syzbot


memory leak in binder_transaction (2)

Status: upstream: reported syz repro on 2022/11/20 21:51
Reported-by: syzbot+7f10c1653e35933c0f1e@syzkaller.appspotmail.com
First crash: 10d, last: 10d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in binder_transaction C 3 1250d 1262d 13/24 fixed on 2019/08/05 13:45
Patch testing requests:
Created Duration User Patch Repo Result
2022/11/21 01:58 14m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 59d0d52c30d4 log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88811b0bbe00 (size 32):
  comm "syz-executor.1", pid 4041, jiffies 4294986632 (age 15.340s)
  hex dump (first 32 bytes):
    00 be 0b 1b 81 88 ff ff 00 be 0b 1b 81 88 ff ff  ................
    03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff814ed530>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045
    [<ffffffff8396b973>] kmalloc include/linux/slab.h:553 [inline]
    [<ffffffff8396b973>] kzalloc include/linux/slab.h:689 [inline]
    [<ffffffff8396b973>] binder_transaction+0xc53/0x3f20 drivers/android/binder.c:3128
    [<ffffffff8396f213>] binder_thread_write+0x5d3/0x1790 drivers/android/binder.c:3975
    [<ffffffff839726cb>] binder_ioctl_write_read drivers/android/binder.c:5034 [inline]
    [<ffffffff839726cb>] binder_ioctl+0x22fb/0x3a30 drivers/android/binder.c:5321
    [<ffffffff8161f20c>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff8161f20c>] __do_sys_ioctl fs/ioctl.c:870 [inline]
    [<ffffffff8161f20c>] __se_sys_ioctl fs/ioctl.c:856 [inline]
    [<ffffffff8161f20c>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:856
    [<ffffffff848802d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/11/16 21:43 upstream 59d0d52c30d4 3a127a31 .config log report syz memory leak in binder_transaction
* Struck through repros no longer work on HEAD.