syzbot


memory leak in binder_transaction

Status: fixed on 2019/08/05 13:45
Reported-by: syzbot+182ce46596c3f2e1eb24@syzkaller.appspotmail.com
Fix commit: 1909a671dbc3 binder: fix memory leak in error path
First crash: 1339d, last: 1323d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in binder_transaction (2) syz 1 83d 79d 0/24 upstream: reported syz repro on 2022/11/20 21:51

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881170c8c20 (size 32):
  comm "syz-executor155", pid 7154, jiffies 4294950122 (age 17.710s)
  hex dump (first 32 bytes):
    20 8c 0c 17 81 88 ff ff 20 8c 0c 17 81 88 ff ff   ....... .......
    02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000000017a916>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000000017a916>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000000017a916>] slab_alloc mm/slab.c:3326 [inline]
    [<000000000017a916>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<00000000abca9f82>] kmalloc include/linux/slab.h:547 [inline]
    [<00000000abca9f82>] kzalloc include/linux/slab.h:742 [inline]
    [<00000000abca9f82>] binder_transaction+0x28b/0x2eb0 drivers/android/binder.c:3082
    [<000000008c18670a>] binder_thread_write+0x4bf/0x1430 drivers/android/binder.c:3795
    [<0000000070acbbf7>] binder_ioctl_write_read drivers/android/binder.c:4839 [inline]
    [<0000000070acbbf7>] binder_ioctl+0x8bc/0xbb4 drivers/android/binder.c:5016
    [<00000000ef006089>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<00000000ef006089>] file_ioctl fs/ioctl.c:509 [inline]
    [<00000000ef006089>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<00000000c4add464>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<000000001de91d45>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<000000001de91d45>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<000000001de91d45>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<00000000ae804b0e>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<0000000035178a81>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program
executing program
executing program
executing program
executing program
executing program
executing program

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-leak 2019/06/26 02:24 upstream 249155c20f9b 0a8d1a96 .config console log report syz C
ci-upstream-gce-leak 2019/06/21 01:46 upstream abf02e2964b3 34bf9440 .config console log report syz C
ci-upstream-gce-leak 2019/06/09 20:25 upstream d1fdb6d8f6a4 0159583c .config console log report syz C
* Struck through repros no longer work on HEAD.