Re: [syzbot] WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1. (2)

From: Dmitry Vyukov <dvyukov@google.com>
To: syzbot <syzbot+5e1d2ee57b07877e2439@syzkaller.appspotmail.com>,
	syzkaller <syzkaller@googlegroups.com>,
	Aleksandr Nogikh <nogikh@google.com>
Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1. (2)
Date: Mon, 30 Aug 2021 22:24:49 +0200	[thread overview]
Message-ID: <CACT4Y+a2-iR6E+a=YwXHOBPio19ag9q+fWqpVASkohemTUiQBQ@mail.gmail.com> (raw)
In-Reply-To: <000000000000ec256905ca2e1915@google.com>

On Mon, 23 Aug 2021 at 01:17, syzbot
<syzbot+5e1d2ee57b07877e2439@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.kern..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=176cf741300000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3205625db2f96ac9
> dashboard link: https://syzkaller.appspot.com/bug?extid=5e1d2ee57b07877e2439
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14482731300000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13be58ce300000
>
> Bisection is inconclusive: the issue happens on the oldest tested release.
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1050081e300000
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=1250081e300000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1450081e300000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+5e1d2ee57b07877e2439@syzkaller.appspotmail.com

+syzkaller mailing list

Fun. Fuzzer managed to corrupt syz-executor to force it to print
.strings section (?).
This is a warning printed by glibc.
+Aleksandr, please add it to the ignore list (and add a test with this
crash, I see there other suspicious strings like "BUG" that can
trigger pkg/report as well).

// elf/get-dynamic-info.h
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0)
&& l->l_flags_1 & ~DT_1_SUPPORTED_MASK)
_dl_debug_printf ("\nWARNING: Unsupported flag value(s) of 0x%x in
DT_FLAGS_1.\n",
l->l_flags_1 & ~DT_1_SUPPORTED_MASK);


>  resolv_context.c current->__from_res current->__refcount > 0 ctx->conf == NULL current == ctx ctx->__refcount > 0              __resolv_context_put    maybe_init      context_reuse resolv_conf.c conf->__refcount > 0 /etc/resolv.conf conf == ptr   init->nameserver_list[i]->sa_family == AF_INET6 !alloc_buffer_has_failed (&buffer)      global_copy->free_list_start == 0 || global_copy->free_list_start & 1   conf->nameserver_list[i]->sa_family == AF_INET6 resolv_conf_matches (resp, conf)        conf_decrement  update_from_conf                __resolv_conf_attach            __resolv_conf_allocate          resolv_conf_get_1               __resolv_conf_get_current       cannot allocate memory for thread-local data: ABORT
>     Failed loading %lu audit modules, %lu are supported.
>    result <= GL(dl_tls_max_dtv_idx) + 1    result == GL(dl_tls_max_dtv_idx) + 1    listp->slotinfo[cnt].gen <= GL(dl_tls_generation)       map->l_tls_modid == total + cnt map->l_tls_blocksize >= map->l_tls_initimage_size       (size_t) map->l_tls_offset >= map->l_tls_blocksize      cannot create TLS data structures ../elf/dl-tls.c listp != NULL idx == 0 dlopen         _dl_add_to_slotinfo             _dl_allocate_tls_init           _dl_next_tls_modid GLIBC_TUNABLES /etc/suid-debug glibc.rtld.nns glibc.malloc.trim_threshold MALLOC_TRIM_THRESHOLD_ glibc.malloc.perturb MALLOC_PERTURB_ glibc.elision.tries glibc.elision.enable glibc.malloc.mxfast glibc.elision.skip_lock_busy glibc.malloc.top_pad MALLOC_TOP_PAD_ glibc.cpu.x86_shstk glibc.cpu.hwcap_mask LD_HWCAP_MASK glibc.malloc.mmap_max MALLOC_MMAP_MAX_ glibc.cpu.x86_ibt glibc.cpu.hwcaps glibc.malloc.arena_max MALLOC_ARENA_MAX glibc.malloc.mmap_threshold MALLOC_MMAP_THRESHOLD_ glibc.cpu.x86_data_cache_size glibc.malloc.tcache_count glibc.malloc.arena_test MALLOC_ARENA_TEST glibc.malloc.tcache_max glibc.malloc.check MALLOC_CHECK_  sbrk() failure while processing tunables
>        glibc.elision.skip_lock_after_retries   glibc.cpu.x86_shared_cache_size glibc.cpu.x86_non_temporal_threshold    glibc.elision.skip_trylock_internal_abort       glibc.malloc.tcache_unsorted_limit      glibc.elision.skip_lock_internal_abort  glibc.pthread.mutex_spin_count  glibc.rtld.optional_static_tls  p ��� ��P ��  ��� ��� ��� ��� ��  ��� ��� ��� ��x ��P ��( ��  ��� ��� ��� ��� ��� ��� ��x ��� ��� ��� ��� ��� ��� ��� ��� ��/var/tmp /var/profile               GCONV_PATH GETCONF_DIR HOSTALIASES LD_AUDIT LD_DEBUG LD_DEBUG_OUTPUT LD_DYNAMIC_WEAK LD_HWCAP_MASK LD_LIBRARY_PATH LD_ORIGIN_PATH LD_PRELOAD LD_PROFILE LD_SHOW_AUXV LD_USE_LOAD_BIAS LOCALDOMAIN LOCPATH MALLOC_TRACE NIS_PATH NLSPATH RESOLV_HOST_CONF RES_OPTIONS TMPDIR TZDIR LD_PREFER_MAP_32BIT_EXEC                      i586     i686     haswell  xeon_phi             sse2     x86_64   avx512_1 LD_WARN setup-vdso.h ph->p_type != PT_TLS get-dynamic-info.h out of memory
>  LINUX_2.6 __vdso_clock_gettime __vdso_gettimeofday __vdso_time __vdso_getcpu __vdso_clock_getres LD_LIBRARY_PATH LD_BIND_NOW LD_BIND_NOT LD_DYNAMIC_WEAK LD_PROFILE_OUTPUT LD_ASSUME_KERNEL      info[DT_PLTREL]->d_un.d_val == DT_RELA  info[DT_RELAENT]->d_un.d_val == sizeof (ElfW(Rela))
> WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1.
>      setup_vdso              elf_get_dynamic_info AVX CX8 FMA HTT IBT RTM AVX2 BMI1 BMI2 CMOV FMA4 SSE2 I586 I686 LZCNT MOVBE SHSTK SSSE3 POPCNT SSE4_1 AVX512F OSXSAVE AVX512CD AVX512BW AVX512DQ AVX512ER AVX512PF AVX512VL AVX_Usable FMA_Usable AVX2_Usable FMA4_Usable Slow_SSE4_2 XSAVEC_Usable AVX512F_Usable AVX512DQ_Usable Fast_Copy_Backward Fast_Unaligned_Copy Prefer_No_VZEROUPPER Prefer_MAP_32BIT_EXEC AVX_Fast_Unaligned_Load MathVec_Prefer_No_AVX512 Prefer_PMINUB_for_stringop Slow_BSF Prefer_ERMS Fast_Rep_String Prefer_FSRM /proc/sys/kernel/osrelease   + ��� ��� ��� ��Q ��l ��  ��� ��l ���"���"��v"��1"��l ���!���!��n!��/!��l ��� ��� ��l ��` ��b#��� ��� ��o ��7 ��7#��  ��� ���"��  ���"��\"�� #���!��  ���!��Z!�� !��� ��  ��� ��L ��  ��  ��<program name unknown> %s: %s: %s%s%s%s%s
>  DYNAMIC LINKER BUG!!!        error while loading shared libraries gconv.c irreversible != NULL       outbuf != NULL && *outbuf != NULL       __gconv gconv_db.c step->__end_fct == NULL              __gconv_release_step gconv_conf.c result == NULL elem != NULL cwd != NULL alias module ISO-10646/UCS4/ =INTERNAL->ucs4 =ucs4->INTERNAL UCS-4LE// =INTERNAL->ucs4le =ucs4le->INTERNAL ISO-10646/UTF8/ =INTERNAL->utf8 =utf8->INTERNAL ISO-10646/UCS2/ =ucs2->INTERNAL =INTERNAL->ucs2 ANSI_X3.4-1968// =ascii->INTERNAL =INTERNAL->ascii UNICODEBIG// =ucs2reverse->INTERNAL =INTERNAL->ucs2reverse .so          __gconv_get_path                UCS4// ISO-10646/UCS4/ UCS-4// ISO-10646/UCS4/ UCS-4BE// ISO-10646/UCS4/ CSUCS4// ISO-10646/UCS4/ ISO-10646// ISO-10646/UCS4/ 10646-1:1993// ISO-10646/UCS4/ 10646-1:1993/UCS4/ ISO-10646/UCS4/ OSF00010104// ISO-10646/UCS4/ OSF00010105// ISO-10646/UCS4/ OSF00010106// ISO-10646/UCS4/ WCHAR_T// INTERNAL UTF8// ISO-10646/UTF8/ UTF-8// ISO-10646/UTF8/ ISO-IR-193// ISO-10646/UTF8/ OSF05010001// ISO-10646/UTF8/ ISO-10646/UTF-8/ ISO-10646/UTF8/ UCS2// ISO-10646/UCS2/ UCS-2// ISO-10646/UCS2/ OSF00010100// ISO-10646/UCS2/ OSF00010101// ISO-10646/UCS2/ OSF00010102// ISO-10646/UCS2/ ANSI_X3.4// ANSI_X3.4-1968// ISO-IR-6// ANSI_X3.4-1968// ANSI_X3.4-1986// ANSI_X3.4-1968// ISO_646.IRV:1991// ANSI_X3.4-1968// ASCII// ANSI_X3.4-1968// ISO646-US// ANSI_X3.4-1968// US-ASCII// ANSI_X3.4-1968// US// ANSI_X3.4-1968// IBM367// ANSI_X3.4-1968// CP367// ANSI_X3.4-1968// CSASCII// ANSI_X3.4-1968// OSF00010020// ANSI_X3.4-1968// UNICODELITTLE// ISO-10646/UCS2/ UCS-2LE// ISO-10646/UCS2/ UCS-2BE// UNICODEBIG//   gconv-modules                                           /usr/lib/x86_64-linux-gnu/gconv gconv_builtin.c cnt < sizeof (map) / sizeof (map[0])            __gconv_get_builtin_trans ../iconv/skeleton.c outbufstart == NULL outbuf == outerr inend - *inptrp < 4 gconv_simple.c *outptrp + 4 > outend ../iconv/loop.c ch != 0xc0 && ch != 0xc1 �����      nstatus == __GCONV_FULL_OUTPUT  (state->__count & 7) <= sizeof (state->__value) inptr - bytebuf > (state->__count & 7)  inend != &bytebuf[MAX_NEEDED_INPUT]     inend - inptr > (state->__count & ~7)   inend - inptr <= sizeof (state->__value)                internal_ucs2reverse_loop_single                                __gconv_transform_internal_ucs2reverse                          ucs2reverse_internal_loop_single                                __gconv_transform_ucs2reverse_internal                          __gconv_transform_internal_ucs2 __gconv_transform_ucs2_internal __gconv_transform_utf8_internal __gconv_transform_internal_utf8 __gconv_transform_internal_ascii                                __gconv_transform_ascii_internal                                __gconv_transform_ucs4le_internal                               __gconv_transform_internal_ucs4le                               __gconv_transform_ucs4_internal __gconv_transform_internal_ucs4 internal_ucs2_loop_single       ucs2_internal_loop_single       utf8_internal_loop_single       internal_utf8_loop_single       internal_ascii_loop_single      ucs4le_internal_loop GCONV_PATH /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache gconv_dl.c obj->counter > 0 found->handle == NULL gconv gconv_init gconv_end                do_release_shlib                __gconv_find_shlib ,TRANSLIT /IGNORE ,IGNORE LOCPATH
>
>
>                +  3 ?HP[hw                   LC_COLLATE LC_CTYPE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL LANG findlocale.c locale_codeset != NULL /../   _nl_find_locale /usr/lib/locale         n       -                                  loadlocale.c category == LC_CTYPE           ������������p���X�����������8���(���������������H���