lkft/linux-next-master - next-20250319 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

March 19, 2025, 10:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   41.062641] ==================================================================
[   41.063194] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   41.063194] 
[   41.063588] Use-after-free read at 0x0000000089d90ef1 (in kfence-#155):
[   41.063785]  test_use_after_free_read+0x114/0x248
[   41.064016]  kunit_try_run_case+0x14c/0x3d0
[   41.064271]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.064494]  kthread+0x318/0x618
[   41.064674]  ret_from_fork+0x10/0x20
[   41.064881] 
[   41.065001] kfence-#155: 0x0000000089d90ef1-0x000000000670ad60, size=32, cache=kmalloc-32
[   41.065001] 
[   41.065254] allocated by task 297 on cpu 0 at 41.059939s (0.005303s ago):
[   41.066040]  test_alloc+0x298/0x620
[   41.066193]  test_use_after_free_read+0xd0/0x248
[   41.066341]  kunit_try_run_case+0x14c/0x3d0
[   41.066506]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.066664]  kthread+0x318/0x618
[   41.066865]  ret_from_fork+0x10/0x20
[   41.067015] 
[   41.068376] freed by task 297 on cpu 0 at 41.060170s (0.007450s ago):
[   41.068930]  test_use_after_free_read+0x1c0/0x248
[   41.069093]  kunit_try_run_case+0x14c/0x3d0
[   41.069322]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.069561]  kthread+0x318/0x618
[   41.069763]  ret_from_fork+0x10/0x20
[   41.069940] 
[   41.070106] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   41.070357] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.070457] Hardware name: linux,dummy-virt (DT)
[   41.070562] ==================================================================
[   41.166764] ==================================================================
[   41.166906] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   41.166906] 
[   41.167142] Use-after-free read at 0x000000006fd3fbbf (in kfence-#156):
[   41.167294]  test_use_after_free_read+0x114/0x248
[   41.167433]  kunit_try_run_case+0x14c/0x3d0
[   41.167571]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.167717]  kthread+0x318/0x618
[   41.167844]  ret_from_fork+0x10/0x20
[   41.167967] 
[   41.168041] kfence-#156: 0x000000006fd3fbbf-0x00000000ede2df9e, size=32, cache=test
[   41.168041] 
[   41.168230] allocated by task 299 on cpu 0 at 41.166410s (0.001811s ago):
[   41.168471]  test_alloc+0x22c/0x620
[   41.168807]  test_use_after_free_read+0xd0/0x248
[   41.169088]  kunit_try_run_case+0x14c/0x3d0
[   41.169308]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.169486]  kthread+0x318/0x618
[   41.169691]  ret_from_fork+0x10/0x20
[   41.169892] 
[   41.169981] freed by task 299 on cpu 0 at 41.166507s (0.003462s ago):
[   41.170264]  test_use_after_free_read+0xf0/0x248
[   41.170429]  kunit_try_run_case+0x14c/0x3d0
[   41.170568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.170718]  kthread+0x318/0x618
[   41.170888]  ret_from_fork+0x10/0x20
[   41.171079] 
[   41.171188] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   41.171435] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.171586] Hardware name: linux,dummy-virt (DT)
[   41.171768] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2IY2MFMbCeXxVlYVKThLK0vG

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2IY2MFMbCeXxVlYVKThLK0vG

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/Image.gz
sha256sum	7e21ea2b066793bfb239769397e1ca6d991d8341932b5c259d0b5291ae716875

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	71bcc7bc8dbd4ac7d02d52aed8886662999d6e6c790f9b9e5220beaf580ccfc1

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/modules.tar.xz
sha256sum	def6cc6c2dd7d82317a0ac9ef5e9628af2e72f9fd52e222ac4d2bca68256cb99

durations

tests

boot	0
kunit	148.31

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

[   30.160363] ==================================================================
[   30.161087] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.161087] 
[   30.162170] Use-after-free read at 0x(____ptrval____) (in kfence-#126):
[   30.163210]  test_use_after_free_read+0x129/0x270
[   30.164200]  kunit_try_run_case+0x1b2/0x490
[   30.164603]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.165644]  kthread+0x323/0x710
[   30.166248]  ret_from_fork+0x41/0x80
[   30.166599]  ret_from_fork_asm+0x1a/0x30
[   30.167326] 
[   30.167987] kfence-#126: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   30.167987] 
[   30.168597] allocated by task 316 on cpu 0 at 30.160064s (0.008529s ago):
[   30.169403]  test_alloc+0x35e/0x10d0
[   30.170244]  test_use_after_free_read+0xdc/0x270
[   30.170673]  kunit_try_run_case+0x1b2/0x490
[   30.171101]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.171436]  kthread+0x323/0x710
[   30.171858]  ret_from_fork+0x41/0x80
[   30.172347]  ret_from_fork_asm+0x1a/0x30
[   30.172666] 
[   30.173159] freed by task 316 on cpu 0 at 30.160170s (0.012741s ago):
[   30.174018]  test_use_after_free_read+0x1e7/0x270
[   30.174518]  kunit_try_run_case+0x1b2/0x490
[   30.174957]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.175351]  kthread+0x323/0x710
[   30.175971]  ret_from_fork+0x41/0x80
[   30.176310]  ret_from_fork_asm+0x1a/0x30
[   30.176625] 
[   30.176926] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   30.178598] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.178961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.180529] ==================================================================
[   30.264293] ==================================================================
[   30.265007] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   30.265007] 
[   30.265695] Use-after-free read at 0x(____ptrval____) (in kfence-#127):
[   30.266382]  test_use_after_free_read+0x129/0x270
[   30.267021]  kunit_try_run_case+0x1b2/0x490
[   30.268286]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.268986]  kthread+0x323/0x710
[   30.269543]  ret_from_fork+0x41/0x80
[   30.270191]  ret_from_fork_asm+0x1a/0x30
[   30.270836] 
[   30.271023] kfence-#127: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   30.271023] 
[   30.272010] allocated by task 318 on cpu 1 at 30.264093s (0.007911s ago):
[   30.273207]  test_alloc+0x2a6/0x10d0
[   30.273797]  test_use_after_free_read+0xdc/0x270
[   30.274839]  kunit_try_run_case+0x1b2/0x490
[   30.275273]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.276220]  kthread+0x323/0x710
[   30.276769]  ret_from_fork+0x41/0x80
[   30.277364]  ret_from_fork_asm+0x1a/0x30
[   30.278294] 
[   30.278441] freed by task 318 on cpu 1 at 30.264183s (0.014254s ago):
[   30.278929]  test_use_after_free_read+0xfb/0x270
[   30.279437]  kunit_try_run_case+0x1b2/0x490
[   30.280535]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   30.281373]  kthread+0x323/0x710
[   30.281684]  ret_from_fork+0x41/0x80
[   30.282220]  ret_from_fork_asm+0x1a/0x30
[   30.282636] 
[   30.283544] CPU: 1 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   30.284747] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.285086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.285752] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2JXgeaQCkFWN6K2jCSXXvmhK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2JXgeaQCkFWN6K2jCSXXvmhK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/bzImage
sha256sum	2bc7cc1a2590cb344ef11815bf2840b058232038476951f62f559ac8b93bacea

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c0721a415598e62660bcf524e126ecf297cac7ec4f7068a53fb00c57f9cd4051

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/modules.tar.xz
sha256sum	d7478c4852fdaca9c987642c2f409eace66511759906fa95e3a9d660c25bf7f6

durations

tests

boot	0
kunit	63.53

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit