lkft/linux-next-master - next-20250616 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 16, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   51.538405] ==================================================================
[   51.538512] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   51.538512] 
[   51.538631] Use-after-free read at 0x00000000ed7f8f25 (in kfence-#189):
[   51.538694]  test_krealloc+0x51c/0x830
[   51.538746]  kunit_try_run_case+0x170/0x3f0
[   51.538799]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.538871]  kthread+0x328/0x630
[   51.538923]  ret_from_fork+0x10/0x20
[   51.538968] 
[   51.538998] kfence-#189: 0x00000000ed7f8f25-0x00000000f0939269, size=32, cache=kmalloc-32
[   51.538998] 
[   51.539063] allocated by task 346 on cpu 1 at 51.537503s (0.001556s ago):
[   51.539142]  test_alloc+0x29c/0x628
[   51.539191]  test_krealloc+0xc0/0x830
[   51.539235]  kunit_try_run_case+0x170/0x3f0
[   51.539280]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.539327]  kthread+0x328/0x630
[   51.539367]  ret_from_fork+0x10/0x20
[   51.539411] 
[   51.539438] freed by task 346 on cpu 1 at 51.537913s (0.001521s ago):
[   51.539504]  krealloc_noprof+0x148/0x360
[   51.539549]  test_krealloc+0x1dc/0x830
[   51.539590]  kunit_try_run_case+0x170/0x3f0
[   51.539634]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.539677]  kthread+0x328/0x630
[   51.539720]  ret_from_fork+0x10/0x20
[   51.539761] 
[   51.539822] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   51.539924] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.539959] Hardware name: linux,dummy-virt (DT)
[   51.540000] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya0zPCLTsXcgMlhuwl4B74eGRP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya0zPCLTsXcgMlhuwl4B74eGRP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/Image.gz
sha256sum	a07f652b6ef2a3b23147f3c325e2115d921a305a0923eab0aef242be63afbe4f

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/modules.tar.xz
sha256sum	793787324999d0aa7d217eac21d3f904d0017c4f6b9bafdc8cd21afd90a18cf2

durations

tests

boot	0
kunit	252.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.935282] ==================================================================
[   48.935655] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.935655] 
[   48.935980] Use-after-free read at 0x(____ptrval____) (in kfence-#135):
[   48.936215]  test_krealloc+0x6fc/0xbe0
[   48.936352]  kunit_try_run_case+0x1a5/0x480
[   48.936501]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.936669]  kthread+0x337/0x6f0
[   48.936787]  ret_from_fork+0x116/0x1d0
[   48.936932]  ret_from_fork_asm+0x1a/0x30
[   48.937126] 
[   48.937219] kfence-#135: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.937219] 
[   48.937576] allocated by task 363 on cpu 1 at 48.934546s (0.003028s ago):
[   48.937995]  test_alloc+0x364/0x10f0
[   48.938124]  test_krealloc+0xad/0xbe0
[   48.938248]  kunit_try_run_case+0x1a5/0x480
[   48.938385]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.938550]  kthread+0x337/0x6f0
[   48.938662]  ret_from_fork+0x116/0x1d0
[   48.938786]  ret_from_fork_asm+0x1a/0x30
[   48.938940] 
[   48.939220] freed by task 363 on cpu 1 at 48.934854s (0.004361s ago):
[   48.940656]  krealloc_noprof+0x108/0x340
[   48.942130]  test_krealloc+0x226/0xbe0
[   48.942766]  kunit_try_run_case+0x1a5/0x480
[   48.943555]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.944103]  kthread+0x337/0x6f0
[   48.944295]  ret_from_fork+0x116/0x1d0
[   48.944517]  ret_from_fork_asm+0x1a/0x30
[   48.944716] 
[   48.944843] CPU: 1 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   48.945428] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.945739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.946265] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya10TrtOeZqMJoigZUQQpnbsgW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya10TrtOeZqMJoigZUQQpnbsgW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/bzImage
sha256sum	4d3d55ec68ee13601f4cba6535beaaa179877198316f6d49c7d2754d39d25d99

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/modules.tar.xz
sha256sum	6a0e4a1142b545d837c764528373cb157bd626a8fd062931e1825203c7bce58f

durations

tests

boot	0
kunit	134.01

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit