case+0x1a5/0x480
[   27.407674]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.407855]  kthread+0x337/0x6f0
[   27.408021]  ret_from_fork+0x116/0x1d0
[   27.408869]  ret_from_fork_asm+0x1a/0x30
[   27.409087] 
[   27.409158] freed by task 324 on cpu 1 at 27.403239s (0.005916s ago):
[   27.409597]  test_use_after_free_read+0x1e7/0x270
[   27.409884]  kunit_try_run_case+0x1a5/0x480
[   27.410046]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.410309]  kthread+0x337/0x6f0
[   27.410441]  ret_from_fork+0x116/0x1d0
[   27.410611]  ret_from_fork_asm+0x1a/0x30
[   27.410788] 
[   27.410916] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   27.411751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.412008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.412468] ==================================================================
[   27.507387] ==================================================================
[   27.507834] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   27.507834] 
[   27.508299] Use-after-free read at 0x(____ptrval____) (in kfence-#78):
[   27.508607]  test_use_after_free_read+0x129/0x270
[   27.508802]  kunit_try_run_case+0x1a5/0x480
[   27.508946]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.509177]  kthread+0x337/0x6f0
[   27.509448]  ret_from_fork+0x116/0x1d0
[   27.509683]  ret_from_fork_asm+0x1a/0x30
[   27.509871] 
[   27.509988] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   27.509988] 
[   27.510397] allocated by task 326 on cpu 0 at 27.507237s (0.003157s ago):
[   27.510626]  test_alloc+0x2a6/0x10f0
[   27.510758]  test_use_after_free_read+0xdc/0x270
[   27.510974]  kunit_try_run_case+0x1a5/0x480
[   27.511186]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.511641]  kthread+0x337/0x6f0
[   27.511943]  ret_from_fork+0x116/0x1d0
[   27.512524]  ret_from_fork_asm+0x1a/0x30
[   27.513064] 
[   27.513158] freed by task 326 on cpu 0 at 27.507300s (0.005855s ago):
[   27.513487]  test_use_after_free_read+0xfb/0x270
[   27.513712]  kunit_try_run_case+0x1a5/0x480
[   27.513855]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.514131]  kthread+0x337/0x6f0
[   27.514337]  ret_from_fork+0x116/0x1d0
[   27.514598]  ret_from_fork_asm+0x1a/0x30
[   27.514731] 
[   27.514887] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   27.515799] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.515978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.516541] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VCWzEgPcUDHhhw0N7L6OuTsi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VCWzEgPcUDHhhw0N7L6OuTsi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/bzImage
sha256sum	af9e113be0609efaece1c192f6aceee5e71a8c7326695ad181171f155187f3ab

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/modules.tar.xz
sha256sum	eb3bf6ab4822a4ffbb4c6a0a8f2b0db2418a278c2192667f80b6a1aac6efaa14

durations

tests

boot	0
kunit	146.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - juno-r2 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit