syzbot

 sign-in | mailing list | source | docs
🐞 Open [196]
🐞 Fixed [42]
🐞 Invalid [470]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG at drivers/android/binder_alloc.c:LINE!

Status: internal: reported C repro on 2019/03/26 19:34
Fix commit: c8ddc8cc40e6 FROMGIT: binder: fix BUG_ON found by selinux-testsuite
Patched on: [ci-android-49-kasan-gce-root], missing on: [ci-android-49-kasan-gce ci-android-49-kasan-gce-386]
First crash: 2070d, last: 1822d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! kernel C 856 2546d 2550d 4/28 fixed on 2018/02/01 10:32
android-414 kernel BUG at drivers/android/binder_alloc.c:LINE! (2) C 3 1987d 1987d 0/1 public: reported C repro on 2019/06/17 23:05
upstream kernel BUG in binder_alloc_deferred_release kernel C done 4 887d 889d 22/28 fixed on 2023/02/24 13:50
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! (3) kernel C done 24 1999d 2068d 12/28 fixed on 2019/06/14 18:22
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! (2) kernel C 1257 2068d 2110d 11/28 fixed on 2019/03/28 12:00
upstream kernel BUG at drivers/android/binder_alloc.c:LINE! (4) C done 26 1978d 1986d 12/28 fixed on 2019/08/05 13:45
android-414 kernel BUG at drivers/android/binder_alloc.c:LINE! C 30 2069d 2070d 1/1 fixed on 2019/03/28 03:28

Sample crash report:
random: crng init done
audit: type=1400 audit(1560812364.000:5): avc:  denied  { set_context_mgr } for  pid=2067 comm="syz-executor702" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1560812364.000:6): avc:  denied  { call } for  pid=2067 comm="syz-executor702" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1560812364.010:7): avc:  denied  { transfer } for  pid=2067 comm="syz-executor702" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
------------[ cut here ]------------
kernel BUG at drivers/android/binder_alloc.c:1103!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 2067 Comm: syz-executor702 Not tainted 4.9.182+ #1
task: 000000005d9643c3 task.stack: 00000000f9595fc2
RIP: 0010:[<ffffffff8222ac1b>]  [<0000000049efb36a>] binder_alloc_do_buffer_copy+0xcb/0x500 drivers/android/binder_alloc.c:1103
RSP: 0018:ffff8801c46274a8  EFLAGS: 00010293
RAX: ffff8801d06cc740 RBX: 0000000020001000 RCX: 00000000000000a8
RDX: 0000000000000000 RSI: ffffffff8222ac1b RDI: ffff8801d2ba30d8
RBP: ffff8801c4627528 R08: ffff8801c46275a8 R09: 0000000000000008
R10: ffffed00388c4f12 R11: ffff8801c4627897 R12: 0000000000000078
R13: 00000000000000a8 R14: 0000000000000008 R15: ffff8801c46275a8
FS:  000000000176f940(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001cf5dd000 CR4: 00000000001606b0
Stack:
 ffff8801c4627560 0000000000000246 ffff8801d06cc740 ffff8801c46274d0
 ffff8801c4872018 ffff8801d2ba3158 00ff8801c4627870 ffff8801d2ba3100
 ffffffff814fc356 ffff8801ce975400 00000000000000a8 ffff8801c46275a8
Call Trace:
 [<00000000d71845a3>] binder_alloc_copy_from_buffer+0x37/0x42 drivers/android/binder_alloc.c:1149
 [<000000002c4a4535>] binder_validate_ptr+0xc5/0x1b0 drivers/android/binder.c:2316
 [<00000000b68d26eb>] binder_transaction+0x2091/0x58c0 drivers/android/binder.c:3424
 [<000000000e29497b>] binder_thread_write+0x593/0x2110 drivers/android/binder.c:3895
 [<00000000ab82073d>] binder_ioctl_write_read drivers/android/binder.c:4832 [inline]
 [<00000000ab82073d>] binder_ioctl+0xecd/0x1720 drivers/android/binder.c:5008
 [<000000008d217b23>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<000000008d217b23>] file_ioctl fs/ioctl.c:493 [inline]
 [<000000008d217b23>] do_vfs_ioctl+0xb87/0x11d0 fs/ioctl.c:677
 [<00000000f191ae7b>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<00000000f191ae7b>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<00000000c3350cee>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<000000005d7e21b6>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf 62 0f ff 4d 39 e6 76 07 e8 b5 62 0f ff <0f> 0b e8 ae 62 0f ff 4c 8b 6d d0 4d 29 f4 4d 39 e5 77 e8 e8 9d 
RIP  [<0000000049efb36a>] binder_alloc_do_buffer_copy+0xcb/0x500 drivers/android/binder_alloc.c:1103
 RSP <ffff8801c46274a8>
---[ end trace ba2222a97bcc592b ]---

Crashes (44):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/17 23:06 https://android.googlesource.com/kernel/common android-4.9 cb0eff478ea9 442206d7 .config console log report syz C ci-android-49-kasan-gce-root
2019/06/17 22:37 https://android.googlesource.com/kernel/common android-4.9 cb0eff478ea9 442206d7 .config console log report syz C ci-android-49-kasan-gce-root
2019/06/17 22:07 https://android.googlesource.com/kernel/common android-4.9 cb0eff478ea9 442206d7 .config console log report syz C ci-android-49-kasan-gce-root
2019/03/27 04:09 https://android.googlesource.com/kernel/common android-4.9 cbbb29d81d4b 55684ce1 .config console log report syz C ci-android-49-kasan-gce-root
2019/03/26 19:51 https://android.googlesource.com/kernel/common android-4.9 cbbb29d81d4b 55684ce1 .config console log report syz ci-android-49-kasan-gce-root
2019/11/29 16:18 android-4.9 a36b5017c810 d29b9e84 .config console log report ci-android-49-kasan-gce-root
2019/11/28 07:12 android-4.9 13ff5130ff6e 0d63f89c .config console log report ci-android-49-kasan-gce-root
2019/11/24 19:18 android-4.9 258971b8e1ac 598ca6c8 .config console log report ci-android-49-kasan-gce-root
2019/11/22 17:06 android-4.9 258971b8e1ac 598ca6c8 .config console log report ci-android-49-kasan-gce-root
2019/11/17 00:34 android-4.9 258971b8e1ac d5696d51 .config console log report ci-android-49-kasan-gce-root
2019/11/16 00:42 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 cdac920b .config console log report ci-android-49-kasan-gce-root
2019/11/08 17:33 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 1e35461e .config console log report ci-android-49-kasan-gce-root
2019/11/04 23:51 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 76630fc9 .config console log report ci-android-49-kasan-gce-root
2019/11/04 03:36 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 b35fad31 .config console log report ci-android-49-kasan-gce-root
2019/10/31 02:27 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 a41ca8fa .config console log report ci-android-49-kasan-gce-root
2019/10/28 02:45 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 25bb509e .config console log report ci-android-49-kasan-gce-root
2019/10/27 03:17 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 25bb509e .config console log report ci-android-49-kasan-gce-root
2019/10/22 20:15 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 5681358a .config console log report ci-android-49-kasan-gce-root
2019/10/22 07:18 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 c59a7cd8 .config console log report ci-android-49-kasan-gce-root
2019/10/17 04:59 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 8c88c9c1 .config console log report ci-android-49-kasan-gce-root
2019/10/15 16:27 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 b5268b89 .config console log report ci-android-49-kasan-gce-root
2019/10/15 00:58 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 05ad7292 .config console log report ci-android-49-kasan-gce-root
2019/10/14 06:23 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 2f661ec4 .config console log report ci-android-49-kasan-gce-root
2019/10/13 21:14 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 2f661ec4 .config console log report ci-android-49-kasan-gce-root
2019/10/13 17:35 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 2f661ec4 .config console log report ci-android-49-kasan-gce-root
2019/10/12 12:30 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 426631dd .config console log report ci-android-49-kasan-gce-root
2019/10/10 08:16 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 c4b9981b .config console log report ci-android-49-kasan-gce-root
2019/09/23 22:21 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 1e9788a0 .config console log report ci-android-49-kasan-gce-root
2019/09/17 22:42 https://android.googlesource.com/kernel/common android-4.9 23f878903720 13dcda9b .config console log report ci-android-49-kasan-gce-root
2019/09/05 01:03 https://android.googlesource.com/kernel/common android-4.9 d342ee64906f 040fda58 .config console log report ci-android-49-kasan-gce-root
2019/08/28 21:52 https://android.googlesource.com/kernel/common android-4.9 76ae5009ed0a fd37b39e .config console log report ci-android-49-kasan-gce-root
2019/08/18 00:17 https://android.googlesource.com/kernel/common android-4.9 10c44c01f78e 55bf8926 .config console log report ci-android-49-kasan-gce-root
2019/07/31 22:17 https://android.googlesource.com/kernel/common android-4.9 5220c435d873 c692b5bd .config console log report ci-android-49-kasan-gce-root
2019/07/31 20:22 https://android.googlesource.com/kernel/common android-4.9 5220c435d873 c692b5bd .config console log report ci-android-49-kasan-gce-root
2019/03/27 20:54 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 4e668495 .config console log report ci-android-49-kasan-gce-root
2019/03/27 19:06 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 4e668495 .config console log report ci-android-49-kasan-gce-root
2019/03/27 17:28 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 4e668495 .config console log report ci-android-49-kasan-gce-root
2019/03/27 13:10 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 55684ce1 .config console log report ci-android-49-kasan-gce-root
2019/03/27 11:20 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 55684ce1 .config console log report ci-android-49-kasan-gce-root
2019/03/27 11:19 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 55684ce1 .config console log report ci-android-49-kasan-gce-root
2019/03/27 11:00 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 55684ce1 .config console log report ci-android-49-kasan-gce-root
2019/03/27 09:39 https://android.googlesource.com/kernel/common android-4.9 e8bdeec66d86 55684ce1 .config console log report ci-android-49-kasan-gce-root
2019/03/26 19:18 https://android.googlesource.com/kernel/common android-4.9 cbbb29d81d4b 55684ce1 .config console log report ci-android-49-kasan-gce-root
2019/03/26 18:33 https://android.googlesource.com/kernel/common android-4.9 cbbb29d81d4b 55684ce1 .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.