CVE-2022-49176

In the Linux kernel, the following vulnerability has been resolved:

bfq: fix use-after-free in bfqdispatchrequest

KASAN reports a use-after-free report when doing normal scsi-mq test

[69832.239032] ================================================================== [69832.241810] BUG: KASAN: use-after-free in bfqdispatchrequest+0x1045/0x44b0 [69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155 [69832.244656] [69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8 [69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [69832.249069] Workqueue: kblockd blkmqrunworkfn [69832.250022] Call Trace: [69832.250541] dumpstack+0x9b/0xce [69832.251232] ? bfqdispatchrequest+0x1045/0x44b0 [69832.252243] printaddressdescription.constprop.6+0x3e/0x60 [69832.253381] ? _cpuidletextend+0x5/0x5 [69832.254211] ? vprintkfunc+0x6b/0x120 [69832.254994] ? bfqdispatchrequest+0x1045/0x44b0 [69832.255952] ? bfqdispatchrequest+0x1045/0x44b0 [69832.256914] kasanreport.cold.9+0x22/0x3a [69832.257753] ? bfqdispatchrequest+0x1045/0x44b0 [69832.258755] checkmemoryregion+0x1c1/0x1e0 [69832.260248] bfqdispatchrequest+0x1045/0x44b0 [69832.261181] ? bfqbfqqexpire+0x2440/0x2440 [69832.262032] ? blkmqdelayrunhwqueues+0xf9/0x170 [69832.263022] _blkmqdodispatchsched+0x52f/0x830 [69832.264011] ? blkmqschedrequestinserted+0x100/0x100 [69832.265101] _blkmqscheddispatchrequests+0x398/0x4f0 [69832.266206] ? blkmqdodispatchctx+0x570/0x570 [69832.267147] ? _switchto+0x5f4/0xee0 [69832.267898] blkmqscheddispatchrequests+0xdf/0x140 [69832.268946] _blkmqrunhwqueue+0xc0/0x270 [69832.269840] blkmqrunworkfn+0x51/0x60 [69832.278170] processonework+0x6d4/0xfe0 [69832.278984] workerthread+0x91/0xc80 [69832.279726] ? _kthreadparkme+0xb0/0x110 [69832.280554] ? processonework+0xfe0/0xfe0 [69832.281414] kthread+0x32d/0x3f0 [69832.282082] ? kthreadpark+0x170/0x170 [69832.282849] retfromfork+0x1f/0x30 [69832.283573] [69832.283886] Allocated by task 7725: [69832.284599] kasansavestack+0x19/0x40 [69832.285385] _kasankmalloc.constprop.2+0xc1/0xd0 [69832.286350] kmemcacheallocnode+0x13f/0x460 [69832.287237] bfqgetqueue+0x3d4/0x1140 [69832.287993] bfqgetbfqqhandlesplit+0x103/0x510 [69832.289015] bfqinitrq+0x337/0x2d50 [69832.289749] bfqinsertrequests+0x304/0x4e10 [69832.290634] blkmqschedinsertrequests+0x13e/0x390 [69832.291629] blkmqflushpluglist+0x4b4/0x760 [69832.292538] blkflushpluglist+0x2c5/0x480 [69832.293392] ioscheduleprepare+0xb2/0xd0 [69832.294209] ioscheduletimeout+0x13/0x80 [69832.295014] waitforcommonio.constprop.1+0x13c/0x270 [69832.296137] submitbiowait+0x103/0x1a0 [69832.296932] blkdevissuediscard+0xe6/0x160 [69832.297794] blkioctldiscard+0x219/0x290 [69832.298614] blkdevcommonioctl+0x50a/0x1750 [69832.304715] blkdevioctl+0x470/0x600 [69832.305474] blockioctl+0xde/0x120 [69832.306232] vfsioctl+0x6c/0xc0 [69832.306877] _sesysioctl+0x90/0xa0 [69832.307629] dosyscall64+0x2d/0x40 [69832.308362] entrySYSCALL64afterhwframe+0x44/0xa9 [69832.309382] [69832.309701] Freed by task 155: [69832.310328] kasansavestack+0x19/0x40 [69832.311121] kasansettrack+0x1c/0x30 [69832.311868] kasansetfreeinfo+0x1b/0x30 [69832.312699] _kasanslabfree+0x111/0x160 [69832.313524] kmemcachefree+0x94/0x460 [69832.314367] bfqputqueue+0x582/0x940 [69832.315112] _bfqbfqdresetinservice+0x166/0x1d0 [69832.317275] bfqbfqqexpire+0xb27/0x2440 [69832.318084] bfqdispatchrequest+0x697/0x44b0 [69832.318991] _blkmqdodispatchsched+0x52f/0x830 [69832.319984] _blkmqscheddispatchrequests+0x398/0x4f0 [69832.321087] blkmqscheddispatchrequests+0xdf/0x140 [69832.322225] _blkmqrunhwqueue+0xc0/0x270 [69832.323114] blkmqrunwork_fn+0x51/0x6 ---truncated---