lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ZQAC/ofkIimvezUY@xpf.sh.intel.com>
Date:   Tue, 12 Sep 2023 14:19:42 +0800
From:   Pengfei Xu <pengfei.xu@...el.com>
To:     <tj@...nel.org>
CC:     <linux-kernel@...r.kernel.org>, <heng.su@...el.com>,
        <pengfei.xu@...el.com>, <lkp@...el.com>
Subject: [Syzkaller & bisect] There is BUG: MAX_LOCKDEP_KEYS too low in
 v6.6-rc1

Hi Tejun,

Greeting!

There is BUG: MAX_LOCKDEP_KEYS too low in v6.6-rc1 kernel in guest:
Seems syzbot didn't report this type of issue yet.
All details are in link:https://github.com/xupengfe/syzkaller_logs/tree/main/230911_142537_MAX_LOCKDEP_KEYS_too_low
Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/bisect_info.log
Syzkaller reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/repro.c
Syzkaller reproduced steps: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/repro.prog
Mounted file0: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/file0.gz
Issue dmesg: https://raw.githubusercontent.com/xupengfe/syzkaller_logs/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/0bb80ecc33a8fb5a682236443c1e740d5c917d1d_dmesg.log
v6.6-rc1 kernel bzimage: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/bzImage_0bb80ecc33a8fb5a682236443c1e740d5c917d1d.tar.gz
Kconfig: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/kconfig_origin

It could be reproduced in 1900s.

"
[  108.728694] EXT4-fs error (device loop7): __ext4_fill_super:5473: inode #2: comm repro: iget: special inode unallocated
[  108.729658] EXT4-fs error (device loop4): __ext4_fill_super:5473: inode #2: comm repro: iget: special inode unallocated
[  108.731297] EXT4-fs (loop4): get root inode failed
[  108.731303] EXT4-fs error (device loop3): __ext4_fill_super:5473: inode #2: comm repro: iget: special inode unallocated
[  108.731528] EXT4-fs (loop4): mount failed
[  108.732527] BUG: MAX_LOCKDEP_KEYS too low!
[  108.732720] turning off the locking correctness validator.
[  108.732966] CPU: 1 PID: 24162 Comm: repro Not tainted 6.6.0-rc1-0bb80ecc33a8+ #1
[  108.733302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[  108.733803] Call Trace:
[  108.733932]  <TASK>
[  108.734036]  dump_stack_lvl+0xaa/0x110
[  108.734231]  dump_stack+0x19/0x20
[  108.734390]  register_lock_class+0xae5/0x10d0
[  108.734508] EXT4-fs (loop3): get root inode failed
[  108.734602]  ? __pfx_register_lock_class+0x10/0x10
[  108.734824] EXT4-fs (loop3): mount failed
[  108.735038]  __lock_acquire+0xff/0x5c70
[  108.735386]  ? __pfx___lock_acquire+0x10/0x10
[  108.735588]  lock_acquire+0x1c9/0x530
[  108.735757]  ? __flush_workqueue+0xf9/0x1180
[  108.735956]  ? __pfx_lock_acquire+0x10/0x10
[  108.736148]  ? lockdep_init_map_type+0x2df/0x810
[  108.736359]  ? lockdep_init_map_type+0x2df/0x810
[  108.736452] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  108.736571]  ? __raw_spin_lock_init+0x44/0x120
[  108.737183]  __flush_workqueue+0x12c/0x1180
[  108.737375]  ? __flush_workqueue+0xf9/0x1180
[  108.737572]  ? drain_workqueue+0x30/0x3e0
[  108.737753]  ? __pfx_lock_release+0x10/0x10
[  108.737945]  ? __pfx___flush_workqueue+0x10/0x10
[  108.738154]  ? __pfx___mutex_lock+0x10/0x10
[  108.738356]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  108.738589]  drain_workqueue+0x19c/0x3e0
[  108.738769]  ? drain_workqueue+0x19c/0x3e0
[  108.738958]  destroy_workqueue+0xda/0xa30
[  108.739147]  ext4_fill_super+0x933c/0xc160
[  108.739342]  ? __pfx___lock_acquire+0x10/0x10
[  108.739551]  ? __pfx_ext4_fill_super+0x10/0x10
[  108.739763]  ? down_write+0x157/0x210
[  108.739936]  ? __pfx_down_write+0x10/0x10
[  108.739971] loop0: detected capacity change from 0 to 1024
[  108.740128]  get_tree_bdev+0x418/0x700
[  108.740545]  ? get_tree_bdev+0x418/0x700
[  108.740729]  ? __pfx_ext4_fill_super+0x10/0x10
[  108.740854] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  108.740934]  ? __pfx_get_tree_bdev+0x10/0x10
[  108.741542]  ? __sanitizer_cov_trace_const_cmp4+0x1a/0x20
[  108.741787]  ? cap_capable+0x1dc/0x250
[  108.741964]  ? __sanitizer_cov_trace_const_cmp4+0x1a/0x20
[  108.742204]  ? security_capable+0xa0/0xd0
[  108.742389]  ext4_get_tree+0x26/0x30
[  108.742554]  vfs_get_tree+0x9d/0x390
[  108.742724]  path_mount+0x6d9/0x1fc0
[  108.742897]  ? __pfx_path_mount+0x10/0x10
[  108.743084]  ? putname+0x122/0x160
[  108.743247]  __x64_sys_mount+0x2c2/0x350
[  108.743432]  ? __pfx___x64_sys_mount+0x10/0x10
[  108.743638]  ? syscall_trace_enter.constprop.0+0x160/0x1e0
[  108.743890]  do_syscall_64+0x3c/0x90
[  108.744057]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[  108.744285] RIP: 0033:0x7fa0bee3f7be
[  108.744455] Code: 48 8b 0d 65 a6 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 32 a6 1b 00 f7 d8 64 89 01 48
[  108.745242] RSP: 002b:00007ffeb4e4dbf8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  108.745575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa0bee3f7be
[  108.745883] RDX: 0000000020000580 RSI: 0000000020000000 RDI: 00007ffeb4e4dd30
[  108.746192] RBP: 00007ffeb4e4ddc0 R08: 00007ffeb4e4dc30 R09: 0000000000000000
[  108.746500] R10: 0000000000000042 R11: 0000000000000206 R12: 00007ffeb4e4df78
[  108.746808] R13: 0000000000404c8a R14: 0000000000407e08 R15: 00007fa0bf1e1000
[  108.747121]  </TASK>
"
I hope it's helpful.

---

If you don't need the following environment to reproduce the problem or if you
already have one, please ignore the following information.

How to reproduce:
git clone https://gitlab.com/xupengfe/repro_vm_env.git
cd repro_vm_env
tar -xvf repro_vm_env.tar.gz
cd repro_vm_env; ./start3.sh  // it needs qemu-system-x86_64 and I used v7.1.0
  // start3.sh will load bzImage_2241ab53cbb5cdb08a6b2d4688feb13971058f65 v6.2-rc5 kernel
  // You could change the bzImage_xxx as you want
  // Maybe you need to remove line "-drive if=pflash,format=raw,readonly=on,file=./OVMF_CODE.fd \" for different qemu version
You could use below command to log in, there is no password for root.
ssh -p 10023 root@...alhost

After login vm(virtual machine) successfully, you could transfer reproduced
binary to the vm by below way, and reproduce the problem in vm:
gcc -pthread -o repro repro.c
scp -P 10023 repro root@...alhost:/root/

Get the bzImage for target kernel:
Please use target kconfig and copy it to kernel_src/.config
make olddefconfig
make -jx bzImage           //x should equal or less than cpu num your pc has

Fill the bzImage file into above start3.sh to load the target kernel in vm.


Tips:
If you already have qemu-system-x86_64, please ignore below info.
If you want to install qemu v7.1.0 version:
git clone https://github.com/qemu/qemu.git
cd qemu
git checkout -f v7.1.0
mkdir build
cd build
yum install -y ninja-build.x86_64
yum -y install libslirp-devel.x86_64
../configure --target-list=x86_64-softmmu --enable-kvm --enable-vnc --enable-gtk --enable-sdl --enable-usb-redir --enable-slirp
make
make install

Best Regards,
Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ