syzbot


KASAN: slab-use-after-free Read in binder_release_work

Status: upstream: reported C repro on 2024/10/02 21:10
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+9ba7a8cdae0440edd57b@syzkaller.appspotmail.com
First crash: 46d, last: 1h27m
Cause bisection: introduced by (bisect log) :
commit de79583ffe794663c53b77f97be814522d4edc4f
Author: Nuno Sa <nuno.sa@analog.com>
Date: Tue Jul 2 16:02:33 2024 +0000

  iio: core: add accessors 'masklength'

Crash: invalid opcode in binder_inc_ref_for_node (log)
Repro: syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KASAN: slab-use-after-free Read in binder_release_work 1 (3) 2024/10/03 01:20
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 KASAN: use-after-free Read in binder_release_work C 10 16h37m 2d00h 0/2 upstream: reported C repro on 2024/11/12 10:57
android-5-15 KASAN: use-after-free Read in binder_release_work origin:upstream C 43 2d23h 45d 0/2 upstream: reported C repro on 2024/09/30 05:16
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/10/03 01:00 18m hdanton@sina.com patch upstream OK log

Sample crash report:
==================================================================
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x14c/0x1c0 lib/list_debug.c:49
Read of size 8 at addr ffff88801e3b9c08 by task kworker/1:2/963

CPU: 1 UID: 0 PID: 963 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events binder_deferred_func
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:488
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 __list_del_entry_valid_or_report+0x14c/0x1c0 lib/list_debug.c:49
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del_init include/linux/list.h:287 [inline]
 binder_dequeue_work_head_ilocked drivers/android/binder.c:540 [inline]
 binder_release_work+0x9b/0x490 drivers/android/binder.c:5110
 binder_deferred_release drivers/android/binder.c:6261 [inline]
 binder_deferred_func+0xe6e/0x12e0 drivers/android/binder.c:6296
 process_one_work+0x9c8/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 5897:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 binder_request_freeze_notification drivers/android/binder.c:3855 [inline]
 binder_thread_write+0xe19/0x4c60 drivers/android/binder.c:4485
 binder_ioctl_write_read drivers/android/binder.c:5387 [inline]
 binder_ioctl+0x265b/0x6fa0 drivers/android/binder.c:5718
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x192/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 963:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kfree+0x14f/0x4b0 mm/slub.c:4727
 binder_free_ref drivers/android/binder.c:1355 [inline]
 binder_deferred_release drivers/android/binder.c:6256 [inline]
 binder_deferred_func+0xdd7/0x12e0 drivers/android/binder.c:6296
 process_one_work+0x9c8/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88801e3b9c00
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 8 bytes inside of
 freed 64-byte region [ffff88801e3b9c00, ffff88801e3b9c40)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e3b9
anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000000 ffff88801b0418c0 ffffea0000bd2b80 dead000000000005
raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2, tgid 2 (kthreadd), ts 12429811391, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2265
 alloc_slab_page mm/slub.c:2412 [inline]
 allocate_slab mm/slub.c:2578 [inline]
 new_slab+0x2ba/0x3f0 mm/slub.c:2631
 ___slab_alloc+0xdac/0x1880 mm/slub.c:3818
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3908
 __slab_alloc_node mm/slub.c:3961 [inline]
 slab_alloc_node mm/slub.c:4122 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x367/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 lsm_blob_alloc+0x68/0x90 security/security.c:685
 lsm_task_alloc security/security.c:772 [inline]
 security_task_alloc+0x2d/0x260 security/security.c:3159
 copy_process+0x24d1/0x8cb0 kernel/fork.c:2354
 kernel_clone+0xfd/0x960 kernel/fork.c:2784
 kernel_thread+0xc0/0x100 kernel/fork.c:2846
 create_kthread kernel/kthread.c:412 [inline]
 kthreadd+0x4ef/0x7d0 kernel/kthread.c:767
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page_owner free stack trace missing

Memory state around the buggy address:
 ffff88801e3b9b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff88801e3b9b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff88801e3b9c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
                      ^
 ffff88801e3b9c80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
 ffff88801e3b9d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x166/0x1c0 lib/list_debug.c:50
Read of size 8 at addr ffff88801e3b9c00 by task kworker/1:2/963

CPU: 1 UID: 0 PID: 963 Comm: kworker/1:2 Tainted: G    B              6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events binder_deferred_func
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:488
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 __list_del_entry_valid_or_report+0x166/0x1c0 lib/list_debug.c:50
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del_init include/linux/list.h:287 [inline]
 binder_dequeue_work_head_ilocked drivers/android/binder.c:540 [inline]
 binder_release_work+0x9b/0x490 drivers/android/binder.c:5110
 binder_deferred_release drivers/android/binder.c:6261 [inline]
 binder_deferred_func+0xe6e/0x12e0 drivers/android/binder.c:6296
 process_one_work+0x9c8/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 5897:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 binder_request_freeze_notification drivers/android/binder.c:3855 [inline]
 binder_thread_write+0xe19/0x4c60 drivers/android/binder.c:4485
 binder_ioctl_write_read drivers/android/binder.c:5387 [inline]
 binder_ioctl+0x265b/0x6fa0 drivers/android/binder.c:5718
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x192/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 963:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kfree+0x14f/0x4b0 mm/slub.c:4727
 binder_free_ref drivers/android/binder.c:1355 [inline]
 binder_deferred_release drivers/android/binder.c:6256 [inline]
 binder_deferred_func+0xdd7/0x12e0 drivers/android/binder.c:6296
 process_one_work+0x9c8/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88801e3b9c00
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes inside of
 freed 64-byte region [ffff88801e3b9c00, ffff88801e3b9c40)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e3b9
anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000000 ffff88801b0418c0 ffffea0000bd2b80 dead000000000005
raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2, tgid 2 (kthreadd), ts 12429811391, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2265
 alloc_slab_page mm/slub.c:2412 [inline]
 allocate_slab mm/slub.c:2578 [inline]
 new_slab+0x2ba/0x3f0 mm/slub.c:2631
 ___slab_alloc+0xdac/0x1880 mm/slub.c:3818
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3908
 __slab_alloc_node mm/slub.c:3961 [inline]
 slab_alloc_node mm/slub.c:4122 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x367/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 lsm_blob_alloc+0x68/0x90 security/security.c:685
 lsm_task_alloc security/security.c:772 [inline]
 security_task_alloc+0x2d/0x260 security/security.c:3159
 copy_process+0x24d1/0x8cb0 kernel/fork.c:2354
 kernel_clone+0xfd/0x960 kernel/fork.c:2784
 kernel_thread+0xc0/0x100 kernel/fork.c:2846
 create_kthread kernel/kthread.c:412 [inline]
 kthreadd+0x4ef/0x7d0 kernel/kthread.c:767
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page_owner free stack trace missing

Memory state around the buggy address:
 ffff88801e3b9b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff88801e3b9b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff88801e3b9c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
                   ^
 ffff88801e3b9c80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
 ffff88801e3b9d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================
Oops: general protection fault, probably for non-canonical address 0xe0907c3da0000078: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x048401ed000003c0-0x048401ed000003c7]
CPU: 1 UID: 0 PID: 963 Comm: kworker/1:2 Tainted: G    B              6.12.0-rc5-syzkaller-00308-g3e5e6c9900c3 #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events binder_deferred_func
RIP: 0010:__list_del_entry_valid_or_report+0x95/0x1c0 lib/list_debug.c:62
Code: 0f 84 8a 00 00 00 48 b8 22 01 00 00 00 00 ad de 48 39 c1 0f 84 86 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 cf 48 c1 ef 03 <80> 3c 07 00 0f 85 f1 00 00 00 48 8b 01 48 39 f0 75 75 48 8d 7a 08
RSP: 0018:ffffc900037ffbd8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff88801e3b9c00 RCX: 048401ed000003c3
RDX: ffff888029a9f700 RSI: ffff88801e3b9c00 RDI: 0090803da0000078
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 3d3d3d3d3d3d3d3d R12: dffffc0000000000
R13: ffff88807cbac2d0 R14: ffff88807cbac0d8 R15: ffff88801e3b9c08
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc4e2f720d0 CR3: 000000000df7c000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del_init include/linux/list.h:287 [inline]
 binder_dequeue_work_head_ilocked drivers/android/binder.c:540 [inline]
 binder_release_work+0x9b/0x490 drivers/android/binder.c:5110
 binder_deferred_release drivers/android/binder.c:6261 [inline]
 binder_deferred_func+0xe6e/0x12e0 drivers/android/binder.c:6296
 process_one_work+0x9c8/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0x95/0x1c0 lib/list_debug.c:62
Code: 0f 84 8a 00 00 00 48 b8 22 01 00 00 00 00 ad de 48 39 c1 0f 84 86 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 cf 48 c1 ef 03 <80> 3c 07 00 0f 85 f1 00 00 00 48 8b 01 48 39 f0 75 75 48 8d 7a 08
RSP: 0018:ffffc900037ffbd8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff88801e3b9c00 RCX: 048401ed000003c3
RDX: ffff888029a9f700 RSI: ffff88801e3b9c00 RDI: 0090803da0000078
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 3d3d3d3d3d3d3d3d R12: dffffc0000000000
R13: ffff88807cbac2d0 R14: ffff88807cbac0d8 R15: ffff88801e3b9c08
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc4e2f720d0 CR3: 000000000df7c000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	0f 84 8a 00 00 00    	je     0x90
   6:	48 b8 22 01 00 00 00 	movabs $0xdead000000000122,%rax
   d:	00 ad de
  10:	48 39 c1             	cmp    %rax,%rcx
  13:	0f 84 86 00 00 00    	je     0x9f
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 cf             	mov    %rcx,%rdi
  26:	48 c1 ef 03          	shr    $0x3,%rdi
* 2a:	80 3c 07 00          	cmpb   $0x0,(%rdi,%rax,1) <-- trapping instruction
  2e:	0f 85 f1 00 00 00    	jne    0x125
  34:	48 8b 01             	mov    (%rcx),%rax
  37:	48 39 f0             	cmp    %rsi,%rax
  3a:	75 75                	jne    0xb1
  3c:	48 8d 7a 08          	lea    0x8(%rdx),%rdi

Crashes (1701):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/03 19:40 upstream 3e5e6c9900c3 f00eed24 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/09 08:52 upstream f1dce1f09380 6b856513 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/09 03:13 upstream f1dce1f09380 6b856513 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/09/29 00:02 upstream ad46e8f95e93 ba29ff75 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/09/28 22:55 upstream 3efc57369a0c ba29ff75 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 09:52 upstream 0a9b9d17f3a7 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 08:13 upstream 0a9b9d17f3a7 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 02:28 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 01:04 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 21:01 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 19:05 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 15:39 upstream f1b785f4c787 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 10:13 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 00:16 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 20:06 upstream 3022e9d00ebe 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 17:23 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 16:09 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 14:22 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 12:32 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 10:54 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 06:13 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 01:03 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 20:05 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 17:55 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 11:05 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in binder_release_work
2024/11/10 20:33 upstream a9cda7c0ffed 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/02 01:01 upstream 6c52d4da1c74 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 08:57 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 12:33 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 06:43 upstream a9cda7c0ffed 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 10:06 upstream 0a9b9d17f3a7 a8c99394 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/14 07:05 upstream 0a9b9d17f3a7 a8c99394 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 22:30 upstream f1b785f4c787 4dfba277 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 18:04 upstream f1b785f4c787 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 11:18 upstream 3022e9d00ebe 62026c85 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 06:51 upstream 3022e9d00ebe 62026c85 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 03:56 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 02:47 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 23:13 upstream 3022e9d00ebe c819f227 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 21:52 upstream 3022e9d00ebe c819f227 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 20:48 upstream 3022e9d00ebe c819f227 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 07:19 upstream 2d5404caa8c7 75bb1b32 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 05:51 upstream 2d5404caa8c7 75bb1b32 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 04:16 upstream 2d5404caa8c7 75bb1b32 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/12 03:05 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 23:36 upstream 2d5404caa8c7 75bb1b32 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 22:01 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 16:24 upstream 2d5404caa8c7 0c4b1325 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 14:00 upstream 2d5404caa8c7 0c4b1325 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 13:59 upstream 2d5404caa8c7 0c4b1325 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 09:29 upstream 2d5404caa8c7 0c4b1325 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 07:54 upstream 2d5404caa8c7 6b856513 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 05:21 upstream a9cda7c0ffed 6b856513 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/11 03:55 upstream a9cda7c0ffed 6b856513 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/05 11:43 upstream 557329bcecc2 509da429 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in binder_release_work
2024/10/29 22:13 upstream e42b1a9a2557 66aeb999 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-compat KASAN: slab-use-after-free Read in binder_release_work
2024/10/29 16:29 upstream e42b1a9a2557 66aeb999 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/10/12 02:48 linux-next d61a00525464 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in binder_release_work
2024/11/10 23:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 563047e691f2 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/13 23:39 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: slab-use-after-free Read in binder_release_work
2024/11/04 21:32 upstream 59b723cd2adb 7bfecfb9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KFENCE: use-after-free in binder_release_work
* Struck through repros no longer work on HEAD.