lkft/linux-stable-rc-linux-6.15.y - v6.15.4-264-gf6977c36decb - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 4, 2025, 3:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   98.524895] ==================================================================
[   98.525019] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   98.525019] 
[   98.525165] Use-after-free read at 0x(____ptrval____) (in kfence-#198):
[   98.525272]  test_krealloc+0x51c/0x830
[   98.528415]  kunit_try_run_case+0x170/0x3f0
[   98.532582]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   98.538050]  kthread+0x328/0x630
[   98.541263]  ret_from_fork+0x10/0x20
[   98.544821] 
[   98.546301] kfence-#198: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   98.546301] 
[   98.555935] allocated by task 386 on cpu 6 at 98.524798s (0.031135s ago):
[   98.562721]  test_alloc+0x29c/0x628
[   98.566175]  test_krealloc+0xc0/0x830
[   98.569821]  kunit_try_run_case+0x170/0x3f0
[   98.573988]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   98.579458]  kthread+0x328/0x630
[   98.582668]  ret_from_fork+0x10/0x20
[   98.586227] 
[   98.587705] freed by task 386 on cpu 6 at 98.524826s (0.062875s ago):
[   98.594145]  krealloc_noprof+0x148/0x360
[   98.598032]  test_krealloc+0x1dc/0x830
[   98.601765]  kunit_try_run_case+0x170/0x3f0
[   98.605931]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   98.611400]  kthread+0x328/0x630
[   98.614612]  ret_from_fork+0x10/0x20
[   98.618173] 
[   98.619658] CPU: 6 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   98.629555] Tainted: [B]=BAD_PAGE, [N]=TEST
[   98.633710] Hardware name: WinLink E850-96 board (DT)
[   98.638747] ==================================================================

Metadata Full log Test run details

[   49.628928] ==================================================================
[   49.628987] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   49.628987] 
[   49.629063] Use-after-free read at 0x00000000e7b3c9e4 (in kfence-#159):
[   49.629111]  test_krealloc+0x51c/0x830
[   49.629153]  kunit_try_run_case+0x170/0x3f0
[   49.629199]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.629243]  kthread+0x328/0x630
[   49.629286]  ret_from_fork+0x10/0x20
[   49.629325] 
[   49.629350] kfence-#159: 0x00000000e7b3c9e4-0x00000000a283aafb, size=32, cache=kmalloc-32
[   49.629350] 
[   49.629402] allocated by task 342 on cpu 1 at 49.628327s (0.001072s ago):
[   49.629468]  test_alloc+0x29c/0x628
[   49.629507]  test_krealloc+0xc0/0x830
[   49.629543]  kunit_try_run_case+0x170/0x3f0
[   49.629584]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.629642]  kthread+0x328/0x630
[   49.629681]  ret_from_fork+0x10/0x20
[   49.629721] 
[   49.629743] freed by task 342 on cpu 1 at 49.628528s (0.001212s ago):
[   49.629803]  krealloc_noprof+0x148/0x360
[   49.629841]  test_krealloc+0x1dc/0x830
[   49.629879]  kunit_try_run_case+0x170/0x3f0
[   49.629920]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   49.629964]  kthread+0x328/0x630
[   49.630009]  ret_from_fork+0x10/0x20
[   49.630048] 
[   49.630088] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   49.630163] Tainted: [B]=BAD_PAGE, [N]=TEST
[   49.630195] Hardware name: linux,dummy-virt (DT)
[   49.630230] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zPnxoxgfqLIMGwIhjY8YiWerZe

job_id

TEST:linaro@lkft#2zPo2I57qRsZQJxzVxwHE8t7FHh

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPo2I57qRsZQJxzVxwHE8t7FHh

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnyxYPiqABaJxZ9acDEOmmQzx/Image.gz
sha256sum	327dd0d804120b39f71c58ea91214999e4c5cabcfe180191381a33c73e5cbb20

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnyxYPiqABaJxZ9acDEOmmQzx/modules.tar.xz
sha256sum	3cea64824b7650c49ea1931a18dc99c6bfdf185eb87f64d9aba8bc6614673c1b

durations

tests

boot	0
kunit	198.30

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   55.021931] ==================================================================
[   55.022437] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   55.022437] 
[   55.022782] Use-after-free read at 0x(____ptrval____) (in kfence-#185):
[   55.023266]  test_krealloc+0x6fc/0xbe0
[   55.023485]  kunit_try_run_case+0x1a5/0x480
[   55.023801]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   55.024083]  kthread+0x337/0x6f0
[   55.024365]  ret_from_fork+0x41/0x80
[   55.024697]  ret_from_fork_asm+0x1a/0x30
[   55.024912] 
[   55.025103] kfence-#185: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   55.025103] 
[   55.025498] allocated by task 358 on cpu 1 at 55.020913s (0.004580s ago):
[   55.025833]  test_alloc+0x364/0x10f0
[   55.026110]  test_krealloc+0xad/0xbe0
[   55.026489]  kunit_try_run_case+0x1a5/0x480
[   55.026791]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   55.027086]  kthread+0x337/0x6f0
[   55.027351]  ret_from_fork+0x41/0x80
[   55.027540]  ret_from_fork_asm+0x1a/0x30
[   55.027734] 
[   55.027849] freed by task 358 on cpu 1 at 55.021391s (0.006454s ago):
[   55.028376]  krealloc_noprof+0x108/0x340
[   55.028852]  test_krealloc+0x226/0xbe0
[   55.029243]  kunit_try_run_case+0x1a5/0x480
[   55.029534]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   55.029939]  kthread+0x337/0x6f0
[   55.030298]  ret_from_fork+0x41/0x80
[   55.030524]  ret_from_fork_asm+0x1a/0x30
[   55.030723] 
[   55.030895] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT(voluntary) 
[   55.031678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   55.032185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   55.032704] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zPnxoxgfqLIMGwIhjY8YiWerZe

job_id

TEST:linaro@lkft#2zPo3RZe7grS5yLm55QkyFHIkn0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPo3RZe7grS5yLm55QkyFHIkn0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnzwF9jjL8P9H5BeuK4WBSmEv/bzImage
sha256sum	ad643dbfee32e66584e4c9d2c429659c8ba2676d0810f502308fa285c8cd4500

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnzwF9jjL8P9H5BeuK4WBSmEv/modules.tar.xz
sha256sum	35aeffff45a548f53709515ae42e284c9946c48678590a5b06349aef329add80

durations

tests

boot	0
kunit	392.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit