lkft/linux-stable-rc-linux-6.15.y - v6.15.3-593-gde19bfa00d6f - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

June 23, 2025, 1:39 p.m.

Environment
qemu-arm64
qemu-x86_64

[   60.324257] ==================================================================
[   60.324357] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   60.324357] 
[   60.324490] Use-after-free read at 0x0000000064e335f1 (in kfence-#209):
[   60.324554]  test_krealloc+0x51c/0x830
[   60.324612]  kunit_try_run_case+0x170/0x3f0
[   60.324670]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   60.324726]  kthread+0x328/0x630
[   60.324777]  ret_from_fork+0x10/0x20
[   60.324827] 
[   60.324857] kfence-#209: 0x0000000064e335f1-0x00000000b6901fda, size=32, cache=kmalloc-32
[   60.324857] 
[   60.324924] allocated by task 339 on cpu 1 at 60.323512s (0.001407s ago):
[   60.325004]  test_alloc+0x29c/0x628
[   60.325056]  test_krealloc+0xc0/0x830
[   60.325107]  kunit_try_run_case+0x170/0x3f0
[   60.325160]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   60.325226]  kthread+0x328/0x630
[   60.325273]  ret_from_fork+0x10/0x20
[   60.325321] 
[   60.325348] freed by task 339 on cpu 1 at 60.323769s (0.001575s ago):
[   60.325463]  krealloc_noprof+0x148/0x360
[   60.325531]  test_krealloc+0x1dc/0x830
[   60.325580]  kunit_try_run_case+0x170/0x3f0
[   60.325632]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   60.325685]  kthread+0x328/0x630
[   60.325733]  ret_from_fork+0x10/0x20
[   60.325779] 
[   60.325831] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   60.325926] Tainted: [B]=BAD_PAGE, [N]=TEST
[   60.325963] Hardware name: linux,dummy-virt (DT)
[   60.326007] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYT6Pinx8XSymaWNp6cpzl3Cl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYT6Pinx8XSymaWNp6cpzl3Cl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/Image.gz
sha256sum	57e05c75085917e237c36a1c6300a885b5a4018f7a22df0831ee3761434117fe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/modules.tar.xz
sha256sum	08df30bc44d3238a22959b8095bcf790b77fb8886fd1b3a26e269eaac34e9502

durations

tests

boot	0
kunit	345.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   58.250896] ==================================================================
[   58.251627] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   58.251627] 
[   58.252303] Use-after-free read at 0x(____ptrval____) (in kfence-#188):
[   58.252868]  test_krealloc+0x6fc/0xbe0
[   58.253250]  kunit_try_run_case+0x1a5/0x480
[   58.253702]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.254178]  kthread+0x337/0x6f0
[   58.254523]  ret_from_fork+0x41/0x80
[   58.254943]  ret_from_fork_asm+0x1a/0x30
[   58.255774] 
[   58.256002] kfence-#188: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   58.256002] 
[   58.256663] allocated by task 358 on cpu 0 at 58.250027s (0.006630s ago):
[   58.257132]  test_alloc+0x364/0x10f0
[   58.257725]  test_krealloc+0xad/0xbe0
[   58.258626]  kunit_try_run_case+0x1a5/0x480
[   58.259026]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.259559]  kthread+0x337/0x6f0
[   58.259883]  ret_from_fork+0x41/0x80
[   58.260359]  ret_from_fork_asm+0x1a/0x30
[   58.260790] 
[   58.261005] freed by task 358 on cpu 0 at 58.250325s (0.010675s ago):
[   58.261561]  krealloc_noprof+0x108/0x340
[   58.261999]  test_krealloc+0x226/0xbe0
[   58.262424]  kunit_try_run_case+0x1a5/0x480
[   58.262807]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   58.263353]  kthread+0x337/0x6f0
[   58.263748]  ret_from_fork+0x41/0x80
[   58.264080]  ret_from_fork_asm+0x1a/0x30
[   58.264555] 
[   58.264850] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   58.265683] Tainted: [B]=BAD_PAGE, [N]=TEST
[   58.266103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   58.266860] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYUHT0D3sQNOGwBtcXKr5K4Y5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYUHT0D3sQNOGwBtcXKr5K4Y5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/bzImage
sha256sum	464d852aa65e55fe849c2032fadc39c92d3f1038148deeeb5153bf785edfb3cb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/modules.tar.xz
sha256sum	48ba027071f05b733fc6db58a63b00001d03de4c8de4a7d017582fc3ae9eedfe

durations

tests

boot	0
kunit	357.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit