lkft/linux-stable-rc-linux-6.15.y - v6.15.6-193-ge6001d5f7944 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 15, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   51.534327] ==================================================================
[   51.534405] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   51.534405] 
[   51.534488] Use-after-free read at 0x0000000008442b72 (in kfence-#152):
[   51.534540]  test_krealloc+0x51c/0x830
[   51.534585]  kunit_try_run_case+0x170/0x3f0
[   51.534628]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.534675]  kthread+0x328/0x630
[   51.534716]  ret_from_fork+0x10/0x20
[   51.534756] 
[   51.534780] kfence-#152: 0x0000000008442b72-0x000000002418ac05, size=32, cache=kmalloc-32
[   51.534780] 
[   51.534835] allocated by task 339 on cpu 1 at 51.533680s (0.001152s ago):
[   51.534903]  test_alloc+0x29c/0x628
[   51.534942]  test_krealloc+0xc0/0x830
[   51.534981]  kunit_try_run_case+0x170/0x3f0
[   51.535022]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.535068]  kthread+0x328/0x630
[   51.535107]  ret_from_fork+0x10/0x20
[   51.535145] 
[   51.535168] freed by task 339 on cpu 1 at 51.533936s (0.001228s ago):
[   51.535240]  krealloc_noprof+0x148/0x360
[   51.535280]  test_krealloc+0x1dc/0x830
[   51.535318]  kunit_try_run_case+0x170/0x3f0
[   51.535358]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.535403]  kthread+0x328/0x630
[   51.535442]  ret_from_fork+0x10/0x20
[   51.535480] 
[   51.535523] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   51.535602] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.535632] Hardware name: linux,dummy-virt (DT)
[   51.535667] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukwdBCddr8O80gGskAZRJ92TK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukwdBCddr8O80gGskAZRJ92TK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/Image.gz
sha256sum	b0e860f17b10076c4d346cc4e669f0a4314b9c47de014734fef43b203ae0e34e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/modules.tar.xz
sha256sum	ba72242d720b0973d3bbe494c38fcb449b610f739295df61530720aaf0f78e60

durations

tests

boot	0
kunit	190.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   48.508559] ==================================================================
[   48.509114] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   48.509114] 
[   48.509477] Use-after-free read at 0x(____ptrval____) (in kfence-#146):
[   48.509762]  test_krealloc+0x6fc/0xbe0
[   48.509948]  kunit_try_run_case+0x1a5/0x480
[   48.510100]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.510399]  kthread+0x337/0x6f0
[   48.510550]  ret_from_fork+0x41/0x80
[   48.510722]  ret_from_fork_asm+0x1a/0x30
[   48.510938] 
[   48.511013] kfence-#146: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   48.511013] 
[   48.511419] allocated by task 356 on cpu 0 at 48.507976s (0.003441s ago):
[   48.511710]  test_alloc+0x364/0x10f0
[   48.511913]  test_krealloc+0xad/0xbe0
[   48.512058]  kunit_try_run_case+0x1a5/0x480
[   48.512268]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.512513]  kthread+0x337/0x6f0
[   48.512651]  ret_from_fork+0x41/0x80
[   48.512800]  ret_from_fork_asm+0x1a/0x30
[   48.513011] 
[   48.513094] freed by task 356 on cpu 0 at 48.508195s (0.004896s ago):
[   48.513338]  krealloc_noprof+0x108/0x340
[   48.513537]  test_krealloc+0x226/0xbe0
[   48.513729]  kunit_try_run_case+0x1a5/0x480
[   48.513936]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   48.514134]  kthread+0x337/0x6f0
[   48.514256]  ret_from_fork+0x41/0x80
[   48.514391]  ret_from_fork_asm+0x1a/0x30
[   48.514586] 
[   48.514702] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   48.515112] Tainted: [B]=BAD_PAGE, [N]=TEST
[   48.515251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.515883] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukxmzNrsaISlcQpWi8gxQVWk6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukxmzNrsaISlcQpWi8gxQVWk6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/bzImage
sha256sum	6359b76b264b4bf459aa8408711bf0e517a07721ad97f1471de243ff17baef19

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/modules.tar.xz
sha256sum	f6ea602678cc1fbeece7230b895aa5bbae863bca90c89576af624930df349f2a

durations

tests

boot	0
kunit	210.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit