lkft/linux-mainline-master - v6.16-rc4-308-ga79a588fc176 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   53.371646] ==================================================================
[   53.371726] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   53.371726] 
[   53.371817] Use-after-free read at 0x0000000024d668b1 (in kfence-#194):
[   53.371871]  test_krealloc+0x51c/0x830
[   53.371919]  kunit_try_run_case+0x170/0x3f0
[   53.371963]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.372009]  kthread+0x328/0x630
[   53.372047]  ret_from_fork+0x10/0x20
[   53.372086] 
[   53.372112] kfence-#194: 0x0000000024d668b1-0x00000000458f7052, size=32, cache=kmalloc-32
[   53.372112] 
[   53.372168] allocated by task 338 on cpu 0 at 53.370802s (0.001362s ago):
[   53.372242]  test_alloc+0x29c/0x628
[   53.372285]  test_krealloc+0xc0/0x830
[   53.372324]  kunit_try_run_case+0x170/0x3f0
[   53.372389]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.372435]  kthread+0x328/0x630
[   53.372473]  ret_from_fork+0x10/0x20
[   53.372510] 
[   53.372535] freed by task 338 on cpu 0 at 53.371160s (0.001371s ago):
[   53.372598]  krealloc_noprof+0x148/0x360
[   53.372640]  test_krealloc+0x1dc/0x830
[   53.372679]  kunit_try_run_case+0x170/0x3f0
[   53.372719]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.372763]  kthread+0x328/0x630
[   53.372797]  ret_from_fork+0x10/0x20
[   53.372838] 
[   53.372882] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   53.372960] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.372992] Hardware name: linux,dummy-virt (DT)
[   53.373027] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9lY7pmzTyF5GZT87TbkuZzBC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9lY7pmzTyF5GZT87TbkuZzBC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/Image.gz
sha256sum	d911e61984c5ccbd01c648abc160f807c2efba8f94f7c18dc8b8d0a36d529c56

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/modules.tar.xz
sha256sum	229f6c9e52037b561fbd9dc9141868d0d6dc0d1d276f92a71b0be16dd31c079a

durations

tests

boot	0
kunit	261.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   51.684808] ==================================================================
[   51.685262] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   51.685262] 
[   51.685733] Use-after-free read at 0x(____ptrval____) (in kfence-#150):
[   51.686068]  test_krealloc+0x6fc/0xbe0
[   51.686243]  kunit_try_run_case+0x1a5/0x480
[   51.686503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.686729]  kthread+0x337/0x6f0
[   51.686884]  ret_from_fork+0x116/0x1d0
[   51.687114]  ret_from_fork_asm+0x1a/0x30
[   51.687351] 
[   51.687470] kfence-#150: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   51.687470] 
[   51.687949] allocated by task 355 on cpu 1 at 51.684074s (0.003872s ago):
[   51.688217]  test_alloc+0x364/0x10f0
[   51.688370]  test_krealloc+0xad/0xbe0
[   51.688523]  kunit_try_run_case+0x1a5/0x480
[   51.689479]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.689820]  kthread+0x337/0x6f0
[   51.690292]  ret_from_fork+0x116/0x1d0
[   51.690583]  ret_from_fork_asm+0x1a/0x30
[   51.690807] 
[   51.690900] freed by task 355 on cpu 1 at 51.684371s (0.006526s ago):
[   51.691153]  krealloc_noprof+0x108/0x340
[   51.691317]  test_krealloc+0x226/0xbe0
[   51.692137]  kunit_try_run_case+0x1a5/0x480
[   51.692557]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.693051]  kthread+0x337/0x6f0
[   51.693440]  ret_from_fork+0x116/0x1d0
[   51.693869]  ret_from_fork_asm+0x1a/0x30
[   51.694095] 
[   51.694220] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   51.694864] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.695488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   51.696231] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9mkQQgPe0x67T169Rj4E3EKb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9mkQQgPe0x67T169Rj4E3EKb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/bzImage
sha256sum	e6462f167ba39a4560973d29e3ca2b81ea2e7cac79fe6da863e3a5afb12c21c7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/modules.tar.xz
sha256sum	f0ef2394c8d178534891fc564988b24b7b350755baf7b1a12ef32113ab0e4297

durations

tests

boot	0
kunit	252.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit