lkft/linux-next-master - next-20250319 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

March 19, 2025, 10:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   68.078268] ==================================================================
[   68.078374] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   68.078374] 
[   68.078495] Use-after-free read at 0x0000000042c83b8e (in kfence-#230):
[   68.078581]  test_krealloc+0x51c/0x830
[   68.078652]  kunit_try_run_case+0x14c/0x3d0
[   68.078727]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   68.078804]  kthread+0x318/0x618
[   68.078875]  ret_from_fork+0x10/0x20
[   68.078953] 
[   68.078995] kfence-#230: 0x0000000042c83b8e-0x000000000c343837, size=32, cache=kmalloc-32
[   68.078995] 
[   68.079099] allocated by task 339 on cpu 1 at 68.077155s (0.001938s ago):
[   68.079205]  test_alloc+0x298/0x620
[   68.079272]  test_krealloc+0xc0/0x830
[   68.079336]  kunit_try_run_case+0x14c/0x3d0
[   68.079405]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   68.079481]  kthread+0x318/0x618
[   68.079545]  ret_from_fork+0x10/0x20
[   68.079611] 
[   68.079652] freed by task 339 on cpu 1 at 68.077618s (0.002029s ago):
[   68.079755]  krealloc_noprof+0x148/0x360
[   68.079818]  test_krealloc+0x1dc/0x830
[   68.079879]  kunit_try_run_case+0x14c/0x3d0
[   68.079948]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   68.080020]  kthread+0x318/0x618
[   68.080096]  ret_from_fork+0x10/0x20
[   68.080165] 
[   68.080225] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   68.080354] Tainted: [B]=BAD_PAGE, [N]=TEST
[   68.080435] Hardware name: linux,dummy-virt (DT)
[   68.080492] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2IY2MFMbCeXxVlYVKThLK0vG

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2IY2MFMbCeXxVlYVKThLK0vG

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/Image.gz
sha256sum	7e21ea2b066793bfb239769397e1ca6d991d8341932b5c259d0b5291ae716875

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	71bcc7bc8dbd4ac7d02d52aed8886662999d6e6c790f9b9e5220beaf580ccfc1

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/modules.tar.xz
sha256sum	def6cc6c2dd7d82317a0ac9ef5e9628af2e72f9fd52e222ac4d2bca68256cb99

durations

tests

boot	0
kunit	148.31

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

[   59.697037] ==================================================================
[   59.697632] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   59.697632] 
[   59.698296] Use-after-free read at 0x(____ptrval____) (in kfence-#182):
[   59.698949]  test_krealloc+0x6fc/0xbe0
[   59.699335]  kunit_try_run_case+0x1b2/0x490
[   59.699827]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   59.700242]  kthread+0x323/0x710
[   59.700635]  ret_from_fork+0x41/0x80
[   59.701033]  ret_from_fork_asm+0x1a/0x30
[   59.701591] 
[   59.701872] kfence-#182: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   59.701872] 
[   59.702554] allocated by task 358 on cpu 0 at 59.696108s (0.006440s ago):
[   59.703280]  test_alloc+0x35e/0x10d0
[   59.703641]  test_krealloc+0xad/0xbe0
[   59.704127]  kunit_try_run_case+0x1b2/0x490
[   59.704574]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   59.705285]  kthread+0x323/0x710
[   59.705615]  ret_from_fork+0x41/0x80
[   59.705892]  ret_from_fork_asm+0x1a/0x30
[   59.706398] 
[   59.706628] freed by task 358 on cpu 0 at 59.696384s (0.010239s ago):
[   59.707246]  krealloc_noprof+0x109/0x370
[   59.707626]  test_krealloc+0x226/0xbe0
[   59.708015]  kunit_try_run_case+0x1b2/0x490
[   59.708486]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   59.709640]  kthread+0x323/0x710
[   59.710505]  ret_from_fork+0x41/0x80
[   59.712183]  ret_from_fork_asm+0x1a/0x30
[   59.712620] 
[   59.714970] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   59.717966] Tainted: [B]=BAD_PAGE, [N]=TEST
[   59.719016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   59.720292] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2JXgeaQCkFWN6K2jCSXXvmhK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2JXgeaQCkFWN6K2jCSXXvmhK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/bzImage
sha256sum	2bc7cc1a2590cb344ef11815bf2840b058232038476951f62f559ac8b93bacea

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c0721a415598e62660bcf524e126ecf297cac7ec4f7068a53fb00c57f9cd4051

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/modules.tar.xz
sha256sum	d7478c4852fdaca9c987642c2f409eace66511759906fa95e3a9d660c25bf7f6

durations

tests

boot	0
kunit	63.53

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit