lkft/linux-next-master - next-20250623 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 23, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   66.380406] ==================================================================
[   66.380504] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   66.380504] 
[   66.380617] Use-after-free read at 0x00000000a1a519f6 (in kfence-#191):
[   66.380679]  test_krealloc+0x51c/0x830
[   66.380741]  kunit_try_run_case+0x170/0x3f0
[   66.380801]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   66.380860]  kthread+0x328/0x630
[   66.380909]  ret_from_fork+0x10/0x20
[   66.380961] 
[   66.380990] kfence-#191: 0x00000000a1a519f6-0x0000000039b9aabb, size=32, cache=kmalloc-32
[   66.380990] 
[   66.381079] allocated by task 349 on cpu 1 at 66.379406s (0.001668s ago):
[   66.381164]  test_alloc+0x29c/0x628
[   66.381218]  test_krealloc+0xc0/0x830
[   66.381268]  kunit_try_run_case+0x170/0x3f0
[   66.381317]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   66.381374]  kthread+0x328/0x630
[   66.381419]  ret_from_fork+0x10/0x20
[   66.381466] 
[   66.381494] freed by task 349 on cpu 1 at 66.379795s (0.001694s ago):
[   66.381568]  krealloc_noprof+0x148/0x360
[   66.381619]  test_krealloc+0x1dc/0x830
[   66.381667]  kunit_try_run_case+0x170/0x3f0
[   66.381718]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   66.381771]  kthread+0x328/0x630
[   66.381815]  ret_from_fork+0x10/0x20
[   66.381864] 
[   66.381916] CPU: 1 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   66.382012] Tainted: [B]=BAD_PAGE, [N]=TEST
[   66.382084] Hardware name: linux,dummy-virt (DT)
[   66.382131] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmtaMTLcPEn4w4FcozR6WSC8v

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmtaMTLcPEn4w4FcozR6WSC8v

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/Image.gz
sha256sum	8babb9b25d008158739b204767b25f2683bd6714a94fb69277dbb95712e03026

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/modules.tar.xz
sha256sum	6a716a814d9729621b3aef13f694d9d6b53e23d3c12c6a026a54d81f80d3f12c

durations

tests

boot	0
kunit	290.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   60.269491] ==================================================================
[   60.269835] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   60.269835] 
[   60.270242] Use-after-free read at 0x(____ptrval____) (in kfence-#163):
[   60.270474]  test_krealloc+0x6fc/0xbe0
[   60.270640]  kunit_try_run_case+0x1a5/0x480
[   60.270760]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.270905]  kthread+0x337/0x6f0
[   60.271044]  ret_from_fork+0x116/0x1d0
[   60.271215]  ret_from_fork_asm+0x1a/0x30
[   60.271443] 
[   60.271542] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   60.271542] 
[   60.272041] allocated by task 366 on cpu 1 at 60.268573s (0.003464s ago):
[   60.272338]  test_alloc+0x364/0x10f0
[   60.272660]  test_krealloc+0xad/0xbe0
[   60.272978]  kunit_try_run_case+0x1a5/0x480
[   60.273322]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.273744]  kthread+0x337/0x6f0
[   60.274114]  ret_from_fork+0x116/0x1d0
[   60.274333]  ret_from_fork_asm+0x1a/0x30
[   60.274501] 
[   60.274714] freed by task 366 on cpu 1 at 60.268856s (0.005852s ago):
[   60.275256]  krealloc_noprof+0x108/0x340
[   60.275577]  test_krealloc+0x226/0xbe0
[   60.275872]  kunit_try_run_case+0x1a5/0x480
[   60.276193]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.276479]  kthread+0x337/0x6f0
[   60.276621]  ret_from_fork+0x116/0x1d0
[   60.276897]  ret_from_fork_asm+0x1a/0x30
[   60.277097] 
[   60.277275] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   60.277793] Tainted: [B]=BAD_PAGE, [N]=TEST
[   60.278108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   60.278482] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmubRIV1JPUllhZ47JmxJvXDc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmubRIV1JPUllhZ47JmxJvXDc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/bzImage
sha256sum	b03452fcb75b3b14cf8383cc19f407b3f7a1f0ee70432185dec0e489b10cb3a4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/modules.tar.xz
sha256sum	e4532e2fb00e2e4b26601276ccbbe81c48edd0570f10fd066f50509a42a73673

durations

tests

boot	0
kunit	172.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit