Date
June 2, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 831.900042] ================================================================== [ 831.900540] BUG: KFENCE: use-after-free write in pci_epf_remove_cfs+0x78/0xb0 [ 831.900540] [ 831.901834] Use-after-free write at 0x00000000d27ea3c8 (in kfence-#78): [ 831.902837] pci_epf_remove_cfs+0x78/0xb0 [ 831.903275] pci_epf_unregister_driver+0x20/0x40 [ 831.903598] pci_epf_test_exit+0x28/0x668 [pci_epf_test] [ 831.904581] __arm64_sys_delete_module+0x1ac/0x2d0 [ 831.904820] invoke_syscall+0x50/0x120 [ 831.905192] el0_svc_common.constprop.0+0x48/0xf0 [ 831.905558] do_el0_svc+0x24/0x38 [ 831.905887] el0_svc+0x38/0x100 [ 831.906150] el0t_64_sync_handler+0x120/0x130 [ 831.906440] el0t_64_sync+0x190/0x198 [ 831.907116] [ 831.907461] kfence-#78: 0x000000009c54420e-0x000000004f6e7bf4, size=136, cache=kmalloc-192 [ 831.907461] [ 831.908566] allocated by task 23079 on cpu 1 at 831.647891s (0.260633s ago): [ 831.909312] configfs_register_default_group+0x3c/0xb0 [ 831.909824] pci_ep_cfs_add_epf_group+0x34/0x80 [ 831.910138] __pci_epf_register_driver+0xc4/0x128 [ 831.910517] 0xffffa26667e5c054 [ 831.911383] do_one_initcall+0x60/0x2a0 [ 831.911545] do_init_module+0x60/0x230 [ 831.911904] load_module+0x1fa8/0x21d0 [ 831.912256] init_module_from_file+0x90/0xe0 [ 831.912524] __arm64_sys_finit_module+0x268/0x368 [ 831.912923] invoke_syscall+0x50/0x120 [ 831.913108] el0_svc_common.constprop.0+0x48/0xf0 [ 831.913326] do_el0_svc+0x24/0x38 [ 831.913546] el0_svc+0x38/0x100 [ 831.913854] el0t_64_sync_handler+0x120/0x130 [ 831.914478] el0t_64_sync+0x190/0x198 [ 831.915211] [ 831.915591] freed by task 23088 on cpu 0 at 831.898844s (0.016687s ago): [ 831.916273] configfs_unregister_default_group+0x28/0x40 [ 831.916740] pci_ep_cfs_remove_epf_group+0x24/0x40 [ 831.917037] pci_epf_remove_cfs+0x54/0xb0 [ 831.917366] pci_epf_unregister_driver+0x20/0x40 [ 831.917635] pci_epf_test_exit+0x28/0x668 [pci_epf_test] [ 831.917922] __arm64_sys_delete_module+0x1ac/0x2d0 [ 831.918279] invoke_syscall+0x50/0x120 [ 831.918849] el0_svc_common.constprop.0+0x48/0xf0 [ 831.919106] do_el0_svc+0x24/0x38 [ 831.919291] el0_svc+0x38/0x100 [ 831.919469] el0t_64_sync_handler+0x120/0x130 [ 831.919858] el0t_64_sync+0x190/0x198 [ 831.920380] [ 831.921198] CPU: 0 UID: 0 PID: 23088 Comm: modprobe Not tainted 6.12.32-rc1 #1 [ 831.921811] Hardware name: linux,dummy-virt (DT) [ 831.922351] ==================================================================