lkft/linux-next-master - next-20250512 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

May 12, 2025, 11:48 a.m.

Environment
qemu-arm64
qemu-x86_64

[   20.930548] ==================================================================
[   20.930655] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.930655] 
[   20.930753] Use-after-free read at 0x00000000b968c94d (in kfence-#101):
[   20.930813]  test_use_after_free_read+0x114/0x248
[   20.930868]  kunit_try_run_case+0x170/0x3f0
[   20.930916]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.930965]  kthread+0x328/0x630
[   20.931013]  ret_from_fork+0x10/0x20
[   20.931069] 
[   20.931097] kfence-#101: 0x00000000b968c94d-0x00000000e88ed70f, size=32, cache=test
[   20.931097] 
[   20.931158] allocated by task 297 on cpu 0 at 20.930360s (0.000795s ago):
[   20.931237]  test_alloc+0x230/0x628
[   20.931283]  test_use_after_free_read+0xd0/0x248
[   20.931329]  kunit_try_run_case+0x170/0x3f0
[   20.931371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.931417]  kthread+0x328/0x630
[   20.931459]  ret_from_fork+0x10/0x20
[   20.931499] 
[   20.931527] freed by task 297 on cpu 0 at 20.930417s (0.001106s ago):
[   20.931642]  test_use_after_free_read+0xf0/0x248
[   20.931689]  kunit_try_run_case+0x170/0x3f0
[   20.931729]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.931774]  kthread+0x328/0x630
[   20.931812]  ret_from_fork+0x10/0x20
[   20.931853] 
[   20.931897] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   20.931990] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.932021] Hardware name: linux,dummy-virt (DT)
[   20.932068] ==================================================================
[   20.828166] ==================================================================
[   20.828280] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   20.828280] 
[   20.828808] Use-after-free read at 0x00000000f0010944 (in kfence-#100):
[   20.828905]  test_use_after_free_read+0x114/0x248
[   20.829492]  kunit_try_run_case+0x170/0x3f0
[   20.829570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.829865]  kthread+0x328/0x630
[   20.829928]  ret_from_fork+0x10/0x20
[   20.830144] 
[   20.830231] kfence-#100: 0x00000000f0010944-0x000000006293033e, size=32, cache=kmalloc-32
[   20.830231] 
[   20.830304] allocated by task 295 on cpu 0 at 20.827628s (0.002672s ago):
[   20.830394]  test_alloc+0x29c/0x628
[   20.830760]  test_use_after_free_read+0xd0/0x248
[   20.830825]  kunit_try_run_case+0x170/0x3f0
[   20.830871]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.830917]  kthread+0x328/0x630
[   20.830955]  ret_from_fork+0x10/0x20
[   20.831017] 
[   20.831060] freed by task 295 on cpu 0 at 20.827719s (0.003336s ago):
[   20.831145]  test_use_after_free_read+0x1c0/0x248
[   20.831191]  kunit_try_run_case+0x170/0x3f0
[   20.831232]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.831278]  kthread+0x328/0x630
[   20.831317]  ret_from_fork+0x10/0x20
[   20.831358] 
[   20.831408] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   20.831503] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.831552] Hardware name: linux,dummy-virt (DT)
[   20.831590] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzht4TVw0WlfY69jnhMqjXElSg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzht4TVw0WlfY69jnhMqjXElSg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/Image.gz
sha256sum	70b1e536f53e9eb91aae94372b64952481bbf47e27b20cb5870c7e3e80457074

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/modules.tar.xz
sha256sum	95c3dca0f224e5b598c2e0728f570672c34de953e709490ceb7378a1ba9035be

durations

tests

boot	0
kunit	235.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   23.825979] ==================================================================
[   23.826500] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   23.826500] 
[   23.826977] Use-after-free read at 0x(____ptrval____) (in kfence-#100):
[   23.827543]  test_use_after_free_read+0x129/0x270
[   23.827900]  kunit_try_run_case+0x1a5/0x480
[   23.828155]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.828543]  kthread+0x337/0x6f0
[   23.828799]  ret_from_fork+0x116/0x1d0
[   23.829027]  ret_from_fork_asm+0x1a/0x30
[   23.829399] 
[   23.829586] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   23.829586] 
[   23.830171] allocated by task 312 on cpu 1 at 23.825656s (0.004510s ago):
[   23.830492]  test_alloc+0x364/0x10f0
[   23.831102]  test_use_after_free_read+0xdc/0x270
[   23.831569]  kunit_try_run_case+0x1a5/0x480
[   23.832049]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.832532]  kthread+0x337/0x6f0
[   23.832927]  ret_from_fork+0x116/0x1d0
[   23.833161]  ret_from_fork_asm+0x1a/0x30
[   23.833510] 
[   23.833990] freed by task 312 on cpu 1 at 23.825749s (0.008065s ago):
[   23.834583]  test_use_after_free_read+0x1e7/0x270
[   23.835063]  kunit_try_run_case+0x1a5/0x480
[   23.835460]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.835921]  kthread+0x337/0x6f0
[   23.836109]  ret_from_fork+0x116/0x1d0
[   23.836310]  ret_from_fork_asm+0x1a/0x30
[   23.836716] 
[   23.836978] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   23.837914] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.838118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.838714] ==================================================================
[   23.929929] ==================================================================
[   23.930366] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   23.930366] 
[   23.930732] Use-after-free read at 0x(____ptrval____) (in kfence-#101):
[   23.931281]  test_use_after_free_read+0x129/0x270
[   23.931495]  kunit_try_run_case+0x1a5/0x480
[   23.931688]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.932102]  kthread+0x337/0x6f0
[   23.932427]  ret_from_fork+0x116/0x1d0
[   23.932765]  ret_from_fork_asm+0x1a/0x30
[   23.932975] 
[   23.933100] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   23.933100] 
[   23.933537] allocated by task 314 on cpu 0 at 23.929689s (0.003841s ago):
[   23.934077]  test_alloc+0x2a6/0x10f0
[   23.934505]  test_use_after_free_read+0xdc/0x270
[   23.934971]  kunit_try_run_case+0x1a5/0x480
[   23.935212]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.935518]  kthread+0x337/0x6f0
[   23.935702]  ret_from_fork+0x116/0x1d0
[   23.936000]  ret_from_fork_asm+0x1a/0x30
[   23.936351] 
[   23.936541] freed by task 314 on cpu 0 at 23.929784s (0.006751s ago):
[   23.937127]  test_use_after_free_read+0xfb/0x270
[   23.937450]  kunit_try_run_case+0x1a5/0x480
[   23.937901]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.938204]  kthread+0x337/0x6f0
[   23.938397]  ret_from_fork+0x116/0x1d0
[   23.938591]  ret_from_fork_asm+0x1a/0x30
[   23.939056] 
[   23.939292] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   23.940321] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.940530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.941052] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzhu6iaWdJjc5OBxEyTCXoH7hg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzhu6iaWdJjc5OBxEyTCXoH7hg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/bzImage
sha256sum	a903e4e22fae7c9fda402890fe1753d53b5e12289f993655dd063c1cd604c332

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/modules.tar.xz
sha256sum	5e08ec47b0a73d33001c0f25787e3eb58851b97c569c3621f07d2da65a7a22ff

durations

tests

boot	0
kunit	361.27

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit