lkft/linux-next-master - next-20250626 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
juno-r2
qemu-arm64
qemu-x86_64

[  110.975612] ==================================================================
[  110.982955] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[  110.982955] 
[  110.991348] Use-after-free read at 0x000000005395c4ac (in kfence-#54):
[  110.997969]  test_krealloc+0x51c/0x830
[  111.001793]  kunit_try_run_case+0x170/0x3f0
[  111.006049]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  111.011614]  kthread+0x328/0x630
[  111.014903]  ret_from_fork+0x10/0x20
[  111.018537] 
[  111.020072] kfence-#54: 0x000000005395c4ac-0x00000000fcae111b, size=32, cache=kmalloc-32
[  111.020072] 
[  111.029753] allocated by task 423 on cpu 4 at 110.975554s (0.054198s ago):
[  111.036730]  test_alloc+0x29c/0x628
[  111.040278]  test_krealloc+0xc0/0x830
[  111.043997]  kunit_try_run_case+0x170/0x3f0
[  111.048247]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  111.053813]  kthread+0x328/0x630
[  111.057096]  ret_from_fork+0x10/0x20
[  111.060727] 
[  111.062251] freed by task 423 on cpu 4 at 110.975571s (0.086677s ago):
[  111.068875]  krealloc_noprof+0x148/0x360
[  111.072858]  test_krealloc+0x1dc/0x830
[  111.076675]  kunit_try_run_case+0x170/0x3f0
[  111.080925]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  111.086492]  kthread+0x328/0x630
[  111.089775]  ret_from_fork+0x10/0x20
[  111.093407] 
[  111.094937] CPU: 4 UID: 0 PID: 423 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[  111.106198] Tainted: [B]=BAD_PAGE, [N]=TEST
[  111.110444] Hardware name: Thundercomm Dragonboard 845c (DT)
[  111.116177] ==================================================================

Metadata Full log Test run details

[ 1557.396266] ==================================================================
[ 1557.396289] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[ 1557.396289] 
[ 1557.396322] Use-after-free read at 0x00000000d0001b62 (in kfence-#95):
[ 1557.396337]  test_krealloc+0x51c/0x830
[ 1557.396354]  kunit_try_run_case+0x170/0x3f0
[ 1557.396370]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1557.396387]  kthread+0x328/0x630
[ 1557.396398]  ret_from_fork+0x10/0x20
[ 1557.396412] 
[ 1557.396418] kfence-#95: 0x00000000d0001b62-0x0000000066128209, size=32, cache=kmalloc-32
[ 1557.396418] 
[ 1557.396435] allocated by task 408 on cpu 1 at 1557.396214s (0.000219s ago):
[ 1557.396461]  test_alloc+0x29c/0x628
[ 1557.396475]  test_krealloc+0xc0/0x830
[ 1557.396488]  kunit_try_run_case+0x170/0x3f0
[ 1557.396501]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1557.396517]  kthread+0x328/0x630
[ 1557.396526]  ret_from_fork+0x10/0x20
[ 1557.396539] 
[ 1557.396544] freed by task 408 on cpu 1 at 1557.396231s (0.000312s ago):
[ 1557.396568]  krealloc_noprof+0x148/0x360
[ 1557.396582]  test_krealloc+0x1dc/0x830
[ 1557.396596]  kunit_try_run_case+0x170/0x3f0
[ 1557.396609]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1557.396624]  kthread+0x328/0x630
[ 1557.396634]  ret_from_fork+0x10/0x20
[ 1557.396647] 
[ 1557.396657] CPU: 1 UID: 0 PID: 408 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1557.396685] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1557.396694] Hardware name: ARM Juno development board (r2) (DT)
[ 1557.396704] ==================================================================

Metadata Full log Test run details

[   61.740813] ==================================================================
[   61.740868] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   61.740868] 
[   61.740945] Use-after-free read at 0x00000000175f0895 (in kfence-#164):
[   61.740997]  test_krealloc+0x51c/0x830
[   61.741040]  kunit_try_run_case+0x170/0x3f0
[   61.741101]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   61.741147]  kthread+0x328/0x630
[   61.741184]  ret_from_fork+0x10/0x20
[   61.741225] 
[   61.741247] kfence-#164: 0x00000000175f0895-0x000000008358d7e8, size=32, cache=kmalloc-32
[   61.741247] 
[   61.741302] allocated by task 349 on cpu 1 at 61.740240s (0.001059s ago):
[   61.741372]  test_alloc+0x29c/0x628
[   61.741413]  test_krealloc+0xc0/0x830
[   61.741453]  kunit_try_run_case+0x170/0x3f0
[   61.741493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   61.741537]  kthread+0x328/0x630
[   61.741572]  ret_from_fork+0x10/0x20
[   61.741611] 
[   61.741634] freed by task 349 on cpu 1 at 61.740441s (0.001190s ago):
[   61.741696]  krealloc_noprof+0x148/0x360
[   61.741736]  test_krealloc+0x1dc/0x830
[   61.741775]  kunit_try_run_case+0x170/0x3f0
[   61.741815]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   61.741857]  kthread+0x328/0x630
[   61.741893]  ret_from_fork+0x10/0x20
[   61.741930] 
[   61.741970] CPU: 1 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   61.742049] Tainted: [B]=BAD_PAGE, [N]=TEST
[   61.742090] Hardware name: linux,dummy-virt (DT)
[   61.742124] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VBWOwNE7tln7ibBWNJtNgCdd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VBWOwNE7tln7ibBWNJtNgCdd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/Image.gz
sha256sum	42e36f6e4a060d5f9a1060b857a02a69294fe7d2a27b0731adb370bcbc85f1e6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/modules.tar.xz
sha256sum	890b3fa8e09fb90f169b09d75de24714d8b16adf2b500a29a27124602d4970e9

durations

tests

boot	0
kunit	167.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   57.875956] ==================================================================
[   57.876369] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   57.876369] 
[   57.876731] Use-after-free read at 0x(____ptrval____) (in kfence-#138):
[   57.877027]  test_krealloc+0x6fc/0xbe0
[   57.877168]  kunit_try_run_case+0x1a5/0x480
[   57.877418]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.877675]  kthread+0x337/0x6f0
[   57.877835]  ret_from_fork+0x116/0x1d0
[   57.877982]  ret_from_fork_asm+0x1a/0x30
[   57.878164] 
[   57.878320] kfence-#138: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   57.878320] 
[   57.878667] allocated by task 366 on cpu 1 at 57.875154s (0.003511s ago):
[   57.878992]  test_alloc+0x364/0x10f0
[   57.879162]  test_krealloc+0xad/0xbe0
[   57.879334]  kunit_try_run_case+0x1a5/0x480
[   57.879476]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.879643]  kthread+0x337/0x6f0
[   57.879809]  ret_from_fork+0x116/0x1d0
[   57.879993]  ret_from_fork_asm+0x1a/0x30
[   57.880634] 
[   57.880714] freed by task 366 on cpu 1 at 57.875474s (0.005238s ago):
[   57.880936]  krealloc_noprof+0x108/0x340
[   57.881629]  test_krealloc+0x226/0xbe0
[   57.881862]  kunit_try_run_case+0x1a5/0x480
[   57.882071]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   57.882513]  kthread+0x337/0x6f0
[   57.882630]  ret_from_fork+0x116/0x1d0
[   57.882822]  ret_from_fork_asm+0x1a/0x30
[   57.882973] 
[   57.883115] CPU: 1 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   57.883563] Tainted: [B]=BAD_PAGE, [N]=TEST
[   57.883714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   57.884105] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VCWzEgPcUDHhhw0N7L6OuTsi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VCWzEgPcUDHhhw0N7L6OuTsi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/bzImage
sha256sum	af9e113be0609efaece1c192f6aceee5e71a8c7326695ad181171f155187f3ab

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/modules.tar.xz
sha256sum	eb3bf6ab4822a4ffbb4c6a0a8f2b0db2418a278c2192667f80b6a1aac6efaa14

durations

tests

boot	0
kunit	146.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - juno-r2 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit