Re: WARNING in format_decode (2)

From: syzbot <syzbot+1ec5c5ec949c4adaa0c4@syzkaller.appspotmail.com>
To: alexei.starovoitov@gmail.com, daniel@iogearbox.net,
	linux-kernel@vger.kernel.org, mingo@redhat.com,
	netdev@vger.kernel.org, rostedt@goodmis.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: WARNING in format_decode (2)
Date: Sat, 10 Nov 2018 00:42:03 -0800	[thread overview]
Message-ID: <0000000000002f2da2057a4b7162@google.com> (raw)
In-Reply-To: <000000000000e12d4105746dcb0d@google.com>

syzbot has found a reproducer for the following crash on:

HEAD commit:    da85d8bfd151 kselftests/bpf: use ping6 as the default ipv6..
git tree:       bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=116bf533400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8f559fee2fc3375a
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec5c5ec949c4adaa0c4
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16d03247400000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=104f5533400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1ec5c5ec949c4adaa0c4@syzkaller.appspotmail.com

**                                                      **
**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
**********************************************************
------------[ cut here ]------------
Please remove unsupported %\0 in format string
WARNING: CPU: 0 PID: 5654 at lib/vsprintf.c:2152 format_decode+0x8fc/0xaf0  
lib/vsprintf.c:2152
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5654 Comm: syz-executor818 Not tainted 4.20.0-rc1+ #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x244/0x39d lib/dump_stack.c:113
  panic+0x2ad/0x55c kernel/panic.c:188
  __warn.cold.8+0x20/0x45 kernel/panic.c:540
  report_bug+0x254/0x2d0 lib/bug.c:186
  fixup_bug arch/x86/kernel/traps.c:178 [inline]
  do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
  do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
  invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
RIP: 0010:format_decode+0x8fc/0xaf0 lib/vsprintf.c:2152
Code: e8 c9 37 b5 f9 41 c6 45 00 12 e9 9b fd ff ff e8 ba 37 b5 f9 0f be f3  
48 c7 c7 c0 f1 d5 88 c6 05 d2 08 47 02 01 e8 74 99 7e f9 <0f> 0b 4d 8b 66  
c0 e9 59 fe ff ff 48 8b bd 70 ff ff ff e8 6d 84 f8
RSP: 0018:ffff8801ba76f670 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8165e9b5 RDI: 0000000000000005
RBP: ffff8801ba76f718 R08: ffff8801b6cfc0c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801ba76faec
R13: ffff8801ba76f790 R14: ffff8801ba76f6f0 R15: 0000000000000000
  vsnprintf+0x185/0x1b60 lib/vsprintf.c:2248
  vscnprintf+0x2d/0x80 lib/vsprintf.c:2399
  __trace_array_vprintk.part.59+0x5b/0x2f0 kernel/trace/trace.c:2992
  __trace_array_vprintk kernel/trace/trace.c:3023 [inline]
  trace_array_vprintk kernel/trace/trace.c:3023 [inline]
  trace_vprintk+0x71/0x90 kernel/trace/trace.c:3061
  __trace_printk+0xce/0x120 kernel/trace/trace_printk.c:238
  ____bpf_trace_printk kernel/trace/bpf_trace.c:271 [inline]
  bpf_trace_printk+0xb30/0xc50 kernel/trace/bpf_trace.c:163
  bpf_prog_12183cdb1cd51dab+0x3e7/0x1000
Kernel Offset: disabled
Rebooting in 86400 seconds..