From: kernel test robot <oliver.sang@intel.com>
To: Mike Rapoport <rppt@kernel.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Mike Rapoport <rppt@kernel.org>, <oliver.sang@intel.com>
Subject: [rppt:free-late/v0.3] [memblock, treewide] bbe3478393: KASAN:use-after-free_in_memblock_isolate_range
Date: Fri, 20 Mar 2026 15:53:54 +0800 [thread overview]
Message-ID: <202603200841.b2d24d21-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "KASAN:use-after-free_in_memblock_isolate_range" on:
commit: bbe3478393e135e2fc98f32fa8ab182de6742136 ("memblock, treewide: make memblock_free() handle late freeing")
https://git.kernel.org/cgit/linux/kernel/git/rppt/linux.git free-late/v0.3
in testcase: ltp
version:
with following parameters:
test: uevent
config: x86_64-rhel-9.4-ltp
compiler: gcc-14
test machine: 22 threads 1 sockets Intel(R) Core(TM) Ultra 9 185H @ 4.5GHz (Meteor Lake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202603200841.b2d24d21-lkp@intel.com
kern :err : [ 0.977424] [ T1] BUG: KASAN: use-after-free in memblock_isolate_range (mm/memblock.c:828)
kern :err : [ 0.977424] [ T1] Read of size 8 at addr ffff88887f3aa000 by task swapper/0/1
kern :err : [ 0.977424] [ T1] CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-rc3-00007-gbbe3478393e1 #1 PREEMPT(lazy)
kern :err : [ 0.977424] [ T1] Hardware name: ASUSTeK COMPUTER INC. NUC14RVS-B/NUC14RVSU9, BIOS RVMTL357.0047.2025.0108.1408 01/08/2025
kern :err : [ 0.977424] [ T1] Call Trace:
kern :err : [ 0.977424] [ T1] <TASK>
kern :err : [ 0.977424] [ T1] dump_stack_lvl (lib/dump_stack.c:122)
kern :err : [ 0.977424] [ T1] print_address_description+0x88/0x320
kern :err : [ 0.977424] [ T1] ? memblock_isolate_range (mm/memblock.c:828)
kern :err : [ 0.977424] [ T1] print_report (mm/kasan/report.c:483)
kern :err : [ 0.977424] [ T1] ? __virt_addr_valid (include/linux/mmzone.h:2114 (discriminator 1) include/linux/mmzone.h:2196 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1))
kern :err : [ 0.977424] [ T1] ? memblock_isolate_range (mm/memblock.c:828)
kern :err : [ 0.977424] [ T1] kasan_report (mm/kasan/report.c:597)
kern :err : [ 0.977424] [ T1] ? memblock_isolate_range (mm/memblock.c:828)
kern :err : [ 0.977424] [ T1] memblock_isolate_range (mm/memblock.c:828)
kern :err : [ 0.977424] [ T1] memblock_phys_free (mm/memblock.c:875 mm/memblock.c:991)
kern :err : [ 0.977424] [ T1] ? __cpuhp_setup_state_cpuslocked (kernel/cpu.c:2522)
kern :err : [ 0.977424] [ T1] ? __pfx_memblock_phys_free (mm/memblock.c:981)
kern :err : [ 0.977424] [ T1] ? __pfx_buffer_exit_cpu_dead (fs/buffer.c:3051)
kern :err : [ 0.977424] [ T1] ? __cpuhp_setup_state (kernel/cpu.c:2536)
kern :err : [ 0.977424] [ T1] ? buffer_init (fs/buffer.c:3162 (discriminator 1))
kern :err : [ 0.977424] [ T1] memblock_discard (mm/memblock.c:398)
kern :err : [ 0.977424] [ T1] page_alloc_init_late (include/linux/find.h:214 include/linux/nodemask.h:253 mm/mm_init.c:2345)
kern :err : [ 0.977424] [ T1] kernel_init_freeable (init/main.c:1475 init/main.c:1692)
kern :err : [ 0.977424] [ T1] ? __pfx_kernel_init_freeable (init/main.c:1664)
kern :err : [ 0.977424] [ T1] ? __pfx_schedule_timeout (kernel/time/sleep_timeout.c:62)
kern :err : [ 0.977424] [ T1] ? __pfx__raw_spin_lock_irq (kernel/locking/spinlock.c:169)
kern :err : [ 0.977424] [ T1] ? __pfx_kernel_init (init/main.c:1574)
kern :err : [ 0.977424] [ T1] ? __pfx_kernel_init (init/main.c:1574)
kern :err : [ 0.977424] [ T1] kernel_init (init/main.c:1584)
kern :err : [ 0.977424] [ T1] ? __pfx_kernel_init (init/main.c:1574)
kern :err : [ 0.977424] [ T1] ret_from_fork (arch/x86/kernel/process.c:164)
kern :err : [ 0.977424] [ T1] ? __pfx_ret_from_fork (arch/x86/kernel/process.c:153)
kern :err : [ 0.977424] [ T1] ? switch_fpu (arch/x86/include/asm/bitops.h:202 (discriminator 1) arch/x86/include/asm/bitops.h:232 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) include/linux/thread_info.h:133 (discriminator 1) include/linux/sched.h:2064 (discriminator 1) arch/x86/include/asm/fpu/sched.h:34 (discriminator 1))
kern :err : [ 0.977424] [ T1] ? __switch_to (arch/x86/include/asm/cpufeature.h:101 arch/x86/kernel/process_64.c:377 arch/x86/kernel/process_64.c:665)
kern :err : [ 0.977424] [ T1] ? __pfx_kernel_init (init/main.c:1574)
kern :err : [ 0.977424] [ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:255)
kern :err : [ 0.977424] [ T1] </TASK>
kern :err : [ 0.977424] [ T1] The buggy address belongs to the physical page:
kern :warn : [ 0.977424] [ T1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x87f3aa
kern :warn : [ 0.977424] [ T1] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
kern :warn : [ 0.977424] [ T1] raw: 0017ffffc0000000 ffff88880a4c7f30 ffffea0021fceac8 0000000000000000
kern :warn : [ 0.977424] [ T1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
kern :warn : [ 0.977424] [ T1] page dumped because: kasan: bad access detected
kern :err : [ 0.977424] [ T1] Memory state around the buggy address:
kern :err : [ 0.977424] [ T1] ffff88887f3a9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
kern :err : [ 0.977424] [ T1] ffff88887f3a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
kern :err : [ 0.977424] [ T1] >ffff88887f3aa000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
kern :err : [ 0.977424] [ T1] ^
kern :err : [ 0.977424] [ T1] ffff88887f3aa080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
kern :err : [ 0.977424] [ T1] ffff88887f3aa100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
kern :err : [ 0.977424] [ T1] ==================================================================
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260320/202603200841.b2d24d21-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2026-03-20 7:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-20 7:53 kernel test robot [this message]
2026-03-20 13:32 ` [rppt:free-late/v0.3] [memblock, treewide] bbe3478393: KASAN:use-after-free_in_memblock_isolate_range Mike Rapoport
2026-03-23 2:28 ` Oliver Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603200841.b2d24d21-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox