syzbot


WARNING in set_precision (2)

Status: fixed on 2020/06/18 13:57
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+6693adf1698864d21734@syzkaller.appspotmail.com
Fix commit: 7ea862048317 mac80211_hwsim: Use kstrndup() in place of kasprintf()
First crash: 1651d, last: 1551d
Cause bisection: introduced by (bisect log) :
commit 2b4a8990b7df55875745a80a609a1ceaaf51f322
Author: Michal Kubecek <mkubecek@suse.cz>
Date: Fri Dec 27 14:55:18 2019 +0000

  ethtool: introduce ethtool netlink interface

Crash: WARNING in set_precision (log)
Repro: C syz .config
  
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 4.4 000/100] 4.4.220-rc1 review 105 (105) 2020/04/25 11:47
[PATCH 4.14 000/199] 4.14.177-rc1 review 132 (132) 2020/04/23 11:28
[PATCH 4.9 000/125] 4.9.220-rc1 review 132 (132) 2020/04/23 10:36
[PATCH 4.19 00/40] 4.19.117-rc1 review 49 (49) 2020/04/22 17:53
[PATCH 5.4 00/60] 5.4.34-rc1 review 65 (65) 2020/04/21 20:00
[PATCH 5.5 00/65] 5.5.19-rc1 review 70 (70) 2020/04/21 19:56
[PATCH 5.6 00/71] 5.6.6-rc1 review 79 (79) 2020/04/21 18:42
[PATCH] mac80211_hwsim: Use kstrndup() in place of kasprintf() 1 (1) 2020/04/10 12:32
WARNING in set_precision (2) 0 (1) 2020/01/10 18:44
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in set_precision net C 140 2189d 2230d 8/27 fixed on 2018/08/07 13:43
android-49 WARNING in set_precision C 1320 2267d 2389d 3/3 fixed on 2018/05/02 05:33
upstream WARNING in set_precision (3) bcachefs C 13 58d 57d 0/27 upstream: reported C repro on 2024/05/20 14:18
android-49 WARNING in set_precision (2) C 1537 2176d 1923d 0/3 public: reported C repro on 2019/04/11 08:44

Sample crash report:
netlink: 98586 bytes leftover after parsing attributes in process `syz-executor030'.
------------[ cut here ]------------
precision 33020 too large
WARNING: CPU: 1 PID: 7277 at lib/vsprintf.c:2471 set_precision+0x13a/0x170 lib/vsprintf.c:2471
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 7277 Comm: syz-executor030 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x35 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 fixup_bug arch/x86/kernel/traps.c:170 [inline]
 do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:set_precision+0x13a/0x170 lib/vsprintf.c:2471
Code: b6 df 88 5d 07 5b 5d 41 5c 41 5d e9 30 30 c5 fd e8 2b 30 c5 fd 89 de 48 c7 c7 80 7d 75 88 c6 05 34 88 d6 06 01 e8 6e 65 96 fd <0f> 0b e9 67 ff ff ff be 08 00 00 00 48 89 ef e8 c2 f7 02 fe e9 14
RSP: 0018:ffffc900015f72d8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 00000000000080fc RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815ce521 RDI: fffff520002bee4d
RBP: ffffc900015f7368 R08: ffff88809128e400 R09: fffffbfff185cd43
R10: ffffffff8c2e6a17 R11: fffffbfff185cd42 R12: 0000000000000000
R13: ffffc900015f736f R14: 0000000000000018 R15: ffffc900015f7400
 vsnprintf+0x894/0x14f0 lib/vsprintf.c:2547
 kvasprintf+0x9c/0x150 lib/kasprintf.c:22
 kasprintf+0xbb/0xf0 lib/kasprintf.c:59
 hwsim_new_radio_nl+0x8db/0xf60 drivers/net/wireless/mac80211_hwsim.c:3672
 genl_family_rcv_msg_doit net/netlink/genetlink.c:673 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:718 [inline]
 genl_rcv_msg+0x627/0xdf0 net/netlink/genetlink.c:735
 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:746
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x4401f9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc6f0e26b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (117):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/15 00:23 upstream 8632e9b5645b 3f3c5574 .config console log report syz C ci-upstream-kasan-gce
2020/04/13 09:15 net-old e154659ba39a 17a986e5 .config console log report syz C ci-upstream-net-this-kasan-gce
2020/04/13 06:38 bpf 40fc7ad2c886 36b0b050 .config console log report syz C ci-upstream-bpf-kasan-gce
2020/04/13 06:38 net-next-old 63bef48fd6c9 36b0b050 .config console log report syz C ci-upstream-net-kasan-gce
2020/04/13 06:37 bpf-next 1a323ea5356e 36b0b050 .config console log report syz C ci-upstream-bpf-next-kasan-gce
2020/01/08 21:34 net-next-old 1ece2fbe9b42 ddc3e859 .config console log report syz C ci-upstream-net-kasan-gce
2020/01/08 18:42 bpf-next 1ece2fbe9b42 ddc3e859 .config console log report syz C ci-upstream-bpf-next-kasan-gce
2020/04/10 03:50 upstream 5d30bcacd91a a8c6a3f8 .config console log report ci-upstream-kasan-gce-root
2020/04/01 20:37 upstream 1a323ea5356e a34e2c33 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/24 06:11 upstream 979e52ca0469 33e14df3 .config console log report ci-upstream-kasan-gce
2020/03/17 11:48 upstream fb33c6510d55 749688d2 .config console log report ci-upstream-kasan-gce
2020/04/10 19:05 bpf 40fc7ad2c886 a8c6a3f8 .config console log report ci-upstream-bpf-kasan-gce
2020/04/09 17:09 net-old f691a25ce5e5 a8c6a3f8 .config console log report ci-upstream-net-this-kasan-gce
2020/04/08 14:56 bpf eb203f4b89c1 db9bcd4b .config console log report ci-upstream-bpf-kasan-gce
2020/04/08 01:20 bpf 489553dd13a8 db9bcd4b .config console log report ci-upstream-bpf-kasan-gce
2020/04/08 00:18 bpf 489553dd13a8 db9bcd4b .config console log report ci-upstream-bpf-kasan-gce
2020/04/07 00:12 bpf 0ac16296ffc6 99a96044 .config console log report ci-upstream-bpf-kasan-gce
2020/04/03 04:41 bpf 93bbb2555b65 a34e2c33 .config console log report ci-upstream-bpf-kasan-gce
2020/04/02 23:36 bpf 93bbb2555b65 a34e2c33 .config console log report ci-upstream-bpf-kasan-gce
2020/04/02 03:40 bpf b9258a2cece4 a34e2c33 .config console log report ci-upstream-bpf-kasan-gce
2020/03/17 18:40 net-old 32ca98feab8c 749688d2 .config console log report ci-upstream-net-this-kasan-gce
2020/04/17 12:30 bpf-next 1a323ea5356e 18397578 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/16 14:37 bpf-next 1a323ea5356e c743fcb3 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/16 09:52 bpf-next 1a323ea5356e c743fcb3 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/14 12:49 bpf-next 1a323ea5356e 3f3c5574 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/14 10:33 bpf-next 1a323ea5356e 3f3c5574 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/13 22:15 bpf-next 1a323ea5356e 7c54686a .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/13 20:50 bpf-next 1a323ea5356e 7c54686a .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/13 15:49 bpf-next 1a323ea5356e 17a986e5 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/13 10:35 bpf-next 1a323ea5356e 17a986e5 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/13 04:07 bpf-next 1a323ea5356e 36b0b050 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/12 18:48 net-next-old 63bef48fd6c9 36b0b050 .config console log report ci-upstream-net-kasan-gce
2020/04/12 15:08 bpf-next 1a323ea5356e 36b0b050 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/12 11:54 bpf-next 1a323ea5356e 36b0b050 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/10 00:38 bpf-next 1a323ea5356e a8c6a3f8 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/09 19:16 bpf-next 1a323ea5356e a8c6a3f8 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/09 12:24 bpf-next 1a323ea5356e a8c6a3f8 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/08 13:00 net-next-old 63bef48fd6c9 db9bcd4b .config console log report ci-upstream-net-kasan-gce
2020/04/07 23:15 bpf-next 1a323ea5356e db9bcd4b .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/07 19:11 bpf-next 1a323ea5356e db9bcd4b .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/07 01:40 net-next-old 1a323ea5356e 99a96044 .config console log report ci-upstream-net-kasan-gce
2020/04/06 22:21 bpf-next 1a323ea5356e 99a96044 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/03 14:21 bpf-next 1a323ea5356e 5ed396e6 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/03 14:09 bpf-next 1a323ea5356e 5ed396e6 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/03 11:37 bpf-next 1a323ea5356e 5ed396e6 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/02 22:32 bpf-next 1a323ea5356e a34e2c33 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/02 10:56 bpf-next 1a323ea5356e a34e2c33 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/02 01:49 net-next-old 1a323ea5356e a34e2c33 .config console log report ci-upstream-net-kasan-gce
2020/04/02 00:09 bpf-next 1a323ea5356e a34e2c33 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/01 20:52 bpf-next 1a323ea5356e a34e2c33 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/01 11:09 bpf-next 3902baf9abfa a34e2c33 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/01 08:27 bpf-next 3902baf9abfa a34e2c33 .config console log report ci-upstream-bpf-next-kasan-gce
2020/04/01 05:43 net-next-old 7f80ccfe9968 a34e2c33 .config console log report ci-upstream-net-kasan-gce
2020/03/22 16:43 bpf-next 1440e7929392 78267cec .config console log report ci-upstream-bpf-next-kasan-gce
2020/03/21 21:56 bpf-next 1440e7929392 4288d95e .config console log report ci-upstream-bpf-next-kasan-gce
2020/03/20 23:48 bpf-next c0fd336ea4ca 2c31c529 .config console log report ci-upstream-bpf-next-kasan-gce
2020/01/08 18:19 bpf-next 1ece2fbe9b42 ddc3e859 .config console log report ci-upstream-bpf-next-kasan-gce
* Struck through repros no longer work on HEAD.