lkft/linux-next-master - next-20250711 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 11, 2025, 10:11 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[  117.649137] ==================================================================
[  117.649260] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[  117.649260] 
[  117.649407] Use-after-free read at 0x(____ptrval____) (in kfence-#228):
[  117.649516]  test_krealloc+0x51c/0x830
[  117.652660]  kunit_try_run_case+0x170/0x3f0
[  117.656827]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  117.662296]  kthread+0x328/0x630
[  117.665507]  ret_from_fork+0x10/0x20
[  117.669066] 
[  117.670545] kfence-#228: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[  117.670545] 
[  117.680180] allocated by task 421 on cpu 3 at 117.649048s (0.031129s ago):
[  117.687056]  test_alloc+0x29c/0x628
[  117.690507]  test_krealloc+0xc0/0x830
[  117.694153]  kunit_try_run_case+0x170/0x3f0
[  117.698320]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  117.703788]  kthread+0x328/0x630
[  117.707000]  ret_from_fork+0x10/0x20
[  117.710559] 
[  117.712039] freed by task 421 on cpu 3 at 117.649075s (0.062959s ago):
[  117.718565]  krealloc_noprof+0x148/0x360
[  117.722451]  test_krealloc+0x1dc/0x830
[  117.726185]  kunit_try_run_case+0x170/0x3f0
[  117.730350]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  117.735819]  kthread+0x328/0x630
[  117.739031]  ret_from_fork+0x10/0x20
[  117.742591] 
[  117.744076] CPU: 3 UID: 0 PID: 421 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[  117.755187] Tainted: [B]=BAD_PAGE, [N]=TEST
[  117.759345] Hardware name: WinLink E850-96 board (DT)
[  117.764382] ==================================================================

Metadata Full log Test run details

[   62.710487] ==================================================================
[   62.710577] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   62.710577] 
[   62.710673] Use-after-free read at 0x00000000689434cb (in kfence-#191):
[   62.710726]  test_krealloc+0x51c/0x830
[   62.710774]  kunit_try_run_case+0x170/0x3f0
[   62.710824]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   62.710865]  kthread+0x328/0x630
[   62.710905]  ret_from_fork+0x10/0x20
[   62.710945] 
[   62.710969] kfence-#191: 0x00000000689434cb-0x00000000f55c9cd4, size=32, cache=kmalloc-32
[   62.710969] 
[   62.711030] allocated by task 368 on cpu 1 at 62.709782s (0.001244s ago):
[   62.711102]  test_alloc+0x29c/0x628
[   62.711142]  test_krealloc+0xc0/0x830
[   62.711183]  kunit_try_run_case+0x170/0x3f0
[   62.711224]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   62.711266]  kthread+0x328/0x630
[   62.711303]  ret_from_fork+0x10/0x20
[   62.711357] 
[   62.711380] freed by task 368 on cpu 1 at 62.710045s (0.001331s ago):
[   62.711445]  krealloc_noprof+0x148/0x360
[   62.711486]  test_krealloc+0x1dc/0x830
[   62.711527]  kunit_try_run_case+0x170/0x3f0
[   62.711568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   62.711609]  kthread+0x328/0x630
[   62.711645]  ret_from_fork+0x10/0x20
[   62.711683] 
[   62.711731] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   62.711812] Tainted: [B]=BAD_PAGE, [N]=TEST
[   62.711843] Hardware name: linux,dummy-virt (DT)
[   62.711878] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizOeD8Jm6gvF6WEX3HpY0Yiv3

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizOeD8Jm6gvF6WEX3HpY0Yiv3

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/Image.gz
sha256sum	37d9d8f3bf88d1e931fe46cf36571593b5a433a5d7333af6ff92cab414d2ee0c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/modules.tar.xz
sha256sum	f716ec16fb4ddf54116cb1eb73ee916ed3bd359ff95e4d969af9a161c3cb0a9f

durations

tests

boot	0
kunit	172.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   60.680294] ==================================================================
[   60.680692] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   60.680692] 
[   60.681087] Use-after-free read at 0x(____ptrval____) (in kfence-#159):
[   60.681855]  test_krealloc+0x6fc/0xbe0
[   60.682058]  kunit_try_run_case+0x1a5/0x480
[   60.682481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.682694]  kthread+0x337/0x6f0
[   60.682886]  ret_from_fork+0x116/0x1d0
[   60.683067]  ret_from_fork_asm+0x1a/0x30
[   60.683248] 
[   60.683328] kfence-#159: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   60.683328] 
[   60.684070] allocated by task 387 on cpu 0 at 60.679698s (0.004369s ago):
[   60.684571]  test_alloc+0x364/0x10f0
[   60.684862]  test_krealloc+0xad/0xbe0
[   60.685154]  kunit_try_run_case+0x1a5/0x480
[   60.685357]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.685824]  kthread+0x337/0x6f0
[   60.686096]  ret_from_fork+0x116/0x1d0
[   60.686285]  ret_from_fork_asm+0x1a/0x30
[   60.686644] 
[   60.686795] freed by task 387 on cpu 0 at 60.679927s (0.006846s ago):
[   60.687229]  krealloc_noprof+0x108/0x340
[   60.687511]  test_krealloc+0x226/0xbe0
[   60.687667]  kunit_try_run_case+0x1a5/0x480
[   60.687959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.688329]  kthread+0x337/0x6f0
[   60.688615]  ret_from_fork+0x116/0x1d0
[   60.688846]  ret_from_fork_asm+0x1a/0x30
[   60.689164] 
[   60.689301] CPU: 0 UID: 0 PID: 387 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   60.689939] Tainted: [B]=BAD_PAGE, [N]=TEST
[   60.690142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   60.690702] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizPosnQ5rY23goGLqjSSGUMDT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizPosnQ5rY23goGLqjSSGUMDT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/bzImage
sha256sum	0b86f8183e71d185ecf48e91daf338a38748221ed84c99d5fcc0aff2fb4fe4d2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/modules.tar.xz
sha256sum	1cecf8a22d53cbe6f1135ddb095fc53e6fe8ebbda902547c47910320c1d5aa61

durations

tests

boot	0
kunit	220.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit