Kernel panic from out-of-tree binder module — enable CONFIG_ANDROID_BINDER_IPC to fix

[counterapparatus]

Summary

The Pop!_OS kernel ships with CONFIG_ANDROID_BINDER_IPC disabled, forcing Waydroid users to rely on the out-of-tree anbox-binder DKMS module (choff/anbox-modules). This module causes a kernel NULL pointer dereference on 6.18.7-76061807-generic, panicking the system. The crash is 100% reproducible.

Enabling the mainline in-tree binder driver (CONFIG_ANDROID_BINDER_IPC=m, CONFIG_ANDROID_BINDERFS=y) would eliminate the need for this broken out-of-tree module entirely.

Crash details

Environment:

• Pop!_OS 24.04 LTS
• Kernel: 6.18.7-76061807-generic
• Waydroid: 1.6.1
• Binder module: anbox-binder DKMS version 1 (out-of-tree)

Reproducibility: 100% — kernel panics within ~13 seconds of Waydroid container boot, every attempt.

Crash sequence from journalctl -b -1 -k:

1. binder_linux loads and taints the kernel:

   binder_linux: loading out-of-tree module taints kernel.
   binder_linux: module verification failed: signature and/or required key missing - tainting kernel
   

2. Every binder ioctl immediately fails with EINVAL:

   binder_linux: 27651:27651 ioctl 40046210 7ffc29c82660 returned -22
   

   (50+ of these in ~2 seconds)

3. Binder buffer allocator runs out of address space:

   binder_linux: 26631: binder_alloc_buf size 1056768 failed, no address space
   binder_linux: 26243:26457 transaction failed 29201/-28, size 1056768-0 line 3181
   

4. Kernel panics:

   BUG: kernel NULL pointer dereference, address: 0000000000000000
   

Root cause: The DKMS module uses kallsyms_lookup_name via kprobes to resolve unexported kernel symbols at runtime (self-described "very dirty hack" in its deps.c). On kernel 6.18, one or more lookups returns NULL, and the code calls through the NULL function pointer without checking.

Current kernel config

# CONFIG_ANDROID_BINDER_IPC is not set

Requested change

CONFIG_ANDROID_BINDER_IPC=m
CONFIG_ANDROID_BINDERFS=y

The in-tree binder driver is maintained by Google and has been in mainline Linux for years. Other distributions already enable it: Arch Linux (linux-zen), Fedora, postmarketOS, and XanMod kernels. The Waydroid maintainers' official position (waydroid/waydroid#1904) is that distributions should enable the upstream binder rather than relying on out-of-tree DKMS modules.

[unknown-boi-394]

it's bad to use anbox-module outside the kernel , it makes alot of freezes and crashes , for me i recompiled the pop os kernel with binder stuffs enabled , it takes alot of time to compile and installing , and i see it's better if the binder drivers are enabled out-of-the-box