lkft/linux-next-master - next-20250704 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 4, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   63.459858] ==================================================================
[   63.459936] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   63.459936] 
[   63.460017] Use-after-free read at 0x0000000038701685 (in kfence-#189):
[   63.460070]  test_krealloc+0x51c/0x830
[   63.460118]  kunit_try_run_case+0x170/0x3f0
[   63.460165]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.460213]  kthread+0x328/0x630
[   63.460255]  ret_from_fork+0x10/0x20
[   63.460295] 
[   63.460321] kfence-#189: 0x0000000038701685-0x000000004d261e7d, size=32, cache=kmalloc-32
[   63.460321] 
[   63.460376] allocated by task 370 on cpu 1 at 63.459217s (0.001155s ago):
[   63.460447]  test_alloc+0x29c/0x628
[   63.460490]  test_krealloc+0xc0/0x830
[   63.460531]  kunit_try_run_case+0x170/0x3f0
[   63.460573]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.460619]  kthread+0x328/0x630
[   63.460654]  ret_from_fork+0x10/0x20
[   63.460692] 
[   63.460715] freed by task 370 on cpu 1 at 63.459471s (0.001241s ago):
[   63.460779]  krealloc_noprof+0x148/0x360
[   63.460824]  test_krealloc+0x1dc/0x830
[   63.460866]  kunit_try_run_case+0x170/0x3f0
[   63.460915]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.460960]  kthread+0x328/0x630
[   63.460996]  ret_from_fork+0x10/0x20
[   63.461035] 
[   63.461078] CPU: 1 UID: 0 PID: 370 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   63.461157] Tainted: [B]=BAD_PAGE, [N]=TEST
[   63.461188] Hardware name: linux,dummy-virt (DT)
[   63.461222] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKilf5MKTJ7lMyJmtgN73Nko7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKilf5MKTJ7lMyJmtgN73Nko7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/Image.gz
sha256sum	4057f87f22aa3a0c494fa56ac397e1d4208c36e40a654cceb81a6ec11e19d6de

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/modules.tar.xz
sha256sum	4bc11cd26c298df52c7ec39846a2a9f44ea5a2eb53067e5bc4040ac2b938e942

durations

tests

boot	0
kunit	164.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   62.486341] ==================================================================
[   62.487190] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   62.487190] 
[   62.488006] Use-after-free read at 0x(____ptrval____) (in kfence-#163):
[   62.489078]  test_krealloc+0x6fc/0xbe0
[   62.489247]  kunit_try_run_case+0x1a5/0x480
[   62.489420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   62.489601]  kthread+0x337/0x6f0
[   62.489728]  ret_from_fork+0x116/0x1d0
[   62.489896]  ret_from_fork_asm+0x1a/0x30
[   62.490255] 
[   62.490435] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   62.490435] 
[   62.491273] allocated by task 386 on cpu 1 at 62.485585s (0.005686s ago):
[   62.491907]  test_alloc+0x364/0x10f0
[   62.492251]  test_krealloc+0xad/0xbe0
[   62.492487]  kunit_try_run_case+0x1a5/0x480
[   62.492642]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   62.492823]  kthread+0x337/0x6f0
[   62.493133]  ret_from_fork+0x116/0x1d0
[   62.493484]  ret_from_fork_asm+0x1a/0x30
[   62.493819] 
[   62.493954] freed by task 386 on cpu 1 at 62.485861s (0.008090s ago):
[   62.494282]  krealloc_noprof+0x108/0x340
[   62.494486]  test_krealloc+0x226/0xbe0
[   62.494829]  kunit_try_run_case+0x1a5/0x480
[   62.495226]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   62.495524]  kthread+0x337/0x6f0
[   62.495649]  ret_from_fork+0x116/0x1d0
[   62.495784]  ret_from_fork_asm+0x1a/0x30
[   62.496059] 
[   62.496255] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   62.497312] Tainted: [B]=BAD_PAGE, [N]=TEST
[   62.497651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   62.498088] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKjpyJJfb0RHWMDdUonKtpYX7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKjpyJJfb0RHWMDdUonKtpYX7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/bzImage
sha256sum	3f0d1ff177ab5ba3055e740ba2cf1227dc4607b95078e840d6a28e4500986f57

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/modules.tar.xz
sha256sum	ead6c26eb094cd2228a8bb228bc9db0774422a83d6a7934109ba6612b5e4d45b

durations

tests

boot	0
kunit	260.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit