In the Linux kernel 5.4.0-rc2, there is a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c .