lkft/linux-next-master - next-20250708 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 8, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   64.365721] ==================================================================
[   64.365787] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   64.365787] 
[   64.365877] Use-after-free read at 0x00000000b92afe52 (in kfence-#200):
[   64.365929]  test_krealloc+0x51c/0x830
[   64.365975]  kunit_try_run_case+0x170/0x3f0
[   64.366021]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.366067]  kthread+0x328/0x630
[   64.366107]  ret_from_fork+0x10/0x20
[   64.366148] 
[   64.366172] kfence-#200: 0x00000000b92afe52-0x000000000dc55975, size=32, cache=kmalloc-32
[   64.366172] 
[   64.366241] allocated by task 368 on cpu 1 at 64.364995s (0.001241s ago):
[   64.366311]  test_alloc+0x29c/0x628
[   64.366352]  test_krealloc+0xc0/0x830
[   64.366392]  kunit_try_run_case+0x170/0x3f0
[   64.366435]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.366479]  kthread+0x328/0x630
[   64.366515]  ret_from_fork+0x10/0x20
[   64.366553] 
[   64.366578] freed by task 368 on cpu 1 at 64.365335s (0.001239s ago):
[   64.366639]  krealloc_noprof+0x148/0x360
[   64.366680]  test_krealloc+0x1dc/0x830
[   64.366720]  kunit_try_run_case+0x170/0x3f0
[   64.366761]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.366805]  kthread+0x328/0x630
[   64.366843]  ret_from_fork+0x10/0x20
[   64.366881] 
[   64.366925] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   64.367006] Tainted: [B]=BAD_PAGE, [N]=TEST
[   64.367035] Hardware name: linux,dummy-virt (DT)
[   64.367073] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadI5o4clKZiIYYjTSUQR6tPrp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadI5o4clKZiIYYjTSUQR6tPrp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/Image.gz
sha256sum	1ceb4687a4dcb5a790d42769a050e5ac78ce871667067fed7f3e7960550875ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/modules.tar.xz
sha256sum	3f48606753fbd3c6f5640d868ed22ac5af7831da8fafeb95bd8b8818bbdbc1a9

durations

tests

boot	0
kunit	170.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   61.096954] ==================================================================
[   61.097386] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   61.097386] 
[   61.097779] Use-after-free read at 0x(____ptrval____) (in kfence-#164):
[   61.098188]  test_krealloc+0x6fc/0xbe0
[   61.098411]  kunit_try_run_case+0x1a5/0x480
[   61.098645]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.098900]  kthread+0x337/0x6f0
[   61.099078]  ret_from_fork+0x116/0x1d0
[   61.099294]  ret_from_fork_asm+0x1a/0x30
[   61.099480] 
[   61.099574] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   61.099574] 
[   61.099859] allocated by task 385 on cpu 0 at 61.096247s (0.003609s ago):
[   61.100189]  test_alloc+0x364/0x10f0
[   61.100468]  test_krealloc+0xad/0xbe0
[   61.100602]  kunit_try_run_case+0x1a5/0x480
[   61.100794]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.101044]  kthread+0x337/0x6f0
[   61.101220]  ret_from_fork+0x116/0x1d0
[   61.101382]  ret_from_fork_asm+0x1a/0x30
[   61.101516] 
[   61.101607] freed by task 385 on cpu 0 at 61.096496s (0.005109s ago):
[   61.102020]  krealloc_noprof+0x108/0x340
[   61.102180]  test_krealloc+0x226/0xbe0
[   61.102321]  kunit_try_run_case+0x1a5/0x480
[   61.102455]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.102679]  kthread+0x337/0x6f0
[   61.102845]  ret_from_fork+0x116/0x1d0
[   61.103052]  ret_from_fork_asm+0x1a/0x30
[   61.103453] 
[   61.103818] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   61.104830] Tainted: [B]=BAD_PAGE, [N]=TEST
[   61.105005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   61.105603] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadJ2rDp4QF2EanzdxmWx6xbyw

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadJ2rDp4QF2EanzdxmWx6xbyw

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/bzImage
sha256sum	d2e0f1ca9d9f79d7d3d3df8bfa6136f501414ea8fca61dd648f312b7af92ba7e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/modules.tar.xz
sha256sum	ae1650227c5d0061093609bf5a55f56383843ed1e291a338f9fc46e881212983

durations

tests

boot	0
kunit	246.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit