lkft/linux-next-master - next-20241209 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

Dec. 9, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.240164] ==================================================================
[   32.240911] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   32.240911] 
[   32.241959] Use-after-free read at 0x00000000da1ed975 (in kfence-#115):
[   32.242649]  test_use_after_free_read+0x114/0x248
[   32.243364]  test_use_after_free_read+0x1c0/0x248
[   32.243989]  kunit_try_run_case+0x14c/0x3d0
[   32.244663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.245357]  kthread+0x24c/0x2d0
[   32.245934]  ret_from_fork+0x10/0x20
[   32.246462] 
[   32.246795] kfence-#115: 0x00000000da1ed975-0x00000000e4292113, size=32, cache=kmalloc-32
[   32.246795] 
[   32.247744] allocated by task 283 on cpu 1 at 32.239760s (0.007974s ago):
[   32.248529]  test_alloc+0x298/0x620
[   32.249125]  test_use_after_free_read+0xd0/0x248
[   32.249808]  kunit_try_run_case+0x14c/0x3d0
[   32.250365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.251107]  kthread+0x24c/0x2d0
[   32.251661]  ret_from_fork+0x10/0x20
[   32.252198] 
[   32.252806] freed by task 283 on cpu 1 at 32.239881s (0.012747s ago):
[   32.253638]  test_use_after_free_read+0x1c0/0x248
[   32.254369]  kunit_try_run_case+0x14c/0x3d0
[   32.254953]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.255635]  kthread+0x24c/0x2d0
[   32.256151]  ret_from_fork+0x10/0x20
[   32.256760] 
[   32.257129] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   32.258328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.258863] Hardware name: linux,dummy-virt (DT)
[   32.259453] ==================================================================
[   32.343871] ==================================================================
[   32.344578] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   32.344578] 
[   32.345620] Use-after-free read at 0x00000000c98a10af (in kfence-#116):
[   32.347107]  test_use_after_free_read+0x114/0x248
[   32.347770]  test_use_after_free_read+0xf0/0x248
[   32.348395]  kunit_try_run_case+0x14c/0x3d0
[   32.349078]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.349824]  kthread+0x24c/0x2d0
[   32.350328]  ret_from_fork+0x10/0x20
[   32.350778] 
[   32.351077] kfence-#116: 0x00000000c98a10af-0x00000000499aa45e, size=32, cache=test
[   32.351077] 
[   32.351992] allocated by task 285 on cpu 1 at 32.343552s (0.008430s ago):
[   32.352841]  test_alloc+0x22c/0x620
[   32.353401]  test_use_after_free_read+0xd0/0x248
[   32.354124]  kunit_try_run_case+0x14c/0x3d0
[   32.354798]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.355490]  kthread+0x24c/0x2d0
[   32.356015]  ret_from_fork+0x10/0x20
[   32.356532] 
[   32.356874] freed by task 285 on cpu 1 at 32.343640s (0.013225s ago):
[   32.357798]  test_use_after_free_read+0xf0/0x248
[   32.358429]  kunit_try_run_case+0x14c/0x3d0
[   32.359013]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.359760]  kthread+0x24c/0x2d0
[   32.360279]  ret_from_fork+0x10/0x20
[   32.360825] 
[   32.361162] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   32.362256] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.362830] Hardware name: linux,dummy-virt (DT)
[   32.363359] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2py6iNW3A19OotmKMY53lmGd6oj

job_id

TEST:linaro@lkft#2py6nFdPiknWFOsEIA8yVXfzW70

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2py6nFdPiknWFOsEIA8yVXfzW70

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6jouhw76XPtptNZqsJZuZSQp/Image.gz
sha256sum	585f992ebe50618c33d06c91b201dcdd77d849fd5a2ae15648a255921e68d327

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6jouhw76XPtptNZqsJZuZSQp/modules.tar.xz
sha256sum	c030e654f042d75e88e5e0f533f0d246e75ce1cd54b338d0c8f2e891828c0660

durations

tests

boot	494.17
kunit	331.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

[   33.677118] ==================================================================
[   33.677977] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   33.677977] 
[   33.678768] Use-after-free read at 0x(____ptrval____) (in kfence-#108):
[   33.680299]  test_use_after_free_read+0x12a/0x270
[   33.680946]  kunit_try_run_case+0x1b3/0x490
[   33.681156]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.681495]  kthread+0x257/0x310
[   33.682323]  ret_from_fork+0x41/0x80
[   33.682724]  ret_from_fork_asm+0x1a/0x30
[   33.683157] 
[   33.683373] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   33.683373] 
[   33.684669] allocated by task 302 on cpu 1 at 33.676781s (0.007883s ago):
[   33.685993]  test_alloc+0x35f/0x10d0
[   33.686599]  test_use_after_free_read+0xdd/0x270
[   33.687344]  kunit_try_run_case+0x1b3/0x490
[   33.688116]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.688882]  kthread+0x257/0x310
[   33.689517]  ret_from_fork+0x41/0x80
[   33.690150]  ret_from_fork_asm+0x1a/0x30
[   33.690932] 
[   33.691394] freed by task 302 on cpu 1 at 33.676893s (0.014338s ago):
[   33.692456]  test_use_after_free_read+0x1e9/0x270
[   33.693044]  kunit_try_run_case+0x1b3/0x490
[   33.693637]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.694529]  kthread+0x257/0x310
[   33.695047]  ret_from_fork+0x41/0x80
[   33.695579]  ret_from_fork_asm+0x1a/0x30
[   33.696056] 
[   33.696305] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   33.697523] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.698141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.699182] ==================================================================
[   33.781178] ==================================================================
[   33.782028] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x12a/0x270
[   33.782028] 
[   33.782867] Use-after-free read at 0x(____ptrval____) (in kfence-#109):
[   33.784493]  test_use_after_free_read+0x12a/0x270
[   33.785061]  kunit_try_run_case+0x1b3/0x490
[   33.785806]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.786539]  kthread+0x257/0x310
[   33.787146]  ret_from_fork+0x41/0x80
[   33.787794]  ret_from_fork_asm+0x1a/0x30
[   33.788299] 
[   33.788929] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   33.788929] 
[   33.789692] allocated by task 304 on cpu 1 at 33.780931s (0.008756s ago):
[   33.790729]  test_alloc+0x2a7/0x10d0
[   33.791465]  test_use_after_free_read+0xdd/0x270
[   33.792117]  kunit_try_run_case+0x1b3/0x490
[   33.792393]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.793619]  kthread+0x257/0x310
[   33.794240]  ret_from_fork+0x41/0x80
[   33.794609]  ret_from_fork_asm+0x1a/0x30
[   33.795424] 
[   33.795537] freed by task 304 on cpu 1 at 33.781046s (0.014487s ago):
[   33.796091]  test_use_after_free_read+0xfc/0x270
[   33.797030]  kunit_try_run_case+0x1b3/0x490
[   33.797555]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   33.798504]  kthread+0x257/0x310
[   33.799074]  ret_from_fork+0x41/0x80
[   33.799567]  ret_from_fork_asm+0x1a/0x30
[   33.800120] 
[   33.800282] CPU: 1 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc2-next-20241209 #1
[   33.801767] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.802345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.803721] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2py6iNW3A19OotmKMY53lmGd6oj

job_id

TEST:linaro@lkft#2py6oNZWhxtgVMZK3Ek4jsM4HRg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2py6oNZWhxtgVMZK3Ek4jsM4HRg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6l9cQAS9X4UuL7CI8IoAQLY9/bzImage
sha256sum	f2def6667a55fdb12dee0962daf6bcbe66cf324f93249dc5ac8e99310b080d86

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c6ceed53712217894b72c37cdc18ddb1157eb9bca95bb5bb312b9c30db3bb83b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2py6l9cQAS9X4UuL7CI8IoAQLY9/modules.tar.xz
sha256sum	b8ac931af103d7c2342f58fb2ac1b1b78a223c58c1dd243149250d39dac436b0

durations

tests

boot	445.05
kunit	498.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.1.1+ds-5

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit