lkft/linux-stable-rc-linux-6.15.y - v6.15.3-590-gd93bc5feded1 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 26, 2025, 11:12 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   99.513179] ==================================================================
[   99.513316] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   99.513316] 
[   99.513457] Use-after-free read at 0x(____ptrval____) (in kfence-#195):
[   99.513565]  test_krealloc+0x51c/0x830
[   99.516713]  kunit_try_run_case+0x170/0x3f0
[   99.520879]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   99.526350]  kthread+0x328/0x630
[   99.529560]  ret_from_fork+0x10/0x20
[   99.533119] 
[   99.534598] kfence-#195: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   99.534598] 
[   99.544232] allocated by task 386 on cpu 1 at 99.513079s (0.031151s ago):
[   99.551017]  test_alloc+0x29c/0x628
[   99.554473]  test_krealloc+0xc0/0x830
[   99.558119]  kunit_try_run_case+0x170/0x3f0
[   99.562285]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   99.567754]  kthread+0x328/0x630
[   99.570965]  ret_from_fork+0x10/0x20
[   99.574528] 
[   99.576003] freed by task 386 on cpu 1 at 99.513112s (0.062888s ago):
[   99.582436]  krealloc_noprof+0x148/0x360
[   99.586330]  test_krealloc+0x1dc/0x830
[   99.590062]  kunit_try_run_case+0x170/0x3f0
[   99.594229]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   99.599698]  kthread+0x328/0x630
[   99.602909]  ret_from_fork+0x10/0x20
[   99.606470] 
[   99.607955] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   99.617848] Tainted: [B]=BAD_PAGE, [N]=TEST
[   99.622007] Hardware name: WinLink E850-96 board (DT)
[   99.627043] ==================================================================

Metadata Full log Test run details

[   50.904907] ==================================================================
[   50.904981] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   50.904981] 
[   50.905066] Use-after-free read at 0x00000000bf568248 (in kfence-#148):
[   50.905117]  test_krealloc+0x51c/0x830
[   50.905162]  kunit_try_run_case+0x170/0x3f0
[   50.905208]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.905255]  kthread+0x328/0x630
[   50.905298]  ret_from_fork+0x10/0x20
[   50.905339] 
[   50.905363] kfence-#148: 0x00000000bf568248-0x0000000061505d48, size=32, cache=kmalloc-32
[   50.905363] 
[   50.905417] allocated by task 339 on cpu 1 at 50.904287s (0.001126s ago):
[   50.905487]  test_alloc+0x29c/0x628
[   50.905526]  test_krealloc+0xc0/0x830
[   50.905565]  kunit_try_run_case+0x170/0x3f0
[   50.905607]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.905652]  kthread+0x328/0x630
[   50.905691]  ret_from_fork+0x10/0x20
[   50.905731] 
[   50.905755] freed by task 339 on cpu 1 at 50.904500s (0.001251s ago):
[   50.905814]  krealloc_noprof+0x148/0x360
[   50.905864]  test_krealloc+0x1dc/0x830
[   50.905902]  kunit_try_run_case+0x170/0x3f0
[   50.905943]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   50.905988]  kthread+0x328/0x630
[   50.906028]  ret_from_fork+0x10/0x20
[   50.906066] 
[   50.906110] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   50.906192] Tainted: [B]=BAD_PAGE, [N]=TEST
[   50.906225] Hardware name: linux,dummy-virt (DT)
[   50.906260] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2jyLmJ6z1BqjhwiejBJ9RGyCS

job_id

TEST:linaro@lkft#2z2k2l9byJaNN182er1n5wXsS9a

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2k2l9byJaNN182er1n5wXsS9a

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2jzZjd6XwbIkbAqyFkpO4xknj/Image.gz
sha256sum	4fe981caa8e1ab0677344dea9975703ca09f32389026eeb9f77fae76c6c0e9ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2jzZjd6XwbIkbAqyFkpO4xknj/modules.tar.xz
sha256sum	74a01e20d3d706452182b8388f6aa7ab2c9166f6c4a19d7a4587dd3d7a7ca51e

durations

tests

boot	0
kunit	192.49

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.845889] ==================================================================
[   48.846317] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.846317] 
[   48.846679] Use-after-free read at 0x(____ptrval____) (in kfence-#147):
[   48.846999]  test_krealloc+0x6fc/0xbe0
[   48.847143]  kunit_try_run_case+0x1a5/0x480
[   48.847583]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.847806]  kthread+0x337/0x6f0
[   48.847970]  ret_from_fork+0x41/0x80
[   48.848133]  ret_from_fork_asm+0x1a/0x30
[   48.848298] 
[   48.848398] kfence-#147: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.848398] 
[   48.848878] allocated by task 356 on cpu 0 at 48.845121s (0.003754s ago):
[   48.849184]  test_alloc+0x364/0x10f0
[   48.849366]  test_krealloc+0xad/0xbe0
[   48.849510]  kunit_try_run_case+0x1a5/0x480
[   48.849804]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.850044]  kthread+0x337/0x6f0
[   48.850199]  ret_from_fork+0x41/0x80
[   48.850357]  ret_from_fork_asm+0x1a/0x30
[   48.850495] 
[   48.850587] freed by task 356 on cpu 0 at 48.845385s (0.005200s ago):
[   48.850916]  krealloc_noprof+0x108/0x340
[   48.851111]  test_krealloc+0x226/0xbe0
[   48.851243]  kunit_try_run_case+0x1a5/0x480
[   48.851450]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.851721]  kthread+0x337/0x6f0
[   48.851861]  ret_from_fork+0x41/0x80
[   48.852050]  ret_from_fork_asm+0x1a/0x30
[   48.852212] 
[   48.852343] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   48.852818] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.852995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.853265] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2jyLmJ6z1BqjhwiejBJ9RGyCS

job_id

TEST:linaro@lkft#2z2k43Ith0GXrqHIS1HUQzGmLgm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2k43Ith0GXrqHIS1HUQzGmLgm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2k0bZqZSn9XVzQywnOj3pF9S9/bzImage
sha256sum	9197980208d3516ab74c7966c051fb8dc8a70a6c93c6b0af7bd520b43d93459e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2k0bZqZSn9XVzQywnOj3pF9S9/modules.tar.xz
sha256sum	ead902337972221197eb985803def87a4a8d3b17e572371d2f5392640490b3a8

durations

tests

boot	0
kunit	236.11

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit