Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp706421rwd; Tue, 16 May 2023 06:52:20 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5TU9aVCGFoHhONCJuS+/jWod8GaQhFNBr/G2GItXxbMLmM0Y+6OU9kO9tDxIw3kkyUhSxl X-Received: by 2002:a05:6a00:189a:b0:646:7234:cbfc with SMTP id x26-20020a056a00189a00b006467234cbfcmr41893914pfh.27.1684245140531; Tue, 16 May 2023 06:52:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684245140; cv=none; d=google.com; s=arc-20160816; b=U7pOH6/Alq2IzPwVPmvYaTlWEm4JaRJgv+0pwoWw4P/hoCrkrW/z/i9tGbDqCTh2pA CQVvHh/a82qsk0xbnMt/vWm6vC43aAMGth2FFpb0WCSt3+wgB3gTJup4pRpmDfdJ8Q2V 4mpXCBsbGMsBzRcH9y1xK++246n0psl5HJSUplhqn3c8q/gQnfij+j7l96f7SJJCIxTx yilGq/4Jn+O/hdq3mnKE0e8uFBGVNVF3hAtIbg+BW2Q3E0MNcx1mrYAzVIhVnLJ0Y9Ib K3o3WEA/59mitwGjv81NZe+R3+gX2YbQGE7BCd5qY2Ct4uZR0LMHM2bsI6OPhTS8U336 B6hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=cq3gR9ijG3N+9hy4v1yBfRkyv6FELokZWIivRa1LzYc=; b=hird39vMTDSXhZitRnb2lLFeS82tvbimM5Z+wNI2Ct/d4oWCwWJbB0zHZWGlt/MqtB XfcP+1XwJnMjzpdWr+R31vBNOxDnoQ4l6Ao50c9cWEM9m+q3XGuNp/uLh0zSVLl6ezWX alklKLEQKeJ6OunSjxy39TXpZ63I4JEWhjWwqikZqlav2uKAyOkSRrIIeqXkMhvI+fZh 5abgGgY5hlx1Q+NebzFtDjl5675rj8rqGCciCxUbK09CTUBDyOieniQrpd65gS7CdVHg Da+ftFka2A42DVrENAAP82JZrRIM1TgHsDZm8PrilZYYjCGksGKrRgSNiiWAxfpVvXa7 ehbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YrfgKMIa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x16-20020aa79ad0000000b006435b08fee8si19260835pfp.196.2023.05.16.06.52.05; Tue, 16 May 2023 06:52:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YrfgKMIa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233744AbjEPNpB (ORCPT + 99 others); Tue, 16 May 2023 09:45:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233749AbjEPNo7 (ORCPT ); Tue, 16 May 2023 09:44:59 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15EA0527D; Tue, 16 May 2023 06:44:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A207962D8A; Tue, 16 May 2023 13:44:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F690C433EF; Tue, 16 May 2023 13:44:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684244695; bh=Kc4UDWZqFktIdi1DCD/O416Zm6tX8Fx011gBD1KfKa4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YrfgKMIa0swCsAsINez8dyJNlienqHZK/6EYJUaA4nsToQQMDD9jA1cS95X3NZnlr VA2/HT3tP84uoZB2oHU5TTVnzV681cuc9MM7M0Kdc5ELMlJV0tiuyS4s4RMkZYHmGZ 1qfLlBDjb3NBd2gwKLvgoF21jyTwAYZOpM3tQtf+XmtUtS+/8KD8La+7tPaQqNt7A7 +DX36S5C2UmXEG+R9Zh1opi0gV2XK8eprI74qL4UbY4RairVTa0xAeBga4gpXVn79L O8Sqyr7GTdNoWTMY3futkvbcetWv44WLGr95vj/nbj62ba6PffUmrgNcsFgZKdGcOs 3t9JjmQy7WlfA== Date: Tue, 16 May 2023 14:44:49 +0100 From: Will Deacon To: Naresh Kamboju , broonie@kernel.org Cc: "open list:KERNEL SELFTEST FRAMEWORK" , linux-stable , open list , lkft-triage@lists.linaro.org, Catalin Marinas , Dan Carpenter , Arnd Bergmann , Shuah Khan , Anders Roxell Subject: Re: arm64: fp-stress: BUG: KFENCE: memory corruption in fpsimd_release_task Message-ID: <20230516134447.GB30894@willie-the-truck> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Naresh, On Tue, May 16, 2023 at 11:58:40AM +0530, Naresh Kamboju wrote: > Following kernel BUG noticed while running selftests arm64 fp-stress > running stable rc kernel versions 6.1.29-rc1 and 6.3.3-rc1. Is there a known-good build so that we could attempt a bisection? > Reported-by: Linux Kernel Functional Testing > > # selftests: arm64: fp-stress > # TAP version 13 > # 1..80 > # # 8 CPUs, 3 SVE VLs, 3 SME VLs, SME2 absent > # # Will run for 10s > ... > > # # ZA-VL-32-4: PID: 1091 > # # [ 263.834190] > ================================================================== > [ 263.834270] BUG: KFENCE: memory corruption in fpsimd_release_task+0x28/0x50 > [ 263.834270] > ZA-V[ 263.834419] Corrupted memory at 0x00000000d9c0a375 [ ! ! ! ! ! > ! . . . . . . . . . . ] (in kfence-#158): > L-64-[ 263.834929] fpsimd_release_task+0x28/0x50 > [ 263.835074] arch_release_task_struct+0x1c/0x30 > [ 263.835221] __put_task_struct+0x164/0x220 > [ 263.835336] delayed_put_task_struct+0x60/0x128 > 4: [ 263.835484] rcu_core+0x318/0x950 > [ 263.835632] rcu_core_si+0x1c/0x30 > [ 263.835770] __do_softirq+0x110/0x3d8 > Stre[ 263.835874] run_ksoftirqd+0x40/0xe0 > [ 263.835994] smpboot_thread_fn+0x1d0/0x260 > [ 263.836105] kthread+0xec/0x190 > [ 263.836221] ret_from_fork+0x10/0x20 > [ 263.836342] > ami[ 263.836393] kfence-#158: 0x00000000c8819329-0x000000009e00cc22, > size=546, cache=kmalloc-1k > [ 263.836393] > [ 263.836527] allocated by task 1112 on cpu 5 at 252.422888s: > [ 263.836697] do_sme_acc+0xa8/0x230 > ng m[ 263.836821] el0_sme_acc+0x40/0xa0 > [ 263.836966] el0t_64_sync_handler+0xa8/0xf0 > [ 263.837114] el0t_64_sync+0x190/0x198 Mark -- given that this is an SME allocation, please can you take a look? I think the implication of the kfence report is that we're writing beyond the end of 'task->thread.sme_state' at some point and corrupting the redzone. There are two reports here, so hopefully it's not too hard to repro. Will