lkft/linux-stable-rc-linux-6.15.y - v6.15.4-264-gd5e6f0c9ca48 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 3, 2025, 3:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   49.275603] ==================================================================
[   49.275692] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   49.275692] 
[   49.275780] Use-after-free read at 0x00000000a20e83cf (in kfence-#154):
[   49.275832]  test_krealloc+0x51c/0x830
[   49.275874]  kunit_try_run_case+0x170/0x3f0
[   49.275922]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.275982]  kthread+0x328/0x630
[   49.276027]  ret_from_fork+0x10/0x20
[   49.276067] 
[   49.276090] kfence-#154: 0x00000000a20e83cf-0x000000002ade0885, size=32, cache=kmalloc-32
[   49.276090] 
[   49.276142] allocated by task 340 on cpu 0 at 49.274750s (0.001388s ago):
[   49.276212]  test_alloc+0x29c/0x628
[   49.276252]  test_krealloc+0xc0/0x830
[   49.276289]  kunit_try_run_case+0x170/0x3f0
[   49.276330]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.276376]  kthread+0x328/0x630
[   49.276413]  ret_from_fork+0x10/0x20
[   49.276451] 
[   49.276475] freed by task 340 on cpu 0 at 49.275201s (0.001270s ago):
[   49.276533]  krealloc_noprof+0x148/0x360
[   49.276571]  test_krealloc+0x1dc/0x830
[   49.276607]  kunit_try_run_case+0x170/0x3f0
[   49.276649]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.276695]  kthread+0x328/0x630
[   49.276733]  ret_from_fork+0x10/0x20
[   49.276772] 
[   49.276817] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   49.276895] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.276924] Hardware name: linux,dummy-virt (DT)
[   49.276970] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzF16Z6vC8SBU5IjlfCa7naD2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzF16Z6vC8SBU5IjlfCa7naD2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/Image.gz
sha256sum	d34d37a275cf1c4a311c4e7f05818074baab15ba48579f286d9d01d393ed7e9c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/modules.tar.xz
sha256sum	9c89e8adf491cb2a422508baae089982fd64fb3878557b807536b4a091a3a0ca

durations

tests

boot	0
kunit	203.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   47.882242] ==================================================================
[   47.882673] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   47.882673] 
[   47.883118] Use-after-free read at 0x(____ptrval____) (in kfence-#138):
[   47.883445]  test_krealloc+0x6fc/0xbe0
[   47.883687]  kunit_try_run_case+0x1a5/0x480
[   47.883916]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.884226]  kthread+0x337/0x6f0
[   47.884371]  ret_from_fork+0x41/0x80
[   47.884582]  ret_from_fork_asm+0x1a/0x30
[   47.884828] 
[   47.884950] kfence-#138: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   47.884950] 
[   47.885501] allocated by task 357 on cpu 0 at 47.881592s (0.003905s ago):
[   47.885737]  test_alloc+0x364/0x10f0
[   47.885946]  test_krealloc+0xad/0xbe0
[   47.886149]  kunit_try_run_case+0x1a5/0x480
[   47.886361]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.886650]  kthread+0x337/0x6f0
[   47.886812]  ret_from_fork+0x41/0x80
[   47.886999]  ret_from_fork_asm+0x1a/0x30
[   47.887234] 
[   47.887350] freed by task 357 on cpu 0 at 47.881868s (0.005479s ago):
[   47.887649]  krealloc_noprof+0x108/0x340
[   47.887792]  test_krealloc+0x226/0xbe0
[   47.887928]  kunit_try_run_case+0x1a5/0x480
[   47.888229]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.888678]  kthread+0x337/0x6f0
[   47.888857]  ret_from_fork+0x41/0x80
[   47.889058]  ret_from_fork_asm+0x1a/0x30
[   47.889328] 
[   47.889430] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   47.890023] Tainted: [B]=BAD_PAGE, [N]=TEST
[   47.890189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.890614] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzGKQRfnDRM24c8Stupaj3rNM

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzGKQRfnDRM24c8Stupaj3rNM

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/bzImage
sha256sum	131f25972ccf6d3dc07ed6136378c45c710f56a35a63be51ac66f3e0e6b9356d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/modules.tar.xz
sha256sum	cdc15104f6ae1897761e61b0f8dc24b998aab0a2fc2653c5aa0cdafc3e2c29fc

durations

tests

boot	0
kunit	225.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit