Re: [PATCH v2 6/6] vfio: selftests: Add tests to validate SR-IOV UAPI

Next message: Rob Herring: "Re: [PATCH v2 1/1] ata: ahci-dwc: Remove not-going-to-be-supported code for Baikal SoC"
Previous message: Mark Brown: "linux-next: build failure after merge of the drm-misc tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Matlack

Date: Mon Feb 23 2026 - 13:58:31 EST

On Thu, Feb 5, 2026 at 1:52 PM David Matlack <dmatlack@xxxxxxxxxx> wrote:
> On 2026-01-06 11:47 AM, Raghavendra Rao Ananta wrote:
> > On Thu, Dec 18, 2025 at 3:26 PM David Matlack <dmatlack@xxxxxxxxxx> wrote:
> > > [ 574.857650][T27935] BUG: kernel NULL pointer dereference, address: 0000000000000008
...
> > > [ 575.009753][T27935] Call Trace:
> > > [ 575.012919][T27935] <TASK>
> > > [ 575.015730][T27935] intel_iommu_probe_device+0x4c9/0x7b0
> > > [ 575.021153][T27935] __iommu_probe_device+0x101/0x4c0
> > > [ 575.026231][T27935] iommu_bus_notifier+0x37/0x100
> > > [ 575.031046][T27935] blocking_notifier_call_chain+0x53/0xd0
> > > [ 575.036634][T27935] bus_notify+0x99/0xc0
> > > [ 575.040666][T27935] device_add+0x252/0x470
> > > [ 575.044872][T27935] pci_device_add+0x414/0x5c0
> > > [ 575.049429][T27935] pci_iov_add_virtfn+0x2f2/0x3e0
> > > [ 575.054326][T27935] sriov_add_vfs+0x33/0x70
> > > [ 575.058613][T27935] sriov_enable+0x2fc/0x490
> > > [ 575.062992][T27935] vfio_pci_core_sriov_configure+0x16c/0x210
> > > [ 575.068843][T27935] sriov_numvfs_store+0xc4/0x190
> > > [ 575.073652][T27935] kernfs_fop_write_iter+0xfe/0x180
> > > [ 575.078724][T27935] vfs_write+0x2d0/0x430
> > > [ 575.082846][T27935] ksys_write+0x7f/0x100
> > > [ 575.086965][T27935] do_syscall_64+0x6f/0x940
> > > [ 575.091339][T27935] ? arch_exit_to_user_mode_prepare+0x9/0xb0
> > > [ 575.097193][T27935] entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
> I think this is a use-after-free.

Fix proposed here:
https://lore.kernel.org/linux-pci/20260223184017.688212-1-dmatlack@xxxxxxxxxx/