ANDROID: binder: correctly initialize ref to zombie node.

When we create a new reference to a zombie node
(which is allowed as long as there are other refs
to the node), we don't correctly initialize the
node_is_zombie field of the ref, which can lead to
death recipients never being fired.

Bug: 63988502
Test: new binderLibTest
Change-Id: I06287947d7a2f59c25362850b389c20c8a3b6929
Signed-off-by: Martijn Coenen <maco@android.com>

drivers/android/binder.c

@@ -1146,6 +1146,9 @@ static struct binder_ref *binder_get_ref_for_node(struct binder_proc *proc,
 		binder_stats_deleted(BINDER_STAT_REF);
 		return NULL;
 	}
+
+	new_ref->node_is_zombie = node->is_zombie;
+
 	INIT_HLIST_NODE(&new_ref->node_entry);
 	hlist_add_head(&new_ref->node_entry, &node->refs);