lkft/sashal-linus-next - v6.13-rc7-43435-gecfd4e45aa7e - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 9, 2025, 2:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   50.822589] ==================================================================
[   50.822648] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.822648] 
[   50.822736] Use-after-free read at 0x0000000022fb041e (in kfence-#152):
[   50.822788]  test_krealloc+0x51c/0x830
[   50.822833]  kunit_try_run_case+0x170/0x3f0
[   50.822878]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.822926]  kthread+0x328/0x630
[   50.822966]  ret_from_fork+0x10/0x20
[   50.823008] 
[   50.823032] kfence-#152: 0x0000000022fb041e-0x00000000316fbe94, size=32, cache=kmalloc-32
[   50.823032] 
[   50.823104] allocated by task 337 on cpu 0 at 50.821986s (0.001114s ago):
[   50.823174]  test_alloc+0x29c/0x628
[   50.823214]  test_krealloc+0xc0/0x830
[   50.823254]  kunit_try_run_case+0x170/0x3f0
[   50.823294]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.823336]  kthread+0x328/0x630
[   50.823373]  ret_from_fork+0x10/0x20
[   50.823411] 
[   50.823433] freed by task 337 on cpu 0 at 50.822203s (0.001226s ago):
[   50.823495]  krealloc_noprof+0x148/0x360
[   50.823536]  test_krealloc+0x1dc/0x830
[   50.823575]  kunit_try_run_case+0x170/0x3f0
[   50.823614]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.823657]  kthread+0x328/0x630
[   50.823691]  ret_from_fork+0x10/0x20
[   50.823731] 
[   50.823778] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5 #1 PREEMPT 
[   50.823865] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   50.823896] Hardware name: linux,dummy-virt (DT)
[   50.823931] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdnu4pJqTPxCDM01WetGTpcZWu

job_id

TEST:linaro@lkft#2zdnyB7OL0roABXRudexrWkB6AA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdnyB7OL0roABXRudexrWkB6AA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnvItg8MSQGpQ2PTgQjJbikMI/Image.gz
sha256sum	9fc3d2b9ecc4045dbbcaa0fce7c5393f9a1187e8c9f58809489a2386c2bba6f9

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnvItg8MSQGpQ2PTgQjJbikMI/modules.tar.xz
sha256sum	5f87b4429173aa3fe97d57eecb0d2d5f928699b458408678383ae22063f40b23

durations

tests

boot	0
kunit	181.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.232112] ==================================================================
[   48.232511] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.232511] 
[   48.232868] Use-after-free read at 0x(____ptrval____) (in kfence-#125):
[   48.233162]  test_krealloc+0x6fc/0xbe0
[   48.233305]  kunit_try_run_case+0x1a5/0x480
[   48.233546]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.233863]  kthread+0x337/0x6f0
[   48.234026]  ret_from_fork+0x116/0x1d0
[   48.234229]  ret_from_fork_asm+0x1a/0x30
[   48.234387] 
[   48.234463] kfence-#125: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.234463] 
[   48.234870] allocated by task 354 on cpu 0 at 48.231217s (0.003651s ago):
[   48.235230]  test_alloc+0x364/0x10f0
[   48.235405]  test_krealloc+0xad/0xbe0
[   48.235536]  kunit_try_run_case+0x1a5/0x480
[   48.235735]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.236278]  kthread+0x337/0x6f0
[   48.236457]  ret_from_fork+0x116/0x1d0
[   48.236621]  ret_from_fork_asm+0x1a/0x30
[   48.236762] 
[   48.236834] freed by task 354 on cpu 0 at 48.231651s (0.005181s ago):
[   48.237137]  krealloc_noprof+0x108/0x340
[   48.237360]  test_krealloc+0x226/0xbe0
[   48.237805]  kunit_try_run_case+0x1a5/0x480
[   48.237993]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.238210]  kthread+0x337/0x6f0
[   48.238369]  ret_from_fork+0x116/0x1d0
[   48.238539]  ret_from_fork_asm+0x1a/0x30
[   48.238738] 
[   48.239403] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   48.240195] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.240521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.241131] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdnu4pJqTPxCDM01WetGTpcZWu

job_id

TEST:linaro@lkft#2zdnz12aXMnIhwtiwfXXLzW2SfX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdnz12aXMnIhwtiwfXXLzW2SfX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnwL7Z3jTSF9idnXwNbKIrm5l/bzImage
sha256sum	e6f11fcb2c8291b84e69cf59825ab87253d1e31a31ee3254ee572a5b3c1a3c66

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnwL7Z3jTSF9idnXwNbKIrm5l/modules.tar.xz
sha256sum	3f6ece2e0f513330e7bf05b8b5fd9adc363b5b8ce0604b4c0b0febc2cae90572

durations

tests

boot	0
kunit	240.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit