lkft/linux-mainline-master - v6.16-rc6-121-g6832a9317eee - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 17, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.896901] ==================================================================
[   50.896964] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.896964] 
[   50.897049] Use-after-free read at 0x00000000da9c1692 (in kfence-#162):
[   50.897101]  test_krealloc+0x51c/0x830
[   50.897148]  kunit_try_run_case+0x170/0x3f0
[   50.897193]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.897238]  kthread+0x328/0x630
[   50.897276]  ret_from_fork+0x10/0x20
[   50.897317] 
[   50.897340] kfence-#162: 0x00000000da9c1692-0x000000007ba9f0bd, size=32, cache=kmalloc-32
[   50.897340] 
[   50.897393] allocated by task 337 on cpu 0 at 50.896198s (0.001192s ago):
[   50.897460]  test_alloc+0x29c/0x628
[   50.897500]  test_krealloc+0xc0/0x830
[   50.897540]  kunit_try_run_case+0x170/0x3f0
[   50.897579]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.897622]  kthread+0x328/0x630
[   50.897658]  ret_from_fork+0x10/0x20
[   50.897697] 
[   50.897722] freed by task 337 on cpu 0 at 50.896487s (0.001231s ago):
[   50.897784]  krealloc_noprof+0x148/0x360
[   50.897824]  test_krealloc+0x1dc/0x830
[   50.897873]  kunit_try_run_case+0x170/0x3f0
[   50.897913]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.897957]  kthread+0x328/0x630
[   50.897993]  ret_from_fork+0x10/0x20
[   50.898032] 
[   50.898073] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   50.898150] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.898181] Hardware name: linux,dummy-virt (DT)
[   50.898216] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T6gpYLeLGmQWpD00AWQfumjV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T6gpYLeLGmQWpD00AWQfumjV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/Image.gz
sha256sum	1e8a96425b394266b80f5a87f3e4c17a0920d75b386a58c4ea821fbec08b62cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/modules.tar.xz
sha256sum	2d1b6550fa3f9a7bcd72ff05007bba0c70779bc2a8f1888e75b7d4efc5d9e554

durations

tests

boot	0
kunit	176.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.419844] ==================================================================
[   48.420276] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.420276] 
[   48.420647] Use-after-free read at 0x(____ptrval____) (in kfence-#131):
[   48.420927]  test_krealloc+0x6fc/0xbe0
[   48.421136]  kunit_try_run_case+0x1a5/0x480
[   48.421364]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.421568]  kthread+0x337/0x6f0
[   48.421735]  ret_from_fork+0x116/0x1d0
[   48.422020]  ret_from_fork_asm+0x1a/0x30
[   48.422206] 
[   48.422309] kfence-#131: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.422309] 
[   48.422703] allocated by task 354 on cpu 1 at 48.419152s (0.003549s ago):
[   48.422970]  test_alloc+0x364/0x10f0
[   48.423148]  test_krealloc+0xad/0xbe0
[   48.423334]  kunit_try_run_case+0x1a5/0x480
[   48.423484]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.423769]  kthread+0x337/0x6f0
[   48.424065]  ret_from_fork+0x116/0x1d0
[   48.424205]  ret_from_fork_asm+0x1a/0x30
[   48.424390] 
[   48.424488] freed by task 354 on cpu 1 at 48.419439s (0.005045s ago):
[   48.425025]  krealloc_noprof+0x108/0x340
[   48.425219]  test_krealloc+0x226/0xbe0
[   48.425357]  kunit_try_run_case+0x1a5/0x480
[   48.425562]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.426358]  kthread+0x337/0x6f0
[   48.426556]  ret_from_fork+0x116/0x1d0
[   48.426906]  ret_from_fork_asm+0x1a/0x30
[   48.427122] 
[   48.427256] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   48.428036] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.428317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.428711] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T7xoEYOckNLikE6jjEAHHRA9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T7xoEYOckNLikE6jjEAHHRA9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/bzImage
sha256sum	d878b5e59deae208baa4e6d482e984445ae0ec4af3b5020650447f9d4a2c4b26

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/modules.tar.xz
sha256sum	291fe06cceb324f9770dcb63da3c986fce8e7a389aa66d36243b066e98ed6839

durations

tests

boot	0
kunit	276.12

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit