lkft/linux-next-master - next-20241126 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

Nov. 26, 2024, 6:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   39.334944] ==================================================================
[   39.335663] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   39.335663] 
[   39.336774] Use-after-free read at 0x00000000a1b478ac (in kfence-#152):
[   39.337623]  test_use_after_free_read+0x114/0x248
[   39.338203]  test_use_after_free_read+0x1c0/0x248
[   39.338891]  kunit_try_run_case+0x14c/0x3d0
[   39.339467]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.340247]  kthread+0x24c/0x2d0
[   39.340719]  ret_from_fork+0x10/0x20
[   39.341347] 
[   39.341722] kfence-#152: 0x00000000a1b478ac-0x00000000093ca67c, size=32, cache=kmalloc-32
[   39.341722] 
[   39.342590] allocated by task 284 on cpu 1 at 39.334314s (0.008265s ago):
[   39.343434]  test_alloc+0x298/0x620
[   39.344033]  test_use_after_free_read+0xd0/0x248
[   39.344741]  kunit_try_run_case+0x14c/0x3d0
[   39.345343]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.345975]  kthread+0x24c/0x2d0
[   39.346538]  ret_from_fork+0x10/0x20
[   39.347870] 
[   39.348264] freed by task 284 on cpu 1 at 39.334464s (0.013788s ago):
[   39.349018]  test_use_after_free_read+0x1c0/0x248
[   39.349665]  kunit_try_run_case+0x14c/0x3d0
[   39.350195]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.350974]  kthread+0x24c/0x2d0
[   39.351491]  ret_from_fork+0x10/0x20
[   39.352008] 
[   39.352434] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   39.353551] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.354179] Hardware name: linux,dummy-virt (DT)
[   39.354787] ==================================================================
[   39.437501] ==================================================================
[   39.438208] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   39.438208] 
[   39.438962] Use-after-free read at 0x000000009216a656 (in kfence-#153):
[   39.439768]  test_use_after_free_read+0x114/0x248
[   39.440444]  test_use_after_free_read+0xf0/0x248
[   39.441015]  kunit_try_run_case+0x14c/0x3d0
[   39.441673]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.442345]  kthread+0x24c/0x2d0
[   39.442955]  ret_from_fork+0x10/0x20
[   39.443551] 
[   39.443948] kfence-#153: 0x000000009216a656-0x000000004814458a, size=32, cache=test
[   39.443948] 
[   39.444880] allocated by task 286 on cpu 1 at 39.437170s (0.007698s ago):
[   39.445578]  test_alloc+0x22c/0x620
[   39.446176]  test_use_after_free_read+0xd0/0x248
[   39.446883]  kunit_try_run_case+0x14c/0x3d0
[   39.447493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.448261]  kthread+0x24c/0x2d0
[   39.448731]  ret_from_fork+0x10/0x20
[   39.449346] 
[   39.449709] freed by task 286 on cpu 1 at 39.437272s (0.012425s ago):
[   39.450733]  test_use_after_free_read+0xf0/0x248
[   39.451392]  kunit_try_run_case+0x14c/0x3d0
[   39.452069]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.452738]  kthread+0x24c/0x2d0
[   39.453320]  ret_from_fork+0x10/0x20
[   39.453880] 
[   39.454278] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   39.455301] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.455833] Hardware name: linux,dummy-virt (DT)
[   39.456481] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pNLRA0IBHuJTf07d272FmWDvGc

job_id

TEST:linaro@lkft#2pNLVChLm6O8OE9kFFUb2JRePJW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNLVChLm6O8OE9kFFUb2JRePJW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLSEqM3byntpC85gJqI4B2WZl/Image.gz
sha256sum	7e81128b3f5cd5661a1ca94f4014d04ea2b4d60c42ee0538da245262b16ff790

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLSEqM3byntpC85gJqI4B2WZl/modules.tar.xz
sha256sum	639d946629d114008a931ff40c21d2d44d7004c1191b97766b75eddb21223f93

durations

tests

boot	405.85
kunit	501.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   40.530810] ==================================================================
[   40.531645] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   40.531645] 
[   40.532433] Use-after-free read at 0x000000008b0bd4af (in kfence-#148):
[   40.533276]  test_use_after_free_read+0x114/0x248
[   40.534368]  test_use_after_free_read+0xf0/0x248
[   40.534931]  kunit_try_run_case+0x14c/0x3d0
[   40.535634]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.536301]  kthread+0x24c/0x2d0
[   40.536913]  ret_from_fork+0x10/0x20
[   40.537473] 
[   40.537811] kfence-#148: 0x000000008b0bd4af-0x000000006d9513e4, size=32, cache=test
[   40.537811] 
[   40.538806] allocated by task 286 on cpu 1 at 40.530422s (0.008372s ago):
[   40.539689]  test_alloc+0x22c/0x620
[   40.540301]  test_use_after_free_read+0xd0/0x248
[   40.541044]  kunit_try_run_case+0x14c/0x3d0
[   40.541666]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.542284]  kthread+0x24c/0x2d0
[   40.542880]  ret_from_fork+0x10/0x20
[   40.543428] 
[   40.543825] freed by task 286 on cpu 1 at 40.530557s (0.013257s ago):
[   40.544773]  test_use_after_free_read+0xf0/0x248
[   40.545484]  kunit_try_run_case+0x14c/0x3d0
[   40.546186]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.546873]  kthread+0x24c/0x2d0
[   40.547446]  ret_from_fork+0x10/0x20
[   40.548078] 
[   40.548505] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   40.549561] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.550197] Hardware name: linux,dummy-virt (DT)
[   40.550776] ==================================================================
[   40.426978] ==================================================================
[   40.427883] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   40.427883] 
[   40.428794] Use-after-free read at 0x000000003d7bdae2 (in kfence-#147):
[   40.429658]  test_use_after_free_read+0x114/0x248
[   40.430315]  test_use_after_free_read+0x1c0/0x248
[   40.431008]  kunit_try_run_case+0x14c/0x3d0
[   40.431713]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.432449]  kthread+0x24c/0x2d0
[   40.433064]  ret_from_fork+0x10/0x20
[   40.433612] 
[   40.433999] kfence-#147: 0x000000003d7bdae2-0x0000000050a744d0, size=32, cache=kmalloc-32
[   40.433999] 
[   40.435022] allocated by task 284 on cpu 0 at 40.426469s (0.008541s ago):
[   40.435835]  test_alloc+0x298/0x620
[   40.436449]  test_use_after_free_read+0xd0/0x248
[   40.437191]  kunit_try_run_case+0x14c/0x3d0
[   40.437859]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.438617]  kthread+0x24c/0x2d0
[   40.439232]  ret_from_fork+0x10/0x20
[   40.439869] 
[   40.440471] freed by task 284 on cpu 0 at 40.426635s (0.013631s ago):
[   40.441503]  test_use_after_free_read+0x1c0/0x248
[   40.442181]  kunit_try_run_case+0x14c/0x3d0
[   40.442869]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.443572]  kthread+0x24c/0x2d0
[   40.444158]  ret_from_fork+0x10/0x20
[   40.444837] 
[   40.445262] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   40.446379] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.446900] Hardware name: linux,dummy-virt (DT)
[   40.447600] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pNKxJFf8Xmw36QpJYyZTCAyOBG

job_id

TEST:linaro@lkft#2pNL1zFXlY64AJo0IF1bnKU3bR5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNL1zFXlY64AJo0IF1bnKU3bR5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKydSEI4rkzfuAHppcpnFq00j/Image.gz
sha256sum	7b1b43afb686ef43832a2d80e728eafe16a89e7e62e745193a8842d528fd56f0

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKydSEI4rkzfuAHppcpnFq00j/modules.tar.xz
sha256sum	8ec5f776eaaf415e5766c1d67a7fb500bb3660edcbbf897cafe8b5baa13b08c6

durations

tests

boot	406.34
kunit	486.40

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   34.024958] ==================================================================
[   34.025120] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   34.025120] 
[   34.025120] Use-after-free read at 0x(____ptrval____) (in kfence-#107):
[   34.025120]  test_use_after_free_read+0x12a/0x270
[   34.025120]  kunit_try_run_case+0x1b3/0x490
[   34.025120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.025120]  kthread+0x257/0x310
[   34.025120]  ret_from_fork+0x41/0x80
[   34.025120]  ret_from_fork_asm+0x1a/0x30
[   34.025120] 
[   34.025120] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   34.025120] 
[   34.025120] allocated by task 306 on cpu 0 at 34.024740s (0.000380s ago):
[   34.025120]  test_alloc+0x2a7/0x10d0
[   34.025120]  test_use_after_free_read+0xdd/0x270
[   34.025120]  kunit_try_run_case+0x1b3/0x490
[   34.025120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.025120]  kthread+0x257/0x310
[   34.025120]  ret_from_fork+0x41/0x80
[   34.025120]  ret_from_fork_asm+0x1a/0x30
[   34.025120] 
[   34.025120] freed by task 306 on cpu 0 at 34.024831s (0.000288s ago):
[   34.025120]  test_use_after_free_read+0xfc/0x270
[   34.025120]  kunit_try_run_case+0x1b3/0x490
[   34.025120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.025120]  kthread+0x257/0x310
[   34.025120]  ret_from_fork+0x41/0x80
[   34.025120]  ret_from_fork_asm+0x1a/0x30
[   34.025120] 
[   34.025120] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   34.025120] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.025120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   34.025120] ==================================================================
[   33.921126] ==================================================================
[   33.921126] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   33.921126] 
[   33.921126] Use-after-free read at 0x(____ptrval____) (in kfence-#106):
[   33.921126]  test_use_after_free_read+0x12a/0x270
[   33.921126]  kunit_try_run_case+0x1b3/0x490
[   33.921126]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.921126]  kthread+0x257/0x310
[   33.921126]  ret_from_fork+0x41/0x80
[   33.921126]  ret_from_fork_asm+0x1a/0x30
[   33.921126] 
[   33.921126] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   33.921126] 
[   33.921126] allocated by task 304 on cpu 0 at 33.920769s (0.000357s ago):
[   33.921126]  test_alloc+0x35f/0x10d0
[   33.921126]  test_use_after_free_read+0xdd/0x270
[   33.921126]  kunit_try_run_case+0x1b3/0x490
[   33.921126]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.921126]  kthread+0x257/0x310
[   33.921126]  ret_from_fork+0x41/0x80
[   33.921126]  ret_from_fork_asm+0x1a/0x30
[   33.921126] 
[   33.921126] freed by task 304 on cpu 0 at 33.920885s (0.000240s ago):
[   33.921126]  test_use_after_free_read+0x1e9/0x270
[   33.921126]  kunit_try_run_case+0x1b3/0x490
[   33.921126]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.921126]  kthread+0x257/0x310
[   33.921126]  ret_from_fork+0x41/0x80
[   33.921126]  ret_from_fork_asm+0x1a/0x30
[   33.921126] 
[   33.921126] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   33.921126] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.921126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.921126] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pNKxJFf8Xmw36QpJYyZTCAyOBG

job_id

TEST:linaro@lkft#2pNL37jdItRW9kD3t1f1iUv9jWi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNL37jdItRW9kD3t1f1iUv9jWi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKzut8T8XNaub0jog0DurvLHG/bzImage
sha256sum	8a228c416158a60c7a52ef95959c2b3fdcb3ef4176ed86add7ebb604864acafb

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNKzut8T8XNaub0jog0DurvLHG/modules.tar.xz
sha256sum	0c9def84dcea843251616ddfbdafbf78ef77930a5ece1629a86a4abad75aaef9

durations

tests

boot	396.11
kunit	522.52

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   29.565936] ==================================================================
[   29.566663] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   29.566663] 
[   29.567327] Use-after-free read at 0x(____ptrval____) (in kfence-#116):
[   29.568169]  test_use_after_free_read+0x12a/0x270
[   29.568634]  kunit_try_run_case+0x1b3/0x490
[   29.569243]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.569699]  kthread+0x257/0x310
[   29.569968]  ret_from_fork+0x41/0x80
[   29.570405]  ret_from_fork_asm+0x1a/0x30
[   29.570755] 
[   29.570993] kfence-#116: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   29.570993] 
[   29.571578] allocated by task 302 on cpu 1 at 29.565579s (0.005994s ago):
[   29.572176]  test_alloc+0x35f/0x10d0
[   29.572539]  test_use_after_free_read+0xdd/0x270
[   29.573037]  kunit_try_run_case+0x1b3/0x490
[   29.573360]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.574025]  kthread+0x257/0x310
[   29.574319]  ret_from_fork+0x41/0x80
[   29.574795]  ret_from_fork_asm+0x1a/0x30
[   29.575131] 
[   29.575302] freed by task 302 on cpu 1 at 29.565693s (0.009601s ago):
[   29.575941]  test_use_after_free_read+0x1e9/0x270
[   29.576425]  kunit_try_run_case+0x1b3/0x490
[   29.577016]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.577409]  kthread+0x257/0x310
[   29.577872]  ret_from_fork+0x41/0x80
[   29.578163]  ret_from_fork_asm+0x1a/0x30
[   29.578604] 
[   29.578865] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   29.579403] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.579865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.580518] ==================================================================
[   29.669812] ==================================================================
[   29.670452] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   29.670452] 
[   29.671261] Use-after-free read at 0x(____ptrval____) (in kfence-#117):
[   29.671653]  test_use_after_free_read+0x12a/0x270
[   29.672170]  kunit_try_run_case+0x1b3/0x490
[   29.672658]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.673044]  kthread+0x257/0x310
[   29.673312]  ret_from_fork+0x41/0x80
[   29.673790]  ret_from_fork_asm+0x1a/0x30
[   29.674244] 
[   29.674477] kfence-#117: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   29.674477] 
[   29.674994] allocated by task 304 on cpu 1 at 29.669570s (0.005419s ago):
[   29.675692]  test_alloc+0x2a7/0x10d0
[   29.676089]  test_use_after_free_read+0xdd/0x270
[   29.676569]  kunit_try_run_case+0x1b3/0x490
[   29.676914]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.677244]  kthread+0x257/0x310
[   29.677521]  ret_from_fork+0x41/0x80
[   29.677932]  ret_from_fork_asm+0x1a/0x30
[   29.678497] 
[   29.678777] freed by task 304 on cpu 1 at 29.669664s (0.009107s ago):
[   29.679424]  test_use_after_free_read+0xfc/0x270
[   29.679835]  kunit_try_run_case+0x1b3/0x490
[   29.680272]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   29.680655]  kthread+0x257/0x310
[   29.681016]  ret_from_fork+0x41/0x80
[   29.681378]  ret_from_fork_asm+0x1a/0x30
[   29.681914] 
[   29.682133] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   29.682982] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.683372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   29.684316] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pNLRA0IBHuJTf07d272FmWDvGc

job_id

TEST:linaro@lkft#2pNLWIxbKMQbNd3LjqmUpOkXL4T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pNLWIxbKMQbNd3LjqmUpOkXL4T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLT2lusIsQZPDw4GJIP5UU6Ir/bzImage
sha256sum	143f713ad1814f248c0c6d1590c70927e1849fbba08c832c7f24bbfdcc2ff727

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pNLT2lusIsQZPDw4GJIP5UU6Ir/modules.tar.xz
sha256sum	0249b32685233d9e186ba4576d570fd3be1e101fbee1ffd6032f1bcc02720bc8

durations

tests

boot	379.18
kunit	483.72

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit