lkft/linux-stable-rc-linux-6.15.y - v6.15-50-g86677b94d603 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 2, 2025, 2:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   97.526827] ==================================================================
[   97.526965] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   97.526965] 
[   97.527103] Use-after-free read at 0x(____ptrval____) (in kfence-#187):
[   97.527212]  test_krealloc+0x51c/0x830
[   97.530362]  kunit_try_run_case+0x170/0x3f0
[   97.534528]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   97.539997]  kthread+0x328/0x630
[   97.543209]  ret_from_fork+0x10/0x20
[   97.546768] 
[   97.548248] kfence-#187: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   97.548248] 
[   97.557881] allocated by task 384 on cpu 5 at 97.526737s (0.031142s ago):
[   97.564664]  test_alloc+0x29c/0x628
[   97.568122]  test_krealloc+0xc0/0x830
[   97.571768]  kunit_try_run_case+0x170/0x3f0
[   97.575934]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   97.581403]  kthread+0x328/0x630
[   97.584615]  ret_from_fork+0x10/0x20
[   97.588175] 
[   97.589653] freed by task 384 on cpu 5 at 97.526766s (0.062884s ago):
[   97.596087]  krealloc_noprof+0x148/0x360
[   97.599979]  test_krealloc+0x1dc/0x830
[   97.603712]  kunit_try_run_case+0x170/0x3f0
[   97.607878]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   97.613347]  kthread+0x328/0x630
[   97.616559]  ret_from_fork+0x10/0x20
[   97.620119] 
[   97.621604] CPU: 5 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   97.631497] Tainted: [B]=BAD_PAGE, [N]=TEST
[   97.635657] Hardware name: WinLink E850-96 board (DT)
[   97.640695] ==================================================================

Metadata Full log Test run details

[   50.874720] ==================================================================
[   50.874793] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.874793] 
[   50.874880] Use-after-free read at 0x00000000747a06e1 (in kfence-#148):
[   50.874933]  test_krealloc+0x51c/0x830
[   50.874978]  kunit_try_run_case+0x170/0x3f0
[   50.875029]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.875079]  kthread+0x328/0x630
[   50.875121]  ret_from_fork+0x10/0x20
[   50.875162] 
[   50.875187] kfence-#148: 0x00000000747a06e1-0x0000000083fbea9d, size=32, cache=kmalloc-32
[   50.875187] 
[   50.875244] allocated by task 340 on cpu 0 at 50.874072s (0.001169s ago):
[   50.875312]  test_alloc+0x29c/0x628
[   50.875370]  test_krealloc+0xc0/0x830
[   50.875411]  kunit_try_run_case+0x170/0x3f0
[   50.875453]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.875501]  kthread+0x328/0x630
[   50.875542]  ret_from_fork+0x10/0x20
[   50.875582] 
[   50.875606] freed by task 340 on cpu 0 at 50.874328s (0.001273s ago):
[   50.875670]  krealloc_noprof+0x148/0x360
[   50.875709]  test_krealloc+0x1dc/0x830
[   50.875748]  kunit_try_run_case+0x170/0x3f0
[   50.875792]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.875840]  kthread+0x328/0x630
[   50.875878]  ret_from_fork+0x10/0x20
[   50.875919] 
[   50.875964] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   50.876046] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   50.876079] Hardware name: linux,dummy-virt (DT)
[   50.876114] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxImRmF075dm0nsBZ5X666mMHe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxImRmF075dm0nsBZ5X666mMHe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/Image.gz
sha256sum	b9a9fd4a9b1eed9b2355eb855fcee61950b1feb6d9174198b03424c9d229f427

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/modules.tar.xz
sha256sum	369c25ed9d51a74f47b283fc088bebcc674124ca3658d6e259bf0d14f2ebcf1f

durations

tests

boot	0
kunit	197.32

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   54.101867] ==================================================================
[   54.102299] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   54.102299] 
[   54.102561] Use-after-free read at 0x(____ptrval____) (in kfence-#172):
[   54.102711]  test_krealloc+0x6fc/0xbe0
[   54.102848]  kunit_try_run_case+0x1a5/0x480
[   54.102963]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   54.103088]  kthread+0x337/0x6f0
[   54.103182]  ret_from_fork+0x41/0x80
[   54.103282]  ret_from_fork_asm+0x1a/0x30
[   54.103384] 
[   54.103447] kfence-#172: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   54.103447] 
[   54.103686] allocated by task 358 on cpu 1 at 54.100842s (0.002842s ago):
[   54.104285]  test_alloc+0x364/0x10f0
[   54.104658]  test_krealloc+0xad/0xbe0
[   54.105036]  kunit_try_run_case+0x1a5/0x480
[   54.105420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   54.105882]  kthread+0x337/0x6f0
[   54.106255]  ret_from_fork+0x41/0x80
[   54.106623]  ret_from_fork_asm+0x1a/0x30
[   54.107051] 
[   54.107254] freed by task 358 on cpu 1 at 54.101348s (0.005901s ago):
[   54.107818]  krealloc_noprof+0x108/0x340
[   54.108213]  test_krealloc+0x226/0xbe0
[   54.108591]  kunit_try_run_case+0x1a5/0x480
[   54.108983]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   54.109513]  kthread+0x337/0x6f0
[   54.109869]  ret_from_fork+0x41/0x80
[   54.110231]  ret_from_fork_asm+0x1a/0x30
[   54.110612] 
[   54.110898] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   54.111847] Tainted: [B]=BAD_PAGE, [N]=TEST
[   54.112303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   54.112863] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxInfPddVDXGngffC9JR7X5Cmc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxInfPddVDXGngffC9JR7X5Cmc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/bzImage
sha256sum	fa931e11017c8ca987af58467ceac4cfbdb749e86f43584874b54f325b4fc4f3

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/modules.tar.xz
sha256sum	7c34359c003080a3ab3b531ece9044002fd87f98de8d7cd8150985fcf69c24ac

durations

tests

boot	0
kunit	459.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit