[syzbot] WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1. (2)

13 views
Skip to first unread message

syzbot

unread,
Aug 22, 2021, 7:17:16 PM8/22/21
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: 614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.kern..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=176cf741300000
kernel config: https://syzkaller.appspot.com/x/.config?x=3205625db2f96ac9
dashboard link: https://syzkaller.appspot.com/bug?extid=5e1d2ee57b07877e2439
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14482731300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13be58ce300000

Bisection is inconclusive: the issue happens on the oldest tested release.

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1050081e300000
final oops: https://syzkaller.appspot.com/x/report.txt?x=1250081e300000
console output: https://syzkaller.appspot.com/x/log.txt?x=1450081e300000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5e1d2e...@syzkaller.appspotmail.com

resolv_context.c current->__from_res current->__refcount > 0 ctx->conf == NULL current == ctx ctx->__refcount > 0 __resolv_context_put maybe_init context_reuse resolv_conf.c conf->__refcount > 0 /etc/resolv.conf conf == ptr init->nameserver_list[i]->sa_family == AF_INET6 !alloc_buffer_has_failed (&buffer) global_copy->free_list_start == 0 || global_copy->free_list_start & 1 conf->nameserver_list[i]->sa_family == AF_INET6 resolv_conf_matches (resp, conf) conf_decrement update_from_conf __resolv_conf_attach __resolv_conf_allocate resolv_conf_get_1 __resolv_conf_get_current cannot allocate memory for thread-local data: ABORT
Failed loading %lu audit modules, %lu are supported.
result <= GL(dl_tls_max_dtv_idx) + 1 result == GL(dl_tls_max_dtv_idx) + 1 listp->slotinfo[cnt].gen <= GL(dl_tls_generation) map->l_tls_modid == total + cnt map->l_tls_blocksize >= map->l_tls_initimage_size (size_t) map->l_tls_offset >= map->l_tls_blocksize cannot create TLS data structures ../elf/dl-tls.c listp != NULL idx == 0 dlopen _dl_add_to_slotinfo _dl_allocate_tls_init _dl_next_tls_modid GLIBC_TUNABLES /etc/suid-debug glibc.rtld.nns glibc.malloc.trim_threshold MALLOC_TRIM_THRESHOLD_ glibc.malloc.perturb MALLOC_PERTURB_ glibc.elision.tries glibc.elision.enable glibc.malloc.mxfast glibc.elision.skip_lock_busy glibc.malloc.top_pad MALLOC_TOP_PAD_ glibc.cpu.x86_shstk glibc.cpu.hwcap_mask LD_HWCAP_MASK glibc.malloc.mmap_max MALLOC_MMAP_MAX_ glibc.cpu.x86_ibt glibc.cpu.hwcaps glibc.malloc.arena_max MALLOC_ARENA_MAX glibc.malloc.mmap_threshold MALLOC_MMAP_THRESHOLD_ glibc.cpu.x86_data_cache_size glibc.malloc.tcache_count glibc.malloc.arena_test MALLOC_ARENA_TEST glibc.malloc.tcache_max glibc.malloc.check MALLOC_CHECK_ sbrk() failure while processing tunables
glibc.elision.skip_lock_after_retries glibc.cpu.x86_shared_cache_size glibc.cpu.x86_non_temporal_threshold glibc.elision.skip_trylock_internal_abort glibc.malloc.tcache_unsorted_limit glibc.elision.skip_lock_internal_abort glibc.pthread.mutex_spin_count glibc.rtld.optional_static_tls p ��� ��P �� ��� ��� ��� ��� �� ��� ��� ��� ��x ��P ��( �� ��� ��� ��� ��� ��� ��� ��x ��� ��� ��� ��� ��� ��� ��� ��� ��/var/tmp /var/profile GCONV_PATH GETCONF_DIR HOSTALIASES LD_AUDIT LD_DEBUG LD_DEBUG_OUTPUT LD_DYNAMIC_WEAK LD_HWCAP_MASK LD_LIBRARY_PATH LD_ORIGIN_PATH LD_PRELOAD LD_PROFILE LD_SHOW_AUXV LD_USE_LOAD_BIAS LOCALDOMAIN LOCPATH MALLOC_TRACE NIS_PATH NLSPATH RESOLV_HOST_CONF RES_OPTIONS TMPDIR TZDIR LD_PREFER_MAP_32BIT_EXEC i586 i686 haswell xeon_phi sse2 x86_64 avx512_1 LD_WARN setup-vdso.h ph->p_type != PT_TLS get-dynamic-info.h out of memory
LINUX_2.6 __vdso_clock_gettime __vdso_gettimeofday __vdso_time __vdso_getcpu __vdso_clock_getres LD_LIBRARY_PATH LD_BIND_NOW LD_BIND_NOT LD_DYNAMIC_WEAK LD_PROFILE_OUTPUT LD_ASSUME_KERNEL info[DT_PLTREL]->d_un.d_val == DT_RELA info[DT_RELAENT]->d_un.d_val == sizeof (ElfW(Rela))
WARNING: Unsupported flag value(s) of 0x%x in DT_FLAGS_1.
setup_vdso elf_get_dynamic_info AVX CX8 FMA HTT IBT RTM AVX2 BMI1 BMI2 CMOV FMA4 SSE2 I586 I686 LZCNT MOVBE SHSTK SSSE3 POPCNT SSE4_1 AVX512F OSXSAVE AVX512CD AVX512BW AVX512DQ AVX512ER AVX512PF AVX512VL AVX_Usable FMA_Usable AVX2_Usable FMA4_Usable Slow_SSE4_2 XSAVEC_Usable AVX512F_Usable AVX512DQ_Usable Fast_Copy_Backward Fast_Unaligned_Copy Prefer_No_VZEROUPPER Prefer_MAP_32BIT_EXEC AVX_Fast_Unaligned_Load MathVec_Prefer_No_AVX512 Prefer_PMINUB_for_stringop Slow_BSF Prefer_ERMS Fast_Rep_String Prefer_FSRM /proc/sys/kernel/osrelease + ��� ��� ��� ��Q ��l �� ��� ��l ���"���"��v"��1"��l ���!���!��n!��/!��l ��� ��� ��l ��` ��b#��� ��� ��o ��7 ��7#�� ��� ���"�� ���"��\"�� #���!�� ���!��Z!�� !��� �� ��� ��L �� �� ��<program name unknown> %s: %s: %s%s%s%s%s
DYNAMIC LINKER BUG!!! error while loading shared libraries gconv.c irreversible != NULL outbuf != NULL && *outbuf != NULL __gconv gconv_db.c step->__end_fct == NULL __gconv_release_step gconv_conf.c result == NULL elem != NULL cwd != NULL alias module ISO-10646/UCS4/ =INTERNAL->ucs4 =ucs4->INTERNAL UCS-4LE// =INTERNAL->ucs4le =ucs4le->INTERNAL ISO-10646/UTF8/ =INTERNAL->utf8 =utf8->INTERNAL ISO-10646/UCS2/ =ucs2->INTERNAL =INTERNAL->ucs2 ANSI_X3.4-1968// =ascii->INTERNAL =INTERNAL->ascii UNICODEBIG// =ucs2reverse->INTERNAL =INTERNAL->ucs2reverse .so __gconv_get_path UCS4// ISO-10646/UCS4/ UCS-4// ISO-10646/UCS4/ UCS-4BE// ISO-10646/UCS4/ CSUCS4// ISO-10646/UCS4/ ISO-10646// ISO-10646/UCS4/ 10646-1:1993// ISO-10646/UCS4/ 10646-1:1993/UCS4/ ISO-10646/UCS4/ OSF00010104// ISO-10646/UCS4/ OSF00010105// ISO-10646/UCS4/ OSF00010106// ISO-10646/UCS4/ WCHAR_T// INTERNAL UTF8// ISO-10646/UTF8/ UTF-8// ISO-10646/UTF8/ ISO-IR-193// ISO-10646/UTF8/ OSF05010001// ISO-10646/UTF8/ ISO-10646/UTF-8/ ISO-10646/UTF8/ UCS2// ISO-10646/UCS2/ UCS-2// ISO-10646/UCS2/ OSF00010100// ISO-10646/UCS2/ OSF00010101// ISO-10646/UCS2/ OSF00010102// ISO-10646/UCS2/ ANSI_X3.4// ANSI_X3.4-1968// ISO-IR-6// ANSI_X3.4-1968// ANSI_X3.4-1986// ANSI_X3.4-1968// ISO_646.IRV:1991// ANSI_X3.4-1968// ASCII// ANSI_X3.4-1968// ISO646-US// ANSI_X3.4-1968// US-ASCII// ANSI_X3.4-1968// US// ANSI_X3.4-1968// IBM367// ANSI_X3.4-1968// CP367// ANSI_X3.4-1968// CSASCII// ANSI_X3.4-1968// OSF00010020// ANSI_X3.4-1968// UNICODELITTLE// ISO-10646/UCS2/ UCS-2LE// ISO-10646/UCS2/ UCS-2BE// UNICODEBIG// gconv-modules /usr/lib/x86_64-linux-gnu/gconv gconv_builtin.c cnt < sizeof (map) / sizeof (map[0]) __gconv_get_builtin_trans ../iconv/skeleton.c outbufstart == NULL outbuf == outerr inend - *inptrp < 4 gconv_simple.c *outptrp + 4 > outend ../iconv/loop.c ch != 0xc0 && ch != 0xc1 ����� nstatus == __GCONV_FULL_OUTPUT (state->__count & 7) <= sizeof (state->__value) inptr - bytebuf > (state->__count & 7) inend != &bytebuf[MAX_NEEDED_INPUT] inend - inptr > (state->__count & ~7) inend - inptr <= sizeof (state->__value) internal_ucs2reverse_loop_single __gconv_transform_internal_ucs2reverse ucs2reverse_internal_loop_single __gconv_transform_ucs2reverse_internal __gconv_transform_internal_ucs2 __gconv_transform_ucs2_internal __gconv_transform_utf8_internal __gconv_transform_internal_utf8 __gconv_transform_internal_ascii __gconv_transform_ascii_internal __gconv_transform_ucs4le_internal __gconv_transform_internal_ucs4le __gconv_transform_ucs4_internal __gconv_transform_internal_ucs4 internal_ucs2_loop_single ucs2_internal_loop_single utf8_internal_loop_single internal_utf8_loop_single internal_ascii_loop_single ucs4le_internal_loop GCONV_PATH /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache gconv_dl.c obj->counter > 0 found->handle == NULL gconv gconv_init gconv_end do_release_shlib __gconv_find_shlib ,TRANSLIT /IGNORE ,IGNORE LOCPATH


+ 3 ?HP[hw LC_COLLATE LC_CTYPE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL LANG findlocale.c locale_codeset != NULL /../ _nl_find_locale /usr/lib/locale n - loadlocale.c category == LC_CTYPE ������������p���X�����������8���(���������������H���
V � . _nl_intern_locale_data loadarchive.c archmapped == &headmap headmap.len == archive_stat.st_size _nl_archive_subfreeres _nl_load_locale_from_archive /usr/lib/locale/locale-archive upper lower alpha digit xdigit space print graph blank cntrl punct alnum toupper tolower 8 H H H H H I ��������������� � ( ( �������������������������������������������������������������������������������������������������������� � ��� ��� � ��� ��� �� � � x �� � � x ���� � ���� � ����������� ����������� ����������� ����������� > > � ~ ~ � ~ ~ � � ��� ��� ��� ��� ��� ��� ��� ��� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ����
! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ a b c d e f g h i j k l m n o p q r s t u v w x y z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ����
! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` A B C D E F G H I J K L M N O P Q R S T U V W X Y Z { | } ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ` � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ` � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ( C ) < < - ( R ) u , > > 1 / 4 1 / 2 3 / 4 A E x s s a e I J i j ' n O E o e s L J L j l j N J N j n j D Z D z d z ' ^ ' ` _ : ~ H h S S s s # # ` W w i s s s ? J ` ` A ; E I I O Y O I A V G D E Z I T H I K L M N X O P R S T Y F C H P S O I Y a e i i y a v g d e z i t h i k l m n x o p r s s t y f c h p s o i y o y o & b t h Y ` Y ` Y ` f p & Q q 6 6 W w 9 0 9 0 9 0 0 9 0 0 S H s h F f K H k h H h D J d j G J g j T I t i k r s j T H e e S H s h S S s r S S S Y O D J G ` Y E Z ` I Y I J L ` N ` T S H K ` U ` D H A B V G D E Z H Z I J K L M N O P R S T U F X C Z C H S H S H H A ` Y ` ` E ` Y U Y A a b v g d e z h z i j k l m n o p r s t u f x c z c h s h s h h ` ` y ` ` e ` y u y a y o d j g ` y e z ` i y i j l ` n ` t s h k ` u ` d h O ` o ` F H f h Y H y h E ` e ` G ` g ` G H g h G H g h Z H ` z h ` K ` k ` K ` k ` N ` n ` N G n g P ` p ` O ` o ` C ` C ` T ` t ` U u H ` h ` T C Z t c z S H ` s h ` C H ` c h ` C H ` c h ` i Z H ` z h ` C H ` c h ` A ` a ` A ` a ` E ` e ` A ` a ` Z H ` z h ` Z ` z ` Z ` z ` I ` i ` O ` o ` O ` o ` U ` u ` U ` u ` C H ` c h ` Y ` y ` - - - - - - - ' ' , ' " " , , " + o . . . . . . ` ` ` ` ` ` < > ! ! / ? ? ? ! ! ? C = R s E U R I N R a / c a / s C c / o c / u g H H H h I I L l N N o P Q R R R T E L ( T M ) Z O h m Z B C e e E F M o i D d e i j 1 / 3 2 / 3 1 / 5 2 / 5 3 / 5 4 / 5 1 / 6 5 / 6 1 / 8 3 / 8 5 / 8 7 / 8 1 / I I I I I I I V V V I V I I V I I I I X X X I X I I L C D M i i i i i i i v v v i v i i v i i i i x x x i x i i l c d m < - - > < - > < = = > < = > - / \ * | : ~ < = > = < < > > < < < > > > N U L S O H S T X E T X E O T E N Q A C K B E L B S H T L F V T F F C R S O S I D L E D C 1 D C 2 D C 3 D C 4 N A K S Y N E T B C A N E M S U B E S C F S G S R S U S S P D E L _ N L ( 1 ) ( 2 ) ( 3 ) ( 4 ) ( 5 ) ( 6 ) ( 7 ) ( 8 ) ( 9 ) ( 1 0 ) ( 1 1 ) ( 1 2 ) ( 1 3 ) ( 1 4 ) ( 1 5 ) ( 1 6 ) ( 1 7 ) ( 1 8 ) ( 1 9 ) ( 2 0 ) ( 1 ) ( 2 ) ( 3 ) ( 4 ) ( 5 ) ( 6 ) ( 7 ) ( 8 ) ( 9 ) ( 1 0 ) ( 1 1 ) ( 1 2 ) ( 1 3 ) ( 1 4 ) ( 1 5 ) ( 1 6 ) ( 1 7 ) ( 1 8 ) ( 1 9 ) ( 2 0 ) 1 . 2 . 3 . 4 . 5 . 6 . 7 . 8 . 9 . 1 0 . 1 1 . 1 2 . 1 3 . 1 4 . 1 5 . 1 6 . 1 7 . 1 8 . 1 9 . 2 0 . ( a ) ( b ) ( c ) ( d ) ( e ) ( f ) ( g ) ( h ) ( i ) ( j ) ( k ) ( l ) ( m ) ( n ) ( o ) ( p ) ( q ) ( r ) ( s ) ( t ) ( u ) ( v ) ( w ) ( x ) ( y ) ( z ) ( A ) ( B ) ( C ) ( D ) ( E ) ( F ) ( G ) ( H ) ( I ) ( J ) ( K ) ( L ) ( M ) ( N ) ( O ) ( P ) ( Q ) ( R ) ( S ) ( T ) ( U ) ( V ) ( W ) ( X ) ( Y ) ( Z ) ( a ) ( b ) ( c ) ( d ) ( e ) ( f ) ( g ) ( h ) ( i ) ( j ) ( k ) ( l ) ( m ) ( n ) ( o ) ( p ) ( q ) ( r ) ( s ) ( t ) ( u ) ( v ) ( w ) ( x ) ( y ) ( z ) ( 0 ) - | + + + + + + + + + o : : = = = = = = = ( 2 1 ) ( 2 2 ) ( 2 3 ) ( 2 4 ) ( 2 5 ) ( 2 6 ) ( 2 7 ) ( 2 8 ) ( 2 9 ) ( 3 0 ) ( 3 1 ) ( 3 2 ) ( 3 3 ) ( 3 4 ) ( 3 5 ) ( 3 6 ) ( 3 7 ) ( 3 8 ) ( 3 9 ) ( 4 0 ) ( 4 1 ) ( 4 2 ) ( 4 3 ) ( 4 4 ) ( 4 5 ) ( 4 6 ) ( 4 7 ) ( 4 8 ) ( 4 9 ) ( 5 0 ) h P a d a A U b a r o V p c p A n A u A m A k A K B M B G B c a l k c a l p F n F u F u g m g k g H z k H z M H z G H z T H z u l m l d l k l f m n m u m m m c m k m m m ^ 2 c m ^ 2 m ^ 2 k m ^ 2 m m ^ 3 c m ^ 3 m ^ 3 k m ^ 3 m / s m / s ^ 2 P a k P a M P a G P a r a d r a d / s r a d / s ^ 2 p s n s u s m s p V n V u V m V k V M V p W n W u W m W k W M W a . m . B q c c c d C / k g C o . d B G y h a H P i n K K K M k t l m l n l o g l x m b m i l m o l P H p . m . P P M P R s r S v W b f f f i f l f f i f f l s t + _ _ _ , . ; : ? ! ( ) { } # & * + - < > = \ $ % @ ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A C D G J K N O P Q S T U V W X Y Z a b c d f h i j k m n p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B D E F G J K L M N O P Q S T U V W X Y a b c d e f g h i j k l m n o p q r s t u v w x y z A B D E F G I J K L M O S T U V W X Y a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 % , 3 7 : > B F J N R V Y ] a e i m q u y } � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � $ ( + . 1 4 7 : = @ C F I L O R U Y \ _ b e h k n q t w z } � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � $ ' * . 2 5 8 ; > A D G K O S W [ ^ b e i m r v z ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � # & ) , 0 4 8 = A E H L P T X \ ` d h k o r v z � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � % * / 4 9 > C F K P U Z ^ b f j n r v z � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
! & ) , 0 5 8 ; ? B F J N Q S U W Y ] a f k p u x } � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � $ + 2 9 @ G L O S X \ _ c h n r u y ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � % * / 4 9 = A E I M Q U Y ^ c h m r w | � � � � � � � � � � � � � � � � � � � � � � � � � � � # ( - 2 7 < A F K P V \ b h n t z � � � � � � � � � � � � � � � � � � � � � � � � � � � $ ) . 3 8 = B G L Q V [ ` e j o t y ~ � � � � � � � � � � � � � � � � � � � � � � � � �





#
(
-
2
7
<
A
F
K
P
U
Z
_
d
i
n
s
x
{
~
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�

" ( . 4 : @ F L R X ^ d i m q v z ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � $ ) / 4 ; ? D I N S Z c g k o s w { � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � " & * / 4 8 ; = ? A C E G I K M O Q S U W Y [ ^ a d g j m p s v y | � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � # & ) , / 2 5 8 ; > A D G J M P S V Y \ _ b e h k n q t w z } � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" % ( + . 1 4 7 : = @ C F I L O R U X [ ^ a d g j m p s v y | � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ! $ ' * - 0 3 6 9 < ? B E H K N Q T W Z ] ` c f i l o r u x { ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � # & ) , / 2 5 8 ; > A D G J M P S V Y \ _ b e h k n q t w z } � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" % ( + . 1 4 7 : = @ C F I L O R U X [ ^ a d g j m p s v y | � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ! $ ' * - 0 3 6 9 < ? B E H K N Q T W Z ] ` c f i l o r u x { ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � # & ) , / 2 5 8 ; > A D G J M P S V Y \ _ b e h k n q t w z } � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" % ( + . 1 4 7 : = @ C F I L O R U X [ ^ a d g j m p s v y | � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ! $ ' * - 0 3 6 9 < ? B E H K N Q T W Z ] ` c f i l o r u x { ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 2 3 I R S � � � � � � � � � � � � � � � � p q r s t u v w z { | } ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O Q R S T U V W X Y Z [ \ ^ _ j k r s t u � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ % & / 5 6 7 9 : < D G H I _ ` a b c � � � � ! ! ! ! !
! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !! "! $! &! (! ,! -! .! /! 0! 1! 3! 4! 9! E! F! G! H! I! S! T! U! V! W! X! Y! Z! [! \! ]! ^! _! `! a! b! c! d! e! f! g! h! i! j! k! l! m! n! o! p! q! r! s! t! u! v! w! x! y! z! {! |! }! ~! ! �! �! �! �! �! �! " " " " #" 6" <" d" e" j" k" �" �" $ $ $ $ $ $ $ $ $ $
$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ !$ #$ $$ `$ a$ b$ c$ d$ e$ f$ g$ h$ i$ j$ k$ l$ m$ n$ o$ p$ q$ r$ s$ t$ u$ v$ w$ x$ y$ z$ {$ |$ }$ ~$ $ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ �$ % % % % % % % $% ,% 4% <% �% t* u* v* 0 �0 Q2 R2 S2 T2 U2 V2 W2 X2 Y2 Z2 [2 \2 ]2 ^2 _2 �2 �2 �2 �2 �2 �2 �2 �2 �2 �2 �2 �2 �2 �2 �2 q3 r3 s3 t3 u3 v3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 �3 � � � � � � )� � � � � � � � � � �
� � � � � � M� N� O� P� R� T� U� V� W� Y� Z� [� \� _� `� a� b� c� d� e� f� h� i� j� k� �� � � � � � � � � �
� � � � � � � � � � � � � � � � � � � � � � � !� "� #� $� %� &� '� (� )� *� +� ,� -� .� /� 0� 1� 2� 3� 4� 5� 6� 7� 8� 9� :� ;� <� =� >� ?� @� A� B� C� D� E� F� G� H� I� J� K� L� M� N� O� P� Q� R� S� T� U� V� W� X� Y� Z� [� \� ]� ^� � � � � � � � � � �
� � � � � � � � � � � � � � � � � � � � � � � !� "� #� $� %� &� '� (� )� *� +� ,� -� .� /� 0� 1� 2� 3� 4� 5� 6� 7� 8� 9� :� ;� <� =� >� ?� @� A� B� C� D� E� F� G� H� I� J� K� L� M� N� O� P� Q� R� S� T� V� W� X� Y� Z� [� \� ]� ^� _� `� a� b� c� d� e� f� g� h� i� j� k� l� m� n� o� p� q� r� s� t� u� v� w� x� y� z� {� |� }� ~� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � � � � � � � � �
� � � � � � � � � � � � � � � � � � � !� "� #� $� %� &� '� (� )� *� +� ,� -� .� /� 0� 1� 2� 3� 4� 5� 6� 7� 8� 9� ;� <� =� >� @� A� B� C� D� F� J� K� L� M� N� O� P� R� S� T� U� V� W� X� Y� Z� [� \� ]� ^� _� `� a� b� c� d� e� f� g� h� i� j� k� l� m� n� o� p� q� r� s� t� u� v� w� x� y� z� {� |� }� ~� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � � � � � � � � � �
� � � � � � � � � � � � � � � � � � � � � � � !� "� #� $� %� &� '� (� )� *� +� ,� -� .� /� 0� 1� 2� 3� 4� 5� 6� 7� 8� 9� :� ;� <� =� >� ?� @� A� B� C� D� E� F� G� H� I� J� K� L� M� N� O� P� Q� R� S� T� U� V� W� X� Y� Z� [� \� ]� ^� _� `� a� b� c� d� e� f� g� h� i� j� k� l� m� n� o� p� q� r� s� t� u� v� w� x� y� z� {� |� }� ~� � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� ��
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �
" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �















"
$
&
(
*
,
.
0
2
4
6
8
:
<
>
@
B
D
F
H
J
L
N
P
R
T
V
X
Z
\
^
`
b
d
f
h
j
l
n
p
r
t
v
x
z
|
~
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�

" $ & ( * , . 0 2 4 6 8 : < > @ B D F H J L N P R T V X Z \ ^ ` b d f h j l n p r t v x z | ~ � � � � � �

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Dmitry Vyukov

unread,
Aug 30, 2021, 4:25:03 PM8/30/21
to syzbot, syzkaller, Aleksandr Nogikh, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Mon, 23 Aug 2021 at 01:17, syzbot
<syzbot+5e1d2e...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.kern..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=176cf741300000
> kernel config: https://syzkaller.appspot.com/x/.config?x=3205625db2f96ac9
> dashboard link: https://syzkaller.appspot.com/bug?extid=5e1d2ee57b07877e2439
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14482731300000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13be58ce300000
>
> Bisection is inconclusive: the issue happens on the oldest tested release.
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1050081e300000
> final oops: https://syzkaller.appspot.com/x/report.txt?x=1250081e300000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1450081e300000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+5e1d2e...@syzkaller.appspotmail.com

+syzkaller mailing list

Fun. Fuzzer managed to corrupt syz-executor to force it to print
.strings section (?).
This is a warning printed by glibc.
+Aleksandr, please add it to the ignore list (and add a test with this
crash, I see there other suspicious strings like "BUG" that can
trigger pkg/report as well).

// elf/get-dynamic-info.h
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0)
&& l->l_flags_1 & ~DT_1_SUPPORTED_MASK)
_dl_debug_printf ("\nWARNING: Unsupported flag value(s) of 0x%x in
DT_FLAGS_1.\n",
l->l_flags_1 & ~DT_1_SUPPORTED_MASK);

Aleksandr Nogikh

unread,
Sep 2, 2021, 9:22:27 AM9/2/21
to Dmitry Vyukov, syzbot, syzkaller, LKML, syzkall...@googlegroups.com
Updated the syzkaller's report parser.

Otherwise, quite a mysterious bug.. Syzbot came up with reproducers, but I was not able to reproduce it using them. 

#syz invalid
Reply all
Reply to author
Forward
0 new messages