Re: [syzbot] Re: [syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binderfs_evict_inode
From: syzbot
Date: Thu Mar 13 2025 - 01:30:37 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.
***
Subject: Re: [syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binderfs_evict_inode
Author: lizhi.xu@xxxxxxxxxxxxx
#syz test
diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index bc6bae76ccaf..9ac152548030 100644
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -271,12 +271,12 @@ static void binderfs_evict_inode(struct inode *inode)
mutex_lock(&binderfs_minors_mutex);
--info->device_count;
ida_free(&binderfs_minors, device->miscdev.minor);
- mutex_unlock(&binderfs_minors_mutex);
if (refcount_dec_and_test(&device->ref)) {
kfree(device->context.name);
kfree(device);
}
+ mutex_unlock(&binderfs_minors_mutex);
}
static int binderfs_fs_context_parse_param(struct fs_context *fc,