lkft/sashal-linus-next - v6.13-rc7-44054-ga0826ac5bfa4 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 20, 2025, 8:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   48.812470] ==================================================================
[   48.812530] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   48.812530] 
[   48.812612] Use-after-free read at 0x00000000ba05f26a (in kfence-#147):
[   48.812665]  test_krealloc+0x51c/0x830
[   48.812711]  kunit_try_run_case+0x170/0x3f0
[   48.812755]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.812800]  kthread+0x328/0x630
[   48.812838]  ret_from_fork+0x10/0x20
[   48.812883] 
[   48.812908] kfence-#147: 0x00000000ba05f26a-0x000000005169bf67, size=32, cache=kmalloc-32
[   48.812908] 
[   48.812961] allocated by task 338 on cpu 0 at 48.811862s (0.001095s ago):
[   48.813028]  test_alloc+0x29c/0x628
[   48.813078]  test_krealloc+0xc0/0x830
[   48.813117]  kunit_try_run_case+0x170/0x3f0
[   48.813157]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.813212]  kthread+0x328/0x630
[   48.813249]  ret_from_fork+0x10/0x20
[   48.813288] 
[   48.813310] freed by task 338 on cpu 0 at 48.812068s (0.001238s ago):
[   48.813372]  krealloc_noprof+0x148/0x360
[   48.813410]  test_krealloc+0x1dc/0x830
[   48.813449]  kunit_try_run_case+0x170/0x3f0
[   48.813488]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   48.813532]  kthread+0x328/0x630
[   48.813569]  ret_from_fork+0x10/0x20
[   48.813608] 
[   48.813652] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   48.813730] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.813760] Hardware name: linux,dummy-virt (DT)
[   48.813796] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

309aWYwhlSaX86OR0tyxd83BkVP

job_id

TEST:linaro@lkft#309aanSV96FyzA0myvVcjb3yGd6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309aanSV96FyzA0myvVcjb3yGd6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aXwXoGoTp4GczYC9pgbmH2fu/Image.gz
sha256sum	dd3efc46eaa5f6736b74b81818643c0723c262296650250cc4efcb52f7cb79a7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aXwXoGoTp4GczYC9pgbmH2fu/modules.tar.xz
sha256sum	f1c09dfa4ab8134d947ef1ee155c8283abaf591e8ee31c2f7bd7de0ce8dedb59

durations

tests

boot	0
kunit	165.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   49.356170] ==================================================================
[   49.356596] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   49.356596] 
[   49.357021] Use-after-free read at 0x(____ptrval____) (in kfence-#128):
[   49.357366]  test_krealloc+0x6fc/0xbe0
[   49.357556]  kunit_try_run_case+0x1a5/0x480
[   49.357811]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.358076]  kthread+0x337/0x6f0
[   49.358260]  ret_from_fork+0x116/0x1d0
[   49.358414]  ret_from_fork_asm+0x1a/0x30
[   49.358694] 
[   49.358829] kfence-#128: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   49.358829] 
[   49.359691] allocated by task 355 on cpu 1 at 49.355377s (0.004311s ago):
[   49.360083]  test_alloc+0x364/0x10f0
[   49.360225]  test_krealloc+0xad/0xbe0
[   49.360400]  kunit_try_run_case+0x1a5/0x480
[   49.360632]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.361185]  kthread+0x337/0x6f0
[   49.361662]  ret_from_fork+0x116/0x1d0
[   49.361853]  ret_from_fork_asm+0x1a/0x30
[   49.362321] 
[   49.362549] freed by task 355 on cpu 1 at 49.355680s (0.006865s ago):
[   49.362976]  krealloc_noprof+0x108/0x340
[   49.363287]  test_krealloc+0x226/0xbe0
[   49.363601]  kunit_try_run_case+0x1a5/0x480
[   49.363808]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   49.364249]  kthread+0x337/0x6f0
[   49.364539]  ret_from_fork+0x116/0x1d0
[   49.364820]  ret_from_fork_asm+0x1a/0x30
[   49.365052] 
[   49.365290] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   49.365778] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.366263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   49.366757] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

309aWYwhlSaX86OR0tyxd83BkVP

job_id

TEST:linaro@lkft#309abhHRloGo6mUcqoKlDU4ru3c

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309abhHRloGo6mUcqoKlDU4ru3c

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aZB5NzMRrrXvciMs4oS7OUp5/bzImage
sha256sum	5de0322184970aef882697713de6fec8525f446885c5f985efe758dc3916b299

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aZB5NzMRrrXvciMs4oS7OUp5/modules.tar.xz
sha256sum	864aee9916a5d44816f3b48962b2c1a6fbaa1d2aa14a1b69233d00be09ee20a2

durations

tests

boot	0
kunit	226.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit