Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1612334pxb; Thu, 28 Jan 2021 23:56:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJzHKSncXexfQTqCQpH/XwlU6N38SpBbLh2t6buovp97ulzd9ot3/i1gn6emePx5BOpN8K0h X-Received: by 2002:a17:906:17d5:: with SMTP id u21mr3367942eje.109.1611906978647; Thu, 28 Jan 2021 23:56:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611906978; cv=none; d=google.com; s=arc-20160816; b=h93Dsn5v+SUvzh5poeqSBEMipNt0+81by7ayJjvWw4ZrvmRcROsdRkyFC+uwcLnNRi qew0kaH2fII7vGFGL9bQptSbCwiJ1ot4hznyP5ZgL01p6hAJb91+gOrSeU0rpIMNaCm3 gCTZosvsQPL/ss2/f2aGhfjUExz7W47sqKFEYoLPWnFZpRtjlxZGruVKgDMOh/7o+RJV r8itZQRtZBRrELcDm71GeE3fVYV+EqSvD2oJJGOO1T+4986GWXFqEHD2ZmOm2VRRPwc7 ClQoDcKap3Er1Rs+4deBDayVKJ8NwtIjiVjLTN6dEPschcbDhp17P3uoBbpC2CsrbGvC EO/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=0+NbH6eWzwNU7dNQYRnCHi9LF82Kphs0/F+ohJ7IfT0=; b=ZgbX24BeW/NBFeJTe95S+wbBnJBtPKRqiGGVHlM8qGC4vccdRrLiizE/czhCRXHkiP Lx1TG1pYu2lrOSXoKSZdmTmTvqEHEHhMMDI1C606sZP0AHHhGfXpAR6JdKpOFB5ORoFe I+jk6nVe7v4YBZu1a09wpdqBx4g0ShCaD636vGKXdFZOwza4/i3EGySWDNGMOqEQAHP1 2fEy44OM4FF1+6vqrE0QhUFfKuA7JATDbqOgaDCmT5VCbBCzVf5Ojquuay3/s28o8idN ej8NrOVFVagtUxZDx24IgPpoq8VMAewS6Wxd/e2PG5Yg4WCVz5qNP1sA0+dr8GO3z+nH HYwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r15si4273644ejs.502.2021.01.28.23.55.52; Thu, 28 Jan 2021 23:56:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232202AbhA2Huq (ORCPT + 99 others); Fri, 29 Jan 2021 02:50:46 -0500 Received: from relay10.mail.gandi.net ([217.70.178.230]:43313 "EHLO relay10.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232076AbhA2HqI (ORCPT ); Fri, 29 Jan 2021 02:46:08 -0500 Received: from [172.16.5.113] (82-65-183-113.subs.proxad.net [82.65.183.113]) (Authenticated sender: alex@ghiti.fr) by relay10.mail.gandi.net (Postfix) with ESMTPSA id 91B83240004; Fri, 29 Jan 2021 07:45:13 +0000 (UTC) Subject: Re: riscv+KASAN does not boot To: Dmitry Vyukov , Tobias Klauser Cc: Albert Ou , Bjorn Topel , Palmer Dabbelt , LKML , nylon7@andestech.com, syzkaller , Andreas Schwab , Paul Walmsley , linux-riscv References: <20210118145310.crnqnh6kax5jqicj@distanz.ch> From: Alex Ghiti Message-ID: <6e9ee3a1-0e16-b1fc-a690-f1ca8e9823a5@ghiti.fr> Date: Fri, 29 Jan 2021 02:45:12 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dmitry, On 1/18/21 10:43 AM, Dmitry Vyukov wrote: > On Mon, Jan 18, 2021 at 4:05 PM Dmitry Vyukov wrote: >> >> On Mon, Jan 18, 2021 at 3:53 PM Tobias Klauser wrote: >>>>> On Thu, Jan 14, 2021 at 5:57 AM Palmer Dabbelt wrote: >>>>>> >>>>>> On Fri, 25 Dec 2020 09:13:23 PST (-0800), dvyukov@google.com wrote: >>>>>>> On Fri, Dec 25, 2020 at 5:58 PM Andreas Schwab wrote: >>>>>>>> >>>>>>>> On Dez 25 2020, Dmitry Vyukov wrote: >>>>>>>> >>>>>>>>> qemu-system-riscv64 \ >>>>>>>>> -machine virt -bios default -smp 1 -m 2G \ >>>>>>>>> -device virtio-blk-device,drive=hd0 \ >>>>>>>>> -drive file=buildroot-riscv64.ext4,if=none,format=raw,id=hd0 \ >>>>>>>>> -kernel arch/riscv/boot/Image \ >>>>>>>>> -nographic \ >>>>>>>>> -device virtio-rng-device,rng=rng0 -object >>>>>>>>> rng-random,filename=/dev/urandom,id=rng0 \ >>>>>>>>> -netdev user,id=net0,host=10.0.2.10,hostfwd=tcp::10022-:22 -device >>>>>>>>> virtio-net-device,netdev=net0 \ >>>>>>>>> -append "root=/dev/vda earlyprintk=serial console=ttyS0 oops=panic >>>>>>>>> panic_on_warn=1 panic=86400" >>>>>>>> >>>>>>>> Do you get more output with earlycon=sbi? >>>>>>> >>>>>>> Hi Andreas, >>>>>>> >>>>>>> For defconfig+kvm_guest.config+ scripts/config -e KASAN -e >>>>>>> KASAN_INLINE it actually gave me more output: >>>>>>> >>>>>>> >>>>>>> OpenSBI v0.7 >>>>>>> ____ _____ ____ _____ >>>>>>> / __ \ / ____| _ \_ _| >>>>>>> | | | |_ __ ___ _ __ | (___ | |_) || | >>>>>>> | | | | '_ \ / _ \ '_ \ \___ \| _ < | | >>>>>>> | |__| | |_) | __/ | | |____) | |_) || |_ >>>>>>> \____/| .__/ \___|_| |_|_____/|____/_____| >>>>>>> | | >>>>>>> |_| >>>>>>> >>>>>>> Platform Name : QEMU Virt Machine >>>>>>> Platform HART Features : RV64ACDFIMSU >>>>>>> Current Hart : 0 >>>>>>> Firmware Base : 0x80000000 >>>>>>> Firmware Size : 132 KB >>>>>>> Runtime SBI Version : 0.2 >>>>>>> >>>>>>> MIDELEG : 0x0000000000000222 >>>>>>> MEDELEG : 0x000000000000b109 >>>>>>> PMP0 : 0x0000000080000000-0x000000008003ffff (A) >>>>>>> PMP1 : 0x0000000000000000-0xffffffffffffffff (A,R,W,X) >>>>>>> [ 0.000000] Linux version 5.10.0-01370-g71c5f03154ac >>>>>>> (dvyukov@dvyukov-desk.muc.corp.google.com) (riscv64-linux-gnu-gcc >>>>>>> (Debian 10.2.0-9) 10.2.0, GNU ld (GNU Binutils for Debian) 2.35.1) #17 >>>>>>> SMP Fri Dec 25 18:10:12 CET 2020 >>>>>>> [ 0.000000] OF: fdt: Ignoring memory range 0x80000000 - 0x80200000 >>>>>>> [ 0.000000] earlycon: sbi0 at I/O port 0x0 (options '') >>>>>>> [ 0.000000] printk: bootconsole [sbi0] enabled >>>>>>> [ 0.000000] efi: UEFI not found. >>>>>>> [ 0.000000] Zone ranges: >>>>>>> [ 0.000000] DMA32 [mem 0x0000000080200000-0x00000000ffffffff] >>>>>>> [ 0.000000] Normal empty >>>>>>> [ 0.000000] Movable zone start for each node >>>>>>> [ 0.000000] Early memory node ranges >>>>>>> [ 0.000000] node 0: [mem 0x0000000080200000-0x00000000ffffffff] >>>>>>> [ 0.000000] Initmem setup node 0 [mem 0x0000000080200000-0x00000000ffffffff] >>>>>>> [ 0.000000] SBI specification v0.2 detected >>>>>>> [ 0.000000] SBI implementation ID=0x1 Version=0x7 >>>>>>> [ 0.000000] SBI v0.2 TIME extension detected >>>>>>> [ 0.000000] SBI v0.2 IPI extension detected >>>>>>> [ 0.000000] SBI v0.2 RFENCE extension detected >>>>>>> [ 0.000000] software IO TLB: mapped [mem >>>>>>> 0x00000000fa3f9000-0x00000000fe3f9000] (64MB) >>>>>>> [ 0.000000] Unable to handle kernel paging request at virtual >>>>>>> address dfffffc810040000 >>>>>>> [ 0.000000] Oops [#1] >>>>>>> [ 0.000000] Modules linked in: >>>>>>> [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted >>>>>>> 5.10.0-01370-g71c5f03154ac #17 >>>>>>> [ 0.000000] epc: ffffffe00042e3e4 ra : ffffffe000c0462c sp : ffffffe001603ea0 >>>>>>> [ 0.000000] gp : ffffffe0016e3c60 tp : ffffffe00160cd40 t0 : >>>>>>> dfffffc810040000 >>>>>>> [ 0.000000] t1 : ffffffe000e0a838 t2 : 0000000000000000 s0 : >>>>>>> ffffffe001603f50 >>>>>>> [ 0.000000] s1 : ffffffe0016e50a8 a0 : dfffffc810040000 a1 : >>>>>>> 0000000000000000 >>>>>>> [ 0.000000] a2 : 000000000ffc0000 a3 : dfffffc820000000 a4 : >>>>>>> 0000000000000000 >>>>>>> [ 0.000000] a5 : 000000003e8c6001 a6 : ffffffe000e0a820 a7 : >>>>>>> 0000000000000900 >>>>>>> [ 0.000000] s2 : dfffffc820000000 s3 : dfffffc800000000 s4 : >>>>>>> 0000000000000001 >>>>>>> [ 0.000000] s5 : ffffffe0016e5108 s6 : fffffffffffff000 s7 : >>>>>>> dfffffc810040000 >>>>>>> [ 0.000000] s8 : 0000000000000080 s9 : ffffffffffffffff s10: >>>>>>> ffffffe07a119000 >>>>>>> [ 0.000000] s11: 000000000000ffc0 t3 : ffffffe0016eb908 t4 : >>>>>>> 0000000000000001 >>>>>>> [ 0.000000] t5 : ffffffc4001c150a t6 : ffffffe001603be8 >>>>>>> [ 0.000000] status: 0000000000000100 badaddr: dfffffc810040000 >>>>>>> cause: 000000000000000f >>>>>>> [ 0.000000] random: get_random_bytes called from >>>>>>> oops_exit+0x30/0x58 with crng_init=0 >>>>>>> [ 0.000000] ---[ end trace 0000000000000000 ]--- >>>>>>> [ 0.000000] Kernel panic - not syncing: Fatal exception >>>>>>> [ 0.000000] ---[ end Kernel panic - not syncing: Fatal exception ]--- >>>>>>> >>>>>>> >>>>>>> But I first tried with a the kernel image I had in the dir, I think it >>>>>>> was this config (no KASAN): >>>>>>> https://gist.githubusercontent.com/dvyukov/b2b62beccf80493781ab03b41430e616/raw/62e673cff08a8a41656d2871b8a37f74b00f509f/gistfile1.txt >>>>>>> >>>>>>> and earlycon=sbi did not change anything (no output after OpenSBI). >>>>>>> So potentially there are 2 different problems. >>>>>> >>>>>> Thanks for reporting this. Looks like I'd forgotten to add a kasan config to >>>>>> my tests. There's one in there now, and it's passing as of the fix that Nylon >>>>>> posted. >>>>> >>>>> I can boot the KASAN kernel now on riscv/fixes. >>>>> >>>>> Next problem: I've got only to: >>>>> >>>>> [ 90.498967][ T1] Run /sbin/init as init process >>>>> [ 91.164353][ T4022] init[4022]: unhandled signal 11 code 0x1 at >>>>> 0x0000000000000bb0 in busybox[10000+d7000] >>>>> [ 91.179640][ T4022] CPU: 1 PID: 4022 Comm: init Not tainted >>>>> 5.11.0-rc2-00012-g0983834a8393 #19 >>>>> [ 91.180853][ T4022] epc: 0000000000000bb0 ra : 0000003fccab09d0 sp >>>>> : 0000003fffa8c7b0 >>>>> [ 91.181861][ T4022] gp : 00000000000e8d70 tp : 0000003fccaaf820 t0 >>>>> : 000000000000001e >>>>> [ 91.182810][ T4022] t1 : 0000003fccab0bfc t2 : 000000000000000a s0 >>>>> : 0000003fffa8c850 >>>>> [ 91.183749][ T4022] s1 : 0000003fccab1070 a0 : 0000003fccab1070 a1 >>>>> : 0000003fffa8c8c8 >>>>> [ 91.184689][ T4022] a2 : 0000000000000001 a3 : 0000000000000020 a4 >>>>> : 0000000000000000 >>>>> [ 91.185620][ T4022] a5 : 0000000000000000 a6 : 0000003fcc9c4260 a7 >>>>> : fffffffffffffffe >>>>> [ 91.186566][ T4022] s2 : 0000000000000000 s3 : 0000003fffa8c8c8 s4 >>>>> : 0000003fccab1000 >>>>> [ 91.187500][ T4022] s5 : 0000003fccab1078 s6 : 0000003fffa8c8d0 s7 >>>>> : 0000000000000010 >>>>> [ 91.189672][ T4022] s8 : 0000000000000016 s9 : 0000000000000000 >>>>> s10: 0000003fffa8c8c8 >>>>> [ 91.190637][ T4022] s11: 0000000000000000 t3 : 0000000000000bb0 t4 >>>>> : 0000000000000000 >>>>> [ 91.191568][ T4022] t5 : 0000003fffa8c360 t6 : 0000000000000000 >>>>> [ 91.192389][ T4022] status: 8000000000004020 badaddr: >>>>> 0000000000000bb0 cause: 000000000000000c >>>>> [ 91.201573][ T1] Kernel panic - not syncing: Attempted to kill >>>>> init! exitcode=0x0000000b >>>>> [ 91.202906][ T1] CPU: 0 PID: 1 Comm: init Not tainted >>>>> 5.11.0-rc2-00012-g0983834a8393 #19 >>>>> [ 91.204139][ T1] Call Trace: >>>>> [ 91.204849][ T1] [] walk_stackframe+0x0/0x1d0 >>>>> [ 91.206124][ T1] [] show_stack+0x3a/0x46 >>>>> [ 91.207240][ T1] [] dump_stack+0x11c/0x180 >>>>> [ 91.208732][ T1] [] panic+0x20a/0x5cc >>>>> [ 91.209890][ T1] [] do_exit+0x1846/0x1874 >>>>> [ 91.211052][ T1] [] do_group_exit+0xa0/0x192 >>>>> [ 91.212224][ T1] [] get_signal+0x2d6/0x13dc >>>>> [ 91.213390][ T1] [] do_notify_resume+0xa8/0x912 >>>>> [ 91.214567][ T1] [] ret_from_exception+0x0/0x14 >>>>> >>>>> The image is buildroot on 2020.11.x built with this script: >>>>> https://gist.githubusercontent.com/dvyukov/1a9a01ca2189e35175a021820c95b04d/raw/5c01d755e83f4eab0d56aa7dc84af3b2d5e80423/gistfile1.txt >>>>> >>>>> Readelf for init shows the following (is it that [10000+d7000] address >>>>> is not .text at all?): >>>>> >>>>> $ riscv64-linux-gnu-readelf --sections image/bin/busybox >>>>> There are 27 section headers, starting at offset 0xd7f20: >>>>> >>>>> Section Headers: >>>>> [Nr] Name Type Address Offset >>>>> Size EntSize Flags Link Info Align >>>>> [ 0] NULL 0000000000000000 00000000 >>>>> 0000000000000000 0000000000000000 0 0 0 >>>>> [ 1] .interp PROGBITS 0000000000010238 00000238 >>>>> 0000000000000021 0000000000000000 A 0 0 1 >>>>> [ 2] .note.ABI-tag NOTE 000000000001025c 0000025c >>>>> 0000000000000020 0000000000000000 A 0 0 4 >>>>> [ 3] .hash HASH 0000000000010280 00000280 >>>>> 00000000000009cc 0000000000000004 A 5 0 8 >>>>> [ 4] .gnu.hash GNU_HASH 0000000000010c50 00000c50 >>>>> 0000000000000ac8 0000000000000000 A 5 0 8 >>>>> [ 5] .dynsym DYNSYM 0000000000011718 00001718 >>>>> 00000000000021f0 0000000000000018 A 6 1 8 >>>>> [ 6] .dynstr STRTAB 0000000000013908 00003908 >>>>> 0000000000000c66 0000000000000000 A 0 0 1 >>>>> [ 7] .gnu.version VERSYM 000000000001456e 0000456e >>>>> 00000000000002d4 0000000000000002 A 5 0 2 >>>>> [ 8] .gnu.version_r VERNEED 0000000000014848 00004848 >>>>> 0000000000000050 0000000000000000 A 6 2 8 >>>>> [ 9] .rela.dyn RELA 0000000000014898 00004898 >>>>> 00000000000000c0 0000000000000018 A 5 0 8 >>>>> [10] .rela.plt RELA 0000000000014958 00004958 >>>>> 00000000000020a0 0000000000000018 AI 5 22 8 >>>>> [11] .plt PROGBITS 0000000000016a00 00006a00 >>>>> 00000000000015e0 0000000000000010 AX 0 0 16 >>>>> [12] .text PROGBITS 0000000000017fe0 00007fe0 >>>>> 00000000000a3668 0000000000000000 AX 0 0 4 >>>>> [13] .rodata PROGBITS 00000000000bb648 000ab648 >>>>> 000000000002b076 0000000000000000 A 0 0 8 >>>>> [14] .sdata2 PROGBITS 00000000000e66c0 000d66c0 >>>>> 0000000000000163 0000000000000000 A 0 0 8 >>>>> [15] .eh_frame_hdr PROGBITS 00000000000e6824 000d6824 >>>>> 0000000000000014 0000000000000000 A 0 0 4 >>>>> [16] .eh_frame PROGBITS 00000000000e6838 000d6838 >>>>> 000000000000002c 0000000000000000 A 0 0 8 >>>>> [17] .preinit_array PREINIT_ARRAY 00000000000e7df8 000d6df8 >>>>> 0000000000000008 0000000000000008 WA 0 0 1 >>>>> [18] .init_array INIT_ARRAY 00000000000e7e00 000d6e00 >>>>> 0000000000000008 0000000000000008 WA 0 0 8 >>>>> [19] .fini_array FINI_ARRAY 00000000000e7e08 000d6e08 >>>>> 0000000000000008 0000000000000008 WA 0 0 8 >>>>> [20] .dynamic DYNAMIC 00000000000e7e10 000d6e10 >>>>> 00000000000001f0 0000000000000010 WA 6 0 8 >>>>> [21] .data PROGBITS 00000000000e8000 000d7000 >>>>> 0000000000000240 0000000000000000 WA 0 0 8 >>>>> [22] .got PROGBITS 00000000000e8240 000d7240 >>>>> 0000000000000af8 0000000000000008 WA 0 0 8 >>>>> [23] .sdata PROGBITS 00000000000e8d38 000d7d38 >>>>> 0000000000000101 0000000000000000 WA 0 0 8 >>>>> [24] .sbss NOBITS 00000000000e8e40 000d7e39 >>>>> 000000000000017f 0000000000000000 WA 0 0 8 >>>>> [25] .bss NOBITS 00000000000e8fc0 000d7e39 >>>>> 00000000000005b0 0000000000000000 WA 0 0 8 >>>>> [26] .shstrtab STRTAB 0000000000000000 000d7e39 >>>>> 00000000000000e6 0000000000000000 0 0 1 >>>>> >>>>> >>>>> Before I spent more time on this, am I doing anything obviously wrong? >>>>> Is it a known issue? Are there any fresh working recipes? >>>> >>>> Humm.. I tried to use 2020.05 which Tobias used here: >>>> https://github.com/google/syzkaller/blob/master/docs/linux/setup_linux-host_qemu-vm_riscv64-kernel.md#image >>>> But there is no make qemu_riscv64_virt_defconfig target... though I >>>> remember I tested these instructions at the time... >>> >>> Weird. `make qemu_riscv64_virt_defconfig` works here on buildroot >>> 202.05, 2020.11.1 and on latest master. >>> >>> Do you see these in your configs/ directory? >>> >>> $ ls -l configs/qemu_riscv* >>> -rw-rw-r-- 1 tklauser tklauser 673 Jan 18 15:51 configs/qemu_riscv32_virt_defconfig >>> -rw-rw-r-- 1 tklauser tklauser 682 Jan 18 15:51 configs/qemu_riscv64_virt_defconfig >> >> Oh, turned out I previously checked out 2011.05 somehow... >> Yes, 2020.05 has qemu_riscv64_virt_defconfig and I am building it now. >> 2020.11 has the config, but init crashes (see above). > > > 2020.05 is a bit better, but still failed in several ways. > First, a number of user-space services including sshd still crashed. > Second, kernel also crashed a bit later. > And 2020.11 seems to regress even more. > It's with the same kernel from the previous email (I did not rebuilt it). > > > 2020.05 buildroot: > [ 90.381218][ T1] devtmpfs: mounted > [ 90.534531][ T1] Freeing unused kernel memory: 2328K > [ 90.537085][ T1] Run /sbin/init as init process > [ 91.754610][ T4022] EXT4-fs (vda): re-mounted. Opts: (null). Quota > mode: none. > Starting syslogd: OK > Starting klogd: OK > Running sysctl: OK > Populating /dev using udev: [ 99.413418][ T4051] udevd[4051]: > starting version 3.2.9 > [ 100.480500][ T4052] udevd[4052]: starting eudev-3.2.9 > [ 101.904876][ T4052] udevd[4052]: unhandled signal 11 code 0x1 at > 0x0000000000000bb0 in udevd[10000+35000] > [ 101.911401][ T4052] CPU: 1 PID: 4052 Comm: udevd Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 101.913136][ T4052] epc: 0000000000000bb0 ra : 0000003ff5921872 sp > : 0000003fffb0c3a0 > [ 101.914593][ T4052] gp : 000000000004f908 tp : 0000003ff552b720 t0 > : 0000003ff5943160 > [ 101.915740][ T4052] t1 : 0000003ff5921bec t2 : 000000000004f450 s0 > : 0000003fffb0c440 > [ 101.916872][ T4052] s1 : 0000003ff5922000 a0 : 0000003ff5922000 a1 > : 0000003fffb0c460 > [ 101.949318][ T4052] a2 : 0000000000000001 a3 : 0000000000000002 a4 > : 0000000000000002 > [ 101.950529][ T4052] a5 : 000000000000000f a6 : 0000000000000007 a7 > : 0000000000000016 > [ 101.951653][ T4052] s2 : 0000000000000001 s3 : 0000003fffb0c460 s4 > : 0000003ff5922030 > [ 101.952771][ T4052] s5 : 0000003ff5922010 s6 : 0000000000000000 s7 > : 0000000000000000 > [ 101.953878][ T4052] s8 : 0000003ff5922004 s9 : 0000003ff5922010 > s10: 0000003ff5922008 > [ 101.955016][ T4052] s11: 0000003ff5922038 t3 : 0000000000000bb0 t4 > : 0000000000000002 > [ 101.956122][ T4052] t5 : 0000000000000002 t6 : 0000000000003d40 > [ 101.957072][ T4052] status: 8000000000004020 badaddr: > 0000000000000bb0 cause: 000000000000000c > [ 154.349233][ T4055] udevadm[4055]: unhandled signal 11 code 0x1 at > 0x0000000000000bb0 in udevadm[10000+38000] > [ 154.351201][ T4055] CPU: 0 PID: 4055 Comm: udevadm Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 154.352227][ T4055] epc: 0000000000000bb0 ra : 0000003ff2cd3872 sp > : 0000003fffe26a50 > [ 154.353136][ T4055] gp : 0000000000052808 tp : 0000003ff28dd720 t0 > : 0000003ff2cf5160 > [ 154.354047][ T4055] t1 : 0000003ff2cd3bec t2 : 0000000000052570 s0 > : 0000003fffe26af0 > [ 154.354957][ T4055] s1 : 0000003ff2cd4000 a0 : 0000003ff2cd4000 a1 > : 0000003fffe26b10 > [ 154.355860][ T4055] a2 : 000000000003d790 a3 : 0000000000000002 a4 > : 0000000000000002 > [ 154.356739][ T4055] a5 : 000000000000000f a6 : ffffffffffffffff a7 > : 0000000000000000 > [ 154.366998][ T4055] s2 : 0000000000000001 s3 : 0000003fffe26b10 s4 > : 0000003ff2cd4030 > [ 154.372223][ T4055] s5 : 0000003ff2cd4010 s6 : 0000000000000068 s7 > : 000000000003d000 > [ 154.373192][ T4055] s8 : 0000003ff2cd4004 s9 : 0000003ff2cd4010 > s10: 0000003ff2cd4008 > [ 154.374114][ T4055] s11: 0000003ff2cd4038 t3 : 0000000000000bb0 t4 > : 0000000000000002 > [ 154.375023][ T4055] t5 : 0000000000000002 t6 : 0000000000003d40 > [ 154.375793][ T4055] status: 0000000000004020 badaddr: > 0000000000000bb0 cause: 000000000000000c > Segmentation fault > udevadm settle failed > done > Saving random seed: OK > Starting network: [ 160.769276][ T4073] 8021q: adding VLAN 0 to HW > filter on device eth0 > udhcpc: started, v1.31.1 > [ 161.642968][ T4074] udhcpc[4074]: unhandled signal 11 code 0x1 at > 0x0000000000000bb0 in busybox[10000+d6000] > [ 161.645275][ T4074] CPU: 0 PID: 4074 Comm: udhcpc Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 161.646515][ T4074] epc: 0000000000000bb0 ra : 0000003fd4d43872 sp > : 0000003fffedf5c0 > [ 161.661669][ T4074] gp : 00000000000e7c90 tp : 0000003fd4d42820 t0 > : 0000003fd4d65160 > [ 161.662875][ T4074] t1 : 0000003fd4d43bec t2 : 00000000000e7960 s0 > : 0000003fffedf660 > [ 161.663979][ T4074] s1 : 0000003fd4d44000 a0 : 0000003fd4d44000 a1 > : 0000003fffedf690 > [ 161.665110][ T4074] a2 : 0000000000000019 a3 : 0000000000000002 a4 > : 0000000000000002 > [ 161.666351][ T4074] a5 : 000000000000000f a6 : fefefefefefefeff a7 > : 0000000000000040 > [ 161.668642][ T4074] s2 : 0000000000000001 s3 : 0000003fffedf690 s4 > : 0000003fd4d44030 > [ 161.669785][ T4074] s5 : 0000003fd4d44010 s6 : 00000000149d82c3 s7 > : 00000000000000fe > [ 161.670921][ T4074] s8 : 0000003fd4d44004 s9 : 0000003fd4d44010 > s10: 0000003fd4d44008 > [ 161.672150][ T4074] s11: 0000003fd4d44038 t3 : 0000000000000bb0 t4 > : 0000000000000002 > [ 161.673355][ T4074] t5 : 0000000000000002 t6 : 0000000000003d40 > [ 161.674303][ T4074] status: 8000000000004020 badaddr: > 0000000000000bb0 cause: 000000000000000c > FAIL > Starting dhcpcd... > [ 162.771471][ T4077] dhcpcd[4077]: unhandled signal 11 code 0x1 at > 0x0000000000000bb0 in dhcpcd[10000+39000] > [ 162.773414][ T4077] CPU: 0 PID: 4077 Comm: dhcpcd Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 162.774462][ T4077] epc: 0000000000000bb0 ra : 0000003fe6d12872 sp > : 0000003fff8527e0 > [ 162.775366][ T4077] gp : 000000000004adb8 tp : 0000003fe6d11250 t0 > : 0000003fe6d34160 > [ 162.776274][ T4077] t1 : 0000003fe6d12bec t2 : 0000000000049a00 s0 > : 0000003fff852880 > [ 162.777167][ T4077] s1 : 0000003fe6d13000 a0 : 0000003fe6d13000 a1 > : 0000003fff8528a0 > [ 162.779363][ T4077] a2 : 0000000000000004 a3 : 0000000000000002 a4 > : 0000000000000002 > [ 162.780279][ T4077] a5 : 000000000000000f a6 : 7efefefefefefeff a7 > : fffffffffffff000 > [ 162.781194][ T4077] s2 : 0000000000000001 s3 : 0000003fff8528a0 s4 > : 0000003fe6d13030 > [ 162.782106][ T4077] s5 : 0000003fe6d13010 s6 : 0000000000000000 s7 > : 0000000000000000 > [ 162.783015][ T4077] s8 : 0000003fe6d13004 s9 : 0000003fe6d13010 > s10: 0000003fe6d13008 > [ 162.783940][ T4077] s11: 0000003fe6d13038 t3 : 0000000000000bb0 t4 > : 0000000000000002 > [ 162.784853][ T4077] t5 : 0000000000000002 t6 : 0000000000003d40 > [ 162.785618][ T4077] status: 8000000000006020 badaddr: > 0000000000000bb0 cause: 000000000000000c > Segmentation fault > [ 164.074891][ T4079] ssh-keygen[4079]: unhandled signal 11 code 0x1 > at 0x0000000000000bb0 in ssh-keygen[2ac3c68000+63000] > [ 164.076916][ T4079] CPU: 1 PID: 4079 Comm: ssh-keygen Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 164.096635][ T4079] epc: 0000000000000bb0 ra : 0000003ff6899872 sp > : 0000003fffed1330 > [ 164.099233][ T4079] gp : 0000002ac3ccd448 tp : 0000003ff6435cd0 t0 > : 0000003ff6897000 > [ 164.100457][ T4079] t1 : 0000003ff6899bec t2 : 0000003ff6891940 s0 > : 0000003fffed13d0 > [ 164.101578][ T4079] s1 : 0000003ff689a000 a0 : 0000003ff689a000 a1 > : 0000003fffed13f8 > [ 164.102914][ T4079] a2 : 0000000000000000 a3 : 0000000000000001 a4 > : 0000000000000001 > [ 164.104058][ T4079] a5 : 000000000000000f a6 : 0000000000000000 a7 > : 00000000000000ac > [ 164.105150][ T4079] s2 : 0000000000000000 s3 : 0000003fffed13f8 s4 > : 0000003ff689a020 > [ 164.106241][ T4079] s5 : 0000003ff689a000 s6 : 0000003fd1861830 s7 > : ffffffffffffffff > [ 164.113694][ T4079] s8 : 0000003ff689a004 s9 : 0000003ff689a010 > s10: 0000003ff689a008 > [ 164.114869][ T4079] s11: 0000003ff689a028 t3 : 0000000000000bb0 t4 > : 0000000000000002 > [ 164.115972][ T4079] t5 : 0000000000000002 t6 : 0000000000003d40 > [ 164.128360][ T4079] status: 8000000000004020 badaddr: > 0000000000000bb0 cause: 000000000000000c > Segmentation fault > Starting sshd: [ 164.872315][ T4080] sshd[4080]: unhandled signal 11 > code 0x1 at 0x0000000000000bb0 in sshd[2ac7ea7000+a4000] > [ 164.874297][ T4080] CPU: 1 PID: 4080 Comm: sshd Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 164.875331][ T4080] epc: 0000000000000bb0 ra : 0000003ff2222872 sp > : 0000003fffbea300 > [ 164.876230][ T4080] gp : 0000002ac7f4f9d0 tp : 0000003ff1dbecd0 t0 > : 0000003ff2220000 > [ 164.877146][ T4080] t1 : 0000003ff2222bec t2 : 0000003ff221a940 s0 > : 0000003fffbea3a0 > [ 164.892174][ T4080] s1 : 0000003ff2223000 a0 : 0000003ff2223000 a1 > : 0000003fffbea3c8 > [ 164.893137][ T4080] a2 : 0000000000000000 a3 : 0000000000000001 a4 > : 0000000000000001 > [ 164.894065][ T4080] a5 : 000000000000000f a6 : 0000000000000000 a7 > : 00000000000000ac > [ 164.895013][ T4080] s2 : 0000000000000000 s3 : 0000003fffbea3c8 s4 > : 0000003ff2223020 > [ 164.895947][ T4080] s5 : 0000003ff2223000 s6 : 0000003fd1861830 s7 > : ffffffffffffffff > [ 164.896881][ T4080] s8 : 0000003ff2223004 s9 : 0000003ff2223010 > s10: 0000003ff2223008 > [ 164.905684][ T4080] s11: 0000003ff2223028 t3 : 0000000000000bb0 t4 > : 0000000000000002 > [ 164.906679][ T4080] t5 : 0000000000000002 t6 : 0000000000003d40 > [ 164.908565][ T4080] status: 8000000000004020 badaddr: > 0000000000000bb0 cause: 000000000000000c > Segmentation fault > OK > syzkaller > syzkaller login: [ 167.973016][ T4082] ------------[ cut here ]------------ > [ 167.975887][ T4082] virt_to_phys used for non-linear address: > 0000000059ffc026 (0xffffffd0158d105e) > [ 167.979939][ T4082] WARNING: CPU: 0 PID: 4082 at > arch/riscv/mm/physaddr.c:16 __virt_to_phys+0x74/0x78 > [ 167.988658][ T4082] Modules linked in: > [ 167.989781][ T4082] CPU: 0 PID: 4082 Comm: getty Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 167.991063][ T4082] epc: ffffffe000011164 ra : ffffffe000011164 sp > : ffffffe01354fb10 > [ 167.992243][ T4082] gp : ffffffe006234420 tp : ffffffe009c8ad80 t0 > : ffffffe006cafb67 > [ 167.993384][ T4082] t1 : 0000000000000001 t2 : 0000000000000000 s0 > : ffffffe01354fb40 > [ 167.994531][ T4082] s1 : fffffff0158d105e a0 : 000000000000004f a1 > : 00000000000f0000 > [ 167.995690][ T4082] a2 : 0000000000000002 a3 : ffffffe0000d1a30 a4 > : 763e2d90a60ec500 > [ 167.996803][ T4082] a5 : 763e2d90a60ec500 a6 : 0000000000f00000 a7 > : ffffffe00009481c > [ 167.999690][ T4082] s2 : ffffffd0158d105e s3 : 0000001fffffffff s4 > : 0000000000000001 > [ 168.000898][ T4082] s5 : ffffffd0158d105f s6 : ffffffd0158d3260 s7 > : 0000003fff81eac8 > [ 168.002093][ T4082] s8 : ffffffd0158d105e s9 : 0000000000000001 > s10: 0000000000000000 > [ 168.003226][ T4082] s11: 0000000000000000 t3 : 763e2d90a60ec500 t4 > : ffffffc4026a9efd > [ 168.004361][ T4082] t5 : ffffffc4026a9eff t6 : ffffffe01354f7f8 > [ 168.005328][ T4082] status: 0000000000000120 badaddr: > 0000000000000000 cause: 0000000000000003 > [ 168.006756][ T4082] Kernel panic - not syncing: panic_on_warn set ... > [ 168.008056][ T4082] CPU: 0 PID: 4082 Comm: getty Not tainted > 5.11.0-rc2-00012-g0983834a8393 #19 > [ 168.009301][ T4082] Call Trace: > [ 168.009969][ T4082] [] walk_stackframe+0x0/0x1d0 > [ 168.011166][ T4082] [] show_stack+0x3a/0x46 > [ 168.012215][ T4082] [] dump_stack+0x11c/0x180 > [ 168.013262][ T4082] [] panic+0x20a/0x5cc > [ 168.014264][ T4082] [] __warn+0x110/0x20a > [ 168.015285][ T4082] [] report_bug+0x156/0x200 > [ 168.016324][ T4082] [] do_trap_break+0xa6/0x152 > [ 168.017431][ T4082] [] ret_from_exception+0x0/0x14 > [ 168.018560][ T4082] [] n_tty_read+0x908/0x115a > [ 168.020124][ T4082] SMP: stopping secondary CPUs > [ 168.022087][ T4082] Rebooting in 86400 seconds.. > I was fixing KASAN support for my sv48 patchset so I took a look at your issue: I built a kernel on top of the branch riscv/fixes using https://github.com/google/syzkaller/blob/269d24e857a757d09a898086a2fa6fa5d827c3e1/dashboard/config/linux/upstream-riscv64-kasan.config and Buildroot 2020.11. I have the warnings regarding the use of __virt_to_phys on wrong addresses (but that's normal since this function is used in virt_addr_valid) but not the segfaults you describe. Hope that helps, Alex > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv >