lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   48.840101] ==================================================================
[   48.840157] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   48.840157] 
[   48.840247] Use-after-free read at 0x0000000084f60870 (in kfence-#148):
[   48.840297]  test_krealloc+0x51c/0x830
[   48.840344]  kunit_try_run_case+0x170/0x3f0
[   48.840402]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.840446]  kthread+0x328/0x630
[   48.840488]  ret_from_fork+0x10/0x20
[   48.840528] 
[   48.840553] kfence-#148: 0x0000000084f60870-0x0000000060432a82, size=32, cache=kmalloc-32
[   48.840553] 
[   48.840606] allocated by task 337 on cpu 1 at 48.839403s (0.001200s ago):
[   48.840688]  test_alloc+0x29c/0x628
[   48.840731]  test_krealloc+0xc0/0x830
[   48.840769]  kunit_try_run_case+0x170/0x3f0
[   48.840807]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.840851]  kthread+0x328/0x630
[   48.840887]  ret_from_fork+0x10/0x20
[   48.840927] 
[   48.840952] freed by task 337 on cpu 1 at 48.839689s (0.001259s ago):
[   48.841015]  krealloc_noprof+0x148/0x360
[   48.841055]  test_krealloc+0x1dc/0x830
[   48.841094]  kunit_try_run_case+0x170/0x3f0
[   48.841132]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.841176]  kthread+0x328/0x630
[   48.841210]  ret_from_fork+0x10/0x20
[   48.841250] 
[   48.841296] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   48.841374] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.841405] Hardware name: linux,dummy-virt (DT)
[   48.841441] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   49.064285] ==================================================================
[   49.064762] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.064762] 
[   49.065120] Use-after-free read at 0x(____ptrval____) (in kfence-#132):
[   49.065396]  test_krealloc+0x6fc/0xbe0
[   49.065595]  kunit_try_run_case+0x1a5/0x480
[   49.066177]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.066428]  kthread+0x337/0x6f0
[   49.066587]  ret_from_fork+0x116/0x1d0
[   49.066738]  ret_from_fork_asm+0x1a/0x30
[   49.066957] 
[   49.067064] kfence-#132: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.067064] 
[   49.067424] allocated by task 355 on cpu 1 at 49.063665s (0.003756s ago):
[   49.068260]  test_alloc+0x364/0x10f0
[   49.068403]  test_krealloc+0xad/0xbe0
[   49.068798]  kunit_try_run_case+0x1a5/0x480
[   49.069001]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.069357]  kthread+0x337/0x6f0
[   49.069640]  ret_from_fork+0x116/0x1d0
[   49.069833]  ret_from_fork_asm+0x1a/0x30
[   49.070145] 
[   49.070233] freed by task 355 on cpu 1 at 49.063922s (0.006309s ago):
[   49.070520]  krealloc_noprof+0x108/0x340
[   49.070899]  test_krealloc+0x226/0xbe0
[   49.071088]  kunit_try_run_case+0x1a5/0x480
[   49.071419]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.071753]  kthread+0x337/0x6f0
[   49.071922]  ret_from_fork+0x116/0x1d0
[   49.072096]  ret_from_fork_asm+0x1a/0x30
[   49.072273] 
[   49.072391] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   49.073134] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.073304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   49.073866] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308Wxco0Z10DyzYIW4nOQQqgkwI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308Wxco0Z10DyzYIW4nOQQqgkwI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/bzImage
sha256sum	aa8c3294f8e6a312d0005bf4942ab46073b3db37d1a255c29f470aad8b68ac89

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/modules.tar.xz
sha256sum	3f40af07dd0ca48c872811d115b0432b5fee72cae8136e55274a0e7676f09c6e

durations

tests

boot	0
kunit	198.91

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit