lkft/linux-next-master - next-20250724 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 24, 2025, 4:41 a.m.

Environment
qemu-arm64
qemu-x86_64

[   64.804078] ==================================================================
[   64.804175] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   64.804175] 
[   64.804268] Use-after-free read at 0x00000000741b1bf1 (in kfence-#182):
[   64.804321]  test_krealloc+0x51c/0x830
[   64.804364]  kunit_try_run_case+0x170/0x3f0
[   64.804407]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.804451]  kthread+0x328/0x630
[   64.804491]  ret_from_fork+0x10/0x20
[   64.804530] 
[   64.804557] kfence-#182: 0x00000000741b1bf1-0x000000008628295a, size=32, cache=kmalloc-32
[   64.804557] 
[   64.804612] allocated by task 368 on cpu 1 at 64.803406s (0.001203s ago):
[   64.804683]  test_alloc+0x29c/0x628
[   64.804721]  test_krealloc+0xc0/0x830
[   64.804771]  kunit_try_run_case+0x170/0x3f0
[   64.804812]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.804855]  kthread+0x328/0x630
[   64.804891]  ret_from_fork+0x10/0x20
[   64.804928] 
[   64.804953] freed by task 368 on cpu 1 at 64.803652s (0.001297s ago):
[   64.805015]  krealloc_noprof+0x148/0x360
[   64.805055]  test_krealloc+0x1dc/0x830
[   64.805093]  kunit_try_run_case+0x170/0x3f0
[   64.805130]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   64.805171]  kthread+0x328/0x630
[   64.805208]  ret_from_fork+0x10/0x20
[   64.805245] 
[   64.805292] CPU: 1 UID: 0 PID: 368 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   64.805372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   64.805401] Hardware name: linux,dummy-virt (DT)
[   64.805436] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30J3nY7QtuR6zFySSP24ERynb1Z

job_id

TEST:linaro@lkft#30J3tHAcCAzoumluJGVN0kuxFDU

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30J3tHAcCAzoumluJGVN0kuxFDU

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3pDsC9KNl7rr3iXBXH40Gq9W/Image.gz
sha256sum	544207c1b5a9d2840223bd62064127622ccefa2f812415650f45a51bca8475e6

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/arm64/rootfs.ext4.xz
sha256sum	4416595f610fe19a3fb374a6dd0942354bf27ddb827c7f1e8e5524ec95492466

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3pDsC9KNl7rr3iXBXH40Gq9W/modules.tar.xz
sha256sum	ae69e33cdc746370be45d97b12d0ee81e77ef54ca003ba881eec2f93d7e2865c

durations

tests

boot	0
kunit	170.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   63.505763] ==================================================================
[   63.506322] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   63.506322] 
[   63.506689] Use-after-free read at 0x(____ptrval____) (in kfence-#155):
[   63.506949]  test_krealloc+0x6fc/0xbe0
[   63.507695]  kunit_try_run_case+0x1a5/0x480
[   63.507891]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   63.508148]  kthread+0x337/0x6f0
[   63.508275]  ret_from_fork+0x116/0x1d0
[   63.508462]  ret_from_fork_asm+0x1a/0x30
[   63.508675] 
[   63.508769] kfence-#155: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   63.508769] 
[   63.509102] allocated by task 385 on cpu 0 at 63.505088s (0.004012s ago):
[   63.509948]  test_alloc+0x364/0x10f0
[   63.510234]  test_krealloc+0xad/0xbe0
[   63.510381]  kunit_try_run_case+0x1a5/0x480
[   63.510752]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   63.511108]  kthread+0x337/0x6f0
[   63.511276]  ret_from_fork+0x116/0x1d0
[   63.511601]  ret_from_fork_asm+0x1a/0x30
[   63.511795] 
[   63.511868] freed by task 385 on cpu 0 at 63.505339s (0.006527s ago):
[   63.512289]  krealloc_noprof+0x108/0x340
[   63.512473]  test_krealloc+0x226/0xbe0
[   63.512652]  kunit_try_run_case+0x1a5/0x480
[   63.512822]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   63.513344]  kthread+0x337/0x6f0
[   63.513507]  ret_from_fork+0x116/0x1d0
[   63.513809]  ret_from_fork_asm+0x1a/0x30
[   63.514097] 
[   63.514219] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   63.514871] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   63.515189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   63.515654] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30J3nY7QtuR6zFySSP24ERynb1Z

job_id

TEST:linaro@lkft#30J3uLzhpviDmlOWY3P9BXfcBAH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30J3uLzhpviDmlOWY3P9BXfcBAH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3qksL4GBwzrde5mtPKhFeFEL/bzImage
sha256sum	af4ccad1f72d598f267023cce1cb43d5ed4bda226a707e01686be85dd90634f7

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/amd64/rootfs.ext4.xz
sha256sum	f011d4ee6daca8ff6eb107b3ab1eb085d1f77f9019361779f04403719dd7a135

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3qksL4GBwzrde5mtPKhFeFEL/modules.tar.xz
sha256sum	7c95098d7c3fc4ab7a627a48c0cdbf1fa3d50531e33653f38a4f14abeedf82da

durations

tests

boot	0
kunit	254.60

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit