lkft/linux-next-master - next-20250624 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 24, 2025, 11:37 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64

[  110.483167] ==================================================================
[  110.490494] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[  110.490494] 
[  110.498882] Use-after-free read at 0x000000000955ff11 (in kfence-#60):
[  110.505502]  test_krealloc+0x51c/0x830
[  110.509329]  kunit_try_run_case+0x170/0x3f0
[  110.513594]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  110.519169]  kthread+0x328/0x630
[  110.522461]  ret_from_fork+0x10/0x20
[  110.526104] 
[  110.527637] kfence-#60: 0x000000000955ff11-0x00000000995ea25e, size=32, cache=kmalloc-32
[  110.527637] 
[  110.537327] allocated by task 435 on cpu 3 at 110.483101s (0.054225s ago):
[  110.544318]  test_alloc+0x29c/0x628
[  110.547875]  test_krealloc+0xc0/0x830
[  110.551604]  kunit_try_run_case+0x170/0x3f0
[  110.555858]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  110.561425]  kthread+0x328/0x630
[  110.564718]  ret_from_fork+0x10/0x20
[  110.568364] 
[  110.569896] freed by task 435 on cpu 3 at 110.483122s (0.086772s ago):
[  110.576524]  krealloc_noprof+0x148/0x360
[  110.580520]  test_krealloc+0x1dc/0x830
[  110.584337]  kunit_try_run_case+0x170/0x3f0
[  110.588592]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  110.594159]  kthread+0x328/0x630
[  110.597453]  ret_from_fork+0x10/0x20
[  110.601097] 
[  110.602638] CPU: 3 UID: 0 PID: 435 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[  110.613909] Tainted: [B]=BAD_PAGE, [N]=TEST
[  110.618159] Hardware name: Thundercomm Dragonboard 845c (DT)
[  110.623901] ==================================================================

Metadata Full log Test run details

[   68.541163] ==================================================================
[   68.541266] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   68.541266] 
[   68.541378] Use-after-free read at 0x00000000c8045cd3 (in kfence-#203):
[   68.541446]  test_krealloc+0x51c/0x830
[   68.541505]  kunit_try_run_case+0x170/0x3f0
[   68.541562]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   68.541615]  kthread+0x328/0x630
[   68.541663]  ret_from_fork+0x10/0x20
[   68.541711] 
[   68.541740] kfence-#203: 0x00000000c8045cd3-0x000000004c50b74a, size=32, cache=kmalloc-32
[   68.541740] 
[   68.541807] allocated by task 348 on cpu 0 at 68.540055s (0.001747s ago):
[   68.541906]  test_alloc+0x29c/0x628
[   68.541961]  test_krealloc+0xc0/0x830
[   68.542011]  kunit_try_run_case+0x170/0x3f0
[   68.542059]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   68.542112]  kthread+0x328/0x630
[   68.542155]  ret_from_fork+0x10/0x20
[   68.542203] 
[   68.542231] freed by task 348 on cpu 0 at 68.540538s (0.001689s ago):
[   68.542308]  krealloc_noprof+0x148/0x360
[   68.542356]  test_krealloc+0x1dc/0x830
[   68.542424]  kunit_try_run_case+0x170/0x3f0
[   68.542473]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   68.542525]  kthread+0x328/0x630
[   68.542570]  ret_from_fork+0x10/0x20
[   68.542618] 
[   68.542670] CPU: 0 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   68.542770] Tainted: [B]=BAD_PAGE, [N]=TEST
[   68.542807] Hardware name: linux,dummy-virt (DT)
[   68.542849] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yx8iABZYbkBMHz2UfLhbVQFSBc

job_id

TEST:linaro@lkft#2yx8mnha0Lu62FmuY96Pi2IVCX2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yx8mnha0Lu62FmuY96Pi2IVCX2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8jAY6Eu0Ej50xmM9Wq9W9Kum/Image.gz
sha256sum	08cb64e0f154758cad9002b9f9875074fc1caa5b64a173779c23ca529581230a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8jAY6Eu0Ej50xmM9Wq9W9Kum/modules.tar.xz
sha256sum	1b970a753f25d59f813741ee64d0dae566db66f1284845658803118558976a2f

durations

tests

boot	0
kunit	293.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   66.093786] ==================================================================
[   66.094273] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   66.094273] 
[   66.094973] Use-after-free read at 0x(____ptrval____) (in kfence-#165):
[   66.095454]  test_krealloc+0x6fc/0xbe0
[   66.095700]  kunit_try_run_case+0x1a5/0x480
[   66.096081]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   66.096687]  kthread+0x337/0x6f0
[   66.097030]  ret_from_fork+0x116/0x1d0
[   66.097295]  ret_from_fork_asm+0x1a/0x30
[   66.097734] 
[   66.097884] kfence-#165: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   66.097884] 
[   66.098338] allocated by task 367 on cpu 0 at 66.092709s (0.005623s ago):
[   66.098993]  test_alloc+0x364/0x10f0
[   66.099362]  test_krealloc+0xad/0xbe0
[   66.099853]  kunit_try_run_case+0x1a5/0x480
[   66.100180]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   66.100484]  kthread+0x337/0x6f0
[   66.100846]  ret_from_fork+0x116/0x1d0
[   66.101300]  ret_from_fork_asm+0x1a/0x30
[   66.101751] 
[   66.101955] freed by task 367 on cpu 0 at 66.093088s (0.008860s ago):
[   66.102396]  krealloc_noprof+0x108/0x340
[   66.102865]  test_krealloc+0x226/0xbe0
[   66.103247]  kunit_try_run_case+0x1a5/0x480
[   66.103572]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   66.104092]  kthread+0x337/0x6f0
[   66.104362]  ret_from_fork+0x116/0x1d0
[   66.104742]  ret_from_fork_asm+0x1a/0x30
[   66.105111] 
[   66.105312] CPU: 0 UID: 0 PID: 367 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   66.106273] Tainted: [B]=BAD_PAGE, [N]=TEST
[   66.106721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   66.107305] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yx8iABZYbkBMHz2UfLhbVQFSBc

job_id

TEST:linaro@lkft#2yx8nqbxHyU9q5QFLSgoSfpxg7c

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yx8nqbxHyU9q5QFLSgoSfpxg7c

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8kMWyAcZURSq8fq3I4LTYNnI/bzImage
sha256sum	e4af8fb0c4f818dc00f998896a3bb1036c581a265d8c629b665739ffdae0ee02

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8kMWyAcZURSq8fq3I4LTYNnI/modules.tar.xz
sha256sum	aa90f144ec87f2f93e8f81cdc22f5e1ccf9be8dc2fab92a71c87abdd535262e3

durations

tests

boot	0
kunit	232.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit