lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

April 20, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   57.681054] ==================================================================
[   57.681142] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   57.681142] 
[   57.681246] Use-after-free read at 0x00000000d0dec104 (in kfence-#189):
[   57.681310]  test_krealloc+0x51c/0x830
[   57.681367]  kunit_try_run_case+0x170/0x3f0
[   57.681427]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.681484]  kthread+0x328/0x630
[   57.681537]  ret_from_fork+0x10/0x20
[   57.681587] 
[   57.681617] kfence-#189: 0x00000000d0dec104-0x00000000a0f889e6, size=32, cache=kmalloc-32
[   57.681617] 
[   57.681680] allocated by task 339 on cpu 0 at 57.680145s (0.001530s ago):
[   57.681760]  test_alloc+0x29c/0x628
[   57.681808]  test_krealloc+0xc0/0x830
[   57.681857]  kunit_try_run_case+0x170/0x3f0
[   57.681909]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.681989]  kthread+0x328/0x630
[   57.682041]  ret_from_fork+0x10/0x20
[   57.682090] 
[   57.682118] freed by task 339 on cpu 0 at 57.680499s (0.001614s ago):
[   57.682194]  krealloc_noprof+0x148/0x360
[   57.682242]  test_krealloc+0x1dc/0x830
[   57.682289]  kunit_try_run_case+0x170/0x3f0
[   57.682337]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.682393]  kthread+0x328/0x630
[   57.682442]  ret_from_fork+0x10/0x20
[   57.682488] 
[   57.682541] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   57.682634] Tainted: [B]=BAD_PAGE, [N]=TEST
[   57.682669] Hardware name: linux,dummy-virt (DT)
[   57.682712] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2w0twD46JnbM3uuwFzFr96Mv09c

job_id

TEST:linaro@lkft#2w0u011gxc9rP28xjZn2LW9dmkk

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w0u011gxc9rP28xjZn2LW9dmkk

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0txFB8nKL1zwrJEbIPml6sHmA/Image.gz
sha256sum	640e60b3f9e880e210b277ab8a14be609af2709a64df1bea735a73952e0c6d8f

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	6e7d093e93027c909f889e69aec109c9a1b0ec1ca5f1beffa4bce78be31bff20

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0txFB8nKL1zwrJEbIPml6sHmA/modules.tar.xz
sha256sum	34ed11929e5ab442ddd8b3a4d64f3a51c04d9299dcf90df066391ed31be24330

durations

tests

boot	0
kunit	130.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   47.785361] ==================================================================
[   47.785734] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   47.785734] 
[   47.786105] Use-after-free read at 0x(____ptrval____) (in kfence-#122):
[   47.786373]  test_krealloc+0x6fc/0xbe0
[   47.786669]  kunit_try_run_case+0x1a5/0x480
[   47.786886]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.787098]  kthread+0x337/0x6f0
[   47.787225]  ret_from_fork+0x41/0x80
[   47.787763]  ret_from_fork_asm+0x1a/0x30
[   47.787988] 
[   47.788084] kfence-#122: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   47.788084] 
[   47.788466] allocated by task 358 on cpu 0 at 47.784731s (0.003733s ago):
[   47.788754]  test_alloc+0x364/0x10f0
[   47.788930]  test_krealloc+0xad/0xbe0
[   47.789102]  kunit_try_run_case+0x1a5/0x480
[   47.789742]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.789972]  kthread+0x337/0x6f0
[   47.790334]  ret_from_fork+0x41/0x80
[   47.790598]  ret_from_fork_asm+0x1a/0x30
[   47.790757] 
[   47.790855] freed by task 358 on cpu 0 at 47.784989s (0.005865s ago):
[   47.791341]  krealloc_noprof+0x108/0x340
[   47.791599]  test_krealloc+0x226/0xbe0
[   47.791848]  kunit_try_run_case+0x1a5/0x480
[   47.792044]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.792407]  kthread+0x337/0x6f0
[   47.792566]  ret_from_fork+0x41/0x80
[   47.792864]  ret_from_fork_asm+0x1a/0x30
[   47.793052] 
[   47.793326] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   47.793849] Tainted: [B]=BAD_PAGE, [N]=TEST
[   47.794055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.794459] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2w0twD46JnbM3uuwFzFr96Mv09c

job_id

TEST:linaro@lkft#2w0u14eQR7px5dmrFCgo4vyETYO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w0u14eQR7px5dmrFCgo4vyETYO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0tyFt71oC7hJPjO2Lp1z5eNSk/bzImage
sha256sum	e1a0a670e3284fb549fd95960a226bdbc1a4af89130c9d16d29bf73d85314532

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	46d08c6812c5a56498fb2daa39090f5328578b27d1cc7e901eb03c5578fd0198

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0tyFt71oC7hJPjO2Lp1z5eNSk/modules.tar.xz
sha256sum	da9e898c86df01bfb1c22097602c3f24707b53ff8e5ee0c9842a12edfaa298c0

durations

tests

boot	0
kunit	26.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   56.302299] ==================================================================
[   56.302996] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   56.302996] 
[   56.303770] Use-after-free read at 0x(____ptrval____) (in kfence-#155):
[   56.304379]  test_krealloc+0x51c/0x830
[   56.304739]  kunit_try_run_case+0x170/0x3f0
[   56.305141]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.305658]  kthread+0x328/0x630
[   56.305978]  ret_from_fork+0x10/0x20
[   56.306324] 
[   56.306477] kfence-#155: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   56.306477] 
[   56.307349] allocated by task 391 on cpu 1 at 56.302204s (0.005143s ago):
[   56.307987]  test_alloc+0x29c/0x628
[   56.308322]  test_krealloc+0xc0/0x830
[   56.308673]  kunit_try_run_case+0x170/0x3f0
[   56.309072]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.309587]  kthread+0x328/0x630
[   56.309903]  ret_from_fork+0x10/0x20
[   56.310247] 
[   56.310398] freed by task 391 on cpu 1 at 56.302235s (0.008160s ago):
[   56.311004]  krealloc_noprof+0x148/0x360
[   56.311376]  test_krealloc+0x1dc/0x830
[   56.311735]  kunit_try_run_case+0x170/0x3f0
[   56.312134]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.312650]  kthread+0x328/0x630
[   56.312965]  ret_from_fork+0x10/0x20
[   56.313310] 
[   56.313471] CPU: 1 UID: 0 PID: 391 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   56.314380] Tainted: [B]=BAD_PAGE, [N]=TEST
[   56.314768] Hardware name: Radxa ROCK Pi 4B (DT)
[   56.315196] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit