lkft/linux-stable-rc-linux-6.14.y - v6.14.6-198-g4f7f8fb4f8e3 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

May 12, 2025, 6:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   51.291949] ==================================================================
[   51.292348] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   51.292348] 
[   51.292672] Use-after-free read at 0x00000000cd07583c (in kfence-#158):
[   51.293129]  test_krealloc+0x51c/0x830
[   51.293421]  kunit_try_run_case+0x170/0x3f0
[   51.293710]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.294039]  kthread+0x318/0x620
[   51.294375]  ret_from_fork+0x10/0x20
[   51.294636] 
[   51.294894] kfence-#158: 0x00000000cd07583c-0x000000007a76b377, size=32, cache=kmalloc-32
[   51.294894] 
[   51.295868] allocated by task 326 on cpu 1 at 51.291146s (0.004715s ago):
[   51.296162]  test_alloc+0x29c/0x628
[   51.296596]  test_krealloc+0xc0/0x830
[   51.296818]  kunit_try_run_case+0x170/0x3f0
[   51.297049]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.297304]  kthread+0x318/0x620
[   51.297493]  ret_from_fork+0x10/0x20
[   51.297702] 
[   51.297945] freed by task 326 on cpu 1 at 51.291423s (0.006511s ago):
[   51.298274]  krealloc_noprof+0x148/0x360
[   51.298463]  test_krealloc+0x1dc/0x830
[   51.299863]  kunit_try_run_case+0x170/0x3f0
[   51.300281]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.301293]  kthread+0x318/0x620
[   51.301684]  ret_from_fork+0x10/0x20
[   51.302064] 
[   51.302296] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   51.303189] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.303625] Hardware name: linux,dummy-virt (DT)
[   51.304047] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x0SPsCc3D4dL5Fs7f4y5KqWbP1

job_id

TEST:linaro@lkft#2x0SUgH3HDRQ5YCD733NxBrXD2V

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x0SUgH3HDRQ5YCD733NxBrXD2V

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SR2iDZ4z9eOUfCBwAGNsgopF/Image.gz
sha256sum	65887a5a3be27653aaa895419fe06aeeec5babf25fa078326e6a5ab1b291d180

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SR2iDZ4z9eOUfCBwAGNsgopF/modules.tar.xz
sha256sum	ddcb30742c0af2b82731246640de982c796b3682f98ffb33c56209bec5fd1b3d

durations

tests

boot	0
kunit	306.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   51.166166] ==================================================================
[   51.166578] BUG: KFENCE: use-after-free read in test_krealloc+0x6fd/0xbe0
[   51.166578] 
[   51.166925] Use-after-free read at 0x(____ptrval____) (in kfence-#144):
[   51.167238]  test_krealloc+0x6fd/0xbe0
[   51.167491]  kunit_try_run_case+0x1a6/0x480
[   51.167726]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.167958]  kthread+0x324/0x6e0
[   51.168087]  ret_from_fork+0x41/0x80
[   51.168281]  ret_from_fork_asm+0x1a/0x30
[   51.168495] 
[   51.168593] kfence-#144: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   51.168593] 
[   51.168973] allocated by task 345 on cpu 1 at 51.165424s (0.003546s ago):
[   51.169267]  test_alloc+0x365/0x10f0
[   51.169396]  test_krealloc+0xae/0xbe0
[   51.169545]  kunit_try_run_case+0x1a6/0x480
[   51.169757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.170027]  kthread+0x324/0x6e0
[   51.170207]  ret_from_fork+0x41/0x80
[   51.170679]  ret_from_fork_asm+0x1a/0x30
[   51.170870] 
[   51.170946] freed by task 345 on cpu 1 at 51.165656s (0.005287s ago):
[   51.171783]  krealloc_noprof+0x108/0x340
[   51.171989]  test_krealloc+0x227/0xbe0
[   51.172165]  kunit_try_run_case+0x1a6/0x480
[   51.172360]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.172591]  kthread+0x324/0x6e0
[   51.172761]  ret_from_fork+0x41/0x80
[   51.172959]  ret_from_fork_asm+0x1a/0x30
[   51.173451] 
[   51.173567] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   51.174105] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.174424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   51.174860] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x0SPsCc3D4dL5Fs7f4y5KqWbP1

job_id

TEST:linaro@lkft#2x0SVwltlsrm2T0d5Ba3sftzBJV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x0SVwltlsrm2T0d5Ba3sftzBJV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SS2Hw3iq0iQlsLeAo2dcc2s8/bzImage
sha256sum	7bc2976d5bc54a2548ad80d58c51f55eeb790da9ccb30ecb5948e73bb43c003b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SS2Hw3iq0iQlsLeAo2dcc2s8/modules.tar.xz
sha256sum	64a9a8df2a58f3013b4dda0c48e7d525f20040a72fb28fa3604f8eafd96b0610

durations

tests

boot	0
kunit	240.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit