lkft/linux-mainline-master - v6.16-rc7 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 20, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.999101] ==================================================================
[   50.999178] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.999178] 
[   50.999261] Use-after-free read at 0x000000004da953c2 (in kfence-#155):
[   50.999312]  test_krealloc+0x51c/0x830
[   50.999358]  kunit_try_run_case+0x170/0x3f0
[   50.999401]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.999448]  kthread+0x328/0x630
[   50.999485]  ret_from_fork+0x10/0x20
[   50.999525] 
[   50.999549] kfence-#155: 0x000000004da953c2-0x00000000acbd6f2b, size=32, cache=kmalloc-32
[   50.999549] 
[   50.999603] allocated by task 337 on cpu 1 at 50.998416s (0.001184s ago):
[   50.999672]  test_alloc+0x29c/0x628
[   50.999713]  test_krealloc+0xc0/0x830
[   50.999752]  kunit_try_run_case+0x170/0x3f0
[   50.999792]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.999835]  kthread+0x328/0x630
[   50.999871]  ret_from_fork+0x10/0x20
[   50.999926] 
[   50.999950] freed by task 337 on cpu 1 at 50.998692s (0.001254s ago):
[   51.000013]  krealloc_noprof+0x148/0x360
[   51.000051]  test_krealloc+0x1dc/0x830
[   51.000091]  kunit_try_run_case+0x170/0x3f0
[   51.000131]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.000175]  kthread+0x328/0x630
[   51.000211]  ret_from_fork+0x10/0x20
[   51.000250] 
[   51.000294] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   51.000373] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.000404] Hardware name: linux,dummy-virt (DT)
[   51.000439] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

309x5ObUbFzpU8LyzOOSdUfjPcK

job_id

TEST:linaro@lkft#309xBIracfhK9V3GlYfC8LOCkkh

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309xBIracfhK9V3GlYfC8LOCkkh

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309x6r3VkUT5E36FuuEPEjUKxgS/Image.gz
sha256sum	e30740b6a863df299bf79f0e7d1de6310b817cd727f60b2a9a659035822f0af4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309x6r3VkUT5E36FuuEPEjUKxgS/modules.tar.xz
sha256sum	eefc2a9ac3129ad696f00a71a502b9c132b90c2da1abb5c62a30781dfd11657a

durations

tests

boot	0
kunit	172.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   49.646211] ==================================================================
[   49.646284] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   49.646284] 
[   49.646371] Use-after-free read at 0x000000006ac78bef (in kfence-#150):
[   49.646423]  test_krealloc+0x51c/0x830
[   49.646468]  kunit_try_run_case+0x170/0x3f0
[   49.646513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.646556]  kthread+0x328/0x630
[   49.646597]  ret_from_fork+0x10/0x20
[   49.646654] 
[   49.646678] kfence-#150: 0x000000006ac78bef-0x000000008e55349d, size=32, cache=kmalloc-32
[   49.646678] 
[   49.646734] allocated by task 337 on cpu 0 at 49.645575s (0.001155s ago):
[   49.646801]  test_alloc+0x29c/0x628
[   49.646840]  test_krealloc+0xc0/0x830
[   49.646880]  kunit_try_run_case+0x170/0x3f0
[   49.646919]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.646962]  kthread+0x328/0x630
[   49.646996]  ret_from_fork+0x10/0x20
[   49.647036] 
[   49.647059] freed by task 337 on cpu 0 at 49.645804s (0.001251s ago):
[   49.647119]  krealloc_noprof+0x148/0x360
[   49.647159]  test_krealloc+0x1dc/0x830
[   49.647199]  kunit_try_run_case+0x170/0x3f0
[   49.647237]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.647280]  kthread+0x328/0x630
[   49.647316]  ret_from_fork+0x10/0x20
[   49.647353] 
[   49.647398] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   49.647477] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.647507] Hardware name: linux,dummy-virt (DT)
[   49.647542] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

309wVITZ6NBRczMm3nMgYoirFB6

job_id

TEST:linaro@lkft#309wZRni24IYUAnxn7vdfI8LQ8Q

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309wZRni24IYUAnxn7vdfI8LQ8Q

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309wWVmLM5NBt70nqZVpnGHDPJL/Image.gz
sha256sum	74805294b874e6885a29245bb570f9e3417e9e28c8185f5307cf2eda3ff93fb7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309wWVmLM5NBt70nqZVpnGHDPJL/modules.tar.xz
sha256sum	6bb50cef8948a7c0cb544b1b2c047ab23cb31154624d745dca93084d8a8a44cc

durations

tests

boot	0
kunit	179.93

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   51.268039] ==================================================================
[   51.268427] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   51.268427] 
[   51.268932] Use-after-free read at 0x(____ptrval____) (in kfence-#152):
[   51.269200]  test_krealloc+0x6fc/0xbe0
[   51.269392]  kunit_try_run_case+0x1a5/0x480
[   51.269656]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.269883]  kthread+0x337/0x6f0
[   51.270055]  ret_from_fork+0x116/0x1d0
[   51.270224]  ret_from_fork_asm+0x1a/0x30
[   51.270425] 
[   51.270523] kfence-#152: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   51.270523] 
[   51.270814] allocated by task 355 on cpu 1 at 51.267355s (0.003457s ago):
[   51.271788]  test_alloc+0x364/0x10f0
[   51.271980]  test_krealloc+0xad/0xbe0
[   51.272195]  kunit_try_run_case+0x1a5/0x480
[   51.272486]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.272790]  kthread+0x337/0x6f0
[   51.272917]  ret_from_fork+0x116/0x1d0
[   51.273257]  ret_from_fork_asm+0x1a/0x30
[   51.273442] 
[   51.273520] freed by task 355 on cpu 1 at 51.267644s (0.005873s ago):
[   51.273780]  krealloc_noprof+0x108/0x340
[   51.273923]  test_krealloc+0x226/0xbe0
[   51.274061]  kunit_try_run_case+0x1a5/0x480
[   51.274208]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   51.274398]  kthread+0x337/0x6f0
[   51.274534]  ret_from_fork+0x116/0x1d0
[   51.274669]  ret_from_fork_asm+0x1a/0x30
[   51.274915] 
[   51.275044] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   51.275471] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.275784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   51.276138] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

309x5ObUbFzpU8LyzOOSdUfjPcK

job_id

TEST:linaro@lkft#309xCSsAm8c1VYb5dcu5sknfgSw

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309xCSsAm8c1VYb5dcu5sknfgSw

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309x8IF1hI1lZOcQSeL4qqQoUy8/bzImage
sha256sum	e3164212926cde5cf5c2db586c7b527178fd0fcaca68ddebd4f9d3c49dc193c9

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309x8IF1hI1lZOcQSeL4qqQoUy8/modules.tar.xz
sha256sum	e261d4379790c6d3277c083da5e816b60769799af5be4eb5dd36081911673279

durations

tests

boot	0
kunit	214.92

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   48.569862] ==================================================================
[   48.570283] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.570283] 
[   48.570715] Use-after-free read at 0x(____ptrval____) (in kfence-#126):
[   48.570996]  test_krealloc+0x6fc/0xbe0
[   48.571152]  kunit_try_run_case+0x1a5/0x480
[   48.571363]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.571607]  kthread+0x337/0x6f0
[   48.571783]  ret_from_fork+0x116/0x1d0
[   48.571924]  ret_from_fork_asm+0x1a/0x30
[   48.572126] 
[   48.572263] kfence-#126: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.572263] 
[   48.572948] allocated by task 355 on cpu 1 at 48.569192s (0.003754s ago):
[   48.573563]  test_alloc+0x364/0x10f0
[   48.574066]  test_krealloc+0xad/0xbe0
[   48.574260]  kunit_try_run_case+0x1a5/0x480
[   48.574560]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.574818]  kthread+0x337/0x6f0
[   48.574993]  ret_from_fork+0x116/0x1d0
[   48.575205]  ret_from_fork_asm+0x1a/0x30
[   48.575451] 
[   48.575560] freed by task 355 on cpu 1 at 48.569481s (0.006075s ago):
[   48.575848]  krealloc_noprof+0x108/0x340
[   48.576060]  test_krealloc+0x226/0xbe0
[   48.576262]  kunit_try_run_case+0x1a5/0x480
[   48.576467]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.576732]  kthread+0x337/0x6f0
[   48.576876]  ret_from_fork+0x116/0x1d0
[   48.577054]  ret_from_fork_asm+0x1a/0x30
[   48.577279] 
[   48.577405] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   48.577860] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.578520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.578847] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

309wVITZ6NBRczMm3nMgYoirFB6

job_id

TEST:linaro@lkft#309wac02EW3pU2GjOEm7Gie5p7d

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309wac02EW3pU2GjOEm7Gie5p7d

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309wXPon0kYFkJJI8TrO96Zkm9k/bzImage
sha256sum	7a3c580951afddeb963eaa58a772442036391e058a51e4a72b3fc35151107371

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309wXPon0kYFkJJI8TrO96Zkm9k/modules.tar.xz
sha256sum	1ece092fe8fa1f4db13c79ba4009b57e1c0b1d389cd2f8e9c3e127922a73f035

durations

tests

boot	0
kunit	209.99

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit