Re: binder epoll bug (was KASAN: use-after-free Read in __lock_acquire (2))

On Tue, Dec 12, 2017 at 04:05:17PM -0800, Eric Biggers wrote: > [+Cc binder maintainers and list] > [-Cc lockdep maintainers, USB maintainers, and other random people] > > On Sat, Dec 02, 2017 at 08:08:01AM -0800, syzbot wrote: > > BUG: KASAN: use-after-free in __lock_acquire+0x465e/0x47f0 > > ker

binder epoll bug (was KASAN: use-after-free Read in __lock_acquire (2))

[+Cc binder maintainers and list] [-Cc lockdep maintainers, USB maintainers, and other random people] On Sat, Dec 02, 2017 at 08:08:01AM -0800, syzbot wrote: > BUG: KASAN: use-after-free in __lock_acquire+0x465e/0x47f0 > kernel/locking/lockdep.c:3378 > Read of size 8 at addr 8801cd8e13f0 by ta

Re: KASAN: use-after-free Read in __lock_acquire (2)

On Sat, Dec 02, 2017 at 08:08:01AM -0800, syzbot wrote: > Allocated by task 3086: > save_stack+0x43/0xd0 mm/kasan/kasan.c:447 > set_track mm/kasan/kasan.c:459 [inline] > kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551 > kmem_cache_alloc_trace+0x136/0x750 mm/slab.c:3613 > kmalloc include/linux/sla