lkft/linux-mainline-master - v6.15-rc3-8-ga33b5a08cbbd - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

April 22, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   52.944678] ==================================================================
[   52.944773] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   52.944773] 
[   52.944875] Use-after-free read at 0x00000000e7660cdb (in kfence-#191):
[   52.944932]  test_krealloc+0x51c/0x830
[   52.944981]  kunit_try_run_case+0x170/0x3f0
[   52.945029]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.945074]  kthread+0x328/0x630
[   52.945120]  ret_from_fork+0x10/0x20
[   52.945160] 
[   52.945187] kfence-#191: 0x00000000e7660cdb-0x00000000bb497690, size=32, cache=kmalloc-32
[   52.945187] 
[   52.945243] allocated by task 339 on cpu 0 at 52.943931s (0.001307s ago):
[   52.945315]  test_alloc+0x29c/0x628
[   52.945354]  test_krealloc+0xc0/0x830
[   52.945392]  kunit_try_run_case+0x170/0x3f0
[   52.945433]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.945487]  kthread+0x328/0x630
[   52.945544]  ret_from_fork+0x10/0x20
[   52.945588] 
[   52.945615] freed by task 339 on cpu 0 at 52.944232s (0.001379s ago):
[   52.945682]  krealloc_noprof+0x148/0x360
[   52.945721]  test_krealloc+0x1dc/0x830
[   52.945759]  kunit_try_run_case+0x170/0x3f0
[   52.945800]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.945844]  kthread+0x328/0x630
[   52.945880]  ret_from_fork+0x10/0x20
[   52.945919] 
[   52.945977] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   52.946055] Tainted: [B]=BAD_PAGE, [N]=TEST
[   52.946087] Hardware name: linux,dummy-virt (DT)
[   52.946121] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2w58bPRPTycbz1vmAdBLBc0aa6B

job_id

TEST:linaro@lkft#2w58fxq4bKj9vp73CIYpItcyxn6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w58fxq4bKj9vp73CIYpItcyxn6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58cme5gejaHmq4RPVvp3S5u7p/Image.gz
sha256sum	4b4388c6f3ff4d9d5f37e24b5dd96bcea12d5773962644bca64d76518d1261ab

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	6e7d093e93027c909f889e69aec109c9a1b0ec1ca5f1beffa4bce78be31bff20

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58cme5gejaHmq4RPVvp3S5u7p/modules.tar.xz
sha256sum	ea868b19cf381ec631b74a7beed07667a57ebf8839290b6192a6a06165583a43

durations

tests

boot	0
kunit	115.30

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   57.074935] ==================================================================
[   57.075612] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   57.075612] 
[   57.076255] Use-after-free read at 0x(____ptrval____) (in kfence-#161):
[   57.076692]  test_krealloc+0x6fc/0xbe0
[   57.077155]  kunit_try_run_case+0x1a5/0x480
[   57.077672]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.078155]  kthread+0x337/0x6f0
[   57.078498]  ret_from_fork+0x41/0x80
[   57.078982]  ret_from_fork_asm+0x1a/0x30
[   57.079404] 
[   57.079671] kfence-#161: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   57.079671] 
[   57.080276] allocated by task 357 on cpu 0 at 57.074019s (0.006252s ago):
[   57.081108]  test_alloc+0x364/0x10f0
[   57.081469]  test_krealloc+0xad/0xbe0
[   57.081782]  kunit_try_run_case+0x1a5/0x480
[   57.082348]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.082891]  kthread+0x337/0x6f0
[   57.083220]  ret_from_fork+0x41/0x80
[   57.083754]  ret_from_fork_asm+0x1a/0x30
[   57.084080] 
[   57.084310] freed by task 357 on cpu 0 at 57.074308s (0.009996s ago):
[   57.085133]  krealloc_noprof+0x108/0x340
[   57.085493]  test_krealloc+0x226/0xbe0
[   57.085917]  kunit_try_run_case+0x1a5/0x480
[   57.086481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.086884]  kthread+0x337/0x6f0
[   57.087174]  ret_from_fork+0x41/0x80
[   57.087580]  ret_from_fork_asm+0x1a/0x30
[   57.088057] 
[   57.088346] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   57.089227] Tainted: [B]=BAD_PAGE, [N]=TEST
[   57.089568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   57.090369] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2w58bPRPTycbz1vmAdBLBc0aa6B

job_id

TEST:linaro@lkft#2w58gtgABx34QfpACxxt1FW8tt4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w58gtgABx34QfpACxxt1FW8tt4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58e0U5Ru8v4eqp9FzDEGsLRcM/bzImage
sha256sum	f59986011cb969c7a1cdd138a2f9f0805d494458126148234385e9c958ff6025

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	46d08c6812c5a56498fb2daa39090f5328578b27d1cc7e901eb03c5578fd0198

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58e0U5Ru8v4eqp9FzDEGsLRcM/modules.tar.xz
sha256sum	8a4ca15b5d29d47a50af2e54c5fa80863c1756101b85f2c14a51465bf17dc7f1

durations

tests

boot	0
kunit	46.19

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   56.265833] ==================================================================
[   56.266502] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   56.266502] 
[   56.267251] Use-after-free read at 0x(____ptrval____) (in kfence-#175):
[   56.267842]  test_krealloc+0x51c/0x830
[   56.268184]  kunit_try_run_case+0x170/0x3f0
[   56.268570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.269067]  kthread+0x328/0x630
[   56.269366]  ret_from_fork+0x10/0x20
[   56.269695] 
[   56.269836] kfence-#175: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   56.269836] 
[   56.270689] allocated by task 395 on cpu 4 at 56.265781s (0.004907s ago):
[   56.271301]  test_alloc+0x29c/0x628
[   56.271619]  test_krealloc+0xc0/0x830
[   56.271952]  kunit_try_run_case+0x170/0x3f0
[   56.272332]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.272825]  kthread+0x328/0x630
[   56.273121]  ret_from_fork+0x10/0x20
[   56.273449] 
[   56.273587] freed by task 395 on cpu 4 at 56.265799s (0.007788s ago):
[   56.274168]  krealloc_noprof+0x148/0x360
[   56.274523]  test_krealloc+0x1dc/0x830
[   56.274862]  kunit_try_run_case+0x170/0x3f0
[   56.275242]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   56.275736]  kthread+0x328/0x630
[   56.276032]  ret_from_fork+0x10/0x20
[   56.276359] 
[   56.276504] CPU: 4 UID: 0 PID: 395 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   56.277387] Tainted: [B]=BAD_PAGE, [N]=TEST
[   56.277762] Hardware name: Radxa ROCK Pi 4B (DT)
[   56.278174] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit