Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3166630rdg; Tue, 17 Oct 2023 06:42:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFYkRahyF5A+rpsOjg+1GzzXqBduzo9R8GVC+roL8N6PNWg3KVTV7A6yg1KJLOVmZFwHG94 X-Received: by 2002:a17:902:f9c7:b0:1c9:ca02:645c with SMTP id kz7-20020a170902f9c700b001c9ca02645cmr1935311plb.36.1697550159859; Tue, 17 Oct 2023 06:42:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697550159; cv=none; d=google.com; s=arc-20160816; b=u75Mk72jxP3wHKSO3xJ6UhBLrnAGhbiS5vES2pYqMvNLlndGpMI8VwG9JMMk4LPxSr OKU6pMSmyvH8TtOv3l7O3p7PeL09CL1dQcm0ezuxIa6Wk52RE5hS/IYzFyySpRuYifBa 3DCuETPX995Ft/2Iglks6A1KAFM6mnFbIY6/P+pK0KxX8GMli5qBFeBEzOB70qyo13V2 gB6noskANCdx8tTocEbeLqcprgyz2CArZUxE8KGg4bmh69kReAfNQzg5pQhEzDupIOsV /dL+oZAUmaKAZWsIPTNqb0Vuwn7Zlvotmvfn9Xexekpf6CAOLutOJy9iJ4b1h8jwQr1L lo1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=KU0JYwaIJPYGnHocN0LvRlKthvedP8p7CtZm4VbssxY=; fh=ObLUWzhNCEUXXXC9CIFdzB4q58+lar3GzxSWpSnfQZ0=; b=xlKTajyxy4jQUSzBbGGDvamUcPVdhKfMajjyz6IYifhFvlUcLieS5VtxCgqDs3HrnJ 1NjwQWE5JLHmeaSAJX/Br4uV4Qju6BiX8A16xmfqASzOnRArJccGqO0MO/qaM0wrNkyR OC/Cgk/LFTQJ6e7EJdz995k6OXkKNszC+4r/XNG/4SeDH4pJ0CWykQvlpv6/ASpraMxQ 3sK8BStZLivqyy5wRB6bOVCUuXSlK1MVNmnJPTd1Ajs75nSIgZ+m9ZQLWsm7ByqdKAbj ctctEhC3GdBXichA3hZ/pCNjvFMSWpHKtMulH9w6LvdrFgdM4uSWpGw/2AuXtPt3Kkb/ xP3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id g20-20020a170902c39400b001ca67f26f5esi1620807plg.283.2023.10.17.06.42.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:42:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id DFB6F8067B63; Tue, 17 Oct 2023 06:42:35 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343839AbjJQNmN (ORCPT + 99 others); Tue, 17 Oct 2023 09:42:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234635AbjJQNmM (ORCPT ); Tue, 17 Oct 2023 09:42:12 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 36D77ED; Tue, 17 Oct 2023 06:42:09 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4F6BB2F4; Tue, 17 Oct 2023 06:42:49 -0700 (PDT) Received: from FVFF77S0Q05N (unknown [10.57.68.232]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id EF2253F5A1; Tue, 17 Oct 2023 06:42:06 -0700 (PDT) Date: Tue, 17 Oct 2023 14:42:01 +0100 From: Mark Rutland To: Mark Brown Cc: Naresh Kamboju , Linux ARM , open list , lkft-triage@lists.linaro.org, linux-stable , Greg Kroah-Hartman , Catalin Marinas , Steven Rostedt , Masami Hiramatsu , Marc Zyngier Subject: Re: selftests: ftrace: Internal error: Oops: sve_save_state Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 17 Oct 2023 06:42:36 -0700 (PDT) On Tue, Oct 17, 2023 at 01:22:14PM +0100, Mark Brown wrote: > On Tue, Oct 17, 2023 at 01:34:18PM +0530, Naresh Kamboju wrote: > > > Following kernel crash noticed while running selftests: ftrace: > > ftracetest-ktap on FVP models running stable-rc 6.5.8-rc2. > > > This is not an easy to reproduce issue and not seen on mainline and next. > > We are investigating this report. > > To confirm have you seen this on other stables as well or is this only > v6.5? For how long have you been seeing this? > > > [ 764.987161] Unable to handle kernel NULL pointer dereference at > > virtual address 0000000000000000 > > > [ 765.074221] Call trace: > > [ 765.075045] sve_save_state+0x4/0xf0 > > [ 765.076138] fpsimd_thread_switch+0x2c/0xe8 > > [ 765.077305] __switch_to+0x20/0x158 > > [ 765.078384] __schedule+0x2cc/0xb38 > > [ 765.079464] preempt_schedule_irq+0x44/0xa8 > > [ 765.080633] el1_interrupt+0x4c/0x68 > > [ 765.081691] el1h_64_irq_handler+0x18/0x28 > > [ 765.082829] el1h_64_irq+0x64/0x68 > > [ 765.083874] ftrace_return_to_handler+0x98/0x158 > > [ 765.085090] return_to_handler+0x20/0x48 > > [ 765.086205] do_sve_acc+0x64/0x128 > > [ 765.087272] el0_sve_acc+0x3c/0xa0 > > [ 765.088356] el0t_64_sync_handler+0x114/0x130 > > [ 765.089524] el0t_64_sync+0x190/0x198 > > So something managed to get flagged as having SVE state without having > the backing storage allocated. We *were* preempted in the SVE access > handler which does the allocation but I can't see the path that would > trigger that since we allocate the state before setting TIF_SVE. It's > possible the compiler did something funky, a decode of the backtrace > might help show that? Having a vmlinux would be *really* helpful... I tried generating fpsimd.o using the same config and the kernel.org crosstool GCC 13.2.0, code dump below. Assuming the code generation is the same as for Naresh, do_sve_acc+0x64 is at 0x191c, and is just after the call to sve_alloc(). So IIUC what's happening here is that sve_alloc() has been called, its entry has been traced, its body has been run, and in the process of tracing its return an IRQ has preempted the task and caused a reschedule. So unless sve_alloc() failed, at the instant the IRQ was taken: * `task->thread.sve_state` should be non-NULL * `task->thread_info.flags & TIF_SVE` should be 0 ... so if `task->thread.sve_state` becomes NULL, I wonder if we end up accidentally blatting that as part of the context switch? I can't immedaitely see how/ Mark. 00000000000018b8 : 18b8: d503201f nop 18bc: d503201f nop 18c0: d503233f paciasp 18c4: a9be7bfd stp x29, x30, [sp, #-32]! 18c8: 910003fd mov x29, sp 18cc: 1400000a b 18f4 18d0: d503201f nop 18d4: f9408022 ldr x2, [x1, #256] 18d8: d2800003 mov x3, #0x0 // #0 18dc: 52800080 mov w0, #0x4 // #4 18e0: 52800021 mov w1, #0x1 // #1 18e4: 94000000 bl 0 18e8: a8c27bfd ldp x29, x30, [sp], #32 18ec: d50323bf autiasp 18f0: d65f03c0 ret 18f4: 90000000 adrp x0, 0 18f8: f9400000 ldr x0, [x0] 18fc: b6f7fec0 tbz x0, #62, 18d4 1900: f9000bf3 str x19, [sp, #16] 1904: d5384113 mrs x19, sp_el0 1908: f9400260 ldr x0, [x19] 190c: 37b005e0 tbnz w0, #22, 19c8 1910: aa1303e0 mov x0, x19 1914: 52800021 mov w1, #0x1 // #1 1918: 94000000 bl 1140 191c: f946be60 ldr x0, [x19, #3448] 1920: b4000480 cbz x0, 19b0 1924: 97fffb59 bl 688 1928: 14000016 b 1980 192c: d2a01000 mov x0, #0x800000 // #8388608 1930: f8e03260 ldsetal x0, x0, [x19] 1934: 36b80040 tbz w0, #23, 193c 1938: d4210000 brk #0x800 193c: d5384113 mrs x19, sp_el0 1940: f9400260 ldr x0, [x19] 1944: 371802c0 tbnz w0, #3, 199c 1948: b94d8a73 ldr w19, [x19, #3464] 194c: 53047e73 lsr w19, w19, #4 1950: 51000673 sub w19, w19, #0x1 1954: aa1303e0 mov x0, x19 1958: 94000000 bl 0 195c: aa1303e1 mov x1, x19 1960: 52800020 mov w0, #0x1 // #1 1964: 94000000 bl 0 1968: 97fffbb4 bl 838 196c: 97fffb61 bl 6f0 1970: f9400bf3 ldr x19, [sp, #16] 1974: a8c27bfd ldp x29, x30, [sp], #32 1978: d50323bf autiasp 197c: d65f03c0 ret 1980: f9800271 prfm pstl1strm, [x19] 1984: c85f7e60 ldxr x0, [x19] 1988: b2690001 orr x1, x0, #0x800000 198c: c802fe61 stlxr w2, x1, [x19] 1990: 35ffffa2 cbnz w2, 1984 1994: d5033bbf dmb ish 1998: 17ffffe7 b 1934 199c: aa1303e0 mov x0, x19 19a0: 97fffaf2 bl 568 19a4: 52800040 mov w0, #0x2 // #2 19a8: b90d7260 str w0, [x19, #3440] 19ac: 17fffff0 b 196c 19b0: 52800120 mov w0, #0x9 // #9 19b4: 94000000 bl 0 19b8: f9400bf3 ldr x19, [sp, #16] 19bc: a8c27bfd ldp x29, x30, [sp], #32 19c0: d50323bf autiasp 19c4: d65f03c0 ret 19c8: d4210000 brk #0x800 19cc: f9400bf3 ldr x19, [sp, #16] 19d0: 17ffffc1 b 18d4 19d4: d503201f nop 19d8: d503201f nop 19dc: d503201f nop