lkft/linux-next-master - next-20250513 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read

Date

May 13, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   23.453731] ==================================================================
[   23.454134] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   23.454134] 
[   23.454269] Use-after-free read at 0x000000009e8924cb (in kfence-#105):
[   23.454333]  test_use_after_free_read+0x114/0x248
[   23.454395]  kunit_try_run_case+0x170/0x3f0
[   23.454717]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.455130]  kthread+0x328/0x630
[   23.455228]  ret_from_fork+0x10/0x20
[   23.455373] 
[   23.455465] kfence-#105: 0x000000009e8924cb-0x00000000b21d41c3, size=32, cache=test
[   23.455465] 
[   23.455705] allocated by task 297 on cpu 1 at 23.452834s (0.002863s ago):
[   23.456008]  test_alloc+0x230/0x628
[   23.456335]  test_use_after_free_read+0xd0/0x248
[   23.456570]  kunit_try_run_case+0x170/0x3f0
[   23.456636]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.456705]  kthread+0x328/0x630
[   23.456750]  ret_from_fork+0x10/0x20
[   23.456797] 
[   23.457128] freed by task 297 on cpu 1 at 23.452907s (0.004184s ago):
[   23.457406]  test_use_after_free_read+0xf0/0x248
[   23.457467]  kunit_try_run_case+0x170/0x3f0
[   23.457681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.457744]  kthread+0x328/0x630
[   23.457793]  ret_from_fork+0x10/0x20
[   23.457867] 
[   23.457928] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   23.458045] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.458083] Hardware name: linux,dummy-virt (DT)
[   23.458126] ==================================================================
[   23.348718] ==================================================================
[   23.348986] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248
[   23.348986] 
[   23.349135] Use-after-free read at 0x00000000d0c7f4c7 (in kfence-#104):
[   23.349206]  test_use_after_free_read+0x114/0x248
[   23.349267]  kunit_try_run_case+0x170/0x3f0
[   23.349797]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.350065]  kthread+0x328/0x630
[   23.350127]  ret_from_fork+0x10/0x20
[   23.350210] 
[   23.350250] kfence-#104: 0x00000000d0c7f4c7-0x00000000479c9ef7, size=32, cache=kmalloc-32
[   23.350250] 
[   23.350531] allocated by task 295 on cpu 1 at 23.347764s (0.002760s ago):
[   23.350666]  test_alloc+0x29c/0x628
[   23.350877]  test_use_after_free_read+0xd0/0x248
[   23.350982]  kunit_try_run_case+0x170/0x3f0
[   23.351038]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.351459]  kthread+0x328/0x630
[   23.351556]  ret_from_fork+0x10/0x20
[   23.351742] 
[   23.352347] freed by task 295 on cpu 1 at 23.347919s (0.004244s ago):
[   23.352864]  test_use_after_free_read+0x1c0/0x248
[   23.353018]  kunit_try_run_case+0x170/0x3f0
[   23.353079]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.353364]  kthread+0x328/0x630
[   23.353627]  ret_from_fork+0x10/0x20
[   23.353773] 
[   23.354079] CPU: 1 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   23.354263] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.355235] Hardware name: linux,dummy-virt (DT)
[   23.355618] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x2ZFae8Ls3qEfTe0PRCYFb5eF9

job_id

TEST:linaro@lkft#2x2ZJwMkybAJ0V3AdwW8YXrmLW4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x2ZJwMkybAJ0V3AdwW8YXrmLW4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZGjWiQXEqdPbxYxRYAHypUXF/Image.gz
sha256sum	504e1d37524260fa95a6f6e6498e4daa3458f89c70f1974ff57f1740645ee541

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZGjWiQXEqdPbxYxRYAHypUXF/modules.tar.xz
sha256sum	a71187f290b93746206f2f75a3cb5731ed4583beeb2a9abe36ca5193decfd1c5

durations

tests

boot	0
kunit	376.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.619071] ==================================================================
[   16.619472] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.619472] 
[   16.619998] Use-after-free read at 0x(____ptrval____) (in kfence-#73):
[   16.620301]  test_use_after_free_read+0x129/0x270
[   16.620532]  kunit_try_run_case+0x1a5/0x480
[   16.620799]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.621039]  kthread+0x337/0x6f0
[   16.621166]  ret_from_fork+0x116/0x1d0
[   16.621399]  ret_from_fork_asm+0x1a/0x30
[   16.621693] 
[   16.621798] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test
[   16.621798] 
[   16.622229] allocated by task 314 on cpu 1 at 16.618872s (0.003355s ago):
[   16.622640]  test_alloc+0x2a6/0x10f0
[   16.622833]  test_use_after_free_read+0xdc/0x270
[   16.623044]  kunit_try_run_case+0x1a5/0x480
[   16.623337]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.623626]  kthread+0x337/0x6f0
[   16.623801]  ret_from_fork+0x116/0x1d0
[   16.624004]  ret_from_fork_asm+0x1a/0x30
[   16.624320] 
[   16.624396] freed by task 314 on cpu 1 at 16.618928s (0.005466s ago):
[   16.624644]  test_use_after_free_read+0xfb/0x270
[   16.625023]  kunit_try_run_case+0x1a5/0x480
[   16.625308]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.625569]  kthread+0x337/0x6f0
[   16.625757]  ret_from_fork+0x116/0x1d0
[   16.625944]  ret_from_fork_asm+0x1a/0x30
[   16.626171] 
[   16.626379] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   16.626985] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.627168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.627535] ==================================================================
[   16.515026] ==================================================================
[   16.515467] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270
[   16.515467] 
[   16.515931] Use-after-free read at 0x(____ptrval____) (in kfence-#72):
[   16.516191]  test_use_after_free_read+0x129/0x270
[   16.516360]  kunit_try_run_case+0x1a5/0x480
[   16.516669]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.516933]  kthread+0x337/0x6f0
[   16.517072]  ret_from_fork+0x116/0x1d0
[   16.517269]  ret_from_fork_asm+0x1a/0x30
[   16.517459] 
[   16.517535] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   16.517535] 
[   16.517931] allocated by task 312 on cpu 0 at 16.514827s (0.003102s ago):
[   16.518263]  test_alloc+0x364/0x10f0
[   16.518763]  test_use_after_free_read+0xdc/0x270
[   16.519002]  kunit_try_run_case+0x1a5/0x480
[   16.519209]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.519731]  kthread+0x337/0x6f0
[   16.519910]  ret_from_fork+0x116/0x1d0
[   16.520105]  ret_from_fork_asm+0x1a/0x30
[   16.520543] 
[   16.520637] freed by task 312 on cpu 0 at 16.514878s (0.005757s ago):
[   16.520929]  test_use_after_free_read+0x1e7/0x270
[   16.521151]  kunit_try_run_case+0x1a5/0x480
[   16.521353]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.521849]  kthread+0x337/0x6f0
[   16.522077]  ret_from_fork+0x116/0x1d0
[   16.522383]  ret_from_fork_asm+0x1a/0x30
[   16.522657] 
[   16.522765] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   16.523456] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.523729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.524113] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x2ZFae8Ls3qEfTe0PRCYFb5eF9

job_id

TEST:linaro@lkft#2x2ZKfXq1x4rE5uAs6VLnxuNkCP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x2ZKfXq1x4rE5uAs6VLnxuNkCP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZHlHBYbYCHYJaF5eD66G530I/bzImage
sha256sum	e89f03c19c78189cd68c59a16440604de847a1695c893a93d8173d838704e698

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZHlHBYbYCHYJaF5eD66G530I/modules.tar.xz
sha256sum	8a5955c9acfee51bf7a3c12d37a8784f27ef2d8796875e5fb6568a2ec65c0fa8

durations

tests

boot	0
kunit	206.87

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit