From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54B6528EC64 for ; Mon, 13 Jan 2025 14:53:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736780002; cv=none; b=nR1qZ4Iu1KtQqkCgWO+h3Yc9LV+t7JNHgseQV5os1D7QhFf/kKibflakXAuUUvU3DgXEdTigOMiMzYgSGeyN+otwrLFSTPY6Wyk5Dh9UPE0ct0u6A2UatMVvq2FNFiEL5AW8aGWKZOVR+JxBQs5geHdh8oY76bVdFJ3B4DHUixA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736780002; c=relaxed/simple; bh=++ojfYjxo4zS0NCvdsRRVvaIAq/kl1odLZo9zga3Jlo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=bC64MGO4BRRLtsTSMvht7t61vd6/OaEu9VZmx5MkUGNzHHBO2ws7GVVtElOMYA9Lt6KJkNjRaXSxwOqrLLdHY5873x88SVjCmpqw7y4Ab+PKRCMg2JOAnD2AdPI0EgJ8iqyjEyxe4udxfJCehYRsG+J9g2hkWvw46OeWrCvxyvA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=NQpEifhH; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NQpEifhH" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-219f6ca9a81so166335ad.1 for ; Mon, 13 Jan 2025 06:53:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736780000; x=1737384800; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=n95UCbjG2jUkBj2EZliCLQ2onyNzj/bx1z8aUNKVA14=; b=NQpEifhH76M7UGfsd6mqx7w5IKJ/iQ4M1A+fIciKGoiRh3Luwm9wKZRW6u2u/ePZkf Qco2CRU50VCKpIt7nxtPohzRnDvgTz4BPsN3Tk+JAdw2qMid4uW61YrZY5OoeZHyL5wm fUkEdbndid+FCyBGWdjoAuKVWM1zYoTk5MTkFJs84IcsGwmFUBnuePf06o2/SPog7CeL +EX//kJU55UfJNto8moE0WfBVsYrA4at0VU1BpDMX6EHb7PzcrXlB4HDHVW898BT7XSx KzF1Jt4/4Zmyrx+N9vX3fwmcJ+x7f4QFSmv2RcvtzmUVzm8nR1qt9Ci92vc4wDq8j/bB /Dwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736780000; x=1737384800; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=n95UCbjG2jUkBj2EZliCLQ2onyNzj/bx1z8aUNKVA14=; b=NM/feBGPtw7B0K6X+q6mLRzBGrDjv8g1v6aFhutO2AQ5kPMnJ2cjZhdLaJ7im0BH5u RTSEAd0GtAwCztCGqtXqjBcrFKiryKoyMcYnmSS8cIHl0GzKx5yK+Ie9DTXyc3GTUxDE ZI2jJBVSKPMYaQBh/UK4ixXkDx2w04wVitqvTcndNavOSQU67UeZNr2fcOXkfbUuI2z8 csFPI+3kRC4PQrh74Ow9ioHj8zINBcAzKMF651J8+QoAM8A+l5SZJEU2gpmfnV1NrfSr I6G8mvGgjxjEYZJb1UF3rAQ/B5ctsYihcAjlG+EPW7RdSz1rfTCjEQts1dRoEs+/4TFm QH4g== X-Forwarded-Encrypted: i=1; AJvYcCVIEfwLfc/z/FeCRX8u4RjsP9zA2jn6VCRTqYZGrNh1P28SXMvhRScwzvEUjtT9e3/Focf6SpxudbuW8PI=@vger.kernel.org X-Gm-Message-State: AOJu0YwQLWb5CLaHqYSMRbq9U5h5m13ZWLbd7u9Zi3DUuuJi9+vXkgHY Ox0X4Pr1Df06wI124N1YQ5BTAF5Dum/ujeuQzBuVyjBhIp51lRlMPR0MIbz4yg== X-Gm-Gg: ASbGncsZJS8CxWuiGZ9bVxSgfVmyo1inPI2jo9Ovb3jJIio/3aeWCdjaN3crAYAZclq CuUR8ZLUdWk/oislL7ObhX8IehLeyu9NfzK/bqU6ycMKzKmYQzPBzYw4x4DaUNwYCR3RBDTDQwf H8owMpNzoJqNRsjTN6G5AOlv/ZHtFY/C2642lW4Uaq1/1fBqlRwlh83bU2gLxuZxzrhLd55ALdL qlUPBF2l/ROOux0Gz/+scMxN2H8vGUEDGsKKbGpPn78dXHrtt95181ABkqodSYt+uD7V0qJpjUr KLaZBtZXL9RSEeFLuwE= X-Google-Smtp-Source: AGHT+IG7cUfI4XvH8buVCWsPO5yCXIdIfLB9f8Qld+Aa1uWKEnISD+U+/dXiEJvtslxvVrNVMGjU4A== X-Received: by 2002:a17:902:f7c6:b0:20b:5e34:1850 with SMTP id d9443c01a7336-21aa33bd44amr6422815ad.23.1736780000372; Mon, 13 Jan 2025 06:53:20 -0800 (PST) Received: from google.com (57.145.233.35.bc.googleusercontent.com. [35.233.145.57]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21a9f1386efsm54347335ad.75.2025.01.13.06.53.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jan 2025 06:53:19 -0800 (PST) Date: Mon, 13 Jan 2025 14:53:15 +0000 From: Carlos Llamas To: syzbot Cc: aardelean@baylibre.com, aliceryhl@google.com, arve@android.com, brauner@kernel.org, gregkh@linuxfoundation.org, hdanton@sina.com, joel@joelfernandes.org, jonathan.cameron@huawei.com, linux-kernel@vger.kernel.org, maco@android.com, nuno.sa@analog.com, surenb@google.com, syzkaller-bugs@googlegroups.com, tkjos@android.com Subject: Re: [syzbot] [kernel?] KASAN: slab-use-after-free Read in binder_release_work Message-ID: References: <66fdb6be.050a0220.40bef.0024.GAE@google.com> <6782f470.050a0220.216c54.0027.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6782f470.050a0220.216c54.0027.GAE@google.com> On Sat, Jan 11, 2025 at 02:45:04PM -0800, syzbot wrote: > syzbot suspects this issue was fixed by commit: > > commit 7e20434cbca814cb91a0a261ca0106815ef48e5f > Author: Carlos Llamas > Date: Thu Sep 26 23:36:14 2024 +0000 > > binder: fix freeze UAF in binder_release_work() > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1380f218580000 > start commit: 3e5e6c9900c3 Merge tag 'nfsd-6.12-3' of git://git.kernel.o.. > git tree: upstream > kernel config: https://syzkaller.appspot.com/x/.config?x=cf5329baa0b5a257 > dashboard link: https://syzkaller.appspot.com/bug?extid=9ba7a8cdae0440edd57b > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1245faa7980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105db630580000 > > If the result looks correct, please mark the issue as fixed by replying with: > > #syz fix: binder: fix freeze UAF in binder_release_work() > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection #syz fix: binder: fix freeze UAF in binder_release_work()