lkft/linux-next-master - next-20241122 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

Nov. 22, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   40.689851] ==================================================================
[   40.690721] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   40.690721] 
[   40.691534] Use-after-free read at 0x0000000077092348 (in kfence-#160):
[   40.692643]  test_use_after_free_read+0x114/0x248
[   40.693882]  test_use_after_free_read+0xf0/0x248
[   40.694646]  kunit_try_run_case+0x14c/0x3d0
[   40.695343]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.696169]  kthread+0x24c/0x2d0
[   40.696819]  ret_from_fork+0x10/0x20
[   40.697583] 
[   40.698044] kfence-#160: 0x0000000077092348-0x00000000780ddb53, size=32, cache=test
[   40.698044] 
[   40.699270] allocated by task 286 on cpu 1 at 40.689485s (0.009773s ago):
[   40.700312]  test_alloc+0x22c/0x620
[   40.700974]  test_use_after_free_read+0xd0/0x248
[   40.701642]  kunit_try_run_case+0x14c/0x3d0
[   40.702280]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.703005]  kthread+0x24c/0x2d0
[   40.703547]  ret_from_fork+0x10/0x20
[   40.704032] 
[   40.704481] freed by task 286 on cpu 1 at 40.689592s (0.014879s ago):
[   40.705358]  test_use_after_free_read+0xf0/0x248
[   40.706160]  kunit_try_run_case+0x14c/0x3d0
[   40.706857]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.707703]  kthread+0x24c/0x2d0
[   40.708230]  ret_from_fork+0x10/0x20
[   40.708774] 
[   40.709202] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   40.710277] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.711030] Hardware name: linux,dummy-virt (DT)
[   40.711567] ==================================================================
[   40.588042] ==================================================================
[   40.589633] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   40.589633] 
[   40.590988] Use-after-free read at 0x00000000ef12ae7c (in kfence-#159):
[   40.591990]  test_use_after_free_read+0x114/0x248
[   40.592863]  test_use_after_free_read+0x1c0/0x248
[   40.593715]  kunit_try_run_case+0x14c/0x3d0
[   40.594414]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.595209]  kthread+0x24c/0x2d0
[   40.595797]  ret_from_fork+0x10/0x20
[   40.596491] 
[   40.596833] kfence-#159: 0x00000000ef12ae7c-0x00000000398e4aad, size=32, cache=kmalloc-32
[   40.596833] 
[   40.598229] allocated by task 284 on cpu 0 at 40.587542s (0.010676s ago):
[   40.599238]  test_alloc+0x298/0x620
[   40.599938]  test_use_after_free_read+0xd0/0x248
[   40.600728]  kunit_try_run_case+0x14c/0x3d0
[   40.601470]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.602220]  kthread+0x24c/0x2d0
[   40.602805]  ret_from_fork+0x10/0x20
[   40.603471] 
[   40.603860] freed by task 284 on cpu 0 at 40.587662s (0.016188s ago):
[   40.604788]  test_use_after_free_read+0x1c0/0x248
[   40.605596]  kunit_try_run_case+0x14c/0x3d0
[   40.606422]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.607038]  kthread+0x24c/0x2d0
[   40.607724]  ret_from_fork+0x10/0x20
[   40.608350] 
[   40.608698] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   40.609923] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.610551] Hardware name: linux,dummy-virt (DT)
[   40.611245] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pC5b8oaJWXHgnXV09vT5LVgOaw

job_id

TEST:linaro@lkft#2pC5fJPu1U0syxXCEatKhpHAVGc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pC5fJPu1U0syxXCEatKhpHAVGc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5cJkcKwJlHcbGFpkgrIsh5rv/Image.gz
sha256sum	c7dd7dbcf7d483b1d1dd11cc623170a05fa77e79300cd8b3c90dab3ce454e75a

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5cJkcKwJlHcbGFpkgrIsh5rv/modules.tar.xz
sha256sum	5eca046fbd2122c8407be146a89207cf131b2811a5bb49c1bd70a7799382ee91

durations

tests

boot	412.61
kunit	528.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   33.658611] ==================================================================
[   33.659248] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   33.659248] 
[   33.660344] Use-after-free read at 0x(____ptrval____) (in kfence-#108):
[   33.660679]  test_use_after_free_read+0x12a/0x270
[   33.660915]  kunit_try_run_case+0x1b3/0x490
[   33.661192]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.661532]  kthread+0x257/0x310
[   33.662013]  ret_from_fork+0x41/0x80
[   33.662472]  ret_from_fork_asm+0x1a/0x30
[   33.662958] 
[   33.663213] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   33.663213] 
[   33.663793] allocated by task 305 on cpu 0 at 33.658416s (0.005372s ago):
[   33.664515]  test_alloc+0x2a7/0x10d0
[   33.665006]  test_use_after_free_read+0xdd/0x270
[   33.665574]  kunit_try_run_case+0x1b3/0x490
[   33.666093]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.666636]  kthread+0x257/0x310
[   33.666989]  ret_from_fork+0x41/0x80
[   33.667500]  ret_from_fork_asm+0x1a/0x30
[   33.667997] 
[   33.668294] freed by task 305 on cpu 0 at 33.658504s (0.009784s ago):
[   33.669050]  test_use_after_free_read+0xfc/0x270
[   33.669613]  kunit_try_run_case+0x1b3/0x490
[   33.670057]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.670578]  kthread+0x257/0x310
[   33.670943]  ret_from_fork+0x41/0x80
[   33.671394]  ret_from_fork_asm+0x1a/0x30
[   33.671781] 
[   33.672057] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.672780] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.673276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.673857] ==================================================================
[   33.554915] ==================================================================
[   33.555598] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   33.555598] 
[   33.556415] Use-after-free read at 0x(____ptrval____) (in kfence-#107):
[   33.556968]  test_use_after_free_read+0x12a/0x270
[   33.557455]  kunit_try_run_case+0x1b3/0x490
[   33.557946]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.558537]  kthread+0x257/0x310
[   33.559023]  ret_from_fork+0x41/0x80
[   33.559640]  ret_from_fork_asm+0x1a/0x30
[   33.560090] 
[   33.560281] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   33.560281] 
[   33.560801] allocated by task 303 on cpu 1 at 33.554509s (0.006288s ago):
[   33.561651]  test_alloc+0x35f/0x10d0
[   33.562030]  test_use_after_free_read+0xdd/0x270
[   33.562389]  kunit_try_run_case+0x1b3/0x490
[   33.562930]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.563582]  kthread+0x257/0x310
[   33.563947]  ret_from_fork+0x41/0x80
[   33.564214]  ret_from_fork_asm+0x1a/0x30
[   33.564754] 
[   33.565478] freed by task 303 on cpu 1 at 33.554630s (0.010643s ago):
[   33.566354]  test_use_after_free_read+0x1e9/0x270
[   33.566870]  kunit_try_run_case+0x1b3/0x490
[   33.567261]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.567876]  kthread+0x257/0x310
[   33.568278]  ret_from_fork+0x41/0x80
[   33.568676]  ret_from_fork_asm+0x1a/0x30
[   33.569257] 
[   33.569576] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241122 #1
[   33.570448] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.570895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.571890] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pC5b8oaJWXHgnXV09vT5LVgOaw

job_id

TEST:linaro@lkft#2pC5gJrOhOMCPVCTwF6RWUbKkzV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pC5gJrOhOMCPVCTwF6RWUbKkzV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5d8hM9aExmiriR2zCnDddb2O/bzImage
sha256sum	9e430a5c45c1c4d501e13019c577f1fb3e738d06e3c62c75693b9374ef9b548d

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pC5d8hM9aExmiriR2zCnDddb2O/modules.tar.xz
sha256sum	342d3a3609bc12bfde714988d31ce95ccf57861e8edbfa31f0f2d2d1be459952

durations

tests

boot	362.79
kunit	484.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit