[Syzkaller & bisect] There is BUG: MAX_LOCKDEP_KEYS too low in v6.6-rc1

From: Pengfei Xu
Date: Tue Sep 12 2023 - 02:25:16 EST

Next message: Felix Yan: "Re: [PATCH] nvme-pci: ignore bogus CRTO according to NVME 2.0 spec"
Previous message: tip-bot2 for Josh Poimboeuf: "[tip: objtool/urgent] objtool: Fix _THIS_IP_ detection for cold functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tejun,

Greeting!

There is BUG: MAX_LOCKDEP_KEYS too low in v6.6-rc1 kernel in guest:
Seems syzbot didn't report this type of issue yet.
All details are in link:https://github.com/xupengfe/syzkaller_logs/tree/main/230911_142537_MAX_LOCKDEP_KEYS_too_low
Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/bisect_info.log
Syzkaller reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/repro.c
Syzkaller reproduced steps: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/repro.prog
Mounted file0: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/file0.gz
Issue dmesg: https://raw.githubusercontent.com/xupengfe/syzkaller_logs/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/0bb80ecc33a8fb5a682236443c1e740d5c917d1d_dmesg.log
v6.6-rc1 kernel bzimage: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/bzImage_0bb80ecc33a8fb5a682236443c1e740d5c917d1d.tar.gz
Kconfig: https://github.com/xupengfe/syzkaller_logs/blob/main/230911_142537_MAX_LOCKDEP_KEYS_too_low/kconfig_origin

It could be reproduced in 1900s.

"
[ 108.728694] EXT4-fs error (device loop7): __ext4_fill_super:5473: inode #2: comm repro: iget: special inode unallocated
[ 108.729658] EXT4-fs error (device loop4): __ext4_fill_super:5473: inode #2: comm repro: iget: special inode unallocated
[ 108.731297] EXT4-fs (loop4): get root inode failed
[ 108.731303] EXT4-fs error (device loop3): __ext4_fill_super:5473: inode #2: comm repro: iget: special inode unallocated
[ 108.731528] EXT4-fs (loop4): mount failed
[ 108.732527] BUG: MAX_LOCKDEP_KEYS too low!
[ 108.732720] turning off the locking correctness validator.
[ 108.732966] CPU: 1 PID: 24162 Comm: repro Not tainted 6.6.0-rc1-0bb80ecc33a8+ #1
[ 108.733302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 108.733803] Call Trace:
[ 108.733932] <TASK>
[ 108.734036] dump_stack_lvl+0xaa/0x110
[ 108.734231] dump_stack+0x19/0x20
[ 108.734390] register_lock_class+0xae5/0x10d0
[ 108.734508] EXT4-fs (loop3): get root inode failed
[ 108.734602] ? __pfx_register_lock_class+0x10/0x10
[ 108.734824] EXT4-fs (loop3): mount failed
[ 108.735038] __lock_acquire+0xff/0x5c70
[ 108.735386] ? __pfx___lock_acquire+0x10/0x10
[ 108.735588] lock_acquire+0x1c9/0x530
[ 108.735757] ? __flush_workqueue+0xf9/0x1180
[ 108.735956] ? __pfx_lock_acquire+0x10/0x10
[ 108.736148] ? lockdep_init_map_type+0x2df/0x810
[ 108.736359] ? lockdep_init_map_type+0x2df/0x810
[ 108.736452] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[ 108.736571] ? __raw_spin_lock_init+0x44/0x120
[ 108.737183] __flush_workqueue+0x12c/0x1180
[ 108.737375] ? __flush_workqueue+0xf9/0x1180
[ 108.737572] ? drain_workqueue+0x30/0x3e0
[ 108.737753] ? __pfx_lock_release+0x10/0x10
[ 108.737945] ? __pfx___flush_workqueue+0x10/0x10
[ 108.738154] ? __pfx___mutex_lock+0x10/0x10
[ 108.738356] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 108.738589] drain_workqueue+0x19c/0x3e0
[ 108.738769] ? drain_workqueue+0x19c/0x3e0
[ 108.738958] destroy_workqueue+0xda/0xa30
[ 108.739147] ext4_fill_super+0x933c/0xc160
[ 108.739342] ? __pfx___lock_acquire+0x10/0x10
[ 108.739551] ? __pfx_ext4_fill_super+0x10/0x10
[ 108.739763] ? down_write+0x157/0x210
[ 108.739936] ? __pfx_down_write+0x10/0x10
[ 108.739971] loop0: detected capacity change from 0 to 1024
[ 108.740128] get_tree_bdev+0x418/0x700
[ 108.740545] ? get_tree_bdev+0x418/0x700
[ 108.740729] ? __pfx_ext4_fill_super+0x10/0x10
[ 108.740854] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[ 108.740934] ? __pfx_get_tree_bdev+0x10/0x10
[ 108.741542] ? __sanitizer_cov_trace_const_cmp4+0x1a/0x20
[ 108.741787] ? cap_capable+0x1dc/0x250
[ 108.741964] ? __sanitizer_cov_trace_const_cmp4+0x1a/0x20
[ 108.742204] ? security_capable+0xa0/0xd0
[ 108.742389] ext4_get_tree+0x26/0x30
[ 108.742554] vfs_get_tree+0x9d/0x390
[ 108.742724] path_mount+0x6d9/0x1fc0
[ 108.742897] ? __pfx_path_mount+0x10/0x10
[ 108.743084] ? putname+0x122/0x160
[ 108.743247] __x64_sys_mount+0x2c2/0x350
[ 108.743432] ? __pfx___x64_sys_mount+0x10/0x10
[ 108.743638] ? syscall_trace_enter.constprop.0+0x160/0x1e0
[ 108.743890] do_syscall_64+0x3c/0x90
[ 108.744057] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 108.744285] RIP: 0033:0x7fa0bee3f7be
[ 108.744455] Code: 48 8b 0d 65 a6 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 32 a6 1b 00 f7 d8 64 89 01 48
[ 108.745242] RSP: 002b:00007ffeb4e4dbf8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 108.745575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa0bee3f7be
[ 108.745883] RDX: 0000000020000580 RSI: 0000000020000000 RDI: 00007ffeb4e4dd30
[ 108.746192] RBP: 00007ffeb4e4ddc0 R08: 00007ffeb4e4dc30 R09: 0000000000000000
[ 108.746500] R10: 0000000000000042 R11: 0000000000000206 R12: 00007ffeb4e4df78
[ 108.746808] R13: 0000000000404c8a R14: 0000000000407e08 R15: 00007fa0bf1e1000
[ 108.747121] </TASK>
"
I hope it's helpful.

---

If you don't need the following environment to reproduce the problem or if you
already have one, please ignore the following information.

How to reproduce:
git clone https://gitlab.com/xupengfe/repro_vm_env.git
cd repro_vm_env
tar -xvf repro_vm_env.tar.gz
cd repro_vm_env; ./start3.sh // it needs qemu-system-x86_64 and I used v7.1.0
// start3.sh will load bzImage_2241ab53cbb5cdb08a6b2d4688feb13971058f65 v6.2-rc5 kernel
// You could change the bzImage_xxx as you want
// Maybe you need to remove line "-drive if=pflash,format=raw,readonly=on,file=./OVMF_CODE.fd \" for different qemu version
You could use below command to log in, there is no password for root.
ssh -p 10023 root@localhost

After login vm(virtual machine) successfully, you could transfer reproduced
binary to the vm by below way, and reproduce the problem in vm:
gcc -pthread -o repro repro.c
scp -P 10023 repro root@localhost:/root/

Get the bzImage for target kernel:
Please use target kconfig and copy it to kernel_src/.config
make olddefconfig
make -jx bzImage //x should equal or less than cpu num your pc has

Fill the bzImage file into above start3.sh to load the target kernel in vm.

Tips:
If you already have qemu-system-x86_64, please ignore below info.
If you want to install qemu v7.1.0 version:
git clone https://github.com/qemu/qemu.git
cd qemu
git checkout -f v7.1.0
mkdir build
cd build
yum install -y ninja-build.x86_64
yum -y install libslirp-devel.x86_64
../configure --target-list=x86_64-softmmu --enable-kvm --enable-vnc --enable-gtk --enable-sdl --enable-usb-redir --enable-slirp
make
make install

Best Regards,
Thanks!

Next message: Felix Yan: "Re: [PATCH] nvme-pci: ignore bogus CRTO according to NVME 2.0 spec"
Previous message: tip-bot2 for Josh Poimboeuf: "[tip: objtool/urgent] objtool: Fix _THIS_IP_ detection for cold functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]