syzbot

 sign-in | mailing list | source | docs
🐞 Open [1282]
Subsystems
🐞 Fixed [5732]
🐞 Invalid [13984]
Missing Backports [94]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

kernel BUG in binder_inc_ref_for_node

Status: fixed on 2024/10/03 15:25
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+3dae065ca76952a67257@syzkaller.appspotmail.com
Fix commit: 11512c197d38 binder: fix descriptor lookup for context manager
First crash: 100d, last: 67d
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] binder: fix descriptor lookup for context manager 9 (9) 2024/07/22 15:50
[syzbot] [kernel?] kernel BUG in binder_inc_ref_for_node 2 (5) 2024/07/15 23:52
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/07/15 20:23 2h43m cmllamas@google.com patch https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 82d01fe6ee52 OK log
2024/07/13 13:21 24m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 82d01fe6ee52 OK log

Sample crash report:
------------[ cut here ]------------
kernel BUG at drivers/android/binder.c:1173!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 PID: 5119 Comm: syz-executor139 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
RIP: 0010:binder_get_ref_for_node_olocked drivers/android/binder.c:1173 [inline]
RIP: 0010:binder_inc_ref_for_node+0x1051/0x11f0 drivers/android/binder.c:1476
Code: f9 e9 2c f3 ff ff 48 8b 7c 24 10 e8 99 6f 68 f9 e9 30 fe ff ff 48 8b 7c 24 60 e8 ba 6f 68 f9 e9 ae fc ff ff e8 30 6d 0b f9 90 <0f> 0b e8 68 70 68 f9 e9 15 fb ff ff 4c 89 e7 e8 3b 6f 68 f9 e9 32
RSP: 0018:ffffc90004977920 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888022a57410 RCX: ffffffff8880240f
RDX: ffff8880187e0000 RSI: ffffffff88802c90 RDI: 0000000000000004
RBP: ffffc900049779b0 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888015548200
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
FS:  000055556b35f380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ac87260e0 CR3: 000000007a9c0000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 binder_thread_write+0x248d/0x3ac0 drivers/android/binder.c:3944
 binder_ioctl_write_read drivers/android/binder.c:5161 [inline]
 binder_ioctl+0x2250/0x6b10 drivers/android/binder.c:5447
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x196/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4ac86af1e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdf8fb0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4ac86af1e9
RDX: 00000000200003c0 RSI: 00000000c0306201 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000055556b360610 R09: 000055556b360610
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ac86fd0dc
R13: 00007f4ac86f80a3 R14: 00007ffdf8fb0050 R15: 00007ffdf8fb0040
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:binder_get_ref_for_node_olocked drivers/android/binder.c:1173 [inline]
RIP: 0010:binder_inc_ref_for_node+0x1051/0x11f0 drivers/android/binder.c:1476
Code: f9 e9 2c f3 ff ff 48 8b 7c 24 10 e8 99 6f 68 f9 e9 30 fe ff ff 48 8b 7c 24 60 e8 ba 6f 68 f9 e9 ae fc ff ff e8 30 6d 0b f9 90 <0f> 0b e8 68 70 68 f9 e9 15 fb ff ff 4c 89 e7 e8 3b 6f 68 f9 e9 32
RSP: 0018:ffffc90004977920 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888022a57410 RCX: ffffffff8880240f
RDX: ffff8880187e0000 RSI: ffffffff88802c90 RDI: 0000000000000004
RBP: ffffc900049779b0 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888015548200
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
FS:  000055556b35f380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ac87260e0 CR3: 000000007a9c0000 CR4: 0000000000350ef0

Crashes (16721):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/21 22:36 upstream 2c9b3512402e b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root kernel BUG in binder_inc_ref_for_node
2024/07/10 08:22 linux-next 82d01fe6ee52 79d68ada .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in binder_inc_ref_for_node
2024/08/11 16:46 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in binder_inc_ref_for_node
2024/08/11 16:30 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in binder_inc_ref_for_node
2024/08/11 13:49 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in binder_inc_ref_for_node
2024/08/11 12:50 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root kernel BUG in binder_inc_ref_for_node
2024/08/11 12:14 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root kernel BUG in binder_inc_ref_for_node
2024/08/11 11:00 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root kernel BUG in binder_inc_ref_for_node
2024/08/11 09:11 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in binder_inc_ref_for_node
2024/08/11 08:57 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in binder_inc_ref_for_node
2024/08/11 08:03 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in binder_inc_ref_for_node
2024/08/11 07:35 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in binder_inc_ref_for_node
2024/08/11 05:47 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in binder_inc_ref_for_node
2024/08/11 04:41 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in binder_inc_ref_for_node
2024/08/11 02:50 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in binder_inc_ref_for_node
2024/08/11 02:10 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in binder_inc_ref_for_node
2024/08/10 23:56 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in binder_inc_ref_for_node
2024/08/10 23:50 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in binder_inc_ref_for_node
2024/08/10 22:32 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in binder_inc_ref_for_node
2024/08/10 22:31 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in binder_inc_ref_for_node
2024/08/11 20:08 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 20:07 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 18:57 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 16:19 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 03:29 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 02:08 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/10 22:53 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 10:12 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in binder_inc_ref_for_node
2024/08/11 06:30 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in binder_inc_ref_for_node
2024/08/11 05:21 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in binder_inc_ref_for_node
2024/08/11 04:32 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in binder_inc_ref_for_node
2024/08/10 23:18 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in binder_inc_ref_for_node
2024/08/11 16:08 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 15:07 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 kernel BUG in binder_inc_ref_for_node
2024/08/11 15:06 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 kernel BUG in binder_inc_ref_for_node
2024/08/11 13:20 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 kernel BUG in binder_inc_ref_for_node
2024/08/11 13:08 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 kernel BUG in binder_inc_ref_for_node
2024/08/11 10:17 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte kernel BUG in binder_inc_ref_for_node
2024/08/11 08:31 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 kernel BUG in binder_inc_ref_for_node
2024/08/11 08:12 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte kernel BUG in binder_inc_ref_for_node
2024/08/11 07:48 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte kernel BUG in binder_inc_ref_for_node
2024/08/11 06:57 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 05:59 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 05:10 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 05:05 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 04:55 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 01:01 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in binder_inc_ref_for_node
2024/08/11 00:41 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-compat kernel BUG in binder_inc_ref_for_node
2024/08/11 00:25 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 kernel BUG in binder_inc_ref_for_node
2024/08/11 00:17 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-compat kernel BUG in binder_inc_ref_for_node
2024/08/11 00:07 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 kernel BUG in binder_inc_ref_for_node
2024/08/10 21:30 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte kernel BUG in binder_inc_ref_for_node
2024/08/10 21:08 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 kernel BUG in binder_inc_ref_for_node
2024/08/10 20:43 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte kernel BUG in binder_inc_ref_for_node
2024/08/10 20:18 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte kernel BUG in binder_inc_ref_for_node
2024/08/03 07:14 linux-next 931a3b3bccc9 53683cf2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in binder_inc_ref_for_node
* Struck through repros no longer work on HEAD.