From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBD85C432BE for ; Mon, 30 Aug 2021 20:25:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9595660240 for ; Mon, 30 Aug 2021 20:25:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235764AbhH3UZ6 (ORCPT ); Mon, 30 Aug 2021 16:25:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232906AbhH3UZ4 (ORCPT ); Mon, 30 Aug 2021 16:25:56 -0400 Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D258C061575 for ; Mon, 30 Aug 2021 13:25:02 -0700 (PDT) Received: by mail-ot1-x331.google.com with SMTP id i8-20020a056830402800b0051afc3e373aso20000710ots.5 for ; Mon, 30 Aug 2021 13:25:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=mj9BT4LOshPuqyHHIfEbkOv0XvAZyp9Ylo0oKr2+TdA=; b=VRjf2IbBqn/w52uM6s5SxdUGKcYhnURm7AK44xCy84g83vWhFpYUZN5zDRP8Cu9sau XJJXJoaqHAa1LOUu+nu+twVEi2kT7n4TUvJJiyMrKUxpj9CVqq4rzRfzUwPFPtfDx7KV X/aKybQP733quAIMOKLdvtxYE6hxmOCBKbZMyC+sYF45tBzfEhVId1IUJfBR1dTmdWNS UJvArXSxGtU3E/++vUXN9IZDGhaGIp1pIR7V+hSvd9iY+U52CtieSI8rkL2K5Tc7il+e WLsMf9il2OF3NwECJPyT/UpPttjIke7qytWGdYtnUhAyPkVkMZuDc47VGwW86hyulWip orpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=mj9BT4LOshPuqyHHIfEbkOv0XvAZyp9Ylo0oKr2+TdA=; b=cR8VT/yJUz5NcYGjw73MI6lHCK8LTkjidHwXUn18Q4h2WMXFFbzX0SioZD5PdPjx+Q C3kuAkuVuTIgbcJu47BGW/Tavt2R2ZQ64HVB2lhyUwvCTirIITz4tuCBdiRx1NJ6/kbe ToDwH/HEH+PjCAkL9E/HmoxNAzCTwcRkVdo/gpt2SXG4RFzRK22/s+7B14+ff9FDjBi4 wfbawLNgOtBR4UWYh1zp801bDnnNmJsWFT5a8NP8akwZVRcKq46vd6Ygkz7P7g55hozN 7v2T0Kfm+78onEMLAoi+n4N0EXr98fopb2gom88HmsuqI/bvcjgMwM2xO6JAEYgaiCnw 2Dtg== X-Gm-Message-State: AOAM531X1mHiM3+1x+YT131YTxOI5A8dKrez+TS9SFxCYCqKPF3vfE/e V0bkafRKAHXk/K8gmFS76Ng4jcfuf8qdkrOJIR+RDw== X-Google-Smtp-Source: ABdhPJyNyszlVhhT9yMeBxuaF5beCw8rpOulNbB2uk8xQbYOhvsRxoaTnQCLSWXhooC+iD78tZcC0v3PK7W3BXsktno= X-Received: by 2002:a9d:450b:: with SMTP id w11mr20846874ote.254.1630355101327; Mon, 30 Aug 2021 13:25:01 -0700 (PDT) MIME-Version: 1.0 References: <000000000000ec256905ca2e1915@google.com> In-Reply-To: <000000000000ec256905ca2e1915@google.com> From: Dmitry Vyukov Date: Mon, 30 Aug 2021 22:24:49 +0200 Message-ID: Subject: Re: [syzbot] WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1. (2) To: syzbot , syzkaller , Aleksandr Nogikh Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 23 Aug 2021 at 01:17, syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.ker= n.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D176cf74130000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D3205625db2f96= ac9 > dashboard link: https://syzkaller.appspot.com/bug?extid=3D5e1d2ee57b07877= e2439 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binuti= ls for Debian) 2.35.1 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D14482731300= 000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D13be58ce30000= 0 > > Bisection is inconclusive: the issue happens on the oldest tested release= . > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=3D1050081e30= 0000 > final oops: https://syzkaller.appspot.com/x/report.txt?x=3D1250081e30= 0000 > console output: https://syzkaller.appspot.com/x/log.txt?x=3D1450081e30000= 0 > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+5e1d2ee57b07877e2439@syzkaller.appspotmail.com +syzkaller mailing list Fun. Fuzzer managed to corrupt syz-executor to force it to print .strings section (?). This is a warning printed by glibc. +Aleksandr, please add it to the ignore list (and add a test with this crash, I see there other suspicious strings like "BUG" that can trigger pkg/report as well). // elf/get-dynamic-info.h if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0) && l->l_flags_1 & ~DT_1_SUPPORTED_MASK) _dl_debug_printf ("\nWARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1.\n", l->l_flags_1 & ~DT_1_SUPPORTED_MASK); > resolv_context.c current->__from_res current->__refcount > 0 ctx->conf = =3D=3D NULL current =3D=3D ctx ctx->__refcount > 0 __resolv_co= ntext_put maybe_init context_reuse resolv_conf.c conf->__refcount >= 0 /etc/resolv.conf conf =3D=3D ptr init->nameserver_list[i]->sa_family = =3D=3D AF_INET6 !alloc_buffer_has_failed (&buffer) global_copy->free_l= ist_start =3D=3D 0 || global_copy->free_list_start & 1 conf->nameserver_l= ist[i]->sa_family =3D=3D AF_INET6 resolv_conf_matches (resp, conf) c= onf_decrement update_from_conf __resolv_conf_attach = __resolv_conf_allocate resolv_conf_get_1 __resol= v_conf_get_current cannot allocate memory for thread-local data: ABOR= T > Failed loading %lu audit modules, %lu are supported. > result <=3D GL(dl_tls_max_dtv_idx) + 1 result =3D=3D GL(dl_tls_max_= dtv_idx) + 1 listp->slotinfo[cnt].gen <=3D GL(dl_tls_generation) m= ap->l_tls_modid =3D=3D total + cnt map->l_tls_blocksize >=3D map->l_tls_ini= timage_size (size_t) map->l_tls_offset >=3D map->l_tls_blocksize = cannot create TLS data structures ../elf/dl-tls.c listp !=3D NULL idx =3D= =3D 0 dlopen _dl_add_to_slotinfo _dl_allocate_tls_init = _dl_next_tls_modid GLIBC_TUNABLES /etc/suid-debug glibc.rtld.nns = glibc.malloc.trim_threshold MALLOC_TRIM_THRESHOLD_ glibc.malloc.perturb MAL= LOC_PERTURB_ glibc.elision.tries glibc.elision.enable glibc.malloc.mxfast g= libc.elision.skip_lock_busy glibc.malloc.top_pad MALLOC_TOP_PAD_ glibc.cpu.= x86_shstk glibc.cpu.hwcap_mask LD_HWCAP_MASK glibc.malloc.mmap_max MALLOC_M= MAP_MAX_ glibc.cpu.x86_ibt glibc.cpu.hwcaps glibc.malloc.arena_max MALLOC_A= RENA_MAX glibc.malloc.mmap_threshold MALLOC_MMAP_THRESHOLD_ glibc.cpu.x86_d= ata_cache_size glibc.malloc.tcache_count glibc.malloc.arena_test MALLOC_ARE= NA_TEST glibc.malloc.tcache_max glibc.malloc.check MALLOC_CHECK_ sbrk() fa= ilure while processing tunables > glibc.elision.skip_lock_after_retries glibc.cpu.x86_shared_cache= _size glibc.cpu.x86_non_temporal_threshold glibc.elision.skip_trylock_in= ternal_abort glibc.malloc.tcache_unsorted_limit glibc.elision.sk= ip_lock_internal_abort glibc.pthread.mutex_spin_count glibc.rtld.optional= _static_tls p =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BDP =EF=BF=BD=EF= =BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD= =EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD =EF=BF= =BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF= =BD =EF=BF=BD=EF=BF=BDx =EF=BF=BD=EF=BF=BDP =EF=BF=BD=EF=BF=BD( =EF=BF=BD= =EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF= =BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF= =BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BDx =EF=BF=BD=EF=BF=BD=EF= =BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF= =BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF= =BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD/var= /tmp /var/profile GCONV_PATH GETCONF_DIR HOSTALIASES LD_AUDIT= LD_DEBUG LD_DEBUG_OUTPUT LD_DYNAMIC_WEAK LD_HWCAP_MASK LD_LIBRARY_PATH LD_= ORIGIN_PATH LD_PRELOAD LD_PROFILE LD_SHOW_AUXV LD_USE_LOAD_BIAS LOCALDOMAIN= LOCPATH MALLOC_TRACE NIS_PATH NLSPATH RESOLV_HOST_CONF RES_OPTIONS TMPDIR = TZDIR LD_PREFER_MAP_32BIT_EXEC i586 i686 haswe= ll xeon_phi sse2 x86_64 avx512_1 LD_WARN setup-vdso.h ph= ->p_type !=3D PT_TLS get-dynamic-info.h out of memory > LINUX_2.6 __vdso_clock_gettime __vdso_gettimeofday __vdso_time __vdso_ge= tcpu __vdso_clock_getres LD_LIBRARY_PATH LD_BIND_NOW LD_BIND_NOT LD_DYNAMIC= _WEAK LD_PROFILE_OUTPUT LD_ASSUME_KERNEL info[DT_PLTREL]->d_un.d_val = =3D=3D DT_RELA info[DT_RELAENT]->d_un.d_val =3D=3D sizeof (ElfW(Rela)) > WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1. > setup_vdso elf_get_dynamic_info AVX CX8 FMA HTT IBT RTM= AVX2 BMI1 BMI2 CMOV FMA4 SSE2 I586 I686 LZCNT MOVBE SHSTK SSSE3 POPCNT SSE= 4_1 AVX512F OSXSAVE AVX512CD AVX512BW AVX512DQ AVX512ER AVX512PF AVX512VL A= VX_Usable FMA_Usable AVX2_Usable FMA4_Usable Slow_SSE4_2 XSAVEC_Usable AVX5= 12F_Usable AVX512DQ_Usable Fast_Copy_Backward Fast_Unaligned_Copy Prefer_No= _VZEROUPPER Prefer_MAP_32BIT_EXEC AVX_Fast_Unaligned_Load MathVec_Prefer_No= _AVX512 Prefer_PMINUB_for_stringop Slow_BSF Prefer_ERMS Fast_Rep_String Pre= fer_FSRM /proc/sys/kernel/osrelease + =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF= =BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BDQ =EF= =BF=BD=EF=BF=BDl =EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD= =EF=BF=BDl =EF=BF=BD=EF=BF=BD=EF=BF=BD"=EF=BF=BD=EF=BF=BD=EF=BF=BD"=EF=BF= =BD=EF=BF=BDv"=EF=BF=BD=EF=BF=BD1"=EF=BF=BD=EF=BF=BDl =EF=BF=BD=EF=BF=BD=EF= =BF=BD!=EF=BF=BD=EF=BF=BD=EF=BF=BD!=EF=BF=BD=EF=BF=BDn!=EF=BF=BD=EF=BF=BD/!= =EF=BF=BD=EF=BF=BDl =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD= =EF=BF=BD=EF=BF=BDl =EF=BF=BD=EF=BF=BD` =EF=BF=BD=EF=BF=BDb#=EF=BF=BD=EF= =BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BDo =EF=BF=BD= =EF=BF=BD7 =EF=BF=BD=EF=BF=BD7#=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF= =BD =EF=BF=BD=EF=BF=BD=EF=BF=BD"=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF= =BF=BD"=EF=BF=BD=EF=BF=BD\"=EF=BF=BD=EF=BF=BD #=EF=BF=BD=EF=BF=BD=EF=BF=BD!= =EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD!=EF=BF=BD=EF=BF=BDZ!=EF=BF= =BD=EF=BF=BD !=EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD =EF=BF=BD=EF= =BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BDL =EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD = =EF=BF=BD=EF=BF=BD %s: %s: %s%s%s%s%s > DYNAMIC LINKER BUG!!! error while loading shared libraries gconv.= c irreversible !=3D NULL outbuf !=3D NULL && *outbuf !=3D NULL = __gconv gconv_db.c step->__end_fct =3D=3D NULL __gconv_release= _step gconv_conf.c result =3D=3D NULL elem !=3D NULL cwd !=3D NULL alias mo= dule ISO-10646/UCS4/ =3DINTERNAL->ucs4 =3Ducs4->INTERNAL UCS-4LE// =3DINTER= NAL->ucs4le =3Ducs4le->INTERNAL ISO-10646/UTF8/ =3DINTERNAL->utf8 =3Dutf8->= INTERNAL ISO-10646/UCS2/ =3Ducs2->INTERNAL =3DINTERNAL->ucs2 ANSI_X3.4-1968= // =3Dascii->INTERNAL =3DINTERNAL->ascii UNICODEBIG// =3Ducs2reverse->INTER= NAL =3DINTERNAL->ucs2reverse .so __gconv_get_path U= CS4// ISO-10646/UCS4/ UCS-4// ISO-10646/UCS4/ UCS-4BE// ISO-10646/UCS4/ CSU= CS4// ISO-10646/UCS4/ ISO-10646// ISO-10646/UCS4/ 10646-1:1993// ISO-10646/= UCS4/ 10646-1:1993/UCS4/ ISO-10646/UCS4/ OSF00010104// ISO-10646/UCS4/ OSF0= 0010105// ISO-10646/UCS4/ OSF00010106// ISO-10646/UCS4/ WCHAR_T// INTERNAL = UTF8// ISO-10646/UTF8/ UTF-8// ISO-10646/UTF8/ ISO-IR-193// ISO-10646/UTF8/= OSF05010001// ISO-10646/UTF8/ ISO-10646/UTF-8/ ISO-10646/UTF8/ UCS2// ISO-= 10646/UCS2/ UCS-2// ISO-10646/UCS2/ OSF00010100// ISO-10646/UCS2/ OSF000101= 01// ISO-10646/UCS2/ OSF00010102// ISO-10646/UCS2/ ANSI_X3.4// ANSI_X3.4-19= 68// ISO-IR-6// ANSI_X3.4-1968// ANSI_X3.4-1986// ANSI_X3.4-1968// ISO_646.= IRV:1991// ANSI_X3.4-1968// ASCII// ANSI_X3.4-1968// ISO646-US// ANSI_X3.4-= 1968// US-ASCII// ANSI_X3.4-1968// US// ANSI_X3.4-1968// IBM367// ANSI_X3.4= -1968// CP367// ANSI_X3.4-1968// CSASCII// ANSI_X3.4-1968// OSF00010020// A= NSI_X3.4-1968// UNICODELITTLE// ISO-10646/UCS2/ UCS-2LE// ISO-10646/UCS2/ U= CS-2BE// UNICODEBIG// gconv-modules = /usr/lib/x86_64-linux-gnu/gconv gconv_builtin.c cnt < sizeof (map) / s= izeof (map[0]) __gconv_get_builtin_trans ../iconv/skeleton.c out= bufstart =3D=3D NULL outbuf =3D=3D outerr inend - *inptrp < 4 gconv_simple.= c *outptrp + 4 > outend ../iconv/loop.c ch !=3D 0xc0 && ch !=3D 0xc1 =EF=BF= =BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD nstatus =3D=3D __GCONV_FULL_OU= TPUT (state->__count & 7) <=3D sizeof (state->__value) inptr - bytebuf > (= state->__count & 7) inend !=3D &bytebuf[MAX_NEEDED_INPUT] inend - inpt= r > (state->__count & ~7) inend - inptr <=3D sizeof (state->__value) = internal_ucs2reverse_loop_single = __gconv_transform_internal_ucs2reverse ucs2reverse= _internal_loop_single __gconv_transform_ucs2= reverse_internal __gconv_transform_internal_ucs2 _= _gconv_transform_ucs2_internal __gconv_transform_utf8_internal __gconv_tran= sform_internal_utf8 __gconv_transform_internal_ascii = __gconv_transform_ascii_internal __= gconv_transform_ucs4le_internal __gconv_trans= form_internal_ucs4le __gconv_transform_ucs4_i= nternal __gconv_transform_internal_ucs4 internal_ucs2_loop_single ucs= 2_internal_loop_single utf8_internal_loop_single internal_utf8_= loop_single internal_ascii_loop_single ucs4le_internal_loop GCON= V_PATH /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache gconv_dl.c obj->= counter > 0 found->handle =3D=3D NULL gconv gconv_init gconv_end = do_release_shlib __gconv_find_shlib ,TRANSLIT /IGNORE ,= IGNORE LOCPATH > > > + 3 ?HP[hw LC_COLLATE LC_CTYPE LC_MONET= ARY LC_NUMERIC LC_TIME LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE= LC_MEASUREMENT LC_IDENTIFICATION LC_ALL LANG findlocale.c locale_codeset != =3D NULL /../ _nl_find_locale /usr/lib/locale n - = loadlocale.c category =3D=3D LC_CTYPE =EF= =BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF= =BD=EF=BF=BD=EF=BF=BD=EF=BF=BDp=EF=BF=BD=EF=BF=BD=EF=BF=BDX=EF=BF=BD=EF=BF= =BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD= =EF=BF=BD8=EF=BF=BD=EF=BF=BD=EF=BF=BD(=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD= =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF= =BF=BD=EF=BF=BD=EF=BF=BDH=EF=BF=BD=EF=BF=BD=EF=BF=BD