lkft/linux-next-master - next-20250716 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 16, 2025, 12:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   65.609563] ==================================================================
[   65.609617] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   65.609617] 
[   65.609699] Use-after-free read at 0x0000000029f91e44 (in kfence-#201):
[   65.609751]  test_krealloc+0x51c/0x830
[   65.609799]  kunit_try_run_case+0x170/0x3f0
[   65.609843]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.609888]  kthread+0x328/0x630
[   65.609930]  ret_from_fork+0x10/0x20
[   65.609976] 
[   65.610001] kfence-#201: 0x0000000029f91e44-0x0000000050f11232, size=32, cache=kmalloc-32
[   65.610001] 
[   65.610058] allocated by task 368 on cpu 1 at 65.608965s (0.001089s ago):
[   65.610129]  test_alloc+0x29c/0x628
[   65.610171]  test_krealloc+0xc0/0x830
[   65.610212]  kunit_try_run_case+0x170/0x3f0
[   65.610251]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.610295]  kthread+0x328/0x630
[   65.610332]  ret_from_fork+0x10/0x20
[   65.610375] 
[   65.610399] freed by task 368 on cpu 1 at 65.609168s (0.001227s ago):
[   65.610464]  krealloc_noprof+0x148/0x360
[   65.610518]  test_krealloc+0x1dc/0x830
[   65.610559]  kunit_try_run_case+0x170/0x3f0
[   65.610597]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.610641]  kthread+0x328/0x630
[   65.610676]  ret_from_fork+0x10/0x20
[   65.610714] 
[   65.610756] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   65.610835] Tainted: [B]=BAD_PAGE, [N]=TEST
[   65.610866] Hardware name: linux,dummy-virt (DT)
[   65.610899] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxLYbkO55A3MZOuL8WgggPQedZ

job_id

TEST:linaro@lkft#2zxLeGb0Cz9DWdDOuIcvrHgzPHF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxLeGb0Cz9DWdDOuIcvrHgzPHF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLaFD9LrwPBdmkVRgfB1whiL3/Image.gz
sha256sum	52b0e0b4d3e1142256a1a9b955e87dd8182ac318909544344275afea897b330f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLaFD9LrwPBdmkVRgfB1whiL3/modules.tar.xz
sha256sum	45cab41eb8bcd09ba6c3a39112d26defc4ebbd207b893e79d28b0eac868edbc7

durations

tests

boot	0
kunit	166.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   58.875001] ==================================================================
[   58.875584] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   58.875584] 
[   58.876142] Use-after-free read at 0x(____ptrval____) (in kfence-#148):
[   58.876581]  test_krealloc+0x6fc/0xbe0
[   58.876725]  kunit_try_run_case+0x1a5/0x480
[   58.876887]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.877063]  kthread+0x337/0x6f0
[   58.877403]  ret_from_fork+0x116/0x1d0
[   58.877761]  ret_from_fork_asm+0x1a/0x30
[   58.878158] 
[   58.878332] kfence-#148: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   58.878332] 
[   58.879196] allocated by task 386 on cpu 1 at 58.874199s (0.004994s ago):
[   58.879502]  test_alloc+0x364/0x10f0
[   58.879855]  test_krealloc+0xad/0xbe0
[   58.880017]  kunit_try_run_case+0x1a5/0x480
[   58.880401]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.880576]  kthread+0x337/0x6f0
[   58.880691]  ret_from_fork+0x116/0x1d0
[   58.880817]  ret_from_fork_asm+0x1a/0x30
[   58.880964] 
[   58.881032] freed by task 386 on cpu 1 at 58.874473s (0.006557s ago):
[   58.881551]  krealloc_noprof+0x108/0x340
[   58.881919]  test_krealloc+0x226/0xbe0
[   58.882293]  kunit_try_run_case+0x1a5/0x480
[   58.882679]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.883178]  kthread+0x337/0x6f0
[   58.883471]  ret_from_fork+0x116/0x1d0
[   58.883754]  ret_from_fork_asm+0x1a/0x30
[   58.883903] 
[   58.883998] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   58.884932] Tainted: [B]=BAD_PAGE, [N]=TEST
[   58.885320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   58.885676] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxLYbkO55A3MZOuL8WgggPQedZ

job_id

TEST:linaro@lkft#2zxLfHMSY6akRqbBhVsf5z5iz9e

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxLfHMSY6akRqbBhVsf5z5iz9e

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLbmLo3GA6FujcMpRElLVLfuq/bzImage
sha256sum	97fecc995324d61966003161d99859708a9b079452d45536b9403860fef72719

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLbmLo3GA6FujcMpRElLVLfuq/modules.tar.xz
sha256sum	ce1222732442295d109620928fd8d84fb1cc2fb5dcb61e49ba48e8a442ce3bba

durations

tests

boot	0
kunit	232.49

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit