lkft/linux-next-master - next-20250618 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 18, 2025, 6:43 a.m.

Environment
qemu-arm64
qemu-x86_64

[   54.627419] ==================================================================
[   54.627537] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   54.627537] 
[   54.627647] Use-after-free read at 0x00000000bf2479c0 (in kfence-#185):
[   54.627705]  test_krealloc+0x51c/0x830
[   54.627756]  kunit_try_run_case+0x170/0x3f0
[   54.627803]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.627849]  kthread+0x328/0x630
[   54.627888]  ret_from_fork+0x10/0x20
[   54.627932] 
[   54.627958] kfence-#185: 0x00000000bf2479c0-0x000000006d64db30, size=32, cache=kmalloc-32
[   54.627958] 
[   54.628031] allocated by task 347 on cpu 0 at 54.626679s (0.001335s ago):
[   54.628116]  test_alloc+0x29c/0x628
[   54.628162]  test_krealloc+0xc0/0x830
[   54.628204]  kunit_try_run_case+0x170/0x3f0
[   54.628248]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.628298]  kthread+0x328/0x630
[   54.628348]  ret_from_fork+0x10/0x20
[   54.628395] 
[   54.628423] freed by task 347 on cpu 0 at 54.626957s (0.001462s ago):
[   54.628493]  krealloc_noprof+0x148/0x360
[   54.628547]  test_krealloc+0x1dc/0x830
[   54.628593]  kunit_try_run_case+0x170/0x3f0
[   54.628639]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   54.628688]  kthread+0x328/0x630
[   54.628727]  ret_from_fork+0x10/0x20
[   54.628769] 
[   54.628819] CPU: 0 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   54.628915] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   54.628950] Hardware name: linux,dummy-virt (DT)
[   54.628990] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcKukFQMOtwGu89FbiLnnYMcv

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcKukFQMOtwGu89FbiLnnYMcv

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/Image.gz
sha256sum	79b35f965911e8ff982969cf0605b0bd2094f0c42bb36563e2c84399e66104a2

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/modules.tar.xz
sha256sum	103eda217975c92326d72877fbd7b01adb7c5cccd1ce9b6932689a978eb4696f

durations

tests

boot	0
kunit	333.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   46.602661] ==================================================================
[   46.603114] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   46.603114] 
[   46.603598] Use-after-free read at 0x(____ptrval____) (in kfence-#126):
[   46.603861]  test_krealloc+0x6fc/0xbe0
[   46.604044]  kunit_try_run_case+0x1a5/0x480
[   46.604244]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   46.604921]  kthread+0x337/0x6f0
[   46.605289]  ret_from_fork+0x116/0x1d0
[   46.605466]  ret_from_fork_asm+0x1a/0x30
[   46.605639] 
[   46.605708] kfence-#126: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   46.605708] 
[   46.606111] allocated by task 363 on cpu 0 at 46.601931s (0.004177s ago):
[   46.606750]  test_alloc+0x364/0x10f0
[   46.606907]  test_krealloc+0xad/0xbe0
[   46.607161]  kunit_try_run_case+0x1a5/0x480
[   46.607484]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   46.607783]  kthread+0x337/0x6f0
[   46.607948]  ret_from_fork+0x116/0x1d0
[   46.608273]  ret_from_fork_asm+0x1a/0x30
[   46.608531] 
[   46.608615] freed by task 363 on cpu 0 at 46.602154s (0.006458s ago):
[   46.608982]  krealloc_noprof+0x108/0x340
[   46.609146]  test_krealloc+0x226/0xbe0
[   46.609490]  kunit_try_run_case+0x1a5/0x480
[   46.609684]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   46.609901]  kthread+0x337/0x6f0
[   46.610040]  ret_from_fork+0x116/0x1d0
[   46.610393]  ret_from_fork_asm+0x1a/0x30
[   46.610568] 
[   46.610810] CPU: 0 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   46.611480] Tainted: [B]=BAD_PAGE, [N]=TEST
[   46.611740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   46.612256] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcLjszgvK081YlwHCPjcp2e2j

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcLjszgvK081YlwHCPjcp2e2j

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/bzImage
sha256sum	080c75ae0012d41783d523aad25761b97c23573ef70fd83b5b4ab34093a5f110

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/modules.tar.xz
sha256sum	7b460ce6a60b82c553c794703a10ad3e9db2ff894128eec130bd388dacdd428e

durations

tests

boot	0
kunit	123.89

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit