lkft/linux-next-master - next-20250715 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[  117.548904] ==================================================================
[  117.549024] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[  117.549024] 
[  117.549170] Use-after-free read at 0x(____ptrval____) (in kfence-#221):
[  117.554172]  test_krealloc+0x51c/0x830
[  117.557904]  kunit_try_run_case+0x170/0x3f0
[  117.562071]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  117.567539]  kthread+0x328/0x630
[  117.570751]  ret_from_fork+0x10/0x20
[  117.574310] 
[  117.575789] kfence-#221: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[  117.575789] 
[  117.585426] allocated by task 418 on cpu 5 at 117.548811s (0.036611s ago):
[  117.592300]  test_alloc+0x29c/0x628
[  117.595750]  test_krealloc+0xc0/0x830
[  117.599396]  kunit_try_run_case+0x170/0x3f0
[  117.603563]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  117.609031]  kthread+0x328/0x630
[  117.612246]  ret_from_fork+0x10/0x20
[  117.615804] 
[  117.617280] freed by task 418 on cpu 5 at 117.548840s (0.068438s ago):
[  117.623810]  krealloc_noprof+0x148/0x360
[  117.627696]  test_krealloc+0x1dc/0x830
[  117.631427]  kunit_try_run_case+0x170/0x3f0
[  117.635594]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  117.641062]  kthread+0x328/0x630
[  117.644274]  ret_from_fork+0x10/0x20
[  117.647834] 
[  117.649320] CPU: 5 UID: 0 PID: 418 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[  117.660433] Tainted: [B]=BAD_PAGE, [N]=TEST
[  117.664587] Hardware name: WinLink E850-96 board (DT)
[  117.669624] ==================================================================

Metadata Full log Test run details

[   65.471425] ==================================================================
[   65.471513] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   65.471513] 
[   65.471609] Use-after-free read at 0x000000005e76e40e (in kfence-#204):
[   65.471661]  test_krealloc+0x51c/0x830
[   65.471710]  kunit_try_run_case+0x170/0x3f0
[   65.471756]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.471800]  kthread+0x328/0x630
[   65.471840]  ret_from_fork+0x10/0x20
[   65.471882] 
[   65.471905] kfence-#204: 0x000000005e76e40e-0x00000000ed53f551, size=32, cache=kmalloc-32
[   65.471905] 
[   65.471957] allocated by task 369 on cpu 0 at 65.470771s (0.001182s ago):
[   65.472029]  test_alloc+0x29c/0x628
[   65.472071]  test_krealloc+0xc0/0x830
[   65.472112]  kunit_try_run_case+0x170/0x3f0
[   65.472152]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.472195]  kthread+0x328/0x630
[   65.472231]  ret_from_fork+0x10/0x20
[   65.472270] 
[   65.472294] freed by task 369 on cpu 0 at 65.471018s (0.001272s ago):
[   65.472355]  krealloc_noprof+0x148/0x360
[   65.472397]  test_krealloc+0x1dc/0x830
[   65.472448]  kunit_try_run_case+0x170/0x3f0
[   65.472487]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.472530]  kthread+0x328/0x630
[   65.472565]  ret_from_fork+0x10/0x20
[   65.472603] 
[   65.472649] CPU: 0 UID: 0 PID: 369 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   65.472726] Tainted: [B]=BAD_PAGE, [N]=TEST
[   65.472756] Hardware name: linux,dummy-virt (DT)
[   65.472790] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   60.766473] ==================================================================
[   60.766906] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   60.766906] 
[   60.767258] Use-after-free read at 0x(____ptrval____) (in kfence-#163):
[   60.767525]  test_krealloc+0x6fc/0xbe0
[   60.767717]  kunit_try_run_case+0x1a5/0x480
[   60.768296]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.768535]  kthread+0x337/0x6f0
[   60.768704]  ret_from_fork+0x116/0x1d0
[   60.768887]  ret_from_fork_asm+0x1a/0x30
[   60.769410] 
[   60.769504] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   60.769504] 
[   60.770054] allocated by task 385 on cpu 1 at 60.765874s (0.004178s ago):
[   60.770424]  test_alloc+0x364/0x10f0
[   60.770590]  test_krealloc+0xad/0xbe0
[   60.770757]  kunit_try_run_case+0x1a5/0x480
[   60.771141]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.771443]  kthread+0x337/0x6f0
[   60.771578]  ret_from_fork+0x116/0x1d0
[   60.771842]  ret_from_fork_asm+0x1a/0x30
[   60.772129] 
[   60.772221] freed by task 385 on cpu 1 at 60.766089s (0.006130s ago):
[   60.772623]  krealloc_noprof+0x108/0x340
[   60.772887]  test_krealloc+0x226/0xbe0
[   60.773145]  kunit_try_run_case+0x1a5/0x480
[   60.773399]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.773602]  kthread+0x337/0x6f0
[   60.773761]  ret_from_fork+0x116/0x1d0
[   60.773967]  ret_from_fork_asm+0x1a/0x30
[   60.774447] 
[   60.774548] CPU: 1 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   60.775297] Tainted: [B]=BAD_PAGE, [N]=TEST
[   60.775555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   60.776008] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit