lkft/linux-mainline-master - v6.16-rc6-253-g4871b7cb27f4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 19, 2025, 11:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   48.530770] ==================================================================
[   48.530833] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   48.530833] 
[   48.530916] Use-after-free read at 0x000000005a9ef1fb (in kfence-#147):
[   48.530968]  test_krealloc+0x51c/0x830
[   48.531013]  kunit_try_run_case+0x170/0x3f0
[   48.531057]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.531102]  kthread+0x328/0x630
[   48.531141]  ret_from_fork+0x10/0x20
[   48.531182] 
[   48.531207] kfence-#147: 0x000000005a9ef1fb-0x000000000029d2be, size=32, cache=kmalloc-32
[   48.531207] 
[   48.531260] allocated by task 338 on cpu 0 at 48.530155s (0.001100s ago):
[   48.531327]  test_alloc+0x29c/0x628
[   48.531366]  test_krealloc+0xc0/0x830
[   48.531404]  kunit_try_run_case+0x170/0x3f0
[   48.531444]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.531488]  kthread+0x328/0x630
[   48.531524]  ret_from_fork+0x10/0x20
[   48.531578] 
[   48.531600] freed by task 338 on cpu 0 at 48.530361s (0.001236s ago):
[   48.531662]  krealloc_noprof+0x148/0x360
[   48.531702]  test_krealloc+0x1dc/0x830
[   48.531741]  kunit_try_run_case+0x170/0x3f0
[   48.531780]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.531823]  kthread+0x328/0x630
[   48.531859]  ret_from_fork+0x10/0x20
[   48.531897] 
[   48.531940] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   48.532019] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.532048] Hardware name: linux,dummy-virt (DT)
[   48.532084] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hjrHVuMhrP4C74zJJY45Voxp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hjrHVuMhrP4C74zJJY45Voxp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/Image.gz
sha256sum	c169ac4c7e9b0e4bbf64da467768ab89f00b0225b3c522460b0d6d662bcd1ac5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/modules.tar.xz
sha256sum	999d2f5e28bad9d0877e65fac807375f30017fd2497321fa0aded245299f46f3

durations

tests

boot	0
kunit	166.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   49.782161] ==================================================================
[   49.782644] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.782644] 
[   49.782992] Use-after-free read at 0x(____ptrval____) (in kfence-#140):
[   49.783372]  test_krealloc+0x6fc/0xbe0
[   49.783579]  kunit_try_run_case+0x1a5/0x480
[   49.783733]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.783989]  kthread+0x337/0x6f0
[   49.784145]  ret_from_fork+0x116/0x1d0
[   49.784342]  ret_from_fork_asm+0x1a/0x30
[   49.784513] 
[   49.784596] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.784596] 
[   49.784917] allocated by task 355 on cpu 0 at 49.781425s (0.003489s ago):
[   49.785234]  test_alloc+0x364/0x10f0
[   49.785416]  test_krealloc+0xad/0xbe0
[   49.785608]  kunit_try_run_case+0x1a5/0x480
[   49.785757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.785987]  kthread+0x337/0x6f0
[   49.786163]  ret_from_fork+0x116/0x1d0
[   49.786379]  ret_from_fork_asm+0x1a/0x30
[   49.786531] 
[   49.786603] freed by task 355 on cpu 0 at 49.781682s (0.004919s ago):
[   49.786815]  krealloc_noprof+0x108/0x340
[   49.787006]  test_krealloc+0x226/0xbe0
[   49.787204]  kunit_try_run_case+0x1a5/0x480
[   49.787411]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.787635]  kthread+0x337/0x6f0
[   49.787757]  ret_from_fork+0x116/0x1d0
[   49.787889]  ret_from_fork_asm+0x1a/0x30
[   49.788088] 
[   49.788214] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   49.788701] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.788872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   49.789237] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hkxk4umYymvAHR1enE6Lr0J7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hkxk4umYymvAHR1enE6Lr0J7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/bzImage
sha256sum	4b79c38ff9b1d3fd5b9bc01d29127c64ba58368915842f230bb5db740b0e37c2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/modules.tar.xz
sha256sum	3ef36255dcc209be48379112d67feb901ccf616788896aa1facf84baa027e63e

durations

tests

boot	0
kunit	219.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit