lkft/linux-next-master - next-20250709 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 9, 2025, 1:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   63.944667] ==================================================================
[   63.944731] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   63.944731] 
[   63.944815] Use-after-free read at 0x00000000df1318f7 (in kfence-#198):
[   63.944868]  test_krealloc+0x51c/0x830
[   63.944913]  kunit_try_run_case+0x170/0x3f0
[   63.944961]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.945006]  kthread+0x328/0x630
[   63.945046]  ret_from_fork+0x10/0x20
[   63.945106] 
[   63.945131] kfence-#198: 0x00000000df1318f7-0x0000000090a37180, size=32, cache=kmalloc-32
[   63.945131] 
[   63.945185] allocated by task 369 on cpu 1 at 63.944012s (0.001169s ago):
[   63.945254]  test_alloc+0x29c/0x628
[   63.945297]  test_krealloc+0xc0/0x830
[   63.945337]  kunit_try_run_case+0x170/0x3f0
[   63.945379]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.945424]  kthread+0x328/0x630
[   63.945460]  ret_from_fork+0x10/0x20
[   63.945498] 
[   63.945523] freed by task 369 on cpu 1 at 63.944274s (0.001245s ago):
[   63.945586]  krealloc_noprof+0x148/0x360
[   63.945627]  test_krealloc+0x1dc/0x830
[   63.945667]  kunit_try_run_case+0x170/0x3f0
[   63.945709]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.945756]  kthread+0x328/0x630
[   63.945792]  ret_from_fork+0x10/0x20
[   63.945829] 
[   63.945874] CPU: 1 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   63.945953] Tainted: [B]=BAD_PAGE, [N]=TEST
[   63.945985] Hardware name: linux,dummy-virt (DT)
[   63.946021] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdghTlh69PR1QDjNegFtBHq55A

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdghTlh69PR1QDjNegFtBHq55A

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/Image.gz
sha256sum	9f5eee9957545548ea4e1a38f001ee4d49216581a9ba43dfa3ccfa9e44a80665

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/modules.tar.xz
sha256sum	a00a8fd80d7c3e7553673b7b34ffa080501292edf8c4877ba00c110d5f08ed8f

durations

tests

boot	0
kunit	163.99

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   61.388869] ==================================================================
[   61.389245] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   61.389245] 
[   61.389613] Use-after-free read at 0x(____ptrval____) (in kfence-#164):
[   61.389845]  test_krealloc+0x6fc/0xbe0
[   61.390056]  kunit_try_run_case+0x1a5/0x480
[   61.390270]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.390479]  kthread+0x337/0x6f0
[   61.390648]  ret_from_fork+0x116/0x1d0
[   61.390816]  ret_from_fork_asm+0x1a/0x30
[   61.391018] 
[   61.391112] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   61.391112] 
[   61.391459] allocated by task 387 on cpu 0 at 61.388178s (0.003279s ago):
[   61.391694]  test_alloc+0x364/0x10f0
[   61.391935]  test_krealloc+0xad/0xbe0
[   61.392128]  kunit_try_run_case+0x1a5/0x480
[   61.392284]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.392453]  kthread+0x337/0x6f0
[   61.392610]  ret_from_fork+0x116/0x1d0
[   61.392858]  ret_from_fork_asm+0x1a/0x30
[   61.393061] 
[   61.393157] freed by task 387 on cpu 0 at 61.388475s (0.004680s ago):
[   61.393455]  krealloc_noprof+0x108/0x340
[   61.393628]  test_krealloc+0x226/0xbe0
[   61.393838]  kunit_try_run_case+0x1a5/0x480
[   61.393982]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.394152]  kthread+0x337/0x6f0
[   61.394292]  ret_from_fork+0x116/0x1d0
[   61.394471]  ret_from_fork_asm+0x1a/0x30
[   61.394665] 
[   61.394791] CPU: 0 UID: 0 PID: 387 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   61.395206] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   61.395809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   61.396800] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdgiR4lYmFolv6VtPNpXUv6c4T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdgiR4lYmFolv6VtPNpXUv6c4T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/bzImage
sha256sum	f7e62367d136756fd78b141e5190ae396942c5b5fabd4fda00971c136430b59f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/modules.tar.xz
sha256sum	4b09f4cdde291b6f441ef91e7389f5ff9bff86967f27fcee3276d7367dea1cc6

durations

tests

boot	0
kunit	223.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit