lkft/linux-mainline-master - v6.15-rc7-142-g4856ebd99715 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

May 23, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   59.822091] ==================================================================
[   59.822214] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   59.822214] 
[   59.822347] Use-after-free read at 0x000000003ad8bbe6 (in kfence-#217):
[   59.822420]  test_krealloc+0x51c/0x830
[   59.822512]  kunit_try_run_case+0x170/0x3f0
[   59.822579]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   59.822646]  kthread+0x328/0x630
[   59.822706]  ret_from_fork+0x10/0x20
[   59.822765] 
[   59.822798] kfence-#217: 0x000000003ad8bbe6-0x000000001dd9321c, size=32, cache=kmalloc-32
[   59.822798] 
[   59.822878] allocated by task 339 on cpu 1 at 59.821010s (0.001862s ago):
[   59.822972]  test_alloc+0x29c/0x628
[   59.823029]  test_krealloc+0xc0/0x830
[   59.823084]  kunit_try_run_case+0x170/0x3f0
[   59.823143]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   59.823206]  kthread+0x328/0x630
[   59.823262]  ret_from_fork+0x10/0x20
[   59.823317] 
[   59.823350] freed by task 339 on cpu 1 at 59.821547s (0.001797s ago):
[   59.823467]  krealloc_noprof+0x148/0x360
[   59.823524]  test_krealloc+0x1dc/0x830
[   59.823579]  kunit_try_run_case+0x170/0x3f0
[   59.823639]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   59.823703]  kthread+0x328/0x630
[   59.823759]  ret_from_fork+0x10/0x20
[   59.823815] 
[   59.823875] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   59.823998] Tainted: [B]=BAD_PAGE, [N]=TEST
[   59.824043] Hardware name: linux,dummy-virt (DT)
[   59.824092] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6oKOcbQKiXvB9zY8T3TP346C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6oKOcbQKiXvB9zY8T3TP346C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/Image.gz
sha256sum	dc9d86ed0aa28c5a8c7aea5e5bbc5feee23ca57992b3a59f2660a2851e548fda

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/modules.tar.xz
sha256sum	bbf3712a920adb12a832cfcb69e456c8653dc36a192261fbeb4c1ef5e924a8d4

durations

tests

boot	0
kunit	423.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   49.766998] ==================================================================
[   49.767409] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.767409] 
[   49.767810] Use-after-free read at 0x(____ptrval____) (in kfence-#139):
[   49.768436]  test_krealloc+0x6fc/0xbe0
[   49.768645]  kunit_try_run_case+0x1a5/0x480
[   49.769038]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.769268]  kthread+0x337/0x6f0
[   49.769413]  ret_from_fork+0x41/0x80
[   49.769626]  ret_from_fork_asm+0x1a/0x30
[   49.769834] 
[   49.769935] kfence-#139: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.769935] 
[   49.770294] allocated by task 356 on cpu 0 at 49.766249s (0.004042s ago):
[   49.770570]  test_alloc+0x364/0x10f0
[   49.770744]  test_krealloc+0xad/0xbe0
[   49.770984]  kunit_try_run_case+0x1a5/0x480
[   49.771197]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.771392]  kthread+0x337/0x6f0
[   49.771577]  ret_from_fork+0x41/0x80
[   49.771744]  ret_from_fork_asm+0x1a/0x30
[   49.771936] 
[   49.772030] freed by task 356 on cpu 0 at 49.766558s (0.005470s ago):
[   49.772303]  krealloc_noprof+0x108/0x340
[   49.772495]  test_krealloc+0x226/0xbe0
[   49.772724]  kunit_try_run_case+0x1a5/0x480
[   49.772912]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.773136]  kthread+0x337/0x6f0
[   49.773295]  ret_from_fork+0x41/0x80
[   49.773500]  ret_from_fork_asm+0x1a/0x30
[   49.773706] 
[   49.773804] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   49.774246] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.774388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   49.774661] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6pFlrRJjT7hepkB9aiMlUziD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6pFlrRJjT7hepkB9aiMlUziD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/bzImage
sha256sum	87310a5ce2e449ea32174d5c60c63ddcd1873527b924fc92af17800f3b6a0c85

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/modules.tar.xz
sha256sum	392011dc561b93e70d20c4f59de7bf990a438ea01b5984e8279d811e404b080b

durations

tests

boot	0
kunit	211.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit