lkft/sashal-linus-next - v6.13-rc7-43113-gc1aa1031ff8a - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 1, 2025, 3:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.590290] ==================================================================
[   50.590361] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.590361] 
[   50.590453] Use-after-free read at 0x0000000056d61aa5 (in kfence-#155):
[   50.590506]  test_krealloc+0x51c/0x830
[   50.590550]  kunit_try_run_case+0x170/0x3f0
[   50.590611]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.590657]  kthread+0x328/0x630
[   50.590695]  ret_from_fork+0x10/0x20
[   50.590735] 
[   50.590759] kfence-#155: 0x0000000056d61aa5-0x00000000a3b67ea5, size=32, cache=kmalloc-32
[   50.590759] 
[   50.590815] allocated by task 338 on cpu 0 at 50.589663s (0.001148s ago):
[   50.590882]  test_alloc+0x29c/0x628
[   50.590923]  test_krealloc+0xc0/0x830
[   50.590960]  kunit_try_run_case+0x170/0x3f0
[   50.591000]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.591044]  kthread+0x328/0x630
[   50.591081]  ret_from_fork+0x10/0x20
[   50.591120] 
[   50.591143] freed by task 338 on cpu 0 at 50.589909s (0.001230s ago):
[   50.591204]  krealloc_noprof+0x148/0x360
[   50.591243]  test_krealloc+0x1dc/0x830
[   50.591282]  kunit_try_run_case+0x170/0x3f0
[   50.591321]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.591364]  kthread+0x328/0x630
[   50.591398]  ret_from_fork+0x10/0x20
[   50.591436] 
[   50.591481] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   50.591559] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.591598] Hardware name: linux,dummy-virt (DT)
[   50.591633] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zHKEi9O49DhNJUpxMLMiefbp3L

job_id

TEST:linaro@lkft#2zHKIIb7k2LkG7qRppW59lUrg8U

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zHKIIb7k2LkG7qRppW59lUrg8U

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKFl9sG3wnpHzZmfek4oLbn9j/Image.gz
sha256sum	e75e74df4814fa11846a7efec673873bef9c8756bbe2da22fe34e97c0541b174

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKFl9sG3wnpHzZmfek4oLbn9j/modules.tar.xz
sha256sum	674628aa7a27410086b2c333f185bc7f2390d598f63f5090de1b248066659744

durations

tests

boot	0
kunit	174.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   49.775809] ==================================================================
[   49.776240] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.776240] 
[   49.776699] Use-after-free read at 0x(____ptrval____) (in kfence-#150):
[   49.776944]  test_krealloc+0x6fc/0xbe0
[   49.777162]  kunit_try_run_case+0x1a5/0x480
[   49.777395]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.777620]  kthread+0x337/0x6f0
[   49.777875]  ret_from_fork+0x116/0x1d0
[   49.778099]  ret_from_fork_asm+0x1a/0x30
[   49.778321] 
[   49.778428] kfence-#150: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.778428] 
[   49.778796] allocated by task 354 on cpu 1 at 49.775020s (0.003774s ago):
[   49.779118]  test_alloc+0x364/0x10f0
[   49.779328]  test_krealloc+0xad/0xbe0
[   49.779459]  kunit_try_run_case+0x1a5/0x480
[   49.779603]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.780034]  kthread+0x337/0x6f0
[   49.780209]  ret_from_fork+0x116/0x1d0
[   49.780369]  ret_from_fork_asm+0x1a/0x30
[   49.780582] 
[   49.780699] freed by task 354 on cpu 1 at 49.775320s (0.005376s ago):
[   49.781002]  krealloc_noprof+0x108/0x340
[   49.781529]  test_krealloc+0x226/0xbe0
[   49.781750]  kunit_try_run_case+0x1a5/0x480
[   49.782360]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.782797]  kthread+0x337/0x6f0
[   49.783080]  ret_from_fork+0x116/0x1d0
[   49.783233]  ret_from_fork_asm+0x1a/0x30
[   49.783431] 
[   49.783564] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   49.784005] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.784200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   49.784549] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zHKEi9O49DhNJUpxMLMiefbp3L

job_id

TEST:linaro@lkft#2zHKJB7Vmr3YpZNtQVPcNXGc03Y

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zHKJB7Vmr3YpZNtQVPcNXGc03Y

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKGWUMhHSR70srczhDqbaHRzn/bzImage
sha256sum	dbd6c6ee080c42d4ab34ddd560f751df4f05ac57b1c1574c3e8dabbf75044859

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKGWUMhHSR70srczhDqbaHRzn/modules.tar.xz
sha256sum	40c807fc7c31b6ab24c7f1122956d75b22da72c0f5973ee582d05cc412c6f22f

durations

tests

boot	0
kunit	218.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit