BUG: KFENCE: use-after-free read in _nv000177kms [nvidia_modeset] (original) (raw)

==================================================================
[Mo, 10. Mär 2025, 18:14:03] BUG: KFENCE: use-after-free read in _nv000177kms+0x439/0x2a10 [nvidia_modeset]

[Mo, 10. Mär 2025, 18:14:03] Use-after-free read at 0x000000003e334386 (in kfence-#79):
[Mo, 10. Mär 2025, 18:14:03] _nv000177kms+0x439/0x2a10 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002879kms+0x663/0x9c0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000392kms+0x1e1/0x400 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002878kms+0xf1a/0x11e0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002988kms+0x79c/0xd30 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi_try_pmlock+0x64/0xb0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000023kms+0x56b/0xbc0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_atomic_apply_modeset_config+0x4bb/0x830 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_atomic_commit+0xe6/0x460 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_mode_atomic_ioctl+0xcb9/0xfc0
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] kfence-#79: 0x0000000093bac16f-0x000000006c217955, size=328, cache=kmalloc-512

[Mo, 10. Mär 2025, 18:14:03] allocated by task 2633 on cpu 3 at 13678.474282s (0.016240s ago):
[Mo, 10. Mär 2025, 18:14:03] nvkms_alloc+0x50/0xa0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv003020kms+0x22/0x40 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv002842kms+0x266/0x740 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000719kms+0x40/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000096kms+0x19d/0x240 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_internal_framebuffer_create+0x32b/0x4c0 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_framebuffer_create+0x99/0xc0 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_internal_framebuffer_create+0xaa/0x180
[Mo, 10. Mär 2025, 18:14:03] drm_mode_addfb2_ioctl+0x42/0xf0
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] freed by task 2633 on cpu 3 at 13678.489651s (0.001111s ago):
[Mo, 10. Mär 2025, 18:14:03] _nv000801kms+0x49/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvKmsIoctl+0xf7/0x270 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nvkms_ioctl_from_kapi+0x73/0xe0 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] _nv000110kms+0x4b/0x60 [nvidia_modeset]
[Mo, 10. Mär 2025, 18:14:03] nv_drm_framebuffer_destroy+0x3b/0x50 [nvidia_drm]
[Mo, 10. Mär 2025, 18:14:03] drm_mode_closefb_ioctl+0x10e/0x150
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl_kernel+0xad/0x100
[Mo, 10. Mär 2025, 18:14:03] drm_ioctl+0x277/0x4c0
[Mo, 10. Mär 2025, 18:14:03] __x64_sys_ioctl+0x94/0xc0
[Mo, 10. Mär 2025, 18:14:03] do_syscall_64+0x82/0x190
[Mo, 10. Mär 2025, 18:14:03] entry_SYSCALL_64_after_hwframe+0x76/0x7e

[Mo, 10. Mär 2025, 18:14:03] CPU: 25 UID: 1000 PID: 2663 Comm: KMS thread Tainted: P OE 6.13.6-2-cachyos-gcc #1 ebeeb85824bb8a6f1c383a368ca896795f2e750d
[Mo, 10. Mär 2025, 18:14:03] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[Mo, 10. Mär 2025, 18:14:03] Hardware name: ASUS System Product Name/Pro WS W790E-SAGE SE, BIOS 1502 08/30/2024
[Mo, 10. Mär 2025, 18:14:03] ==================================================================