lkft/sashal-linus-next - v6.13-rc7-43420-g0bb7ecc6c892 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 9, 2025, 12:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   51.617164] ==================================================================
[   51.617228] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   51.617228] 
[   51.617319] Use-after-free read at 0x00000000b4879c15 (in kfence-#150):
[   51.617374]  test_krealloc+0x51c/0x830
[   51.617434]  kunit_try_run_case+0x170/0x3f0
[   51.617482]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.617529]  kthread+0x328/0x630
[   51.617570]  ret_from_fork+0x10/0x20
[   51.617611] 
[   51.617637] kfence-#150: 0x00000000b4879c15-0x000000009df091f5, size=32, cache=kmalloc-32
[   51.617637] 
[   51.617692] allocated by task 338 on cpu 1 at 51.616468s (0.001220s ago):
[   51.617763]  test_alloc+0x29c/0x628
[   51.617808]  test_krealloc+0xc0/0x830
[   51.617850]  kunit_try_run_case+0x170/0x3f0
[   51.617889]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.617932]  kthread+0x328/0x630
[   51.617970]  ret_from_fork+0x10/0x20
[   51.618008] 
[   51.618034] freed by task 338 on cpu 1 at 51.616782s (0.001248s ago):
[   51.618098]  krealloc_noprof+0x148/0x360
[   51.618138]  test_krealloc+0x1dc/0x830
[   51.618178]  kunit_try_run_case+0x170/0x3f0
[   51.618217]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.618262]  kthread+0x328/0x630
[   51.618299]  ret_from_fork+0x10/0x20
[   51.618339] 
[   51.618384] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   51.618475] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.618505] Hardware name: linux,dummy-virt (DT)
[   51.618540] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAEs3GnocWqbWkV7rOIaC0ynd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAEs3GnocWqbWkV7rOIaC0ynd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/Image.gz
sha256sum	43942746c31837a748f7022cb72cf36f2b91f61e7d895fc8b55a1572e458e713

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/modules.tar.xz
sha256sum	8807b7479e37c86501e73242d675a1e38566097096d6197d93fffacaa4ec941e

durations

tests

boot	0
kunit	176.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.731017] ==================================================================
[   48.731966] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.731966] 
[   48.732749] Use-after-free read at 0x(____ptrval____) (in kfence-#132):
[   48.732974]  test_krealloc+0x6fc/0xbe0
[   48.733342]  kunit_try_run_case+0x1a5/0x480
[   48.733725]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.734176]  kthread+0x337/0x6f0
[   48.734302]  ret_from_fork+0x116/0x1d0
[   48.734435]  ret_from_fork_asm+0x1a/0x30
[   48.734596] 
[   48.734671] kfence-#132: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.734671] 
[   48.734963] allocated by task 354 on cpu 0 at 48.730358s (0.004603s ago):
[   48.735203]  test_alloc+0x364/0x10f0
[   48.735400]  test_krealloc+0xad/0xbe0
[   48.735572]  kunit_try_run_case+0x1a5/0x480
[   48.735753]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.735970]  kthread+0x337/0x6f0
[   48.736161]  ret_from_fork+0x116/0x1d0
[   48.736318]  ret_from_fork_asm+0x1a/0x30
[   48.736517] 
[   48.736609] freed by task 354 on cpu 0 at 48.730628s (0.005979s ago):
[   48.736928]  krealloc_noprof+0x108/0x340
[   48.737111]  test_krealloc+0x226/0xbe0
[   48.737246]  kunit_try_run_case+0x1a5/0x480
[   48.737392]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.737646]  kthread+0x337/0x6f0
[   48.737882]  ret_from_fork+0x116/0x1d0
[   48.738055]  ret_from_fork_asm+0x1a/0x30
[   48.738246] 
[   48.738377] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   48.738792] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.738930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.739336] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAFkblEHml5vWceVaiL0Z7pv2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAFkblEHml5vWceVaiL0Z7pv2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/bzImage
sha256sum	27b537d7ff0cc2505073732e0426981d2e11aae2d444edf9f87b5f4cd09a88c1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/modules.tar.xz
sha256sum	de6330518eae5656446007b0b43210efdfbd212f286fe2bf16230e157f9f0923

durations

tests

boot	0
kunit	201.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit