lkft/linux-mainline-master - v6.16-rc6-2-g155a3c003e55 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 15, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   50.029980] ==================================================================
[   50.030055] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.030055] 
[   50.030138] Use-after-free read at 0x00000000dcd8e5a3 (in kfence-#152):
[   50.030209]  test_krealloc+0x51c/0x830
[   50.030254]  kunit_try_run_case+0x170/0x3f0
[   50.030297]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.030341]  kthread+0x328/0x630
[   50.030380]  ret_from_fork+0x10/0x20
[   50.030418] 
[   50.030442] kfence-#152: 0x00000000dcd8e5a3-0x00000000cd656a55, size=32, cache=kmalloc-32
[   50.030442] 
[   50.030498] allocated by task 338 on cpu 0 at 50.029357s (0.001137s ago):
[   50.030566]  test_alloc+0x29c/0x628
[   50.030607]  test_krealloc+0xc0/0x830
[   50.030647]  kunit_try_run_case+0x170/0x3f0
[   50.030686]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.030728]  kthread+0x328/0x630
[   50.030764]  ret_from_fork+0x10/0x20
[   50.030802] 
[   50.030824] freed by task 338 on cpu 0 at 50.029588s (0.001233s ago):
[   50.030885]  krealloc_noprof+0x148/0x360
[   50.030924]  test_krealloc+0x1dc/0x830
[   50.030962]  kunit_try_run_case+0x170/0x3f0
[   50.031000]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.031043]  kthread+0x328/0x630
[   50.031078]  ret_from_fork+0x10/0x20
[   50.031115] 
[   50.031158] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   50.031244] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.031272] Hardware name: linux,dummy-virt (DT)
[   50.031306] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP10Uvq3v7pNP5Dz5FpJPvIM7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP10Uvq3v7pNP5Dz5FpJPvIM7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/Image.gz
sha256sum	5a0d130704720f4526a2744fe4c07d1dc11e96f7c77a2725cbb1e7b19399a7ae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/modules.tar.xz
sha256sum	5545751b55566af933425aa17face5fb1f95b6bef7d17212e64661e6fa4f872f

durations

tests

boot	0
kunit	176.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   50.572226] ==================================================================
[   50.572619] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   50.572619] 
[   50.572983] Use-after-free read at 0x(____ptrval____) (in kfence-#144):
[   50.573254]  test_krealloc+0x6fc/0xbe0
[   50.573424]  kunit_try_run_case+0x1a5/0x480
[   50.573797]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   50.573996]  kthread+0x337/0x6f0
[   50.574161]  ret_from_fork+0x116/0x1d0
[   50.574344]  ret_from_fork_asm+0x1a/0x30
[   50.574578] 
[   50.574671] kfence-#144: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   50.574671] 
[   50.574979] allocated by task 354 on cpu 0 at 50.571623s (0.003354s ago):
[   50.575309]  test_alloc+0x364/0x10f0
[   50.575488]  test_krealloc+0xad/0xbe0
[   50.575707]  kunit_try_run_case+0x1a5/0x480
[   50.575930]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   50.576172]  kthread+0x337/0x6f0
[   50.576318]  ret_from_fork+0x116/0x1d0
[   50.576532]  ret_from_fork_asm+0x1a/0x30
[   50.576710] 
[   50.576813] freed by task 354 on cpu 0 at 50.571854s (0.004957s ago):
[   50.577057]  krealloc_noprof+0x108/0x340
[   50.577258]  test_krealloc+0x226/0xbe0
[   50.577424]  kunit_try_run_case+0x1a5/0x480
[   50.577639]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   50.578049]  kthread+0x337/0x6f0
[   50.578234]  ret_from_fork+0x116/0x1d0
[   50.578431]  ret_from_fork_asm+0x1a/0x30
[   50.579359] 
[   50.579546] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   50.580061] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.580327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   50.580709] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP26Tk5EJZ1G6GaUB8xY8QPvA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP26Tk5EJZ1G6GaUB8xY8QPvA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/bzImage
sha256sum	7f84fda91605b0af54dfe2d5c5260bb6187dbc13cda660557c6c08afdfffa70b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/modules.tar.xz
sha256sum	de8e55555874efdb420c4953f6a34916082341d76415460497e1eaea92137ba8

durations

tests

boot	0
kunit	205.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit