arm64: fp-stress: BUG: KFENCE: memory corruption in fpsimd_release_task

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Following kernel BUG noticed while running selftests arm64 fp-stress
running stable rc kernel versions 6.1.29-rc1 and 6.3.3-rc1.

Reported-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx>

# selftests: arm64: fp-stress
# TAP version 13
# 1..80
# # 8 CPUs, 3 SVE VLs, 3 SME VLs, SME2 absent
# # Will run for 10s
...

# # ZA-VL-32-4: PID: 1091
# # [  263.834190]
==================================================================
[  263.834270] BUG: KFENCE: memory corruption in fpsimd_release_task+0x28/0x50
[  263.834270]
ZA-V[  263.834419] Corrupted memory at 0x00000000d9c0a375 [ ! ! ! ! !
! . . . . . . . . . . ] (in kfence-#158):
L-64-[  263.834929]  fpsimd_release_task+0x28/0x50
[  263.835074]  arch_release_task_struct+0x1c/0x30
[  263.835221]  __put_task_struct+0x164/0x220
[  263.835336]  delayed_put_task_struct+0x60/0x128
4: [  263.835484]  rcu_core+0x318/0x950
[  263.835632]  rcu_core_si+0x1c/0x30
[  263.835770]  __do_softirq+0x110/0x3d8
Stre[  263.835874]  run_ksoftirqd+0x40/0xe0
[  263.835994]  smpboot_thread_fn+0x1d0/0x260
[  263.836105]  kthread+0xec/0x190
[  263.836221]  ret_from_fork+0x10/0x20
[  263.836342]
ami[  263.836393] kfence-#158: 0x00000000c8819329-0x000000009e00cc22,
size=546, cache=kmalloc-1k
[  263.836393]
[  263.836527] allocated by task 1112 on cpu 5 at 252.422888s:
[  263.836697]  do_sme_acc+0xa8/0x230
ng m[  263.836821]  el0_sme_acc+0x40/0xa0
[  263.836966]  el0t_64_sync_handler+0xa8/0xf0
[  263.837114]  el0t_64_sync+0x190/0x198
[  263.837224]
ode[  263.837275] freed by task 15 on cpu 0 at 263.833793s:
[  263.837500]  fpsimd_release_task+0x28/0x50
[  263.837629]  arch_release_task_struct+0x1c/0x30
 ve[  263.837773]  __put_task_struct+0x164/0x220
[  263.837886]  delayed_put_task_struct+0x60/0x128
[  263.838032]  rcu_core+0x318/0x950
cto[  263.838176]  rcu_core_si+0x1c/0x30
[  263.838310]  __do_softirq+0x110/0x3d8
[  263.838417]  run_ksoftirqd+0x40/0xe0
[  263.838521]  smpboot_thread_fn+0x1d0/0x260
[  263.838626]  kthread+0xec/0x190
[  263.838742]  ret_from_fork+0x10/0x20
[  263.838861]
[  263.838913] CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.3.3-rc1 #1
[  263.839037] Hardware name: FVP Base RevC (DT)
[  263.839111] ==================================================================
r length: 512 bits
# # ZA-VL-64-4: PID: 1089
# # SSVE-VL-64-4: Streaming mode Vector length: 512 bits
# # SSVE-VL-64-4: PID: 1088
# # ZA-VL-16-4: Streaming mode vector length: 128 bits
# # ZA-VL-16-4: PID: 1093
# # FPSIMD-5-0: Vector length: 128 bits
# # FPSIMD-5-0: PID: 1094
# # SVE-VL-32-5: Vector length: 256 bits
# # SVE-VL-32-5: PID: 1096
# # SSVE-VL-64-5: Streaming mode Vector length: 512 bits
# # SVE-VL-64-5: Vector length: 512 bits
# # SVE-VL-64-5: PID: 1095
# # SSVE-VL-64-5: PID: 1098
# # ZA-VL-64-5:[  263.905145]
==================================================================
[  263.905299] BUG: KFENCE: memory corruption in fpsimd_release_task+0x28/0x50
[  263.905299]
 Str[  263.905444] Corrupted memory at 0x00000000e3d2342a [ ! ! ! ! !
! . . . . . . . . . . ] (in kfence-#146):
[  263.905957]  fpsimd_release_task+0x28/0x50
eam[  263.906088]  arch_release_task_struct+0x1c/0x30
[  263.906236]  __put_task_struct+0x164/0x220
[  263.906348]  delayed_put_task_struct+0x60/0x128
[  263.906499]  rcu_core+0x318/0x950
[  263.906647]  rcu_core_si+0x1c/0x30
in[  263.906786]  __do_softirq+0x110/0x3d8
[  263.906892]  ____do_softirq+0x1c/0x30
[  263.907015]  call_on_irq_stack+0x24/0x58
g mo[  263.907139]  do_softirq_own_stack+0x28/0x40
[  263.907305]  __irq_exit_rcu+0x94/0xf8
[  263.907454]  irq_exit_rcu+0x1c/0x40
de [  263.907599]  el0_interrupt+0x58/0x160
[  263.907765]  __el0_irq_handler_common+0x18/0x28
[  263.907879]  el0t_64_irq_handler+0x10/0x20
[  263.907989]  el0t_64_irq+0x190/0x198
[  263.908098]
vect[  263.908149] kfence-#146: 0x000000005a8569e6-0x00000000c704c501,
size=546, cache=kmalloc-1k
[  263.908149]
[  263.908282] allocated by task 1102 on cpu 0 at 251.030980s:
[  263.908452]  do_sme_acc+0xa8/0x230
or l[  263.908576]  el0_sme_acc+0x40/0xa0
[  263.908725]  el0t_64_sync_handler+0xa8/0xf0
[  263.908879]  el0t_64_sync+0x190/0x198
[  263.908986]
eng[  263.909036] freed by task 1 on cpu 3 at 263.904989s:
[  263.909311]  fpsimd_release_task+0x28/0x50
[  263.909439]  arch_release_task_struct+0x1c/0x30
th:[  263.909584]  __put_task_struct+0x164/0x220
[  263.909696]  delayed_put_task_struct+0x60/0x128
[  263.909842]  rcu_core+0x318/0x950
512 [  263.909986]  rcu_core_si+0x1c/0x30
[  263.910175]  __do_softirq+0x110/0x3d8
[  263.910279]  ____do_softirq+0x1c/0x30
[  263.910399]  call_on_irq_stack+0x24/0x58
[  263.910520]  do_softirq_own_stack+0x28/0x40
[  263.910645]  __irq_exit_rcu+0x94/0xf8
bits[  263.910792]  irq_exit_rcu+0x1c/0x40
[  263.910937]  el0_interrupt+0x58/0x160
[  263.911043]  __el0_irq_handler_common+0x18/0x28
[  263.911154]  el0t_64_irq_handler+0x10/0x20

[  263.911261]  el0t_64_irq+0x190/0x198
# # [  263.911387]
[  263.911448] CPU: 3 PID: 1 Comm: systemd Tainted: G    B
 6.3.3-rc1 #1
[  263.911575] Hardware name: FVP Base RevC (DT)
[  263.911653] ==================================================================
..

# ok 80 ZA-VL-16-7
# # Totals: pass:80 fail:0 xfail:0 xpass:0 skip:0 error:0
ok 32 selftests: arm64: fp-stress


Steps to reproduce:
============

# To install tuxrun on your system globally:
# sudo pip3 install -U tuxrun==0.42.0
#
# See https://tuxrun.org/ for complete documentation.

tuxrun   \
 --runtime podman   \
 --device fvp-aemva   \
 --boot-args rw   \
 --kernel https://storage.tuxsuite.com/public/linaro/lkft/builds/2Pq5NvLiBcWRMuy6lXftDVQMvca/Image.gz
  \
 --modules https://storage.tuxsuite.com/public/linaro/lkft/builds/2Pq5NvLiBcWRMuy6lXftDVQMvca/modules.tar.xz
  \
 --rootfs https://storage.tuxboot.com/debian/bookworm/arm64/rootfs.ext4.xz   \
 --parameters SKIPFILE=skipfile-lkft.yaml   \
 --parameters KSELFTEST=https://storage.tuxsuite.com/public/linaro/lkft/builds/2Pq5NvLiBcWRMuy6lXftDVQMvca/kselftest.tar.xz
  \
 --image tuxrun:fvp   \
 --tests kselftest-arm64   \
 --timeouts boot=60 kselftest-arm64=60


Test log links:
========

 - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.28-240-gb82733c0ff99/testrun/17007082/suite/log-parser-test/test/check-kernel-kfence/log
 - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.28-240-gb82733c0ff99/testrun/17007082/suite/log-parser-test/tests/
 - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.28-240-gb82733c0ff99/testrun/17007268/suite/kselftest-arm64/tests/

 - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.3.y/build/v6.3.2-247-g5a952cfef67c/testrun/17015127/suite/log-parser-test/test/check-kernel-bug/log
 - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.3.y/build/v6.3.2-247-g5a952cfef67c/testrun/17015127/suite/log-parser-test/tests/
 - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.3.y/build/v6.3.2-247-g5a952cfef67c/testrun/17015127/suite/kselftest-arm64/tests/

--
Linaro LKFT
https://lkft.linaro.org
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux