lkft/linux-next-master - next-20250512 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

May 12, 2025, 11:48 a.m.

Environment
qemu-arm64
qemu-x86_64

[   49.847447] ==================================================================
[   49.847515] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   49.847515] 
[   49.847609] Use-after-free read at 0x00000000a2f1349e (in kfence-#171):
[   49.847663]  test_krealloc+0x51c/0x830
[   49.847708]  kunit_try_run_case+0x170/0x3f0
[   49.847752]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.847794]  kthread+0x328/0x630
[   49.847835]  ret_from_fork+0x10/0x20
[   49.847875] 
[   49.847899] kfence-#171: 0x00000000a2f1349e-0x000000004ed040c9, size=32, cache=kmalloc-32
[   49.847899] 
[   49.847953] allocated by task 337 on cpu 1 at 49.846600s (0.001349s ago):
[   49.848022]  test_alloc+0x29c/0x628
[   49.848075]  test_krealloc+0xc0/0x830
[   49.848113]  kunit_try_run_case+0x170/0x3f0
[   49.848151]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.848193]  kthread+0x328/0x630
[   49.848231]  ret_from_fork+0x10/0x20
[   49.848268] 
[   49.848292] freed by task 337 on cpu 1 at 49.846987s (0.001300s ago):
[   49.848351]  krealloc_noprof+0x148/0x360
[   49.848390]  test_krealloc+0x1dc/0x830
[   49.848427]  kunit_try_run_case+0x170/0x3f0
[   49.848463]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.848504]  kthread+0x328/0x630
[   49.848539]  ret_from_fork+0x10/0x20
[   49.848577] 
[   49.848623] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   49.848704] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.848735] Hardware name: linux,dummy-virt (DT)
[   49.848770] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzht4TVw0WlfY69jnhMqjXElSg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzht4TVw0WlfY69jnhMqjXElSg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/Image.gz
sha256sum	70b1e536f53e9eb91aae94372b64952481bbf47e27b20cb5870c7e3e80457074

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/modules.tar.xz
sha256sum	95c3dca0f224e5b598c2e0728f570672c34de953e709490ceb7378a1ba9035be

durations

tests

boot	0
kunit	235.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   54.610832] ==================================================================
[   54.611371] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   54.611371] 
[   54.612041] Use-after-free read at 0x(____ptrval____) (in kfence-#167):
[   54.612731]  test_krealloc+0x6fc/0xbe0
[   54.613134]  kunit_try_run_case+0x1a5/0x480
[   54.613554]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   54.614093]  kthread+0x337/0x6f0
[   54.614458]  ret_from_fork+0x116/0x1d0
[   54.614812]  ret_from_fork_asm+0x1a/0x30
[   54.615087] 
[   54.615346] kfence-#167: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   54.615346] 
[   54.616048] allocated by task 354 on cpu 1 at 54.609800s (0.006242s ago):
[   54.616469]  test_alloc+0x364/0x10f0
[   54.616970]  test_krealloc+0xad/0xbe0
[   54.617268]  kunit_try_run_case+0x1a5/0x480
[   54.617609]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   54.618037]  kthread+0x337/0x6f0
[   54.618221]  ret_from_fork+0x116/0x1d0
[   54.618711]  ret_from_fork_asm+0x1a/0x30
[   54.619085] 
[   54.619738] freed by task 354 on cpu 1 at 54.610347s (0.009384s ago):
[   54.620340]  krealloc_noprof+0x108/0x340
[   54.620751]  test_krealloc+0x226/0xbe0
[   54.621019]  kunit_try_run_case+0x1a5/0x480
[   54.621348]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   54.621869]  kthread+0x337/0x6f0
[   54.622160]  ret_from_fork+0x116/0x1d0
[   54.622385]  ret_from_fork_asm+0x1a/0x30
[   54.622705] 
[   54.623032] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   54.623744] Tainted: [B]=BAD_PAGE, [N]=TEST
[   54.623994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   54.624394] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzhu6iaWdJjc5OBxEyTCXoH7hg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzhu6iaWdJjc5OBxEyTCXoH7hg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/bzImage
sha256sum	a903e4e22fae7c9fda402890fe1753d53b5e12289f993655dd063c1cd604c332

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/modules.tar.xz
sha256sum	5e08ec47b0a73d33001c0f25787e3eb58851b97c569c3621f07d2da65a7a22ff

durations

tests

boot	0
kunit	361.27

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit