lkft/linux-next-master - next-20241127 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

Nov. 27, 2024, 3:37 a.m.

Environment
qemu-arm64
qemu-x86_64

[   57.070094] ==================================================================
[   57.070881] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   57.070881] 
[   57.071844] Use-after-free read at 0x0000000029a0ceb8 (in kfence-#162):
[   57.072746]  test_use_after_free_read+0x114/0x248
[   57.073467]  test_use_after_free_read+0xf0/0x248
[   57.074440]  kunit_try_run_case+0x14c/0x3d0
[   57.075268]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.076079]  kthread+0x24c/0x2d0
[   57.076690]  ret_from_fork+0x10/0x20
[   57.077279] 
[   57.077676] kfence-#162: 0x0000000029a0ceb8-0x000000002b8a4f78, size=32, cache=test
[   57.077676] 
[   57.078856] allocated by task 286 on cpu 1 at 57.069811s (0.009036s ago):
[   57.079862]  test_alloc+0x22c/0x620
[   57.080494]  test_use_after_free_read+0xd0/0x248
[   57.081174]  kunit_try_run_case+0x14c/0x3d0
[   57.081831]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.082599]  kthread+0x24c/0x2d0
[   57.083156]  ret_from_fork+0x10/0x20
[   57.083776] 
[   57.084145] freed by task 286 on cpu 1 at 57.069894s (0.014243s ago):
[   57.085242]  test_use_after_free_read+0xf0/0x248
[   57.085993]  kunit_try_run_case+0x14c/0x3d0
[   57.086675]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.087475]  kthread+0x24c/0x2d0
[   57.088038]  ret_from_fork+0x10/0x20
[   57.088643] 
[   57.089008] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   57.090358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   57.090996] Hardware name: linux,dummy-virt (DT)
[   57.091666] ==================================================================
[   56.966348] ==================================================================
[   56.967122] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   56.967122] 
[   56.968165] Use-after-free read at 0x000000002e3edaab (in kfence-#161):
[   56.969030]  test_use_after_free_read+0x114/0x248
[   56.969577]  test_use_after_free_read+0x1c0/0x248
[   56.970065]  kunit_try_run_case+0x14c/0x3d0
[   56.970594]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.971360]  kthread+0x24c/0x2d0
[   56.971870]  ret_from_fork+0x10/0x20
[   56.972539] 
[   56.972983] kfence-#161: 0x000000002e3edaab-0x00000000a1dd806b, size=32, cache=kmalloc-32
[   56.972983] 
[   56.974094] allocated by task 284 on cpu 1 at 56.965783s (0.008303s ago):
[   56.975120]  test_alloc+0x298/0x620
[   56.975680]  test_use_after_free_read+0xd0/0x248
[   56.976232]  kunit_try_run_case+0x14c/0x3d0
[   56.976979]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.977693]  kthread+0x24c/0x2d0
[   56.978198]  ret_from_fork+0x10/0x20
[   56.978797] 
[   56.979404] freed by task 284 on cpu 1 at 56.965890s (0.013326s ago):
[   56.980322]  test_use_after_free_read+0x1c0/0x248
[   56.981034]  kunit_try_run_case+0x14c/0x3d0
[   56.981677]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.982388]  kthread+0x24c/0x2d0
[   56.982888]  ret_from_fork+0x10/0x20
[   56.983553] 
[   56.983943] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   56.985004] Tainted: [B]=BAD_PAGE, [N]=TEST
[   56.985611] Hardware name: linux,dummy-virt (DT)
[   56.986215] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2pPrWzZCaknSLHWPXWgqldRCWId

job_id

TEST:linaro@lkft#2pPrasgygr18pFmDML3VW5NSaLA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pPrasgygr18pFmDML3VW5NSaLA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrXvafjAOnBSZ2PDjzBqmMUCC/Image.gz
sha256sum	7f51b42fbc42b34211545db145326239f0db4bfb7b996201cdd5797585c0f9c7

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrXvafjAOnBSZ2PDjzBqmMUCC/modules.tar.xz
sha256sum	1038ada13ea7237536e1543e3019652e5ec1fb8ccb58d0df0b9351c266f001b7

durations

tests

boot	391.39
kunit	431.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   34.829566] ==================================================================
[   34.830155] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   34.830155] 
[   34.831273] Use-after-free read at 0x(____ptrval____) (in kfence-#105):
[   34.832568]  test_use_after_free_read+0x12a/0x270
[   34.833593]  kunit_try_run_case+0x1b3/0x490
[   34.834013]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.834818]  kthread+0x257/0x310
[   34.835401]  ret_from_fork+0x41/0x80
[   34.835951]  ret_from_fork_asm+0x1a/0x30
[   34.836454] 
[   34.836660] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   34.836660] 
[   34.838422] allocated by task 303 on cpu 0 at 34.829311s (0.009108s ago):
[   34.839558]  test_alloc+0x35f/0x10d0
[   34.839909]  test_use_after_free_read+0xdd/0x270
[   34.840324]  kunit_try_run_case+0x1b3/0x490
[   34.840745]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.841585]  kthread+0x257/0x310
[   34.841907]  ret_from_fork+0x41/0x80
[   34.842270]  ret_from_fork_asm+0x1a/0x30
[   34.842854] 
[   34.843320] freed by task 303 on cpu 0 at 34.829389s (0.013768s ago):
[   34.844091]  test_use_after_free_read+0x1e9/0x270
[   34.844572]  kunit_try_run_case+0x1b3/0x490
[   34.844909]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.845616]  kthread+0x257/0x310
[   34.846410]  ret_from_fork+0x41/0x80
[   34.846765]  ret_from_fork_asm+0x1a/0x30
[   34.847660] 
[   34.848140] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   34.849027] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.849777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   34.851531] ==================================================================
[   34.933439] ==================================================================
[   34.934150] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   34.934150] 
[   34.934887] Use-after-free read at 0x(____ptrval____) (in kfence-#106):
[   34.935788]  test_use_after_free_read+0x12a/0x270
[   34.936363]  kunit_try_run_case+0x1b3/0x490
[   34.936800]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.937679]  kthread+0x257/0x310
[   34.938034]  ret_from_fork+0x41/0x80
[   34.938230]  ret_from_fork_asm+0x1a/0x30
[   34.938428] 
[   34.938527] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   34.938527] 
[   34.938863] allocated by task 305 on cpu 0 at 34.933303s (0.005557s ago):
[   34.939431]  test_alloc+0x2a7/0x10d0
[   34.939857]  test_use_after_free_read+0xdd/0x270
[   34.940291]  kunit_try_run_case+0x1b3/0x490
[   34.940958]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.941882]  kthread+0x257/0x310
[   34.942322]  ret_from_fork+0x41/0x80
[   34.942999]  ret_from_fork_asm+0x1a/0x30
[   34.943691] 
[   34.944048] freed by task 305 on cpu 0 at 34.933361s (0.010683s ago):
[   34.944797]  test_use_after_free_read+0xfc/0x270
[   34.945386]  kunit_try_run_case+0x1b3/0x490
[   34.945727]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   34.946277]  kthread+0x257/0x310
[   34.946684]  ret_from_fork+0x41/0x80
[   34.947034]  ret_from_fork_asm+0x1a/0x30
[   34.947871] 
[   34.948228] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241127 #1
[   34.949693] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.950319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   34.950941] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2pPrWzZCaknSLHWPXWgqldRCWId

job_id

TEST:linaro@lkft#2pPrbhaVR3ariJUhOI7IYbIBUdI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2pPrbhaVR3ariJUhOI7IYbIBUdI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrYqhbLSrtk8tmKdo61CYQmn7/bzImage
sha256sum	bc7020f6c9906b0c5d6906e81b0f41206db7445f5dae748cf179d16decb29c87

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2pPrYqhbLSrtk8tmKdo61CYQmn7/modules.tar.xz
sha256sum	e54cf87147493578594c767c66018773df97ab776c89d3f19e69e678f47aed9d

durations

tests

boot	322.07
kunit	429.13

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit