lkft/linux-next-master - next-20250714 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[  115.433863] ==================================================================
[  115.433997] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[  115.433997] 
[  115.434144] Use-after-free read at 0x(____ptrval____) (in kfence-#213):
[  115.434256]  test_krealloc+0x51c/0x830
[  115.437396]  kunit_try_run_case+0x170/0x3f0
[  115.441563]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  115.447031]  kthread+0x328/0x630
[  115.450243]  ret_from_fork+0x10/0x20
[  115.453802] 
[  115.455280] kfence-#213: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[  115.455280] 
[  115.464917] allocated by task 421 on cpu 3 at 115.433767s (0.031145s ago):
[  115.471792]  test_alloc+0x29c/0x628
[  115.475243]  test_krealloc+0xc0/0x830
[  115.478888]  kunit_try_run_case+0x170/0x3f0
[  115.483055]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  115.488524]  kthread+0x328/0x630
[  115.491735]  ret_from_fork+0x10/0x20
[  115.495296] 
[  115.496772] freed by task 421 on cpu 3 at 115.433799s (0.062970s ago):
[  115.503302]  krealloc_noprof+0x148/0x360
[  115.507186]  test_krealloc+0x1dc/0x830
[  115.510919]  kunit_try_run_case+0x170/0x3f0
[  115.515086]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  115.520554]  kthread+0x328/0x630
[  115.523766]  ret_from_fork+0x10/0x20
[  115.527326] 
[  115.528812] CPU: 3 UID: 0 PID: 421 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[  115.539921] Tainted: [B]=BAD_PAGE, [N]=TEST
[  115.544080] Hardware name: WinLink E850-96 board (DT)
[  115.549117] ==================================================================

Metadata Full log Test run details

[   63.537268] ==================================================================
[   63.537342] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   63.537342] 
[   63.537428] Use-after-free read at 0x00000000f131ff61 (in kfence-#188):
[   63.537481]  test_krealloc+0x51c/0x830
[   63.537525]  kunit_try_run_case+0x170/0x3f0
[   63.537572]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.537622]  kthread+0x328/0x630
[   63.537659]  ret_from_fork+0x10/0x20
[   63.537700] 
[   63.537725] kfence-#188: 0x00000000f131ff61-0x00000000982bc35d, size=32, cache=kmalloc-32
[   63.537725] 
[   63.537779] allocated by task 368 on cpu 1 at 63.536588s (0.001187s ago):
[   63.537847]  test_alloc+0x29c/0x628
[   63.537888]  test_krealloc+0xc0/0x830
[   63.537928]  kunit_try_run_case+0x170/0x3f0
[   63.537969]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.538011]  kthread+0x328/0x630
[   63.538057]  ret_from_fork+0x10/0x20
[   63.538100] 
[   63.538123] freed by task 368 on cpu 1 at 63.536852s (0.001268s ago):
[   63.538183]  krealloc_noprof+0x148/0x360
[   63.538225]  test_krealloc+0x1dc/0x830
[   63.538264]  kunit_try_run_case+0x170/0x3f0
[   63.538303]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   63.538345]  kthread+0x328/0x630
[   63.538383]  ret_from_fork+0x10/0x20
[   63.538426] 
[   63.538472] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   63.538552] Tainted: [B]=BAD_PAGE, [N]=TEST
[   63.538581] Hardware name: linux,dummy-virt (DT)
[   63.538614] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW4gkgpPvPvyu1JhrLI5SfZ9n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW4gkgpPvPvyu1JhrLI5SfZ9n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/Image.gz
sha256sum	f1b1de68ab66795221ea7af2c885166039edc905709ae2b868dbc429ffb32d0d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/modules.tar.xz
sha256sum	94a5b5b8edfcc1ec8f65ff9d692207a782ba849df77dd9baa05c20bf5972d8f6

durations

tests

boot	0
kunit	174.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   61.429165] ==================================================================
[   61.429568] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   61.429568] 
[   61.430026] Use-after-free read at 0x(____ptrval____) (in kfence-#164):
[   61.430340]  test_krealloc+0x6fc/0xbe0
[   61.430509]  kunit_try_run_case+0x1a5/0x480
[   61.430836]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.431011]  kthread+0x337/0x6f0
[   61.431129]  ret_from_fork+0x116/0x1d0
[   61.431294]  ret_from_fork_asm+0x1a/0x30
[   61.431719] 
[   61.431911] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   61.431911] 
[   61.432544] allocated by task 386 on cpu 0 at 61.428333s (0.004208s ago):
[   61.432868]  test_alloc+0x364/0x10f0
[   61.433165]  test_krealloc+0xad/0xbe0
[   61.433564]  kunit_try_run_case+0x1a5/0x480
[   61.433763]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.434179]  kthread+0x337/0x6f0
[   61.434340]  ret_from_fork+0x116/0x1d0
[   61.434644]  ret_from_fork_asm+0x1a/0x30
[   61.434990] 
[   61.435067] freed by task 386 on cpu 0 at 61.428638s (0.006427s ago):
[   61.435526]  krealloc_noprof+0x108/0x340
[   61.435839]  test_krealloc+0x226/0xbe0
[   61.436044]  kunit_try_run_case+0x1a5/0x480
[   61.436211]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   61.436452]  kthread+0x337/0x6f0
[   61.436604]  ret_from_fork+0x116/0x1d0
[   61.436885]  ret_from_fork_asm+0x1a/0x30
[   61.437312] 
[   61.437510] CPU: 0 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   61.438216] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   61.438579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   61.439025] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW5XeyUzOSFr9BpBP7b7OYkHS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW5XeyUzOSFr9BpBP7b7OYkHS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/bzImage
sha256sum	4565f21e261caec61f0904b87ff9eab2fa750b37970854db3ef378370e96c96a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/modules.tar.xz
sha256sum	25191cedf68988510c88d39b245d9f83740d3133c412cf5e2b129a6de7adb415

durations

tests

boot	0
kunit	230.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit