Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-i386 |
[ 200.796374] ================================================================== [ 200.798076] BUG: KFENCE: use-after-free read in test_krealloc+0x2b8/0x4e8 [ 200.798076] [ 200.799564] Use-after-free read at 0x00000000ab696835 (in kfence-#233): [ 200.800745] test_krealloc+0x2b8/0x4e8 [ 200.803110] kunit_try_run_case+0xf8/0x260 [ 200.804147] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 200.807221] kthread+0x18c/0x1a8 [ 200.808122] ret_from_fork+0x10/0x20 [ 200.809492] [ 200.809995] kfence-#233: 0x00000000ab696835-0x00000000155ad790, size=32, cache=kmalloc-32 [ 200.809995] [ 200.813102] allocated by task 277 on cpu 0 at 200.794967s: [ 200.815178] test_alloc+0x224/0x3d8 [ 200.816150] test_krealloc+0xc0/0x4e8 [ 200.817492] kunit_try_run_case+0xf8/0x260 [ 200.818799] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 200.820255] kthread+0x18c/0x1a8 [ 200.821757] ret_from_fork+0x10/0x20 [ 200.822803] [ 200.823114] freed by task 277 on cpu 0 at 200.795471s: [ 200.824513] krealloc+0xa8/0x1a0 [ 200.825668] test_krealloc+0x128/0x4e8 [ 200.826631] kunit_try_run_case+0xf8/0x260 [ 200.828137] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 200.829870] kthread+0x18c/0x1a8 [ 200.830645] ret_from_fork+0x10/0x20 [ 200.831811] [ 200.832458] CPU: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 200.834160] Hardware name: linux,dummy-virt (DT) [ 200.835415] ==================================================================
[ 69.562860] ================================================================== [ 69.563260] BUG: KFENCE: use-after-free read in test_krealloc+0x250/0x4b0 [ 69.563260] [ 69.563837] Use-after-free read at 0x(ptrval) (in kfence-#82): [ 69.564765] test_krealloc+0x250/0x4b0 [ 69.564984] kunit_try_run_case+0x8a/0x1c4 [ 69.565202] kunit_generic_run_threadfn_adapter+0x16/0x20 [ 69.565466] kthread+0xe0/0x108 [ 69.565633] ret_from_fork+0x40/0x4c [ 69.565809] ret_from_fork_asm+0x12/0x18 [ 69.566548] restore_all_switch_stack+0x0/0xc3 [ 69.567215] [ 69.567441] kfence-#82: 0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32 [ 69.567441] [ 69.568004] allocated by task 179 on cpu 1 at 69.562481s: [ 69.568412] test_alloc+0x153/0x2d4 [ 69.568676] test_krealloc+0x44/0x4b0 [ 69.568973] kunit_try_run_case+0x8a/0x1c4 [ 69.569278] kunit_generic_run_threadfn_adapter+0x16/0x20 [ 69.569661] kthread+0xe0/0x108 [ 69.569914] ret_from_fork+0x40/0x4c [ 69.570048] ret_from_fork_asm+0x12/0x18 [ 69.570191] restore_all_switch_stack+0x0/0xc3 [ 69.570351] [ 69.570472] freed by task 179 on cpu 1 at 69.562661s: [ 69.570752] krealloc+0x6c/0x1d4 [ 69.570964] test_krealloc+0x9c/0x4b0 [ 69.571197] kunit_try_run_case+0x8a/0x1c4 [ 69.571405] kunit_generic_run_threadfn_adapter+0x16/0x20 [ 69.571589] kthread+0xe0/0x108 [ 69.571717] ret_from_fork+0x40/0x4c [ 69.571888] ret_from_fork_asm+0x12/0x18 [ 69.572201] restore_all_switch_stack+0x0/0xc3 [ 69.572522] [ 69.572623] CPU: 1 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 69.572922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.573388] ==================================================================