KASAN: use-after-free Read in binder_release

Date	Name	Commit	Repro	Result
2024/09/30	lts (merge base)	4878aadf2d15	C	Didn't crash
2024/09/30	upstream (ToT)	9852d85ec9d4	C	[report] KASAN: slab-use-after-free Read in binder_release_work

Date

Name

Commit

Repro

Result

2024/09/30

lts (merge base)

4878aadf2d15

Didn't crash

2024/09/30

upstream (ToT)

9852d85ec9d4

[report] KASAN: slab-use-after-free Read in binder_release_work

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-5-10	KASAN: use-after-free Read in binder_release_work	C			154	42d	77d	0/2	upstream: reported C repro on 2024/11/12 10:57
android-44	KASAN: use-after-free Read in binder_release_work	C			5	2470d	2119d	0/2	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: use-after-free Read in binder_release_work kernel	C			6	2470d	2491d	5/28	fixed on 2018/05/08 18:30
android-49	KASAN: use-after-free Read in binder_release_work	C			132	2470d	2484d	3/3	fixed on 2018/05/22 16:58
upstream	KASAN: slab-use-after-free Read in binder_release_work kernel	C	done	done	2151	48d	118d	27/28	upstream: reported C repro on 2024/10/02 21:10

Created	Duration	User	Patch	Repo	Result
2024/12/31 09:15	16m	retest repro		android13-5.15-lts	OK log

Created

Duration

User

Patch

Repo

Result

2024/12/31 09:15

16m

retest repro

android13-5.15-lts

OK log

================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120 lib/list_debug.c:46 Read of size 8 at addr ffff8881143c7c08 by task kworker/0:1/15196 CPU: 0 PID: 15196 Comm: kworker/0:1 Tainted: G W 5.15.173-syzkaller-00123-g6f0de8f8a165 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Workqueue: events binder_deferred_func Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106 print_address_description+0x87/0x3b0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:427 [inline] kasan_report+0x179/0x1c0 mm/kasan/report.c:444 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309 __list_del_entry_valid+0x2f/0x120 lib/list_debug.c:46 __list_del_entry include/linux/list.h:132 [inline] list_del_init include/linux/list.h:204 [inline] binder_dequeue_work_head_ilocked drivers/android/binder.c:515 [inline] binder_release_work+0xcd/0x680 drivers/android/binder.c:5183 binder_deferred_release drivers/android/binder.c:6339 [inline] binder_deferred_func+0x1847/0x1bc0 drivers/android/binder.c:6374 process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325 worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472 kthread+0x421/0x510 kernel/kthread.c:337 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 </TASK> Allocated by task 15569: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:433 [inline] ____kasan_kmalloc+0xdb/0x110 mm/kasan/common.c:512 __kasan_kmalloc+0x9/0x10 mm/kasan/common.c:521 kasan_kmalloc include/linux/kasan.h:227 [inline] kmem_cache_alloc_trace+0x115/0x210 mm/slub.c:3267 kmalloc include/linux/slab.h:603 [inline] kzalloc include/linux/slab.h:733 [inline] binder_request_freeze_notification drivers/android/binder.c:3895 [inline] binder_thread_write+0x9f5/0x6ec0 drivers/android/binder.c:4535 binder_ioctl_write_read+0x205/0x7300 drivers/android/binder.c:5470 binder_ioctl+0x371/0x2640 drivers/android/binder.c:5787 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0x114/0x190 fs/ioctl.c:860 __x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:860 x64_sys_call+0x98/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Freed by task 15196: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:45 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370 ____kasan_slab_free+0x126/0x160 mm/kasan/common.c:365 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:373 kasan_slab_free include/linux/kasan.h:193 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook+0xbd/0x190 mm/slub.c:1749 slab_free mm/slub.c:3519 [inline] kfree+0xc8/0x220 mm/slub.c:4579 binder_free_ref+0x128/0x260 drivers/android/binder.c:1465 binder_deferred_release drivers/android/binder.c:6334 [inline] binder_deferred_func+0x171c/0x1bc0 drivers/android/binder.c:6374 process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325 worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472 kthread+0x421/0x510 kernel/kthread.c:337 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 Last potentially related work creation: kasan_save_stack+0x3b/0x60 mm/kasan/common.c:38 __kasan_record_aux_stack+0xd3/0xf0 mm/kasan/generic.c:348 kasan_record_aux_stack_noalloc+0xb/0x10 mm/kasan/generic.c:358 __call_rcu_common kernel/rcu/tree.c:3007 [inline] call_rcu+0x123/0x10b0 kernel/rcu/tree.c:3125 nf_hook_entries_free net/netfilter/core.c:94 [inline] __nf_register_net_hook+0x634/0x7c0 net/netfilter/core.c:425 nf_register_net_hook+0xb6/0x190 net/netfilter/core.c:542 nf_register_net_hooks+0x44/0x1b0 net/netfilter/core.c:558 nf_nat_register_fn+0x461/0x5e0 net/netfilter/nf_nat_core.c:1043 nf_nat_ipv4_register_fn+0x4b/0x60 net/netfilter/nf_nat_proto.c:824 ipt_nat_register_lookups net/ipv4/netfilter/iptable_nat.c:84 [inline] iptable_nat_table_init+0x11c/0x330 net/ipv4/netfilter/iptable_nat.c:128 xt_find_table_lock+0x36e/0x440 net/netfilter/x_tables.c:1259 xt_request_find_table_lock+0x27/0xf0 net/netfilter/x_tables.c:1284 get_info net/ipv4/netfilter/ip_tables.c:964 [inline] do_ipt_get_ctl+0x871/0x1880 net/ipv4/netfilter/ip_tables.c:1660 nf_getsockopt+0x26c/0x290 net/netfilter/nf_sockopt.c:116 ip_getsockopt+0x153a/0x2160 net/ipv4/ip_sockglue.c:1797 tcp_getsockopt+0x249/0x7030 net/ipv4/tcp.c:4305 sock_common_getsockopt+0x99/0xb0 net/core/sock.c:3432 __sys_getsockopt+0x290/0x4f0 net/socket.c:2247 __do_sys_getsockopt net/socket.c:2262 [inline] __se_sys_getsockopt net/socket.c:2259 [inline] __x64_sys_getsockopt+0xbf/0xd0 net/socket.c:2259 x64_sys_call+0x1a9/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:56 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 The buggy address belongs to the object at ffff8881143c7c00 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 8 bytes inside of 64-byte region [ffff8881143c7c00, ffff8881143c7c40) The buggy address belongs to the page: page:ffffea000450f1c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1143c7 flags: 0x4000000000000200(slab|zone=1) raw: 4000000000000200 ffffea000431bf00 0000000500000005 ffff888100042780 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 113, ts 5424980064, free_ts 5424347788 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook+0x1a3/0x1b0 mm/page_alloc.c:2605 prep_new_page+0x1b/0x110 mm/page_alloc.c:2611 get_page_from_freelist+0x3550/0x35d0 mm/page_alloc.c:4485 __alloc_pages+0x27e/0x8f0 mm/page_alloc.c:5779 allocate_slab mm/slub.c:1932 [inline] new_slab+0x9a/0x4e0 mm/slub.c:1995 ___slab_alloc+0x39e/0x830 mm/slub.c:3028 __slab_alloc+0x4a/0x90 mm/slub.c:3115 slab_alloc_node mm/slub.c:3206 [inline] slab_alloc mm/slub.c:3248 [inline] __kmalloc+0x16d/0x270 mm/slub.c:4423 __kmalloc_node include/linux/slab.h:469 [inline] kmalloc_node include/linux/slab.h:626 [inline] kvmalloc_node+0x1f0/0x4d0 mm/util.c:628 kvmalloc include/linux/mm.h:851 [inline] simple_xattr_alloc+0x43/0xa0 fs/xattr.c:987 shmem_initxattrs+0x8d/0x200 mm/shmem.c:3190 security_inode_init_security+0x252/0x390 security/security.c:1115 shmem_symlink+0x144/0x5f0 mm/shmem.c:3094 vfs_symlink+0x29f/0x480 fs/namei.c:4429 do_symlinkat+0x1ea/0x5a0 fs/namei.c:4458 __do_sys_symlink fs/namei.c:4480 [inline] __se_sys_symlink fs/namei.c:4478 [inline] __x64_sys_symlink+0x7e/0x90 fs/namei.c:4478 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1472 [inline] free_pcp_prepare mm/page_alloc.c:1544 [inline] free_unref_page_prepare+0x7c8/0x7d0 mm/page_alloc.c:3534 free_unref_page+0xe8/0x750 mm/page_alloc.c:3616 free_the_page mm/page_alloc.c:805 [inline] __free_pages+0x61/0xf0 mm/page_alloc.c:5855 free_pages+0x7c/0x90 mm/page_alloc.c:5866 selinux_genfs_get_sid+0x24d/0x2a0 security/selinux/hooks.c:1375 inode_doinit_with_dentry+0x8d2/0x1070 security/selinux/hooks.c:1570 selinux_d_instantiate+0x27/0x40 security/selinux/hooks.c:6489 security_d_instantiate+0x9f/0x100 security/security.c:2074 d_splice_alias+0x6d/0x390 fs/dcache.c:3071 kernfs_iop_lookup+0x29e/0x2f0 fs/kernfs/dir.c:1175 __lookup_slow+0x2b9/0x400 fs/namei.c:1663 lookup_slow+0x5a/0x80 fs/namei.c:1680 walk_component+0x48c/0x610 fs/namei.c:1976 lookup_last fs/namei.c:2431 [inline] path_lookupat+0x16d/0x450 fs/namei.c:2455 filename_lookup+0x230/0x5c0 fs/namei.c:2484 user_path_at_empty+0x43/0x1a0 fs/namei.c:2883 Memory state around the buggy address: ffff8881143c7b00: 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc fc ffff8881143c7b80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc >ffff8881143c7c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff8881143c7c80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc ffff8881143c7d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ================================================================== general protection fault, probably for non-canonical address 0xfdd3fc676000076b: 0000 [#1] PREEMPT SMP KASAN KASAN: maybe wild-memory-access in range [0xeea0033b00003b58-0xeea0033b00003b5f] CPU: 0 PID: 15196 Comm: kworker/0:1 Tainted: G B W 5.15.173-syzkaller-00123-g6f0de8f8a165 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Workqueue: events binder_deferred_func RIP: 0010:__list_del_entry_valid+0x75/0x120 lib/list_debug.c:59 Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 ac 7c 48 ff 49 8b 17 4c 39 f2 75 RSP: 0018:ffffc90000ca7c00 EFLAGS: 00010a03 RAX: 1dd400676000076b RBX: ffff88810b84ef00 RCX: ffffffff826a40d9 RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff8881143c7c00 RBP: ffffc90000ca7c20 R08: ffffffff8141a43b R09: 0000000000000003 R10: fffffbfff0e9a84c R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881143c7c00 R14: ffff8881143c7c00 R15: eea0033b00003b5c FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c241bfc CR3: 000000010f677000 CR4: 00000000003506b0 DR0: 0000000000009bda DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: <TASK> __list_del_entry include/linux/list.h:132 [inline] list_del_init include/linux/list.h:204 [inline] binder_dequeue_work_head_ilocked drivers/android/binder.c:515 [inline] binder_release_work+0xcd/0x680 drivers/android/binder.c:5183 binder_deferred_release drivers/android/binder.c:6339 [inline] binder_deferred_func+0x1847/0x1bc0 drivers/android/binder.c:6374 process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325 worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472 kthread+0x421/0x510 kernel/kthread.c:337 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 </TASK> Modules linked in: ---[ end trace 7bf20a5dfba506aa ]--- RIP: 0010:__list_del_entry_valid+0x75/0x120 lib/list_debug.c:59 Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 ac 7c 48 ff 49 8b 17 4c 39 f2 75 RSP: 0018:ffffc90000ca7c00 EFLAGS: 00010a03 RAX: 1dd400676000076b RBX: ffff88810b84ef00 RCX: ffffffff826a40d9 RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff8881143c7c00 RBP: ffffc90000ca7c20 R08: ffffffff8141a43b R09: 0000000000000003 R10: fffffbfff0e9a84c R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881143c7c00 R14: ffff8881143c7c00 R15: eea0033b00003b5c FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c241bfc CR3: 000000010f677000 CR4: 00000000003506b0 DR0: 0000000000009bda DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 48 85 db test %rbx,%rbx 3: 74 68 je 0x6d 5: 4d 85 ff test %r15,%r15 8: 74 74 je 0x7e a: 48 ba 00 01 00 00 00 movabs $0xdead000000000100,%rdx 11: 00 ad de 14: 48 39 d3 cmp %rdx,%rbx 17: 74 76 je 0x8f 19: 48 83 c2 22 add $0x22,%rdx 1d: 49 39 d7 cmp %rdx,%r15 20: 74 7e je 0xa0 22: 4c 89 f8 mov %r15,%rax 25: 48 c1 e8 03 shr $0x3,%rax * 29: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction 2e: 74 08 je 0x38 30: 4c 89 ff mov %r15,%rdi 33: e8 ac 7c 48 ff call 0xff487ce4 38: 49 8b 17 mov (%r15),%rdx 3b: 4c 39 f2 cmp %r14,%rdx 3e: 75 .byte 0x75

Crashes (97):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/12/16 11:59	android13-5.15-lts	6f0de8f8a165	eec85da6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/09 11:45	android13-5.15-lts	431fb5556be3	9ac0fdc6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/07 00:14	android13-5.15-lts	431fb5556be3	9ac0fdc6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/05 19:20	android13-5.15-lts	252009836bae	29f61fce	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/05 15:16	android13-5.15-lts	252009836bae	29f61fce	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/02 16:37	android13-5.15-lts	9efd694ed939	b499ea68	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/02 06:01	android13-5.15-lts	548ca9fbf844	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/02 00:19	android13-5.15-lts	548ca9fbf844	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/01 09:07	android13-5.15-lts	548ca9fbf844	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/12/01 02:14	android13-5.15-lts	548ca9fbf844	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/30 19:24	android13-5.15-lts	548ca9fbf844	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/30 02:39	android13-5.15-lts	548ca9fbf844	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/27 05:10	android13-5.15-lts	101e665d55a8	52b38cc1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/26 10:51	android13-5.15-lts	101e665d55a8	e9a9a9f2	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/26 09:47	android13-5.15-lts	101e665d55a8	11dbc254	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/25 19:21	android13-5.15-lts	101e665d55a8	11dbc254	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/24 18:17	android13-5.15-lts	101e665d55a8	68da6d95	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/24 01:23	android13-5.15-lts	101e665d55a8	68da6d95	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/23 22:46	android13-5.15-lts	101e665d55a8	68da6d95	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/23 04:50	android13-5.15-lts	101e665d55a8	68da6d95	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/22 22:27	android13-5.15-lts	101e665d55a8	68da6d95	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/22 11:45	android13-5.15-lts	101e665d55a8	4b25d554	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/22 08:32	android13-5.15-lts	2e66050fb753	4b25d554	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/21 09:26	android13-5.15-lts	2e66050fb753	4b25d554	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/19 16:51	android13-5.15-lts	2e66050fb753	7d02db5a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/17 09:25	android13-5.15-lts	ef332e923197	cfe3a04a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/15 18:50	android13-5.15-lts	3bfe08931bff	cfe3a04a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/14 12:53	android13-5.15-lts	3bfe08931bff	a8c99394	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/11 12:04	android13-5.15-lts	3bfe08931bff	0c4b1325	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/10 15:17	android13-5.15-lts	5e4635681cf1	6b856513	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/10 05:58	android13-5.15-lts	5e4635681cf1	6b856513	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/08 18:11	android13-5.15-lts	5e4635681cf1	6b856513	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/07 12:45	android13-5.15-lts	5e4635681cf1	867e44df	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/07 12:45	android13-5.15-lts	5e4635681cf1	867e44df	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 18:24	android13-5.15-lts	5e4635681cf1	da38b4c9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 13:00	android13-5.15-lts	5e4635681cf1	da38b4c9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 10:17	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 08:04	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 04:18	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 04:17	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 04:16	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/05 04:16	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/04 17:57	android13-5.15-lts	5e4635681cf1	509da429	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/11/03 15:14	android13-5.15-lts	5e4635681cf1	f00eed24	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/09/30 05:04	android13-5.15-lts	8e36931104ac	ba29ff75	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work
2024/09/30 04:48	android13-5.15-lts	8e36931104ac	ba29ff75	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: use-after-free Read in binder_release_work

Crashes (97):

Assets (help?)

2024/12/16 11:59

android13-5.15-lts