syzbot


memory leak in binder_transaction

Status: fixed on 2019/08/05 13:45
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+182ce46596c3f2e1eb24@syzkaller.appspotmail.com
Fix commit: 1909a671dbc3 binder: fix memory leak in error path
First crash: 1951d, last: 1935d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.14 00/80] 4.14.134-stable review 87 (87) 2019/07/19 04:44
[PATCH 5.2 00/61] 5.2.1-stable review 78 (78) 2019/07/14 06:02
[PATCH 5.1 000/138] 5.1.18-stable review 156 (156) 2019/07/14 06:01
[PATCH 4.19 00/91] 4.19.59-stable review 99 (99) 2019/07/14 05:34
memory leak in binder_transaction 1 (2) 2019/06/21 17:57
[PATCH] binder: fix memory leak in error path 1 (1) 2019/06/21 17:54
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in binder_transaction (2) kernel C 2 396d 691d 25/28 fixed on 2023/12/21 03:45

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881170c8c20 (size 32):
  comm "syz-executor155", pid 7154, jiffies 4294950122 (age 17.710s)
  hex dump (first 32 bytes):
    20 8c 0c 17 81 88 ff ff 20 8c 0c 17 81 88 ff ff   ....... .......
    02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000000017a916>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000000017a916>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000000017a916>] slab_alloc mm/slab.c:3326 [inline]
    [<000000000017a916>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<00000000abca9f82>] kmalloc include/linux/slab.h:547 [inline]
    [<00000000abca9f82>] kzalloc include/linux/slab.h:742 [inline]
    [<00000000abca9f82>] binder_transaction+0x28b/0x2eb0 drivers/android/binder.c:3082
    [<000000008c18670a>] binder_thread_write+0x4bf/0x1430 drivers/android/binder.c:3795
    [<0000000070acbbf7>] binder_ioctl_write_read drivers/android/binder.c:4839 [inline]
    [<0000000070acbbf7>] binder_ioctl+0x8bc/0xbb4 drivers/android/binder.c:5016
    [<00000000ef006089>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<00000000ef006089>] file_ioctl fs/ioctl.c:509 [inline]
    [<00000000ef006089>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<00000000c4add464>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<000000001de91d45>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<000000001de91d45>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<000000001de91d45>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<00000000ae804b0e>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<0000000035178a81>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program
executing program
executing program
executing program
executing program
executing program
executing program

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/26 02:24 upstream 249155c20f9b 0a8d1a96 .config console log report syz C ci-upstream-gce-leak
2019/06/21 01:46 upstream abf02e2964b3 34bf9440 .config console log report syz C ci-upstream-gce-leak
2019/06/09 20:25 upstream d1fdb6d8f6a4 0159583c .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.