syzbot

 sign-in | mailing list | source | docs
🐞 Open [1032] Subsystems 🐞 Fixed [5279] 🐞 Invalid [12607] Missing Backports [86] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG at drivers/android/binder_alloc.c:LINE!

Status: fixed on 2018/02/01 10:32
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+e867635c06f43b64b34ba3b789d62e50bd043bec@syzkaller.appspotmail.com
Fix commit: fb2c445277e7 ANDROID: binder: fix transaction leak.
First crash: 2356d, last: 2347d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 kernel BUG at drivers/android/binder_alloc.c:LINE! (2) C 3 1788d 1788d 0/1 public: reported C repro on 2019/06/17 23:05
upstream kernel BUG in binder_alloc_deferred_release kernel C done 4 688d 690d 22/26 fixed on 2023/02/24 13:50
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! (3) kernel C done 24 1801d 1870d 12/26 fixed on 2019/06/14 18:22
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! (2) kernel C 1257 1870d 1912d 11/26 fixed on 2019/03/28 12:00
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! (4) C done 26 1780d 1788d 12/26 fixed on 2019/08/05 13:45
android-414 kernel BUG at drivers/android/binder_alloc.c:LINE! C 30 1870d 1872d 1/1 fixed on 2019/03/28 03:28
android-49 kernel BUG at drivers/android/binder_alloc.c:LINE! C 44 1624d 1871d 1/3 internal: reported C repro on 2019/03/26 19:34

Sample crash report:
binder: 3087:3087 ERROR: BC_REGISTER_LOOPER called without request
binder: 3087:3087 ioctl c0306201 2000dfd0 returned -14
------------[ cut here ]------------
kernel BUG at drivers/android/binder_alloc.c:750!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 1404 Comm: kworker/0:2 Not tainted 4.15.0-rc1+ #203
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events binder_deferred_func
task: 0000000009b739b6 task.stack: 00000000c1d4442c
RIP: 0010:binder_alloc_deferred_release+0x146/0xa40 drivers/android/binder_alloc.c:750
RSP: 0018:ffff8801d2b16fd8 EFLAGS: 00010293
RAX: ffff8801d2b08080 RBX: ffff8801d7829300 RCX: ffffffff8403b856
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8801d7829330
RBP: ffff8801d2b17138 R08: ffffffff8403b7d9 R09: 1ffffffff0e53001
R10: ffff8801d2b16fc8 R11: ffffffff87489d60 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8801d2b17110 R15: ffff8801d7829310
FS:  0000000000000000(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d00a8 CR3: 0000000005e25000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 binder_free_proc drivers/android/binder.c:4200 [inline]
 binder_proc_dec_tmpref+0x2f3/0x420 drivers/android/binder.c:1833
 binder_deferred_release drivers/android/binder.c:4858 [inline]
 binder_deferred_func+0xe22/0x12f0 drivers/android/binder.c:4893
 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2112
 worker_thread+0x223/0x1990 kernel/workqueue.c:2246
 kthread+0x37a/0x440 kernel/kthread.c:238
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441
Code: e8 00 40 6c fd 49 8d 7f 20 49 8d 5f f0 48 89 fa 48 c1 ea 03 42 80 3c 2a 00 0f 85 84 07 00 00 49 83 7f 20 00 74 a9 e8 da 3f 6c fd <0f> 0b 48 8b 9d e8 fe ff ff 44 89 a5 bc fe ff ff e8 c5 3f 6c fd 
RIP: binder_alloc_deferred_release+0x146/0xa40 drivers/android/binder_alloc.c:750 RSP: ffff8801d2b16fd8
---[ end trace 616e085d0dbf3c21 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (856):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/02 00:21 upstream 3c1c4ddffb58 2fa91450 .config console log report syz C ci-upstream-kasan-gce
2017/12/01 22:11 upstream 3c1c4ddffb58 2fa91450 .config console log report syz ci-upstream-kasan-gce
2017/12/01 21:43 upstream 3c1c4ddffb58 2fa91450 .config console log report syz ci-upstream-kasan-gce-386
2017/12/05 21:21 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 21:02 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 17:10 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 16:08 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 15:45 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 13:37 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 11:42 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 11:05 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 09:37 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 09:13 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 06:59 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 06:58 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 06:44 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 06:02 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 05:02 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 04:32 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 04:01 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 02:55 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 02:51 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 02:02 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 01:24 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 00:50 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/05 00:05 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/04 23:23 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce
2017/12/04 19:56 upstream ae64f9bd1d36 48359b97 .config console log report ci-upstream-kasan-gce
2017/12/04 18:27 upstream ae64f9bd1d36 48359b97 .config console log report ci-upstream-kasan-gce
2017/12/04 17:21 upstream ae64f9bd1d36 48359b97 .config console log report ci-upstream-kasan-gce
2017/12/05 23:31 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 23:12 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 16:58 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 16:55 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 14:55 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 13:41 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 10:23 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 10:13 upstream fd6d2e506ce6 de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 07:38 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 03:43 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/05 02:15 upstream 2391f0b4808e de212f1a .config console log report ci-upstream-kasan-gce-386
2017/12/04 20:31 upstream ae64f9bd1d36 48359b97 .config console log report ci-upstream-kasan-gce-386
2017/12/04 20:03 upstream ae64f9bd1d36 48359b97 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.