lkft/sashal-linus-next - v6.13-rc7-43418-g558c6dd4d863 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 5, 2025, 5:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.821858] ==================================================================
[   50.821948] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.821948] 
[   50.822033] Use-after-free read at 0x000000003be18ba6 (in kfence-#149):
[   50.822084]  test_krealloc+0x51c/0x830
[   50.822129]  kunit_try_run_case+0x170/0x3f0
[   50.822172]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.822216]  kthread+0x328/0x630
[   50.822254]  ret_from_fork+0x10/0x20
[   50.822294] 
[   50.822317] kfence-#149: 0x000000003be18ba6-0x00000000dfb1d0ce, size=32, cache=kmalloc-32
[   50.822317] 
[   50.822368] allocated by task 337 on cpu 0 at 50.821218s (0.001146s ago):
[   50.822436]  test_alloc+0x29c/0x628
[   50.822477]  test_krealloc+0xc0/0x830
[   50.822515]  kunit_try_run_case+0x170/0x3f0
[   50.822555]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.822598]  kthread+0x328/0x630
[   50.822633]  ret_from_fork+0x10/0x20
[   50.822674] 
[   50.822703] freed by task 337 on cpu 0 at 50.821468s (0.001231s ago):
[   50.822767]  krealloc_noprof+0x148/0x360
[   50.822806]  test_krealloc+0x1dc/0x830
[   50.822844]  kunit_try_run_case+0x170/0x3f0
[   50.822897]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.822941]  kthread+0x328/0x630
[   50.822977]  ret_from_fork+0x10/0x20
[   50.823016] 
[   50.823062] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   50.823138] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.823168] Hardware name: linux,dummy-virt (DT)
[   50.823202] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrWDq0bEi1EjtPufprycAKDeO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrWDq0bEi1EjtPufprycAKDeO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/Image.gz
sha256sum	c37d8937dcd7669a560694b12aa880cb8a3fca13f19914a1dd4b319a7759a1c4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/modules.tar.xz
sha256sum	54680ff2ac79b5b7aaf875ee8ccdcad9cb40402efd743a3b1747b89f302da86f

durations

tests

boot	0
kunit	171.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.547094] ==================================================================
[   48.547517] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.547517] 
[   48.547998] Use-after-free read at 0x(____ptrval____) (in kfence-#142):
[   48.548230]  test_krealloc+0x6fc/0xbe0
[   48.548431]  kunit_try_run_case+0x1a5/0x480
[   48.548661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.548839]  kthread+0x337/0x6f0
[   48.549547]  ret_from_fork+0x116/0x1d0
[   48.549807]  ret_from_fork_asm+0x1a/0x30
[   48.550004] 
[   48.550085] kfence-#142: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.550085] 
[   48.550499] allocated by task 356 on cpu 0 at 48.546527s (0.003970s ago):
[   48.551103]  test_alloc+0x364/0x10f0
[   48.551275]  test_krealloc+0xad/0xbe0
[   48.551561]  kunit_try_run_case+0x1a5/0x480
[   48.551753]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.551997]  kthread+0x337/0x6f0
[   48.552158]  ret_from_fork+0x116/0x1d0
[   48.552331]  ret_from_fork_asm+0x1a/0x30
[   48.552523] 
[   48.552605] freed by task 356 on cpu 0 at 48.546741s (0.005862s ago):
[   48.553277]  krealloc_noprof+0x108/0x340
[   48.553469]  test_krealloc+0x226/0xbe0
[   48.553876]  kunit_try_run_case+0x1a5/0x480
[   48.554150]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.554465]  kthread+0x337/0x6f0
[   48.554652]  ret_from_fork+0x116/0x1d0
[   48.554953]  ret_from_fork_asm+0x1a/0x30
[   48.555207] 
[   48.555332] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   48.555896] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.556189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.556633] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrX3orQWFDB1hBYGYI2ScAyiH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrX3orQWFDB1hBYGYI2ScAyiH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/bzImage
sha256sum	4a2ec3783c3fcf44f65d4d40ee2c81be96bf4d87b6db1ab01308c5fbd0723b99

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/modules.tar.xz
sha256sum	9f0760e2bc35f8a8e1fdf686c304d05bf0ea231e498a0100efa46359e97d8474

durations

tests

boot	0
kunit	205.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit