syzbot


KASAN: slab-use-after-free Read in binder_release_work

Status: upstream: reported C repro on 2024/10/02 21:10
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+9ba7a8cdae0440edd57b@syzkaller.appspotmail.com
Fix commit: 7e20434cbca8 binder: fix freeze UAF in binder_release_work()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 210d, last: 136d
Cause bisection: introduced by (bisect log) :
commit de79583ffe794663c53b77f97be814522d4edc4f
Author: Nuno Sa <nuno.sa@analog.com>
Date: Tue Jul 2 16:02:33 2024 +0000

  iio: core: add accessors 'masklength'

Crash: invalid opcode in binder_inc_ref_for_node (log)
Repro: syz .config
  
Fix bisection: fixed by (bisect log) :
commit 7e20434cbca814cb91a0a261ca0106815ef48e5f
Author: Carlos Llamas <cmllamas@google.com>
Date: Thu Sep 26 23:36:14 2024 +0000

  binder: fix freeze UAF in binder_release_work()

  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KASAN: slab-use-after-free Read in binder_release_work 2 (5) 2025/01/13 14:53
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 KASAN: use-after-free Read in binder_release_work C 154 131d 166d 0/2 auto-obsoleted due to no activity on 2025/02/25 01:01
android-5-15 KASAN: use-after-free Read in binder_release_work origin:upstream C 97 132d 209d 0/2 auto-obsoleted due to no activity on 2025/02/24 12:00
Last patch testing requests (7)
Created Duration User Patch Repo Result
2024/12/25 22:14 23m retest repro upstream OK log
2024/12/25 21:37 19m retest repro upstream OK log
2024/12/25 21:37 19m retest repro upstream OK log
2024/12/25 21:45 26m retest repro upstream OK log
2024/12/25 21:37 19m retest repro upstream OK log
2024/12/25 21:31 17m retest repro upstream OK log
2024/10/03 01:00 18m hdanton@sina.com patch upstream OK log

Sample crash report:
input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0045.0001/input/input5
==================================================================
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x2f/0x140 lib/list_debug.c:49
Read of size 8 at addr ffff888032abf208 by task kworker/1:0/25

CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events binder_deferred_func
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:489
 kasan_report+0x143/0x180 mm/kasan/report.c:602
 __list_del_entry_valid_or_report+0x2f/0x140 lib/list_debug.c:49
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del_init include/linux/list.h:287 [inline]
 binder_dequeue_work_head_ilocked drivers/android/binder.c:540 [inline]
 binder_release_work+0xc7/0x480 drivers/android/binder.c:5110
 binder_deferred_release drivers/android/binder.c:6261 [inline]
 binder_deferred_func+0x1275/0x1460 drivers/android/binder.c:6296
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 5947:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 binder_request_freeze_notification drivers/android/binder.c:3855 [inline]
 binder_thread_write drivers/android/binder.c:4485 [inline]
 binder_ioctl_write_read+0xe7f/0xb560 drivers/android/binder.c:5387
 binder_ioctl+0x436/0x1cc0 drivers/android/binder.c:5718
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 25:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2338 [inline]
 slab_free mm/slub.c:4598 [inline]
 kfree+0x196/0x420 mm/slub.c:4746
 binder_free_ref drivers/android/binder.c:1355 [inline]
 binder_deferred_release drivers/android/binder.c:6256 [inline]
 binder_deferred_func+0x11df/0x1460 drivers/android/binder.c:6296
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff888032abf200
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 8 bytes inside of
 freed 64-byte region [ffff888032abf200, ffff888032abf240)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32abf
anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000000 ffff88801ac418c0 ffffea0000b23b80 dead000000000005
raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5183, tgid 5183 (mount), ts 16485496851, free_ts 15679365147
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1556
 prep_new_page mm/page_alloc.c:1564 [inline]
 get_page_from_freelist+0x363e/0x3790 mm/page_alloc.c:3474
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4751
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 alloc_slab_page+0x6a/0x140 mm/slub.c:2408
 allocate_slab+0x5a/0x2f0 mm/slub.c:2574
 new_slab mm/slub.c:2627 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3815
 __slab_alloc+0x58/0xa0 mm/slub.c:3905
 __slab_alloc_node mm/slub.c:3980 [inline]
 slab_alloc_node mm/slub.c:4141 [inline]
 __kmalloc_cache_noprof+0x27b/0x390 mm/slub.c:4309
 kmalloc_noprof include/linux/slab.h:901 [inline]
 __kthread_create_on_node+0xee/0x3c0 kernel/kthread.c:436
 kthread_create_on_node+0xde/0x130 kernel/kthread.c:513
 ext4_run_lazyinit_thread fs/ext4/super.c:3898 [inline]
 ext4_register_li_request+0x5c5/0x970 fs/ext4/super.c:4033
 __ext4_remount fs/ext4/super.c:6737 [inline]
 ext4_reconfigure+0x2dee/0x3990 fs/ext4/super.c:6801
 reconfigure_super+0x445/0x880 fs/super.c:1083
 do_remount fs/namespace.c:3047 [inline]
 path_mount+0xc22/0xfa0 fs/namespace.c:3826
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
page last free pid 1 tgid 1 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0xded/0x1130 mm/page_alloc.c:2657
 kasan_depopulate_vmalloc_pte+0x74/0x90 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2831 [inline]
 apply_to_pmd_range mm/memory.c:2875 [inline]
 apply_to_pud_range mm/memory.c:2911 [inline]
 apply_to_p4d_range mm/memory.c:2947 [inline]
 __apply_to_page_range+0x806/0xde0 mm/memory.c:2981
 kasan_release_vmalloc+0xa5/0xd0 mm/kasan/shadow.c:529
 kasan_release_vmalloc_node mm/vmalloc.c:2196 [inline]
 purge_vmap_node+0x22f/0x8d0 mm/vmalloc.c:2213
 __purge_vmap_area_lazy+0x708/0xae0 mm/vmalloc.c:2304
 _vm_unmap_aliases+0x79d/0x840 mm/vmalloc.c:2899
 change_page_attr_set_clr+0x2fe/0xdb0 arch/x86/mm/pat/set_memory.c:1881
 change_page_attr_set arch/x86/mm/pat/set_memory.c:1922 [inline]
 set_memory_nx+0xf2/0x130 arch/x86/mm/pat/set_memory.c:2110
 free_init_pages arch/x86/mm/init.c:929 [inline]
 free_kernel_image_pages arch/x86/mm/init.c:948 [inline]
 free_initmem+0x79/0x110 arch/x86/mm/init.c:975
 kernel_init+0x31/0x2b0 init/main.c:1475
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Memory state around the buggy address:
 ffff888032abf100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff888032abf180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff888032abf200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
                      ^
 ffff888032abf280: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
 ffff888032abf300: 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc fc
==================================================================

Crashes (2151):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/28 19:22 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 14:49 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/27 00:52 upstream 7eef7e306d3c 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/22 17:42 upstream 28eb75e178d3 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/17 08:53 upstream 4a5df3796467 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/03 19:40 upstream 3e5e6c9900c3 f00eed24 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: slab-use-after-free Read in binder_release_work
2024/09/28 22:55 upstream 3efc57369a0c ba29ff75 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 16:51 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/27 12:54 upstream 445d9f05fa14 52b38cc1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/30 02:48 upstream 7af08b57bcb9 b5d2be89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/30 01:21 upstream 7af08b57bcb9 b5d2be89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/30 00:00 upstream 7af08b57bcb9 b5d2be89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 22:15 upstream 7af08b57bcb9 b5d2be89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 18:59 upstream 7af08b57bcb9 b5d2be89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 16:49 upstream 7af08b57bcb9 b5d2be89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 13:46 upstream 7af08b57bcb9 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 05:12 upstream 65ae975e97d5 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 04:10 upstream 65ae975e97d5 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 02:15 upstream 65ae975e97d5 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 23:26 upstream 65ae975e97d5 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 13:44 upstream b86545e02e8c 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 10:24 upstream b86545e02e8c 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 03:36 upstream b86545e02e8c 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/27 23:22 upstream aaf20f870da0 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/27 21:54 upstream aaf20f870da0 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/27 15:17 upstream aaf20f870da0 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/15 08:22 upstream cfaaa7d010d1 f6ede3a3 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/09 08:52 upstream f1dce1f09380 6b856513 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/09 03:13 upstream f1dce1f09380 6b856513 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/09/29 00:02 upstream ad46e8f95e93 ba29ff75 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 20:42 upstream 7af08b57bcb9 b5d2be89 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/28 01:20 upstream b86545e02e8c 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 16:26 upstream 0a9b9d17f3a7 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 14:58 upstream 0a9b9d17f3a7 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in binder_release_work
2024/10/29 22:13 upstream e42b1a9a2557 66aeb999 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-compat KASAN: slab-use-after-free Read in binder_release_work
2024/10/12 02:48 linux-next d61a00525464 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in binder_release_work
2024/12/09 13:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/09 11:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/07 00:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/05 17:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 6e50d07b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/05 10:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 29f61fce .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/04 16:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/03 09:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 578925bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/02 00:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/02 00:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/01 08:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/01 02:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/30 19:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/30 04:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/30 00:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/29 10:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/11 21:28 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd ff949d25 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/10 19:03 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd cfc402b4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/10 07:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd deb72877 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/08 16:05 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 9ac0fdc6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/08 05:07 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 9ac0fdc6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/08 02:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 9ac0fdc6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/05 22:02 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 1c533826 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/05 11:34 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 29f61fce .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/04 19:49 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd b50eb251 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/03 05:20 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd bb326ffb .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/12/02 18:39 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd b499ea68 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/04 21:32 upstream 59b723cd2adb 7bfecfb9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KFENCE: use-after-free in binder_release_work
* Struck through repros no longer work on HEAD.