lkft/linux-mainline-master - v6.16-rc5-193-g40f92e79b0aa - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 11, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.248327] ==================================================================
[   50.248386] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.248386] 
[   50.248466] Use-after-free read at 0x00000000d16c9c4f (in kfence-#155):
[   50.248517]  test_krealloc+0x51c/0x830
[   50.248563]  kunit_try_run_case+0x170/0x3f0
[   50.248608]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.248653]  kthread+0x328/0x630
[   50.248691]  ret_from_fork+0x10/0x20
[   50.248749] 
[   50.248773] kfence-#155: 0x00000000d16c9c4f-0x000000003f3a6a53, size=32, cache=kmalloc-32
[   50.248773] 
[   50.248827] allocated by task 338 on cpu 1 at 50.247478s (0.001345s ago):
[   50.248906]  test_alloc+0x29c/0x628
[   50.248947]  test_krealloc+0xc0/0x830
[   50.248986]  kunit_try_run_case+0x170/0x3f0
[   50.249026]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.249069]  kthread+0x328/0x630
[   50.249105]  ret_from_fork+0x10/0x20
[   50.249144] 
[   50.249168] freed by task 338 on cpu 1 at 50.247911s (0.001253s ago):
[   50.249228]  krealloc_noprof+0x148/0x360
[   50.249266]  test_krealloc+0x1dc/0x830
[   50.249307]  kunit_try_run_case+0x170/0x3f0
[   50.249346]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.249390]  kthread+0x328/0x630
[   50.249425]  ret_from_fork+0x10/0x20
[   50.249464] 
[   50.249510] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   50.249589] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.249619] Hardware name: linux,dummy-virt (DT)
[   50.249655] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW7UZxPiH1T464u20hwJIzMWq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW7UZxPiH1T464u20hwJIzMWq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/Image.gz
sha256sum	73455ba8c867cc31230938836185eba847c55da4ba6373a74526940ec423a2fc

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/modules.tar.xz
sha256sum	b3a38b7dc2158aa4df654dd76a8d8d3385fffbddc38ddea05f97ea9d33ec2580

durations

tests

boot	0
kunit	180.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   49.991949] ==================================================================
[   49.992324] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.992324] 
[   49.992931] Use-after-free read at 0x(____ptrval____) (in kfence-#140):
[   49.993196]  test_krealloc+0x6fc/0xbe0
[   49.993378]  kunit_try_run_case+0x1a5/0x480
[   49.993593]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.993829]  kthread+0x337/0x6f0
[   49.994341]  ret_from_fork+0x116/0x1d0
[   49.994595]  ret_from_fork_asm+0x1a/0x30
[   49.994891] 
[   49.994985] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.994985] 
[   49.995502] allocated by task 354 on cpu 1 at 49.991337s (0.004162s ago):
[   49.996036]  test_alloc+0x364/0x10f0
[   49.996298]  test_krealloc+0xad/0xbe0
[   49.996453]  kunit_try_run_case+0x1a5/0x480
[   49.996650]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.997167]  kthread+0x337/0x6f0
[   49.997344]  ret_from_fork+0x116/0x1d0
[   49.997585]  ret_from_fork_asm+0x1a/0x30
[   49.997866] 
[   49.997963] freed by task 354 on cpu 1 at 49.991559s (0.006402s ago):
[   49.998242]  krealloc_noprof+0x108/0x340
[   49.998437]  test_krealloc+0x226/0xbe0
[   49.998614]  kunit_try_run_case+0x1a5/0x480
[   49.998805]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.999350]  kthread+0x337/0x6f0
[   49.999482]  ret_from_fork+0x116/0x1d0
[   49.999671]  ret_from_fork_asm+0x1a/0x30
[   50.000060] 
[   50.000254] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   50.000831] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.001206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   50.001651] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW8T0rf8x1xNcZqJ5ltfUVkWA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW8T0rf8x1xNcZqJ5ltfUVkWA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/bzImage
sha256sum	7f21af14d55a2a6c00657897b5a61581bc03fb7498328917a2f2ae35737ec23d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/modules.tar.xz
sha256sum	390422b5b27780b5bdc518a6075ef4179367a706b7d88bc8e5416986229d72fd

durations

tests

boot	0
kunit	209.86

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit