lkft/linux-next-master - next-20250717 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 17, 2025, 10:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   65.469382] ==================================================================
[   65.469469] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   65.469469] 
[   65.469551] Use-after-free read at 0x00000000035ab68f (in kfence-#218):
[   65.469604]  test_krealloc+0x51c/0x830
[   65.469649]  kunit_try_run_case+0x170/0x3f0
[   65.469693]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.469737]  kthread+0x328/0x630
[   65.469775]  ret_from_fork+0x10/0x20
[   65.469815] 
[   65.469841] kfence-#218: 0x00000000035ab68f-0x000000003b642baa, size=32, cache=kmalloc-32
[   65.469841] 
[   65.469895] allocated by task 368 on cpu 1 at 65.468745s (0.001146s ago):
[   65.469966]  test_alloc+0x29c/0x628
[   65.470005]  test_krealloc+0xc0/0x830
[   65.470041]  kunit_try_run_case+0x170/0x3f0
[   65.470098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.470143]  kthread+0x328/0x630
[   65.470179]  ret_from_fork+0x10/0x20
[   65.470218] 
[   65.470240] freed by task 368 on cpu 1 at 65.468967s (0.001270s ago):
[   65.470307]  krealloc_noprof+0x148/0x360
[   65.470349]  test_krealloc+0x1dc/0x830
[   65.470384]  kunit_try_run_case+0x170/0x3f0
[   65.470424]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   65.470466]  kthread+0x328/0x630
[   65.470501]  ret_from_fork+0x10/0x20
[   65.470539] 
[   65.470582] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   65.470660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   65.470690] Hardware name: linux,dummy-virt (DT)
[   65.470722] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwI23tpQTBG8fCn9UxRxbb3tr

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwI23tpQTBG8fCn9UxRxbb3tr

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/Image.gz
sha256sum	96fb88d4d7e7c3e6152876915e22498e21d41ed7aff45eb77676039904c4d08c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/modules.tar.xz
sha256sum	dcc013962c933691dd3d8528b3dca35a1d1690294b48c5891b1bcdd298eff6aa

durations

tests

boot	0
kunit	174.13

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   60.767200] ==================================================================
[   60.767677] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   60.767677] 
[   60.768067] Use-after-free read at 0x(____ptrval____) (in kfence-#145):
[   60.768334]  test_krealloc+0x6fc/0xbe0
[   60.768863]  kunit_try_run_case+0x1a5/0x480
[   60.769096]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.769368]  kthread+0x337/0x6f0
[   60.769796]  ret_from_fork+0x116/0x1d0
[   60.769949]  ret_from_fork_asm+0x1a/0x30
[   60.770165] 
[   60.770246] kfence-#145: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   60.770246] 
[   60.770887] allocated by task 386 on cpu 0 at 60.766529s (0.004355s ago):
[   60.771203]  test_alloc+0x364/0x10f0
[   60.771371]  test_krealloc+0xad/0xbe0
[   60.771511]  kunit_try_run_case+0x1a5/0x480
[   60.771712]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.771929]  kthread+0x337/0x6f0
[   60.772075]  ret_from_fork+0x116/0x1d0
[   60.772257]  ret_from_fork_asm+0x1a/0x30
[   60.772388] 
[   60.772524] freed by task 386 on cpu 0 at 60.766800s (0.005722s ago):
[   60.772788]  krealloc_noprof+0x108/0x340
[   60.772923]  test_krealloc+0x226/0xbe0
[   60.773121]  kunit_try_run_case+0x1a5/0x480
[   60.773316]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   60.773530]  kthread+0x337/0x6f0
[   60.773643]  ret_from_fork+0x116/0x1d0
[   60.773826]  ret_from_fork_asm+0x1a/0x30
[   60.774106] 
[   60.774271] CPU: 0 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   60.774729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   60.774891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   60.775220] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwJ32YYH3rsbvUvNRbDDLdWs9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwJ32YYH3rsbvUvNRbDDLdWs9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/bzImage
sha256sum	07a1e7c475fbe0d7581a28da7be9cafbb328e6becefa6ecbfcd42fdce3b22356

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/modules.tar.xz
sha256sum	651adbeb72ad9ee19188d99d2b877df4dd037d2a48b86a8a968b1eb4c3477806

durations

tests

boot	0
kunit	236.22

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit