lkft/linux-stable-rc-linux-6.15.y - v6.15.3-589-g0e4c88a0cd37 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 24, 2025, 12:47 p.m.

Environment
qemu-arm64
qemu-x86_64

[   57.973910] ==================================================================
[   57.974022] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   57.974022] 
[   57.974129] Use-after-free read at 0x000000004b7ca26e (in kfence-#190):
[   57.974195]  test_krealloc+0x51c/0x830
[   57.974252]  kunit_try_run_case+0x170/0x3f0
[   57.974313]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.974371]  kthread+0x328/0x630
[   57.974462]  ret_from_fork+0x10/0x20
[   57.974517] 
[   57.974546] kfence-#190: 0x000000004b7ca26e-0x0000000076ba313e, size=32, cache=kmalloc-32
[   57.974546] 
[   57.974615] allocated by task 339 on cpu 0 at 57.972939s (0.001672s ago):
[   57.974694]  test_alloc+0x29c/0x628
[   57.974746]  test_krealloc+0xc0/0x830
[   57.974793]  kunit_try_run_case+0x170/0x3f0
[   57.974844]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.974901]  kthread+0x328/0x630
[   57.974951]  ret_from_fork+0x10/0x20
[   57.975003] 
[   57.975031] freed by task 339 on cpu 0 at 57.973412s (0.001614s ago):
[   57.975104]  krealloc_noprof+0x148/0x360
[   57.975154]  test_krealloc+0x1dc/0x830
[   57.975202]  kunit_try_run_case+0x170/0x3f0
[   57.975252]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   57.975311]  kthread+0x328/0x630
[   57.975361]  ret_from_fork+0x10/0x20
[   57.975431] 
[   57.975484] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   57.975582] Tainted: [B]=BAD_PAGE, [N]=TEST
[   57.975617] Hardware name: linux,dummy-virt (DT)
[   57.975659] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHLQauKmmDRvn1GR1ZUkvl3N9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHLQauKmmDRvn1GR1ZUkvl3N9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/Image.gz
sha256sum	5f569b7032e517b4206d440631e131cb31d81d7f365d610fec12fc249e3ecc88

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/modules.tar.xz
sha256sum	9a32a6e401d68f3ff82d0c47495efa6c9203238907e9ea48aee314ec659ae3fc

durations

tests

boot	0
kunit	329.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.027956] ==================================================================
[   48.028353] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.028353] 
[   48.028841] Use-after-free read at 0x(____ptrval____) (in kfence-#144):
[   48.029048]  test_krealloc+0x6fc/0xbe0
[   48.029439]  kunit_try_run_case+0x1a5/0x480
[   48.029779]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.030228]  kthread+0x337/0x6f0
[   48.030457]  ret_from_fork+0x41/0x80
[   48.030718]  ret_from_fork_asm+0x1a/0x30
[   48.030877] 
[   48.030976] kfence-#144: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.030976] 
[   48.031286] allocated by task 357 on cpu 1 at 48.027031s (0.004249s ago):
[   48.031758]  test_alloc+0x364/0x10f0
[   48.032146]  test_krealloc+0xad/0xbe0
[   48.032433]  kunit_try_run_case+0x1a5/0x480
[   48.032803]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.033195]  kthread+0x337/0x6f0
[   48.033394]  ret_from_fork+0x41/0x80
[   48.033555]  ret_from_fork_asm+0x1a/0x30
[   48.033877] 
[   48.034047] freed by task 357 on cpu 1 at 48.027430s (0.006613s ago):
[   48.034371]  krealloc_noprof+0x108/0x340
[   48.034646]  test_krealloc+0x226/0xbe0
[   48.034973]  kunit_try_run_case+0x1a5/0x480
[   48.035416]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.035726]  kthread+0x337/0x6f0
[   48.035939]  ret_from_fork+0x41/0x80
[   48.036154]  ret_from_fork_asm+0x1a/0x30
[   48.036326] 
[   48.036487] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   48.037195] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.037603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.038046] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHMkevU93EIqRtXZQ3tGY4itd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHMkevU93EIqRtXZQ3tGY4itd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/bzImage
sha256sum	453ec96a6544da365eca74576dbe75de49d576db4e04b528c27ab9d3cb251d29

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/modules.tar.xz
sha256sum	52055fb894ed1f3fdb3335393e3f2e81da91906b8281f913fc0885beb5e85fa3

durations

tests

boot	0
kunit	331.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit