lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 25 Jun 2024 17:19:27 +0800
From: Pengfei Xu <pengfei.xu@...el.com>
To: Marco Elver <elver@...gle.com>
CC: <andreyknvl@...il.com>, <akpm@...ux-foundation.org>,
	<linux-kernel@...r.kernel.org>
Subject: Re: [Syzkaller & bisect] There is BUG: MAX_LOCKDEP_KEYS too low! in
 v6.10-rc5 kernel

Hi Marco,

On 2024-06-25 at 10:21:57 +0200, Marco Elver wrote:
> On Tue, 25 Jun 2024 at 04:15, Pengfei Xu <pengfei.xu@...el.com> wrote:
> >
> > Hi Andrey,
> >
> > Greeting!
> >
> > There is BUG: MAX_LOCKDEP_KEYS too low! in v6.10-rc5 kernel.
> >
> > All detailed info: https://github.com/xupengfe/syzkaller_logs/tree/main/240624_120854__MAX_LOCKDEP_KEYS_too_low
> > Syzkaller reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/repro.c
> > Syzkaller syscall repro steps: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/repro.prog
> > Mount img: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/mount_0.gz
> > Syzkaller report: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/repro.report
> > Kconfig(make olddefconfig): https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/kconfig_origin
> > Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/bisect_info.log
> > v6.10-rc5 dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/f2661062f16b2de5d7b6a5c42a9a5c96326b8454_dmesg.log
> >
> > Bisected and found related commit:
> > cc478e0b6bdf kasan: avoid resetting aux_lock
> 
> This is known to trigger on heavily instrumented kernels.
> 
> On syzbot we just increase CONFIG_LOCKDEP_BITS and friends [1]. See [2].
> 
> [1] https://github.com/google/syzkaller/blob/master/dashboard/config/linux/bits/lockdep.yml
> [2] https://github.com/torvalds/linux/blob/55027e689933ba2e64f3d245fb1ff185b3e7fc81/lib/Kconfig.debug#L1505
> 
> I don't see it set in your config. You should probably enable it on
> heavily instrumented builds.

Thank you very much for your suggestion and link sharing for pointing me
towards the relevant configuration options.

I have updated the kernel configuration to set CONFIG_LOCKDEP_BITS=17 to
avoid such issues in the future. And I will take care some other kconfig
items like "CONFIG_LOCKDEP_CHAINS_BITS". I will try some other number for
CONFIG_LOCKDEP_BITS if it's necessary.
Thanks for your guidance and sorry for inconvenience.

Best Regards,
Thanks!

> 
> > "
> > [  157.974013] BUG: MAX_LOCKDEP_KEYS too low!
> > [  157.974233] turning off the locking correctness validator.
> > [  157.974459] CPU: 1 PID: 736 Comm: repro Tainted: G        W          6.10.0-rc5-f2661062f16b+ #1
> > [  157.974864] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
> > [  157.975392] Call Trace:
> > [  157.975502]  <TASK>
> > [  157.975600]  dump_stack_lvl+0xea/0x150
> > [  157.975786]  dump_stack+0x19/0x20
> > [  157.975937]  register_lock_class+0xaee/0x10d0
> > [  157.976136]  ? __pfx_register_lock_class+0x10/0x10
> > [  157.976351]  ? __pfx_mark_lock.part.0+0x10/0x10
> > [  157.976553]  __lock_acquire+0xfe/0x5ca0
> > [  157.976727]  ? __pfx_mark_lock.part.0+0x10/0x10
> > [  157.976929]  ? __pfx_register_lock_class+0x10/0x10
> > [  157.977140]  ? __kasan_check_read+0x15/0x20
> > [  157.977325]  ? __pfx___lock_acquire+0x10/0x10
> > [  157.977517]  ? __kasan_check_read+0x15/0x20
> > [  157.977696]  ? mark_lock.part.0+0xf3/0x17a0
> > [  157.977878]  ? __kasan_check_read+0x15/0x20
> > [  157.978059]  lock_acquire+0x1ce/0x580
> > [  157.978221]  ? touch_wq_lockdep_map+0x75/0x130
> > [  157.978416]  ? register_lock_class+0xbf/0x10d0
> > [  157.978610]  ? __pfx_lock_acquire+0x10/0x10
> > [  157.978794]  ? __pfx_register_lock_class+0x10/0x10
> > [  157.979000]  ? lockdep_init_map_type+0x2df/0x810
> > [  157.979201]  ? lockdep_init_map_type+0x2df/0x810
> > [  157.979403]  ? touch_wq_lockdep_map+0x75/0x130
> > [  157.979598]  touch_wq_lockdep_map+0x8a/0x130
> > [  157.979786]  ? touch_wq_lockdep_map+0x75/0x130
> > [  157.979988]  __flush_workqueue+0xfd/0x1040
> > [  157.980164]  ? __this_cpu_preempt_check+0x21/0x30
> > [  157.980370]  ? lock_release+0x418/0x840
> > [  157.980542]  ? __pfx___flush_workqueue+0x10/0x10
> > [  157.980745]  ? __mutex_unlock_slowpath+0x16f/0x630
> > [  157.980979]  ? xfs_log_force+0x1db/0xa30
> > [  157.981191]  ? sync_filesystem+0x1e5/0x2a0
> > [  157.981386]  xlog_cil_push_now.isra.0+0x6c/0x210
> > [  157.981588]  xlog_cil_force_seq+0x1d4/0x790
> > [  157.981775]  ? __pfx_xlog_cil_force_seq+0x10/0x10
> > [  157.981982]  ? xfs_fs_sync_fs+0x1ed/0x3a0
> > [  157.982157]  ? debug_smp_processor_id+0x20/0x30
> > [  157.982358]  ? rcu_is_watching+0x19/0xc0
> > [  157.982532]  ? __sanitizer_cov_trace_const_cmp1+0x1e/0x30
> > [  157.982767]  ? sync_filesystem+0x1e5/0x2a0
> > [  157.982944]  xfs_log_force+0x1db/0xa30
> > [  157.983109]  ? sync_filesystem+0x1e5/0x2a0
> > [  157.983287]  ? sync_filesystem+0x1e5/0x2a0
> > [  157.983464]  xfs_fs_sync_fs+0x1ed/0x3a0
> > [  157.983632]  ? __pfx_xfs_fs_sync_fs+0x10/0x10
> > [  157.983821]  sync_filesystem+0x1e5/0x2a0
> > [  157.983990]  generic_shutdown_super+0x8c/0x520
> > [  157.984183]  kill_block_super+0x45/0xa0
> > [  157.984349]  xfs_kill_sb+0x1e/0x60
> > [  157.984498]  deactivate_locked_super+0xcb/0x1c0
> > [  157.984694]  deactivate_super+0xc0/0xe0
> > [  157.984865]  cleanup_mnt+0x2fc/0x460
> > [  157.985023]  __cleanup_mnt+0x1f/0x30
> > [  157.985179]  task_work_run+0x19c/0x2b0
> > [  157.985343]  ? __pfx_task_work_run+0x10/0x10
> > [  157.985528]  ? __this_cpu_preempt_check+0x21/0x30
> > [  157.985734]  ? syscall_exit_to_user_mode+0x109/0x200
> > [  157.985951]  syscall_exit_to_user_mode+0x1ec/0x200
> > [  157.986160]  do_syscall_64+0x79/0x140
> > [  157.986322]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> > [  157.986536] RIP: 0033:0x7fab3634e87b
> > [  157.986692] Code: 0f 1e fa 48 89 fe 31 ff e9 72 08 00 00 66 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 71 b5 0a 00 f7 d8
> > [  157.987430] RSP: 002b:00007ffc181e2598 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
> > [  157.987742] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fab3634e87b
> > [  157.988031] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc181e2640
> > [  157.988321] RBP: 00007ffc181e3680 R08: 0000000000000000 R09: 00007ffc181e2430
> > [  157.988611] R10: 00007fab363b13e0 R11: 0000000000000202 R12: 00007ffc181e37f8
> > [  157.988761] XFS (loop7): Ending clean mount
> > [  157.988901] R13: 0000000000403138 R14: 000000000040fe08 R15: 00007fab36460000
> > [  157.989407]  </TASK>
> > "
> >
> > I hope it's helpful.
> >
> > Thanks!
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ