lkft/linux-stable-rc-linux-6.15.y - v6.15.7-188-g81bcc8b99854 - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc

Date

July 22, 2025, 2:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   51.595736] ==================================================================
[   51.595792] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830
[   51.595792] 
[   51.595865] Use-after-free read at 0x00000000c42a51a4 (in kfence-#158):
[   51.595915]  test_krealloc+0x51c/0x830
[   51.595959]  kunit_try_run_case+0x170/0x3f0
[   51.596002]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.596045]  kthread+0x328/0x630
[   51.596086]  ret_from_fork+0x10/0x20
[   51.596125] 
[   51.596149] kfence-#158: 0x00000000c42a51a4-0x00000000e492c7d0, size=32, cache=kmalloc-32
[   51.596149] 
[   51.596201] allocated by task 339 on cpu 1 at 51.595150s (0.001048s ago):
[   51.596268]  test_alloc+0x29c/0x628
[   51.596322]  test_krealloc+0xc0/0x830
[   51.596360]  kunit_try_run_case+0x170/0x3f0
[   51.596401]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.596442]  kthread+0x328/0x630
[   51.596481]  ret_from_fork+0x10/0x20
[   51.596519] 
[   51.596542] freed by task 339 on cpu 1 at 51.595370s (0.001168s ago):
[   51.596601]  krealloc_noprof+0x148/0x360
[   51.596638]  test_krealloc+0x1dc/0x830
[   51.596676]  kunit_try_run_case+0x170/0x3f0
[   51.596717]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.596758]  kthread+0x328/0x630
[   51.596797]  ret_from_fork+0x10/0x20
[   51.596835] 
[   51.596875] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   51.596949] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.596979] Hardware name: linux,dummy-virt (DT)
[   51.597012] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaWVUHqFABEKnxRbofWz5vTxK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaWVUHqFABEKnxRbofWz5vTxK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/Image.gz
sha256sum	6f108bf41d35f1fce19b9f3dd48bea0e689f69bd759e1a3761fef3bdacebcbc1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/modules.tar.xz
sha256sum	076bc5627f64b7f8fa64e90c5d7ade67331e333d4f3c6ec9ca7d6c88fba26e07

durations

tests

boot	0
kunit	199.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   47.344635] ==================================================================
[   47.345036] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0
[   47.345036] 
[   47.345386] Use-after-free read at 0x(____ptrval____) (in kfence-#131):
[   47.346097]  test_krealloc+0x6fc/0xbe0
[   47.346372]  kunit_try_run_case+0x1a5/0x480
[   47.346589]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.346839]  kthread+0x337/0x6f0
[   47.347008]  ret_from_fork+0x41/0x80
[   47.347167]  ret_from_fork_asm+0x1a/0x30
[   47.347828] 
[   47.347918] kfence-#131: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32
[   47.347918] 
[   47.348443] allocated by task 357 on cpu 1 at 47.343971s (0.004470s ago):
[   47.348924]  test_alloc+0x364/0x10f0
[   47.349103]  test_krealloc+0xad/0xbe0
[   47.349283]  kunit_try_run_case+0x1a5/0x480
[   47.349472]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.349692]  kthread+0x337/0x6f0
[   47.349835]  ret_from_fork+0x41/0x80
[   47.350007]  ret_from_fork_asm+0x1a/0x30
[   47.350169] 
[   47.350268] freed by task 357 on cpu 1 at 47.344262s (0.006003s ago):
[   47.351012]  krealloc_noprof+0x108/0x340
[   47.351168]  test_krealloc+0x226/0xbe0
[   47.351371]  kunit_try_run_case+0x1a5/0x480
[   47.351791]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   47.352108]  kthread+0x337/0x6f0
[   47.352340]  ret_from_fork+0x41/0x80
[   47.352495]  ret_from_fork_asm+0x1a/0x30
[   47.352701] 
[   47.352992] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   47.353537] Tainted: [B]=BAD_PAGE, [N]=TEST
[   47.353797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   47.354253] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaY1yQOqV4JySRXFsKWTVrukm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaY1yQOqV4JySRXFsKWTVrukm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/bzImage
sha256sum	215211c9ffbc30f7da06e446c23393cbd85dd0dce6cfc2e76dfe983268e0fd6f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/modules.tar.xz
sha256sum	a7c1adb8beea2d29cd88ecba2f3d585aa904241bd0d61a861fcebc67fa6cd397

durations

tests

boot	0
kunit	220.14

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit