syzbot


WARNING in format_decode (2)

Status: fixed on 2018/12/07 08:24
Subsystems: trace
[Documentation on labels]
Reported-by: syzbot+1ec5c5ec949c4adaa0c4@syzkaller.appspotmail.com
Fix commit: 1efb6ee3edea bpf: fix check of allowed specifiers in bpf_trace_printk
First crash: 2013d, last: 1930d
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 4.4 00/88] 4.4.168-stable review 105 (105) 2018/12/17 20:52
[PATCH 4.19 000/142] 4.19.10-stable review 155 (155) 2018/12/17 14:12
[PATCH 4.9 00/51] 4.9.146-stable review 58 (58) 2018/12/17 08:37
[PATCH 4.14 00/89] 4.14.89-stable review 103 (103) 2018/12/15 19:50
[PATCH AUTOSEL 4.19 001/123] ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup 133 (133) 2018/12/12 23:14
[PATCH AUTOSEL 4.4 01/33] ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup 33 (33) 2018/12/05 09:51
[PATCH AUTOSEL 4.9 01/45] ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup 45 (45) 2018/12/05 09:47
[PATCH AUTOSEL 4.14 01/69] ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup 68 (68) 2018/12/05 09:42
[PATCH v2] bpf: fix check of allowed specifiers in bpf_trace_printk 2 (2) 2018/11/23 20:57
[PATCH] bpf: fix check of allowed specifiers in bpf_trace_printk 2 (2) 2018/11/22 21:31
WARNING in format_decode (2) 2 (4) 2018/11/10 08:42
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in format_decode reiserfs C 1 2161d 2161d 5/26 fixed on 2018/05/08 18:30
linux-5.15 WARNING in format_decode origin:upstream C 50 5d10h 104d 0/3 upstream: reported C repro on 2023/11/17 23:37
android-49 WARNING in format_decode 1 1955d 1782d 0/3 auto-closed as invalid on 2019/04/28 09:31
upstream WARNING in format_decode (3) trace bpf C done 279 5d10h 100d 0/26 upstream: reported C repro on 2023/11/21 22:43
linux-6.1 WARNING in format_decode origin:upstream C 54 5d10h 104d 0/3 upstream: reported C repro on 2023/11/17 22:49

Sample crash report:
**                                                      **
**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
**********************************************************
------------[ cut here ]------------
Please remove unsupported %� in format string
WARNING: CPU: 0 PID: 5683 at lib/vsprintf.c:2152 format_decode+0x8fc/0xaf0 lib/vsprintf.c:2152
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5683 Comm: syz-executor332 Not tainted 4.20.0-rc1+ #329
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x244/0x39d lib/dump_stack.c:113
 panic+0x2ad/0x55c kernel/panic.c:188
 __warn.cold.8+0x20/0x45 kernel/panic.c:540
 report_bug+0x254/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
RIP: 0010:format_decode+0x8fc/0xaf0 lib/vsprintf.c:2152
Code: e8 19 39 b5 f9 41 c6 45 00 12 e9 9b fd ff ff e8 0a 39 b5 f9 0f be f3 48 c7 c7 c0 f1 d5 88 c6 05 22 0a 47 02 01 e8 c4 9a 7e f9 <0f> 0b 4d 8b 66 c0 e9 59 fe ff ff 48 8b bd 70 ff ff ff e8 bd 85 f8
RSP: 0018:ffff8801b9d6f670 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8165e9b5 RDI: 0000000000000005
RBP: ffff8801b9d6f718 R08: ffff8801b9cdc3c0 R09: ffffed003b5c3ef8
R10: ffffed003b5c3ef8 R11: ffff8801dae1f7c7 R12: ffff8801b9d6faec
R13: ffff8801b9d6f790 R14: ffff8801b9d6f6f0 R15: 0000000000000000
 vsnprintf+0x185/0x1b60 lib/vsprintf.c:2248
 vscnprintf+0x2d/0x80 lib/vsprintf.c:2399
 __trace_array_vprintk.part.59+0x5b/0x2f0 kernel/trace/trace.c:2992
 __trace_array_vprintk kernel/trace/trace.c:3023 [inline]
 trace_array_vprintk kernel/trace/trace.c:3023 [inline]
 trace_vprintk+0x71/0x90 kernel/trace/trace.c:3061
 __trace_printk+0xce/0x120 kernel/trace/trace_printk.c:238
 ____bpf_trace_printk kernel/trace/bpf_trace.c:271 [inline]
 bpf_trace_printk+0xb30/0xc50 kernel/trace/bpf_trace.c:163
 bpf_prog_12183cdb1cd51dab+0x4e8/0x1000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/11/10 12:00 upstream aa4330e15c26 f9815aaf .config console log report syz C ci-upstream-kasan-gce-root
2018/11/10 11:15 upstream aa4330e15c26 f9815aaf .config console log report syz C ci-upstream-kasan-gce-smack-root
2018/11/10 11:09 upstream aa4330e15c26 f9815aaf .config console log report syz C ci-upstream-kasan-gce-selinux-root
2018/11/10 08:41 bpf da85d8bfd151 f9815aaf .config console log report syz C ci-upstream-bpf-kasan-gce
2018/11/10 09:21 net-next-old 12ceaf8864c2 f9815aaf .config console log report syz C ci-upstream-net-kasan-gce
2018/11/10 09:04 bpf-next c8123ead13a5 f9815aaf .config console log report syz C ci-upstream-bpf-next-kasan-gce
2018/11/03 02:31 bpf 7de414a9dd91 8bd6bd63 .config console log report syz ci-upstream-bpf-kasan-gce
2018/11/02 09:39 net-next-old 7c6c54b505b8 1f38e9ae .config console log report syz ci-upstream-net-kasan-gce
2018/08/26 11:09 net-next-old 2ad0d5269970 758cd203 .config console log report syz ci-upstream-net-kasan-gce
2018/11/10 05:58 bpf da85d8bfd151 f9815aaf .config console log report ci-upstream-bpf-kasan-gce
2018/11/02 23:52 bpf 7de414a9dd91 8bd6bd63 .config console log report ci-upstream-bpf-kasan-gce
2018/08/28 11:19 net-old 53ae914d898e 7ef1de9e .config console log report ci-upstream-net-this-kasan-gce
2018/11/17 17:30 bpf-next 592ee43faf86 b08ee62a .config console log report ci-upstream-bpf-next-kasan-gce
2018/11/02 07:06 net-next-old 7c6c54b505b8 1f38e9ae .config console log report ci-upstream-net-kasan-gce
2018/09/18 10:02 net-next-old ce5b127b172e 7f125108 .config console log report ci-upstream-net-kasan-gce
2018/08/26 09:18 net-next-old 2ad0d5269970 758cd203 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.