lkft/linux-next-master - next-20250513 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

May 13, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.911958] ==================================================================
[   50.912108] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.912108] 
[   50.912240] Use-after-free read at 0x00000000ad1bf768 (in kfence-#162):
[   50.912307]  test_krealloc+0x51c/0x830
[   50.912364]  kunit_try_run_case+0x170/0x3f0
[   50.912417]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.912469]  kthread+0x328/0x630
[   50.912520]  ret_from_fork+0x10/0x20
[   50.912567] 
[   50.912596] kfence-#162: 0x00000000ad1bf768-0x00000000b3c9254f, size=32, cache=kmalloc-32
[   50.912596] 
[   50.912659] allocated by task 337 on cpu 1 at 50.911135s (0.001519s ago):
[   50.912748]  test_alloc+0x29c/0x628
[   50.912799]  test_krealloc+0xc0/0x830
[   50.912843]  kunit_try_run_case+0x170/0x3f0
[   50.912887]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.912936]  kthread+0x328/0x630
[   50.913008]  ret_from_fork+0x10/0x20
[   50.913058] 
[   50.913088] freed by task 337 on cpu 1 at 50.911447s (0.001636s ago):
[   50.913161]  krealloc_noprof+0x148/0x360
[   50.913209]  test_krealloc+0x1dc/0x830
[   50.913255]  kunit_try_run_case+0x170/0x3f0
[   50.913300]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.913349]  kthread+0x328/0x630
[   50.913394]  ret_from_fork+0x10/0x20
[   50.913442] 
[   50.913503] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   50.913600] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.913639] Hardware name: linux,dummy-virt (DT)
[   50.913681] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x2ZFae8Ls3qEfTe0PRCYFb5eF9

job_id

TEST:linaro@lkft#2x2ZJwMkybAJ0V3AdwW8YXrmLW4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x2ZJwMkybAJ0V3AdwW8YXrmLW4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZGjWiQXEqdPbxYxRYAHypUXF/Image.gz
sha256sum	504e1d37524260fa95a6f6e6498e4daa3458f89c70f1974ff57f1740645ee541

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZGjWiQXEqdPbxYxRYAHypUXF/modules.tar.xz
sha256sum	a71187f290b93746206f2f75a3cb5731ed4583beeb2a9abe36ca5193decfd1c5

durations

tests

boot	0
kunit	376.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.131376] ==================================================================
[   48.131812] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.131812] 
[   48.132178] Use-after-free read at 0x(____ptrval____) (in kfence-#136):
[   48.132590]  test_krealloc+0x6fc/0xbe0
[   48.132933]  kunit_try_run_case+0x1a5/0x480
[   48.133110]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.133423]  kthread+0x337/0x6f0
[   48.133590]  ret_from_fork+0x116/0x1d0
[   48.133797]  ret_from_fork_asm+0x1a/0x30
[   48.133996] 
[   48.134089] kfence-#136: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.134089] 
[   48.135002] allocated by task 354 on cpu 1 at 48.130769s (0.004230s ago):
[   48.135388]  test_alloc+0x364/0x10f0
[   48.135551]  test_krealloc+0xad/0xbe0
[   48.135738]  kunit_try_run_case+0x1a5/0x480
[   48.135930]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.136159]  kthread+0x337/0x6f0
[   48.136314]  ret_from_fork+0x116/0x1d0
[   48.136504]  ret_from_fork_asm+0x1a/0x30
[   48.136669] 
[   48.136744] freed by task 354 on cpu 1 at 48.130979s (0.005763s ago):
[   48.136986]  krealloc_noprof+0x108/0x340
[   48.137186]  test_krealloc+0x226/0xbe0
[   48.137380]  kunit_try_run_case+0x1a5/0x480
[   48.137830]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.138058]  kthread+0x337/0x6f0
[   48.138269]  ret_from_fork+0x116/0x1d0
[   48.138411]  ret_from_fork_asm+0x1a/0x30
[   48.138603] 
[   48.138738] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   48.139267] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.139437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.139781] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x2ZFae8Ls3qEfTe0PRCYFb5eF9

job_id

TEST:linaro@lkft#2x2ZKfXq1x4rE5uAs6VLnxuNkCP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x2ZKfXq1x4rE5uAs6VLnxuNkCP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZHlHBYbYCHYJaF5eD66G530I/bzImage
sha256sum	e89f03c19c78189cd68c59a16440604de847a1695c893a93d8173d838704e698

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZHlHBYbYCHYJaF5eD66G530I/modules.tar.xz
sha256sum	8a5955c9acfee51bf7a3c12d37a8784f27ef2d8796875e5fb6568a2ec65c0fa8

durations

tests

boot	0
kunit	206.87

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit