lkft/linux-mainline-master - v6.16-rc6 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 13, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   48.689185] ==================================================================
[   48.689263] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   48.689263] 
[   48.689349] Use-after-free read at 0x00000000550a2f60 (in kfence-#142):
[   48.689402]  test_krealloc+0x51c/0x830
[   48.689448]  kunit_try_run_case+0x170/0x3f0
[   48.689493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.689538]  kthread+0x328/0x630
[   48.689578]  ret_from_fork+0x10/0x20
[   48.689620] 
[   48.689644] kfence-#142: 0x00000000550a2f60-0x0000000064a701d4, size=32, cache=kmalloc-32
[   48.689644] 
[   48.689699] allocated by task 338 on cpu 1 at 48.688548s (0.001147s ago):
[   48.689767]  test_alloc+0x29c/0x628
[   48.689809]  test_krealloc+0xc0/0x830
[   48.689848]  kunit_try_run_case+0x170/0x3f0
[   48.689888]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.689932]  kthread+0x328/0x630
[   48.689968]  ret_from_fork+0x10/0x20
[   48.690007] 
[   48.690030] freed by task 338 on cpu 1 at 48.688800s (0.001226s ago):
[   48.690091]  krealloc_noprof+0x148/0x360
[   48.690131]  test_krealloc+0x1dc/0x830
[   48.690169]  kunit_try_run_case+0x170/0x3f0
[   48.690225]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.690270]  kthread+0x328/0x630
[   48.690306]  ret_from_fork+0x10/0x20
[   48.690345] 
[   48.690391] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   48.690469] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.690499] Hardware name: linux,dummy-virt (DT)
[   48.690534] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zqAptjhcOzJ4yWziuszPhFuVFY

job_id

TEST:linaro@lkft#2zqAtvTnhA8tXUUOK3QDm2PF24C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAtvTnhA8tXUUOK3QDm2PF24C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAr1hYUrQW3RtaZkxautdt0BG/Image.gz
sha256sum	91974e256417c37307fb0eb79db4941b38ffb081f2b36dd1bf502ba6c5a3b85c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAr1hYUrQW3RtaZkxautdt0BG/modules.tar.xz
sha256sum	8ae65b38e3609075180c907454f6410350330e46fa245ab9d10ce638377cf59a

durations

tests

boot	0
kunit	168.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   49.668429] ==================================================================
[   49.668487] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   49.668487] 
[   49.668570] Use-after-free read at 0x00000000494b2d27 (in kfence-#148):
[   49.668622]  test_krealloc+0x51c/0x830
[   49.668665]  kunit_try_run_case+0x170/0x3f0
[   49.668710]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.668756]  kthread+0x328/0x630
[   49.668794]  ret_from_fork+0x10/0x20
[   49.668834] 
[   49.668857] kfence-#148: 0x00000000494b2d27-0x00000000616a487a, size=32, cache=kmalloc-32
[   49.668857] 
[   49.668913] allocated by task 338 on cpu 0 at 49.667785s (0.001123s ago):
[   49.668981]  test_alloc+0x29c/0x628
[   49.669019]  test_krealloc+0xc0/0x830
[   49.669059]  kunit_try_run_case+0x170/0x3f0
[   49.669097]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.669142]  kthread+0x328/0x630
[   49.669176]  ret_from_fork+0x10/0x20
[   49.669228] 
[   49.669252] freed by task 338 on cpu 0 at 49.668001s (0.001248s ago):
[   49.669313]  krealloc_noprof+0x148/0x360
[   49.669355]  test_krealloc+0x1dc/0x830
[   49.669394]  kunit_try_run_case+0x170/0x3f0
[   49.669434]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.669477]  kthread+0x328/0x630
[   49.669514]  ret_from_fork+0x10/0x20
[   49.669553] 
[   49.669597] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   49.669674] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.669704] Hardware name: linux,dummy-virt (DT)
[   49.669739] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zqAFfqIOxGLcXSxmIRvg01aRN8

job_id

TEST:linaro@lkft#2zqAL3z1Uwsecwff4F9eiE8LTwQ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAL3z1Uwsecwff4F9eiE8LTwQ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAHCzMADUVxqNcYOm5yIn8fV4/Image.gz
sha256sum	3301de7d03e943734eee038d439b5396ecf55f197ca9e5bf09da179d6dc89488

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAHCzMADUVxqNcYOm5yIn8fV4/modules.tar.xz
sha256sum	e81c255d24c32683641742211931fe0b81f9fc670f4f5aacee2b730bbb6c1c04

durations

tests

boot	0
kunit	176.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   50.197549] ==================================================================
[   50.197883] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   50.197883] 
[   50.198186] Use-after-free read at 0x(____ptrval____) (in kfence-#143):
[   50.198428]  test_krealloc+0x6fc/0xbe0
[   50.198629]  kunit_try_run_case+0x1a5/0x480
[   50.198962]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   50.199687]  kthread+0x337/0x6f0
[   50.199840]  ret_from_fork+0x116/0x1d0
[   50.199979]  ret_from_fork_asm+0x1a/0x30
[   50.200125] 
[   50.200198] kfence-#143: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   50.200198] 
[   50.201571] allocated by task 355 on cpu 1 at 50.196890s (0.004677s ago):
[   50.201930]  test_alloc+0x364/0x10f0
[   50.202117]  test_krealloc+0xad/0xbe0
[   50.202252]  kunit_try_run_case+0x1a5/0x480
[   50.202401]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   50.203228]  kthread+0x337/0x6f0
[   50.203369]  ret_from_fork+0x116/0x1d0
[   50.203870]  ret_from_fork_asm+0x1a/0x30
[   50.204428] 
[   50.204664] freed by task 355 on cpu 1 at 50.197149s (0.007512s ago):
[   50.204925]  krealloc_noprof+0x108/0x340
[   50.205133]  test_krealloc+0x226/0xbe0
[   50.205321]  kunit_try_run_case+0x1a5/0x480
[   50.205531]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   50.206079]  kthread+0x337/0x6f0
[   50.206256]  ret_from_fork+0x116/0x1d0
[   50.206675]  ret_from_fork_asm+0x1a/0x30
[   50.206946] 
[   50.207076] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   50.207666] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.207933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   50.208359] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zqAptjhcOzJ4yWziuszPhFuVFY

job_id

TEST:linaro@lkft#2zqAv13TsGihfIIXF8guTlDsAmU

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAv13TsGihfIIXF8guTlDsAmU

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAs2J5eY5rg68b56XS35R9qg3/bzImage
sha256sum	a5ae9a8919e6b38e9247226ab11aad01782f9a98290c7aea89ce99f032cb03f8

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAs2J5eY5rg68b56XS35R9qg3/modules.tar.xz
sha256sum	4577f1e051624f39dc637674c41c494d4fccbc4fe65a319e30f4fa0cd97e9a6b

durations

tests

boot	0
kunit	220.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   49.145778] ==================================================================
[   49.146244] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.146244] 
[   49.146586] Use-after-free read at 0x(____ptrval____) (in kfence-#133):
[   49.146997]  test_krealloc+0x6fc/0xbe0
[   49.147178]  kunit_try_run_case+0x1a5/0x480
[   49.147341]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.147742]  kthread+0x337/0x6f0
[   49.147954]  ret_from_fork+0x116/0x1d0
[   49.148106]  ret_from_fork_asm+0x1a/0x30
[   49.148344] 
[   49.148447] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.148447] 
[   49.148743] allocated by task 356 on cpu 0 at 49.145008s (0.003733s ago):
[   49.149093]  test_alloc+0x364/0x10f0
[   49.149300]  test_krealloc+0xad/0xbe0
[   49.149516]  kunit_try_run_case+0x1a5/0x480
[   49.149728]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.149976]  kthread+0x337/0x6f0
[   49.150141]  ret_from_fork+0x116/0x1d0
[   49.150373]  ret_from_fork_asm+0x1a/0x30
[   49.150522] 
[   49.150622] freed by task 356 on cpu 0 at 49.145312s (0.005307s ago):
[   49.150945]  krealloc_noprof+0x108/0x340
[   49.151200]  test_krealloc+0x226/0xbe0
[   49.151352]  kunit_try_run_case+0x1a5/0x480
[   49.151503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.151699]  kthread+0x337/0x6f0
[   49.151871]  ret_from_fork+0x116/0x1d0
[   49.152077]  ret_from_fork_asm+0x1a/0x30
[   49.152279] 
[   49.152400] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   49.152975] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.153130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   49.153607] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zqAFfqIOxGLcXSxmIRvg01aRN8

job_id

TEST:linaro@lkft#2zqALu2Oe2Lt2cHJbKxRgFXPxWl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqALu2Oe2Lt2cHJbKxRgFXPxWl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAInDHTQ1MJ3zW9aHru7mEB1o/bzImage
sha256sum	09b1d683c7484c0b3ea40e0e68e7e24d5319ec104b1b54a03517d8beaf049d75

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAInDHTQ1MJ3zW9aHru7mEB1o/modules.tar.xz
sha256sum	f6b96df8ffcaeb8ef3eb0533f6e104b9adaa5cd8ccb9736c96c5a9b77c7165bb

durations

tests

boot	0
kunit	212.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit