lkft/linux-next-master - next-20250530 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

May 30, 2025, 4:14 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   99.480988] ==================================================================
[   99.481119] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   99.481119] 
[   99.481264] Use-after-free read at 0x(____ptrval____) (in kfence-#189):
[   99.481373]  test_krealloc+0x51c/0x830
[   99.484519]  kunit_try_run_case+0x170/0x3f0
[   99.488685]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   99.494155]  kthread+0x328/0x630
[   99.497366]  ret_from_fork+0x10/0x20
[   99.500925] 
[   99.502404] kfence-#189: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   99.502404] 
[   99.512039] allocated by task 381 on cpu 6 at 99.480901s (0.031136s ago):
[   99.518826]  test_alloc+0x29c/0x628
[   99.522279]  test_krealloc+0xc0/0x830
[   99.525924]  kunit_try_run_case+0x170/0x3f0
[   99.530091]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   99.535559]  kthread+0x328/0x630
[   99.538773]  ret_from_fork+0x10/0x20
[   99.542332] 
[   99.543808] freed by task 381 on cpu 6 at 99.480929s (0.062877s ago):
[   99.550250]  krealloc_noprof+0x148/0x360
[   99.554136]  test_krealloc+0x1dc/0x830
[   99.557868]  kunit_try_run_case+0x170/0x3f0
[   99.562035]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   99.567504]  kthread+0x328/0x630
[   99.570715]  ret_from_fork+0x10/0x20
[   99.574276] 
[   99.575761] CPU: 6 UID: 0 PID: 381 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250530 #1 PREEMPT 
[   99.586525] Tainted: [B]=BAD_PAGE, [N]=TEST
[   99.590682] Hardware name: WinLink E850-96 board (DT)
[   99.595719] ==================================================================

Metadata Full log Test run details

[   58.088200] ==================================================================
[   58.088291] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   58.088291] 
[   58.088385] Use-after-free read at 0x00000000a0d4fc1b (in kfence-#203):
[   58.088451]  test_krealloc+0x51c/0x830
[   58.088513]  kunit_try_run_case+0x170/0x3f0
[   58.088572]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   58.088630]  kthread+0x328/0x630
[   58.088697]  ret_from_fork+0x10/0x20
[   58.088755] 
[   58.088783] kfence-#203: 0x00000000a0d4fc1b-0x000000009622f8a3, size=32, cache=kmalloc-32
[   58.088783] 
[   58.088852] allocated by task 338 on cpu 0 at 58.087260s (0.001586s ago):
[   58.088935]  test_alloc+0x29c/0x628
[   58.088990]  test_krealloc+0xc0/0x830
[   58.089041]  kunit_try_run_case+0x170/0x3f0
[   58.089094]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   58.089149]  kthread+0x328/0x630
[   58.089193]  ret_from_fork+0x10/0x20
[   58.089241] 
[   58.089277] freed by task 338 on cpu 0 at 58.087709s (0.001563s ago):
[   58.089355]  krealloc_noprof+0x148/0x360
[   58.089406]  test_krealloc+0x1dc/0x830
[   58.089455]  kunit_try_run_case+0x170/0x3f0
[   58.089506]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   58.089561]  kthread+0x328/0x630
[   58.089605]  ret_from_fork+0x10/0x20
[   58.089653] 
[   58.089718] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250530 #1 PREEMPT 
[   58.089813] Tainted: [B]=BAD_PAGE, [N]=TEST
[   58.089848] Hardware name: linux,dummy-virt (DT)
[   58.089889] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xnemi99Hvuh7IMni6GLnPJJmyr

job_id

TEST:linaro@lkft#2xner8G5PGJzTqMMTXexKt9Nkqk

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xner8G5PGJzTqMMTXexKt9Nkqk

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xnenk2TiaLlh3htnBwxI8n2lS2/Image.gz
sha256sum	54039bd66f1e3df45769ff753620d7b6f2f3dfddb4e37a1b2bb3c1537e2e7b6b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xnenk2TiaLlh3htnBwxI8n2lS2/modules.tar.xz
sha256sum	ad1c5e14b41ead63c47b931720e214e3f7689877b529c6a0fb4fa79c978e95f6

durations

tests

boot	0
kunit	302.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   58.154716] ==================================================================
[   58.155397] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   58.155397] 
[   58.156075] Use-after-free read at 0x(____ptrval____) (in kfence-#171):
[   58.157398]  test_krealloc+0x6fc/0xbe0
[   58.158087]  kunit_try_run_case+0x1a5/0x480
[   58.158694]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.159176]  kthread+0x337/0x6f0
[   58.159541]  ret_from_fork+0x116/0x1d0
[   58.159932]  ret_from_fork_asm+0x1a/0x30
[   58.160331] 
[   58.161089] kfence-#171: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   58.161089] 
[   58.162130] allocated by task 354 on cpu 0 at 58.153795s (0.008329s ago):
[   58.163079]  test_alloc+0x364/0x10f0
[   58.163485]  test_krealloc+0xad/0xbe0
[   58.164128]  kunit_try_run_case+0x1a5/0x480
[   58.164720]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.165361]  kthread+0x337/0x6f0
[   58.165920]  ret_from_fork+0x116/0x1d0
[   58.166652]  ret_from_fork_asm+0x1a/0x30
[   58.167189] 
[   58.167459] freed by task 354 on cpu 0 at 58.154090s (0.013364s ago):
[   58.168037]  krealloc_noprof+0x108/0x340
[   58.168442]  test_krealloc+0x226/0xbe0
[   58.168821]  kunit_try_run_case+0x1a5/0x480
[   58.169229]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.170262]  kthread+0x337/0x6f0
[   58.170875]  ret_from_fork+0x116/0x1d0
[   58.171276]  ret_from_fork_asm+0x1a/0x30
[   58.171926] 
[   58.172414] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250530 #1 PREEMPT(voluntary) 
[   58.173538] Tainted: [B]=BAD_PAGE, [N]=TEST
[   58.174070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   58.175089] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xnemi99Hvuh7IMni6GLnPJJmyr

job_id

TEST:linaro@lkft#2xnerzD7c8zvUUJ0cIJLNaZoXbe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xnerzD7c8zvUUJ0cIJLNaZoXbe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xneodXjiC3GEwcZ9W0tAuggieI/bzImage
sha256sum	0239b9405f6caf05c6cb66487dfcbd91a08bb67af2cc091383be2bb288ae84ab

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xneodXjiC3GEwcZ9W0tAuggieI/modules.tar.xz
sha256sum	a4e701489e98e3501a2b8de33e92dc78764a7120dcce30460eade35c60420cd9

durations

tests

boot	0
kunit	361.88

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit