syzbot


KASAN: use-after-free Read in blk_mq_sched_tags_teardown
Status: upstream: reported C repro on 2021/10/25 01:35
Reported-by: syzbot+412ca156285f619b8b62@syzkaller.appspotmail.com
Fix commit: 8bdf7b3fe1f4 blk-mq-sched: Don't reference queue tagset in blk_mq_sched_tags_teardown()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 47d, last: 45d

Cause bisection: introduced by (bisect log) :
commit 645db34e50501aac141713fb47a315e5202ff890
Author: John Garry <john.garry@huawei.com>
Date: Tue Oct 5 10:23:36 2021 +0000

  blk-mq: Refactor and rename blk_mq_free_map_and_{requests->rqs}()

Crash: WARNING: ODEBUG bug in netdev_run_todo (log)
Repro: C syz .config

Sample crash report:

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2021/10/21 04:47 linux-next 51dba6e335ff f111d03b .config log report syz C KASAN: use-after-free Read in blk_mq_sched_tags_teardown
ci-upstream-linux-next-kasan-gce-root 2021/10/22 18:34 linux-next 3196a52aff93 55f90bc6 .config log report info KASAN: use-after-free Read in blk_mq_sched_tags_teardown
ci-upstream-linux-next-kasan-gce-root 2021/10/22 13:03 linux-next 3196a52aff93 55f90bc6 .config log report info KASAN: use-after-free Read in blk_mq_sched_tags_teardown
ci-upstream-linux-next-kasan-gce-root 2021/10/22 05:43 linux-next 3196a52aff93 55f90bc6 .config log report info KASAN: use-after-free Read in blk_mq_sched_tags_teardown
ci-upstream-linux-next-kasan-gce-root 2021/10/21 21:19 linux-next 3196a52aff93 c5cb7da8 .config log report info KASAN: use-after-free Read in blk_mq_sched_tags_teardown
ci-upstream-linux-next-kasan-gce-root 2021/10/21 01:32 linux-next 51dba6e335ff f111d03b .config log report info KASAN: use-after-free Read in blk_mq_sched_tags_teardown