KASAN: use-after-free Read in debugfs

Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
KASAN: use-after-free Read in lockref_get fs				7	1420d	1519d

1420d

1519d

Title	Replies (including bot)	Last reply
[PATCH V3] block: rename 'q->debugfs_dir' and 'q->blk_trace->dir' in blk_unregister_queue()	1 (1)	2020/03/24 13:23
[PATCH V2] block: rename 'q->debugfs_dir' and 'q->blk_trace->dir' in blk_unregister_queue()	4 (4)	2020/02/29 02:50
[PATCH] block: rename 'q->debugfs_dir' in blk_unregister_queue()	5 (5)	2020/02/13 11:39
[PATCH] block: revert pushing the final release of request_queue to a workqueue.	14 (14)	2020/02/10 08:49
Reminder: 11 open syzbot bugs in block subsystem	1 (1)	2019/07/24 02:26
Reminder: 11 open syzbot bugs in block subsystem	1 (1)	2019/06/25 06:17
KASAN: use-after-free Read in debugfs_remove (3)	0 (3)	2018/12/02 02:13

Kernel	Title	Repro	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in debugfs_remove (2) fs			1	2195d	2193d	5/26	fixed on 2018/05/17 10:02
linux-4.19	KASAN: use-after-free Read in debugfs_remove	C	done	15	1271d	1767d	1/1	fixed on 2020/12/01 11:25
upstream	KASAN: use-after-free Read in debugfs_remove fs			1	2217d	2216d	0/26	closed as invalid on 2018/04/10 15:18
linux-4.14	KASAN: use-after-free Read in debugfs_remove	C	inconclusive	14	1279d	1834d	0/1	upstream: reported C repro on 2019/04/17 06:08

upstream

KASAN: use-after-free Read in debugfs_remove (2) fs

2195d

2193d

5/26

fixed on 2018/05/17 10:02

linux-4.19

KASAN: use-after-free Read in debugfs_remove

done

1271d

1767d

1/1

fixed on 2020/12/01 11:25

upstream

KASAN: use-after-free Read in debugfs_remove fs

2217d

2216d

0/26

closed as invalid on 2018/04/10 15:18

linux-4.14

KASAN: use-after-free Read in debugfs_remove

inconclusive

1279d

1834d

0/1

upstream: reported C repro on 2019/04/17 06:08

================================================================== BUG: KASAN: use-after-free in debugfs_remove+0x10d/0x130 /fs/debugfs/inode.c:705 Read of size 8 at addr ffff8880aa0c4300 by task kworker/0:2/2622 CPU: 0 PID: 2622 Comm: kworker/0:2 Not tainted 5.2.0+ #71 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events __blk_release_queue Call Trace: __dump_stack /lib/dump_stack.c:77 [inline] dump_stack+0x16f/0x1f0 /lib/dump_stack.c:113 print_address_description.cold+0xd4/0x306 /mm/kasan/report.c:351 __kasan_report.cold+0x1b/0x36 /mm/kasan/report.c:482 kasan_report+0x12/0x17 /mm/kasan/common.c:612 __asan_report_load8_noabort+0x14/0x20 /mm/kasan/generic_report.c:132 debugfs_remove+0x10d/0x130 /fs/debugfs/inode.c:705 blk_trace_free+0x38/0x140 /kernel/trace/blktrace.c:312 blk_trace_cleanup /kernel/trace/blktrace.c:339 [inline] __blk_trace_remove+0x78/0xa0 /kernel/trace/blktrace.c:352 blk_trace_shutdown+0x67/0x90 /kernel/trace/blktrace.c:747 __blk_release_queue+0x1de/0x340 /block/blk-sysfs.c:902 process_one_work+0x9af/0x16d0 /kernel/workqueue.c:2269 worker_thread+0x98/0xe40 /kernel/workqueue.c:2415 kthread+0x361/0x430 /kernel/kthread.c:255 ret_from_fork+0x24/0x30 /arch/x86/entry/entry_64.S:352 Allocated by task 9284: save_stack+0x23/0x90 /mm/kasan/common.c:69 set_track /mm/kasan/common.c:77 [inline] __kasan_kmalloc /mm/kasan/common.c:487 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 /mm/kasan/common.c:460 kasan_slab_alloc+0xf/0x20 /mm/kasan/common.c:495 slab_post_alloc_hook /mm/slab.h:520 [inline] slab_alloc /mm/slab.c:3319 [inline] kmem_cache_alloc+0x121/0x700 /mm/slab.c:3483 __d_alloc+0x2e/0x8c0 /fs/dcache.c:1688 d_alloc+0x4d/0x280 /fs/dcache.c:1767 d_alloc_parallel+0xf4/0x1b90 /fs/dcache.c:2519 __lookup_slow+0x1ab/0x500 /fs/namei.c:1652 lookup_one_len+0x16d/0x1a0 /fs/namei.c:2541 start_creating+0xc5/0x1d0 /fs/debugfs/inode.c:312 __debugfs_create_file+0x65/0x3c0 /fs/debugfs/inode.c:357 debugfs_create_file+0x5a/0x70 /fs/debugfs/inode.c:413 do_blk_trace_setup+0x361/0xb50 /kernel/trace/blktrace.c:524 __blk_trace_setup+0xe3/0x190 /kernel/trace/blktrace.c:571 blk_trace_ioctl+0x170/0x300 /kernel/trace/blktrace.c:710 blkdev_ioctl+0x126/0x1c1a /block/ioctl.c:592 block_ioctl+0xee/0x130 /fs/block_dev.c:1918 vfs_ioctl /fs/ioctl.c:46 [inline] file_ioctl /fs/ioctl.c:509 [inline] do_vfs_ioctl+0xdb6/0x13e0 /fs/ioctl.c:696 ksys_ioctl+0xab/0xd0 /fs/ioctl.c:713 __do_sys_ioctl /fs/ioctl.c:720 [inline] __se_sys_ioctl /fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 /fs/ioctl.c:718 do_syscall_64+0xfd/0x6a0 /arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 0: save_stack+0x23/0x90 /mm/kasan/common.c:69 set_track /mm/kasan/common.c:77 [inline] __kasan_slab_free+0x102/0x150 /mm/kasan/common.c:449 kasan_slab_free+0xe/0x10 /mm/kasan/common.c:457 __cache_free /mm/slab.c:3425 [inline] kmem_cache_free+0x86/0x310 /mm/slab.c:3693 __d_free+0x20/0x30 /fs/dcache.c:271 __rcu_reclaim /kernel/rcu/rcu.h:222 [inline] rcu_do_batch /kernel/rcu/tree.c:2114 [inline] rcu_core+0x66a/0x1470 /kernel/rcu/tree.c:2314 rcu_core_si+0x9/0x10 /kernel/rcu/tree.c:2323 __do_softirq+0x30d/0x970 /kernel/softirq.c:292 The buggy address belongs to the object at ffff8880aa0c42c0 which belongs to the cache dentry of size 288 The buggy address is located 64 bytes inside of 288-byte region [ffff8880aa0c42c0, ffff8880aa0c43e0) The buggy address belongs to the page: page:ffffea0002a83100 refcount:1 mapcount:0 mapping:ffff88821bc46540 index:0x0 flags: 0x1fffc0000000200(slab) raw: 01fffc0000000200 ffffea0002250388 ffffea0002a81308 ffff88821bc46540 raw: 0000000000000000 ffff8880aa0c4000 000000010000000b 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880aa0c4200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880aa0c4280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb >ffff8880aa0c4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880aa0c4380: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff8880aa0c4400: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================

Crashes (88):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/07/22 13:14	upstream	c6dd78fcb8ee	b3c615f5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/07/22 05:26	upstream	abdfd52a295f	1656845f	.config	console log	report	syz	C	ci-upstream-kasan-gce
2019/06/24 10:27	upstream	241e39004581	472f0082	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/06/23 22:04	upstream	241e39004581	472f0082	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/12/02 02:54	upstream	d8f190ee836a	5a581673	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2018/12/02 02:40	upstream	d8f190ee836a	5a581673	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/12/02 02:38	upstream	d8f190ee836a	5a581673	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2018/12/02 02:12	upstream	d8f190ee836a	5a581673	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/07/01 10:57	linux-next	48568d8c7f47	699d6448	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2019/07/22 15:39	upstream	c6dd78fcb8ee	b3c615f5	.config	console log	report	syz		ci-upstream-kasan-gce-selinux-root
2019/07/22 08:21	upstream	c6dd78fcb8ee	b3c615f5	.config	console log	report	syz		ci-upstream-kasan-gce-smack-root
2019/06/24 13:44	upstream	241e39004581	472f0082	.config	console log	report	syz		ci-upstream-kasan-gce-smack-root
2019/06/23 18:39	upstream	241e39004581	472f0082	.config	console log	report	syz		ci-upstream-kasan-gce
2018/10/22 12:18	upstream	467e050e9760	ecb386fe	.config	console log	report	syz		ci-upstream-kasan-gce-root
2018/10/20 16:31	upstream	270b77a0f30e	ecb386fe	.config	console log	report	syz		ci-upstream-kasan-gce-selinux-root
2018/10/21 19:03	linux-next	8c60c36d0b8c	ecb386fe	.config	console log	report	syz		ci-upstream-linux-next-kasan-gce-root
2020/01/19 20:11	upstream	8f8972a3127f	0342f8c7	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/16 16:31	upstream	3b1f00aceb7a	d4ea592f	.config	console log	report			ci-upstream-kasan-gce
2019/10/03 13:11	upstream	0f1a7b3fac05	fc17ba49	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/09/26 05:16	upstream	f41def397161	24d405a3	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/09/23 00:06	upstream	f7c3bf8fa7e5	d96e88f3	.config	console log	report			ci-upstream-kasan-gce
2019/09/15 20:11	upstream	1609d7604b84	32d59357	.config	console log	report			ci-upstream-kasan-gce
2019/09/04 08:22	upstream	089cf7f6ecb2	12381952	.config	console log	report			ci-upstream-kasan-gce
2019/09/03 16:51	upstream	089cf7f6ecb2	48448e71	.config	console log	report			ci-upstream-kasan-gce
2019/08/18 15:34	upstream	8fde2832bd0b	55bf8926	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/08/14 20:43	upstream	a8dba0531bc0	5576551b	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/08/09 04:16	upstream	ecb095bff5d4	ede31a9b	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/08/04 15:48	upstream	d8778f13b73f	6affd8e8	.config	console log	report			ci-upstream-kasan-gce
2019/08/03 21:06	upstream	dcb8cfbd8fe9	6affd8e8	.config	console log	report			ci-upstream-kasan-gce-root
2019/07/31 22:54	upstream	4010b622f1d2	c692b5bd	.config	console log	report			ci-upstream-kasan-gce
2019/07/29 12:10	upstream	609488bc979f	c85e1c5b	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/06/30 02:52	upstream	728254541ebc	7509bf36	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/06/26 01:12	upstream	249155c20f9b	0a8d1a96	.config	console log	report			ci-upstream-kasan-gce
2019/06/20 22:15	upstream	abf02e2964b3	34bf9440	.config	console log	report			ci-upstream-kasan-gce
2019/06/12 13:29	upstream	aa7235483a83	794a1ad7	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/27 18:08	upstream	baf76f0c58ae	b617407b	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/27 07:08	upstream	baf76f0c58ae	b617407b	.config	console log	report			ci-upstream-kasan-gce
2019/04/26 22:12	upstream	d0473f978e61	b617407b	.config	console log	report			ci-upstream-kasan-gce
2019/04/26 06:23	upstream	8113a85f8720	b617407b	.config	console log	report			ci-upstream-kasan-gce
2019/04/25 14:59	upstream	cd8dead0c394	8e3c52b1	.config	console log	report			ci-upstream-kasan-gce-root
2019/04/24 05:42	upstream	7142eaa58b49	4d3d6a50	.config	console log	report			ci-upstream-kasan-gce
2019/04/21 04:38	upstream	9e5de623a0cb	b0e8efcb	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/15 03:45	upstream	dc4060a5dc25	505ab413	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/15 03:29	upstream	dc4060a5dc25	505ab413	.config	console log	report			ci-upstream-kasan-gce
2019/04/12 04:02	upstream	2d06b235815e	13030ef8	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/04/12 02:57	upstream	2d06b235815e	13030ef8	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/03/25 17:39	upstream	8c2ffd917477	2c86e0a5	.config	console log	report			ci-upstream-kasan-gce
2019/03/18 17:37	upstream	9e98c678c2d6	4656beca	.config	console log	report			ci-upstream-kasan-gce-root
2019/03/12 06:58	upstream	a089e4fed5c5	12365b99	.config	console log	report			ci-upstream-kasan-gce-root
2019/03/05 20:15	upstream	63bdf4284c38	16559f86	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/03/02 09:00	upstream	a215ce8f0e00	1c0e457a	.config	console log	report			ci-upstream-kasan-gce
2019/02/22 21:57	upstream	6ee2846cb4e7	6a5fcca4	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/10/08 19:12	upstream	0854ba5ff5c9	8b311eaf	.config	console log	report			ci-upstream-kasan-gce-root
2019/08/29 14:48	upstream	6525771f58cb	fd37b39e	.config	console log	report			ci-upstream-kasan-gce-386
2019/08/23 17:38	upstream	e3fb13b7e47c	78ded196	.config	console log	report			ci-upstream-kasan-gce-386
2019/08/10 13:21	upstream	7f20fd23377a	acb51638	.config	console log	report			ci-upstream-kasan-gce-386
2019/06/02 04:43	upstream	3ab4436f688c	53c81ea5	.config	console log	report			ci-upstream-kasan-gce-386
2019/05/30 20:01	upstream	bec7550cca10	d9aaf3c2	.config	console log	report			ci-upstream-kasan-gce-386
2019/05/16 19:17	upstream	83f3ef3de625	f59a9cb5	.config	console log	report			ci-upstream-kasan-gce-386
2019/04/14 03:28	upstream	b60bc0665e6a	c402d8f1	.config	console log	report			ci-upstream-kasan-gce-386
2019/04/11 17:24	upstream	582549e3fbe1	13030ef8	.config	console log	report			ci-upstream-kasan-gce-386
2019/09/04 21:15	linux-next	6d028043b55e	040fda58	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/08/17 08:02	linux-next	0c3d3d648b3e	8fd428a1	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/06/25 04:27	linux-next	9ffadb46f3db	82c13b6b	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/04/28 00:27	linux-next	3ddfa8af5dc9	b617407b	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/04/16 01:50	linux-next	f9221a7a1014	505ab413	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/03/27 14:20	linux-next	a392ee45bae7	4e668495	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/03/05 21:32	linux-next	baf5a9d1f9b9	16559f86	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/02/14 22:38	linux-next	b3418f8bddf4	76dd003f	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/02/07 15:20	linux-next	1bd831d68d55	aa4feb03	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (88):

Assets (help?)

2019/07/22 13:14

upstream