lkft/linux-next-master - next-20250617 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 17, 2025, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   50.847987] ==================================================================
[   50.848069] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.848069] 
[   50.848165] Use-after-free read at 0x00000000e623abd4 (in kfence-#152):
[   50.848219]  test_krealloc+0x51c/0x830
[   50.848265]  kunit_try_run_case+0x170/0x3f0
[   50.848312]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.848359]  kthread+0x328/0x630
[   50.848398]  ret_from_fork+0x10/0x20
[   50.848441] 
[   50.848467] kfence-#152: 0x00000000e623abd4-0x00000000a9fa1bc9, size=32, cache=kmalloc-32
[   50.848467] 
[   50.848523] allocated by task 346 on cpu 1 at 50.847287s (0.001232s ago):
[   50.848594]  test_alloc+0x29c/0x628
[   50.848637]  test_krealloc+0xc0/0x830
[   50.848677]  kunit_try_run_case+0x170/0x3f0
[   50.848718]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.848762]  kthread+0x328/0x630
[   50.848798]  ret_from_fork+0x10/0x20
[   50.848839] 
[   50.848862] freed by task 346 on cpu 1 at 50.847560s (0.001298s ago):
[   50.848922]  krealloc_noprof+0x148/0x360
[   50.848975]  test_krealloc+0x1dc/0x830
[   50.849013]  kunit_try_run_case+0x170/0x3f0
[   50.849052]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.849096]  kthread+0x328/0x630
[   50.849131]  ret_from_fork+0x10/0x20
[   50.849171] 
[   50.849216] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   50.849299] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.849330] Hardware name: linux,dummy-virt (DT)
[   50.849364] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmGBohWgwDt0q1MSJxRxJ46Gq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmGBohWgwDt0q1MSJxRxJ46Gq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/Image.gz
sha256sum	0e75f247fcfca828bae2c74673e3187b2cb142639542a20241767255dd2a989b

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/modules.tar.xz
sha256sum	18ad61734b8ac92476de265f77917a21b448a5c78baec17abc62599dfb00aad0

durations

tests

boot	0
kunit	171.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   57.372541] ==================================================================
[   57.373130] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   57.373130] 
[   57.373815] Use-after-free read at 0x(____ptrval____) (in kfence-#174):
[   57.374413]  test_krealloc+0x6fc/0xbe0
[   57.374747]  kunit_try_run_case+0x1a5/0x480
[   57.375183]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.375666]  kthread+0x337/0x6f0
[   57.376010]  ret_from_fork+0x116/0x1d0
[   57.376450]  ret_from_fork_asm+0x1a/0x30
[   57.376846] 
[   57.377052] kfence-#174: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   57.377052] 
[   57.377685] allocated by task 364 on cpu 0 at 57.371694s (0.005986s ago):
[   57.378279]  test_alloc+0x364/0x10f0
[   57.378551]  test_krealloc+0xad/0xbe0
[   57.378967]  kunit_try_run_case+0x1a5/0x480
[   57.379549]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.380002]  kthread+0x337/0x6f0
[   57.380444]  ret_from_fork+0x116/0x1d0
[   57.380801]  ret_from_fork_asm+0x1a/0x30
[   57.381117] 
[   57.381298] freed by task 364 on cpu 0 at 57.371993s (0.009299s ago):
[   57.382050]  krealloc_noprof+0x108/0x340
[   57.382511]  test_krealloc+0x226/0xbe0
[   57.382880]  kunit_try_run_case+0x1a5/0x480
[   57.383202]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.383665]  kthread+0x337/0x6f0
[   57.383996]  ret_from_fork+0x116/0x1d0
[   57.384306]  ret_from_fork_asm+0x1a/0x30
[   57.384757] 
[   57.385031] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   57.385755] Tainted: [B]=BAD_PAGE, [N]=TEST
[   57.386179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   57.386938] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmHIv4OjqzuY4se718cLGQLXs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmHIv4OjqzuY4se718cLGQLXs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/bzImage
sha256sum	e8ff53ed1294ecb6e3942f69c9702cf67245fcd535135359b70f78a45efa657a

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/modules.tar.xz
sha256sum	4b7f7ee9385141e7d851b6b43f3ef6c0857845282181ddc6cfac1e13c3ff02a7

durations

tests

boot	0
kunit	223.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit