lkft/linux-stable-rc-linux-6.1.y - v6.1.144-91-gcb3da7d94d12 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 15, 2025, 2:10 p.m.

Environment
qemu-arm64
qemu-i386
qemu-x86_64

[  132.158616] ==================================================================
[  132.159316] BUG: KFENCE: use-after-free read in test_krealloc+0x3bc/0x454
[  132.159316] 
[  132.160125] Use-after-free read at 0x0000000042142bad (in kfence-#200):
[  132.160795]  test_krealloc+0x3bc/0x454
[  132.161275]  kunit_try_run_case+0x8c/0x124
[  132.161831]  kunit_generic_run_threadfn_adapter+0x38/0x54
[  132.162472]  kthread+0x15c/0x170
[  132.162925]  ret_from_fork+0x10/0x20
[  132.163359] 
[  132.163569] kfence-#200: 0x0000000042142bad-0x000000001dfcd44f, size=32, cache=kmalloc-128
[  132.163569] 
[  132.164440] allocated by task 282 on cpu 0 at 132.157187s:
[  132.165121]  test_alloc+0x1e8/0x3b4
[  132.165523]  test_krealloc+0xc0/0x454
[  132.165967]  kunit_try_run_case+0x8c/0x124
[  132.166430]  kunit_generic_run_threadfn_adapter+0x38/0x54
[  132.167029]  kthread+0x15c/0x170
[  132.167439]  ret_from_fork+0x10/0x20
[  132.167877] 
[  132.168087] freed by task 282 on cpu 0 at 132.157814s:
[  132.168771]  krealloc+0xbc/0x1c0
[  132.169165]  test_krealloc+0x180/0x454
[  132.169614]  kunit_try_run_case+0x8c/0x124
[  132.170115]  kunit_generic_run_threadfn_adapter+0x38/0x54
[  132.170703]  kthread+0x15c/0x170
[  132.171111]  ret_from_fork+0x10/0x20
[  132.171566] 
[  132.171824] CPU: 0 PID: 282 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[  132.172591] Hardware name: linux,dummy-virt (DT)
[  132.173055] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuku2CqOSBNjm45lvXKYaLjyqD

job_id

TEST:linaro@lkft#2zukxuUzgzB4Ezgs5GglYIWrCcy

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukxuUzgzB4Ezgs5GglYIWrCcy

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukv5fvGaYrkWQbk6DJhuKMdEU/Image.gz
sha256sum	f207122de080b4dd87c117e1f4564194b77335fde7cda38cfecd1790579d0e38

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukv5fvGaYrkWQbk6DJhuKMdEU/modules.tar.xz
sha256sum	fc306090dc4bdea93596b94d164d0c6a778c7df8acd06727f4b4753e0287ed0f

durations

tests

boot	0
kunit	203.23

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   47.267384] ==================================================================
[   47.267681] BUG: KFENCE: use-after-free read in test_krealloc+0x2b8/0x308
[   47.267681] 
[   47.267919] Use-after-free read at 0x(ptrval) (in kfence-#88):
[   47.268212]  test_krealloc+0x2b8/0x308
[   47.268343]  kunit_try_run_case+0x52/0x80
[   47.268471]  kunit_generic_run_threadfn_adapter+0x16/0x20
[   47.268688]  kthread+0xda/0x100
[   47.268808]  ret_from_fork+0x1c/0x28
[   47.268923] 
[   47.268998] kfence-#88: 0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32
[   47.268998] 
[   47.269300] allocated by task 222 on cpu 0 at 47.267025s:
[   47.269505]  test_alloc+0xc2/0x224
[   47.269602]  test_krealloc+0x3c/0x308
[   47.269743]  kunit_try_run_case+0x52/0x80
[   47.269922]  kunit_generic_run_threadfn_adapter+0x16/0x20
[   47.270134]  kthread+0xda/0x100
[   47.270263]  ret_from_fork+0x1c/0x28
[   47.270388] 
[   47.270464] freed by task 222 on cpu 0 at 47.267200s:
[   47.270661]  krealloc+0x6c/0x1e0
[   47.270752]  test_krealloc+0xdc/0x308
[   47.270910]  kunit_try_run_case+0x52/0x80
[   47.271079]  kunit_generic_run_threadfn_adapter+0x16/0x20
[   47.271282]  kthread+0xda/0x100
[   47.271421]  ret_from_fork+0x1c/0x28
[   47.271546] 
[   47.271601] CPU: 0 PID: 222 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   47.271813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.272038] ==================================================================

Metadata Full log Test run details

arch

i386

host

x86_64

plan

2zuku2CqOSBNjm45lvXKYaLjyqD

job_id

TEST:linaro@lkft#2zukyQLY8S23AgYpoGDu8ZYmE4w

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukyQLY8S23AgYpoGDu8ZYmE4w

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukvAq5zeRt6oQJNkCtwR08Ljj/bzImage
sha256sum	9de64eb476edcae694afa46bc3b4f09f08d6e80073467ffd12b4d55f7b3498fe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/i386/rootfs.ext4.xz
sha256sum	d69702c9e87258b365c73683c1459212a8e380444aa15ca97fbc39b8910a0c63

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukvAq5zeRt6oQJNkCtwR08Ljj/modules.tar.xz
sha256sum	7f9c9a9a97aa778f7e34264516b0b371017d4e6d9cba04748d7262f568b7ea4b

durations

tests

boot	558.44
kunit	14.91

host_arch

x86_64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

10.0.0

[   63.882563] ==================================================================
[   63.883024] BUG: KFENCE: use-after-free read in test_krealloc+0x413/0x4a6
[   63.883024] 
[   63.883598] Use-after-free read at 0x(____ptrval____) (in kfence-#158):
[   63.884449]  test_krealloc+0x413/0x4a6
[   63.884818]  kunit_try_run_case+0x8f/0xd0
[   63.885201]  kunit_generic_run_threadfn_adapter+0x2f/0x50
[   63.885636]  kthread+0x17b/0x1b0
[   63.885967]  ret_from_fork+0x22/0x30
[   63.886324] 
[   63.886548] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   63.886548] 
[   63.887016] allocated by task 302 on cpu 0 at 63.881811s:
[   63.887693]  test_alloc+0x21e/0x7f3
[   63.887931]  test_krealloc+0xb0/0x4a6
[   63.888275]  kunit_try_run_case+0x8f/0xd0
[   63.888637]  kunit_generic_run_threadfn_adapter+0x2f/0x50
[   63.889039]  kthread+0x17b/0x1b0
[   63.889387]  ret_from_fork+0x22/0x30
[   63.889718] 
[   63.889931] freed by task 302 on cpu 0 at 63.882115s:
[   63.890415]  krealloc+0x85/0x140
[   63.890622]  test_krealloc+0x18c/0x4a6
[   63.891014]  kunit_try_run_case+0x8f/0xd0
[   63.891287]  kunit_generic_run_threadfn_adapter+0x2f/0x50
[   63.891730]  kthread+0x17b/0x1b0
[   63.891932]  ret_from_fork+0x22/0x30
[   63.892150] 
[   63.892474] CPU: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   63.892899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   63.893460] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuku2CqOSBNjm45lvXKYaLjyqD

job_id

TEST:linaro@lkft#2zukzHJm50eXuNeU48fQRNeiaWY

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukzHJm50eXuNeU48fQRNeiaWY

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukw1Nphy9KOxestwEIqgI7JyM/bzImage
sha256sum	1f67e5b219d5736571e657c45a24e92b2554187642b60314ca261dccee70a665

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukw1Nphy9KOxestwEIqgI7JyM/modules.tar.xz
sha256sum	5800aa7a67e7696cc289fbc01fe244edb61c2d5ab361433d44b039340dbe3f1c

durations

tests

boot	897.00
kunit	0

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-i386 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit