lkft/linux-next-master - next-20250702 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   63.917044] ==================================================================
[   63.917112] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   63.917112] 
[   63.917198] Use-after-free read at 0x00000000b7c2406e (in kfence-#183):
[   63.917253]  test_krealloc+0x51c/0x830
[   63.917300]  kunit_try_run_case+0x170/0x3f0
[   63.917347]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.917393]  kthread+0x328/0x630
[   63.917434]  ret_from_fork+0x10/0x20
[   63.917476] 
[   63.917501] kfence-#183: 0x00000000b7c2406e-0x00000000ff9a0715, size=32, cache=kmalloc-32
[   63.917501] 
[   63.917557] allocated by task 370 on cpu 0 at 63.916403s (0.001150s ago):
[   63.917626]  test_alloc+0x29c/0x628
[   63.917668]  test_krealloc+0xc0/0x830
[   63.917709]  kunit_try_run_case+0x170/0x3f0
[   63.917750]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.917795]  kthread+0x328/0x630
[   63.917832]  ret_from_fork+0x10/0x20
[   63.917870] 
[   63.917896] freed by task 370 on cpu 0 at 63.916657s (0.001235s ago):
[   63.917972]  krealloc_noprof+0x148/0x360
[   63.918015]  test_krealloc+0x1dc/0x830
[   63.918055]  kunit_try_run_case+0x170/0x3f0
[   63.918095]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.918140]  kthread+0x328/0x630
[   63.918176]  ret_from_fork+0x10/0x20
[   63.918215] 
[   63.918260] CPU: 0 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   63.918342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   63.918373] Hardware name: linux,dummy-virt (DT)
[   63.918409] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   67.252438] ==================================================================
[   67.252514] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   67.252514] 
[   67.252609] Use-after-free read at 0x00000000ad92fda5 (in kfence-#201):
[   67.252667]  test_krealloc+0x51c/0x830
[   67.252715]  kunit_try_run_case+0x170/0x3f0
[   67.252763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   67.252810]  kthread+0x328/0x630
[   67.252851]  ret_from_fork+0x10/0x20
[   67.252894] 
[   67.252918] kfence-#201: 0x00000000ad92fda5-0x00000000789add65, size=32, cache=kmalloc-32
[   67.252918] 
[   67.252976] allocated by task 368 on cpu 0 at 67.251807s (0.001166s ago):
[   67.253046]  test_alloc+0x29c/0x628
[   67.253088]  test_krealloc+0xc0/0x830
[   67.253130]  kunit_try_run_case+0x170/0x3f0
[   67.253185]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   67.253230]  kthread+0x328/0x630
[   67.253267]  ret_from_fork+0x10/0x20
[   67.253305] 
[   67.253331] freed by task 368 on cpu 0 at 67.252032s (0.001295s ago):
[   67.253394]  krealloc_noprof+0x148/0x360
[   67.253435]  test_krealloc+0x1dc/0x830
[   67.253474]  kunit_try_run_case+0x170/0x3f0
[   67.253521]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   67.253565]  kthread+0x328/0x630
[   67.253600]  ret_from_fork+0x10/0x20
[   67.253638] 
[   67.253688] CPU: 0 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   67.253770] Tainted: [B]=BAD_PAGE, [N]=TEST
[   67.253801] Hardware name: linux,dummy-virt (DT)
[   67.253836] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   59.938619] ==================================================================
[   59.938978] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   59.938978] 
[   59.939354] Use-after-free read at 0x(____ptrval____) (in kfence-#157):
[   59.939648]  test_krealloc+0x6fc/0xbe0
[   59.939825]  kunit_try_run_case+0x1a5/0x480
[   59.940024]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   59.940222]  kthread+0x337/0x6f0
[   59.940381]  ret_from_fork+0x116/0x1d0
[   59.940570]  ret_from_fork_asm+0x1a/0x30
[   59.940800] 
[   59.940870] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   59.940870] 
[   59.941267] allocated by task 385 on cpu 1 at 59.937976s (0.003288s ago):
[   59.941615]  test_alloc+0x364/0x10f0
[   59.941819]  test_krealloc+0xad/0xbe0
[   59.941960]  kunit_try_run_case+0x1a5/0x480
[   59.942168]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   59.942385]  kthread+0x337/0x6f0
[   59.942593]  ret_from_fork+0x116/0x1d0
[   59.942727]  ret_from_fork_asm+0x1a/0x30
[   59.942861] 
[   59.942930] freed by task 385 on cpu 1 at 59.938209s (0.004718s ago):
[   59.943228]  krealloc_noprof+0x108/0x340
[   59.943428]  test_krealloc+0x226/0xbe0
[   59.943987]  kunit_try_run_case+0x1a5/0x480
[   59.944186]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   59.944412]  kthread+0x337/0x6f0
[   59.945041]  ret_from_fork+0x116/0x1d0
[   59.945223]  ret_from_fork_asm+0x1a/0x30
[   59.945414] 
[   59.945742] CPU: 1 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   59.946390] Tainted: [B]=BAD_PAGE, [N]=TEST
[   59.946541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   59.946927] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   58.964209] ==================================================================
[   58.964606] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   58.964606] 
[   58.964924] Use-after-free read at 0x(____ptrval____) (in kfence-#150):
[   58.965261]  test_krealloc+0x6fc/0xbe0
[   58.965888]  kunit_try_run_case+0x1a5/0x480
[   58.966159]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.966413]  kthread+0x337/0x6f0
[   58.966558]  ret_from_fork+0x116/0x1d0
[   58.966752]  ret_from_fork_asm+0x1a/0x30
[   58.966918] 
[   58.967397] kfence-#150: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   58.967397] 
[   58.967768] allocated by task 386 on cpu 0 at 58.963576s (0.004190s ago):
[   58.968319]  test_alloc+0x364/0x10f0
[   58.968502]  test_krealloc+0xad/0xbe0
[   58.968659]  kunit_try_run_case+0x1a5/0x480
[   58.968838]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.969046]  kthread+0x337/0x6f0
[   58.969262]  ret_from_fork+0x116/0x1d0
[   58.969412]  ret_from_fork_asm+0x1a/0x30
[   58.969574] 
[   58.969665] freed by task 386 on cpu 0 at 58.963812s (0.005850s ago):
[   58.969905]  krealloc_noprof+0x108/0x340
[   58.970110]  test_krealloc+0x226/0xbe0
[   58.970723]  kunit_try_run_case+0x1a5/0x480
[   58.970885]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.971214]  kthread+0x337/0x6f0
[   58.971386]  ret_from_fork+0x116/0x1d0
[   58.971560]  ret_from_fork_asm+0x1a/0x30
[   58.971716] 
[   58.971846] CPU: 0 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   58.972680] Tainted: [B]=BAD_PAGE, [N]=TEST
[   58.972875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   58.973420] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit