lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 25 Jun 2024 10:15:34 +0800
From: Pengfei Xu <pengfei.xu@...el.com>
To: <andreyknvl@...il.com>
CC: <elver@...gle.com>, <akpm@...ux-foundation.org>,
	<linux-kernel@...r.kernel.org>
Subject: [Syzkaller & bisect] There is BUG: MAX_LOCKDEP_KEYS too low! in
 v6.10-rc5 kernel

Hi Andrey,

Greeting!

There is BUG: MAX_LOCKDEP_KEYS too low! in v6.10-rc5 kernel.

All detailed info: https://github.com/xupengfe/syzkaller_logs/tree/main/240624_120854__MAX_LOCKDEP_KEYS_too_low
Syzkaller reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/repro.c
Syzkaller syscall repro steps: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/repro.prog
Mount img: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/mount_0.gz
Syzkaller report: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/repro.report
Kconfig(make olddefconfig): https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/kconfig_origin
Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/bisect_info.log
v6.10-rc5 dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/240624_120854__MAX_LOCKDEP_KEYS_too_low/f2661062f16b2de5d7b6a5c42a9a5c96326b8454_dmesg.log

Bisected and found related commit:
cc478e0b6bdf kasan: avoid resetting aux_lock

"
[  157.974013] BUG: MAX_LOCKDEP_KEYS too low!
[  157.974233] turning off the locking correctness validator.
[  157.974459] CPU: 1 PID: 736 Comm: repro Tainted: G        W          6.10.0-rc5-f2661062f16b+ #1
[  157.974864] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[  157.975392] Call Trace:
[  157.975502]  <TASK>
[  157.975600]  dump_stack_lvl+0xea/0x150
[  157.975786]  dump_stack+0x19/0x20
[  157.975937]  register_lock_class+0xaee/0x10d0
[  157.976136]  ? __pfx_register_lock_class+0x10/0x10
[  157.976351]  ? __pfx_mark_lock.part.0+0x10/0x10
[  157.976553]  __lock_acquire+0xfe/0x5ca0
[  157.976727]  ? __pfx_mark_lock.part.0+0x10/0x10
[  157.976929]  ? __pfx_register_lock_class+0x10/0x10
[  157.977140]  ? __kasan_check_read+0x15/0x20
[  157.977325]  ? __pfx___lock_acquire+0x10/0x10
[  157.977517]  ? __kasan_check_read+0x15/0x20
[  157.977696]  ? mark_lock.part.0+0xf3/0x17a0
[  157.977878]  ? __kasan_check_read+0x15/0x20
[  157.978059]  lock_acquire+0x1ce/0x580
[  157.978221]  ? touch_wq_lockdep_map+0x75/0x130
[  157.978416]  ? register_lock_class+0xbf/0x10d0
[  157.978610]  ? __pfx_lock_acquire+0x10/0x10
[  157.978794]  ? __pfx_register_lock_class+0x10/0x10
[  157.979000]  ? lockdep_init_map_type+0x2df/0x810
[  157.979201]  ? lockdep_init_map_type+0x2df/0x810
[  157.979403]  ? touch_wq_lockdep_map+0x75/0x130
[  157.979598]  touch_wq_lockdep_map+0x8a/0x130
[  157.979786]  ? touch_wq_lockdep_map+0x75/0x130
[  157.979988]  __flush_workqueue+0xfd/0x1040
[  157.980164]  ? __this_cpu_preempt_check+0x21/0x30
[  157.980370]  ? lock_release+0x418/0x840
[  157.980542]  ? __pfx___flush_workqueue+0x10/0x10
[  157.980745]  ? __mutex_unlock_slowpath+0x16f/0x630
[  157.980979]  ? xfs_log_force+0x1db/0xa30
[  157.981191]  ? sync_filesystem+0x1e5/0x2a0
[  157.981386]  xlog_cil_push_now.isra.0+0x6c/0x210
[  157.981588]  xlog_cil_force_seq+0x1d4/0x790
[  157.981775]  ? __pfx_xlog_cil_force_seq+0x10/0x10
[  157.981982]  ? xfs_fs_sync_fs+0x1ed/0x3a0
[  157.982157]  ? debug_smp_processor_id+0x20/0x30
[  157.982358]  ? rcu_is_watching+0x19/0xc0
[  157.982532]  ? __sanitizer_cov_trace_const_cmp1+0x1e/0x30
[  157.982767]  ? sync_filesystem+0x1e5/0x2a0
[  157.982944]  xfs_log_force+0x1db/0xa30
[  157.983109]  ? sync_filesystem+0x1e5/0x2a0
[  157.983287]  ? sync_filesystem+0x1e5/0x2a0
[  157.983464]  xfs_fs_sync_fs+0x1ed/0x3a0
[  157.983632]  ? __pfx_xfs_fs_sync_fs+0x10/0x10
[  157.983821]  sync_filesystem+0x1e5/0x2a0
[  157.983990]  generic_shutdown_super+0x8c/0x520
[  157.984183]  kill_block_super+0x45/0xa0
[  157.984349]  xfs_kill_sb+0x1e/0x60
[  157.984498]  deactivate_locked_super+0xcb/0x1c0
[  157.984694]  deactivate_super+0xc0/0xe0
[  157.984865]  cleanup_mnt+0x2fc/0x460
[  157.985023]  __cleanup_mnt+0x1f/0x30
[  157.985179]  task_work_run+0x19c/0x2b0
[  157.985343]  ? __pfx_task_work_run+0x10/0x10
[  157.985528]  ? __this_cpu_preempt_check+0x21/0x30
[  157.985734]  ? syscall_exit_to_user_mode+0x109/0x200
[  157.985951]  syscall_exit_to_user_mode+0x1ec/0x200
[  157.986160]  do_syscall_64+0x79/0x140
[  157.986322]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  157.986536] RIP: 0033:0x7fab3634e87b
[  157.986692] Code: 0f 1e fa 48 89 fe 31 ff e9 72 08 00 00 66 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 71 b5 0a 00 f7 d8
[  157.987430] RSP: 002b:00007ffc181e2598 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  157.987742] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fab3634e87b
[  157.988031] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc181e2640
[  157.988321] RBP: 00007ffc181e3680 R08: 0000000000000000 R09: 00007ffc181e2430
[  157.988611] R10: 00007fab363b13e0 R11: 0000000000000202 R12: 00007ffc181e37f8
[  157.988761] XFS (loop7): Ending clean mount
[  157.988901] R13: 0000000000403138 R14: 000000000040fe08 R15: 00007fab36460000
[  157.989407]  </TASK>
"

I hope it's helpful.

Thanks!

---

If you don't need the following environment to reproduce the problem or if you
already have one reproduced environment, please ignore the following information.

How to reproduce:
git clone https://gitlab.com/xupengfe/repro_vm_env.git
cd repro_vm_env
tar -xvf repro_vm_env.tar.gz
cd repro_vm_env; ./start3.sh  // it needs qemu-system-x86_64 and I used v7.1.0
  // start3.sh will load bzImage_2241ab53cbb5cdb08a6b2d4688feb13971058f65 v6.2-rc5 kernel
  // You could change the bzImage_xxx as you want
  // Maybe you need to remove line "-drive if=pflash,format=raw,readonly=on,file=./OVMF_CODE.fd \" for different qemu version
You could use below command to log in, there is no password for root.
ssh -p 10023 root@...alhost

After login vm(virtual machine) successfully, you could transfer reproduced
binary to the vm by below way, and reproduce the problem in vm:
gcc -pthread -o repro repro.c
scp -P 10023 repro root@...alhost:/root/

Get the bzImage for target kernel:
Please use target kconfig and copy it to kernel_src/.config
make olddefconfig
make -jx bzImage           //x should equal or less than cpu num your pc has

Fill the bzImage file into above start3.sh to load the target kernel in vm.


Tips:
If you already have qemu-system-x86_64, please ignore below info.
If you want to install qemu v7.1.0 version:
git clone https://github.com/qemu/qemu.git
cd qemu
git checkout -f v7.1.0
mkdir build
cd build
yum install -y ninja-build.x86_64
yum -y install libslirp-devel.x86_64
../configure --target-list=x86_64-softmmu --enable-kvm --enable-vnc --enable-gtk --enable-sdl --enable-usb-redir --enable-slirp
make
make install

Best Regards,
Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ