riscv+KASAN does not boot
Dmitry Vyukov
dvyukov at google.com
Fri Jan 29 03:11:33 EST 2021
On Fri, Jan 29, 2021 at 8:45 AM Alex Ghiti <alex at ghiti.fr> wrote:
>
> Hi Dmitry,
>
> On 1/18/21 10:43 AM, Dmitry Vyukov wrote:
> > On Mon, Jan 18, 2021 at 4:05 PM Dmitry Vyukov <dvyukov at google.com> wrote:
> >>
> >> On Mon, Jan 18, 2021 at 3:53 PM Tobias Klauser <tklauser at distanz.ch> wrote:
> >>>>> On Thu, Jan 14, 2021 at 5:57 AM Palmer Dabbelt <palmerdabbelt at google.com> wrote:
> >>>>>>
> >>>>>> On Fri, 25 Dec 2020 09:13:23 PST (-0800), dvyukov at google.com wrote:
> >>>>>>> On Fri, Dec 25, 2020 at 5:58 PM Andreas Schwab <schwab at linux-m68k.org> wrote:
> >>>>>>>>
> >>>>>>>> On Dez 25 2020, Dmitry Vyukov wrote:
> >>>>>>>>
> >>>>>>>>> qemu-system-riscv64 \
> >>>>>>>>> -machine virt -bios default -smp 1 -m 2G \
> >>>>>>>>> -device virtio-blk-device,drive=hd0 \
> >>>>>>>>> -drive file=buildroot-riscv64.ext4,if=none,format=raw,id=hd0 \
> >>>>>>>>> -kernel arch/riscv/boot/Image \
> >>>>>>>>> -nographic \
> >>>>>>>>> -device virtio-rng-device,rng=rng0 -object
> >>>>>>>>> rng-random,filename=/dev/urandom,id=rng0 \
> >>>>>>>>> -netdev user,id=net0,host=10.0.2.10,hostfwd=tcp::10022-:22 -device
> >>>>>>>>> virtio-net-device,netdev=net0 \
> >>>>>>>>> -append "root=/dev/vda earlyprintk=serial console=ttyS0 oops=panic
> >>>>>>>>> panic_on_warn=1 panic=86400"
> >>>>>>>>
> >>>>>>>> Do you get more output with earlycon=sbi?
> >>>>>>>
> >>>>>>> Hi Andreas,
> >>>>>>>
> >>>>>>> For defconfig+kvm_guest.config+ scripts/config -e KASAN -e
> >>>>>>> KASAN_INLINE it actually gave me more output:
> >>>>>>>
> >>>>>>>
> >>>>>>> OpenSBI v0.7
> >>>>>>> ____ _____ ____ _____
> >>>>>>> / __ \ / ____| _ \_ _|
> >>>>>>> | | | |_ __ ___ _ __ | (___ | |_) || |
> >>>>>>> | | | | '_ \ / _ \ '_ \ \___ \| _ < | |
> >>>>>>> | |__| | |_) | __/ | | |____) | |_) || |_
> >>>>>>> \____/| .__/ \___|_| |_|_____/|____/_____|
> >>>>>>> | |
> >>>>>>> |_|
> >>>>>>>
> >>>>>>> Platform Name : QEMU Virt Machine
> >>>>>>> Platform HART Features : RV64ACDFIMSU
> >>>>>>> Current Hart : 0
> >>>>>>> Firmware Base : 0x80000000
> >>>>>>> Firmware Size : 132 KB
> >>>>>>> Runtime SBI Version : 0.2
> >>>>>>>
> >>>>>>> MIDELEG : 0x0000000000000222
> >>>>>>> MEDELEG : 0x000000000000b109
> >>>>>>> PMP0 : 0x0000000080000000-0x000000008003ffff (A)
> >>>>>>> PMP1 : 0x0000000000000000-0xffffffffffffffff (A,R,W,X)
> >>>>>>> [ 0.000000] Linux version 5.10.0-01370-g71c5f03154ac
> >>>>>>> (dvyukov at dvyukov-desk.muc.corp.google.com) (riscv64-linux-gnu-gcc
> >>>>>>> (Debian 10.2.0-9) 10.2.0, GNU ld (GNU Binutils for Debian) 2.35.1) #17
> >>>>>>> SMP Fri Dec 25 18:10:12 CET 2020
> >>>>>>> [ 0.000000] OF: fdt: Ignoring memory range 0x80000000 - 0x80200000
> >>>>>>> [ 0.000000] earlycon: sbi0 at I/O port 0x0 (options '')
> >>>>>>> [ 0.000000] printk: bootconsole [sbi0] enabled
> >>>>>>> [ 0.000000] efi: UEFI not found.
> >>>>>>> [ 0.000000] Zone ranges:
> >>>>>>> [ 0.000000] DMA32 [mem 0x0000000080200000-0x00000000ffffffff]
> >>>>>>> [ 0.000000] Normal empty
> >>>>>>> [ 0.000000] Movable zone start for each node
> >>>>>>> [ 0.000000] Early memory node ranges
> >>>>>>> [ 0.000000] node 0: [mem 0x0000000080200000-0x00000000ffffffff]
> >>>>>>> [ 0.000000] Initmem setup node 0 [mem 0x0000000080200000-0x00000000ffffffff]
> >>>>>>> [ 0.000000] SBI specification v0.2 detected
> >>>>>>> [ 0.000000] SBI implementation ID=0x1 Version=0x7
> >>>>>>> [ 0.000000] SBI v0.2 TIME extension detected
> >>>>>>> [ 0.000000] SBI v0.2 IPI extension detected
> >>>>>>> [ 0.000000] SBI v0.2 RFENCE extension detected
> >>>>>>> [ 0.000000] software IO TLB: mapped [mem
> >>>>>>> 0x00000000fa3f9000-0x00000000fe3f9000] (64MB)
> >>>>>>> [ 0.000000] Unable to handle kernel paging request at virtual
> >>>>>>> address dfffffc810040000
> >>>>>>> [ 0.000000] Oops [#1]
> >>>>>>> [ 0.000000] Modules linked in:
> >>>>>>> [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted
> >>>>>>> 5.10.0-01370-g71c5f03154ac #17
> >>>>>>> [ 0.000000] epc: ffffffe00042e3e4 ra : ffffffe000c0462c sp : ffffffe001603ea0
> >>>>>>> [ 0.000000] gp : ffffffe0016e3c60 tp : ffffffe00160cd40 t0 :
> >>>>>>> dfffffc810040000
> >>>>>>> [ 0.000000] t1 : ffffffe000e0a838 t2 : 0000000000000000 s0 :
> >>>>>>> ffffffe001603f50
> >>>>>>> [ 0.000000] s1 : ffffffe0016e50a8 a0 : dfffffc810040000 a1 :
> >>>>>>> 0000000000000000
> >>>>>>> [ 0.000000] a2 : 000000000ffc0000 a3 : dfffffc820000000 a4 :
> >>>>>>> 0000000000000000
> >>>>>>> [ 0.000000] a5 : 000000003e8c6001 a6 : ffffffe000e0a820 a7 :
> >>>>>>> 0000000000000900
> >>>>>>> [ 0.000000] s2 : dfffffc820000000 s3 : dfffffc800000000 s4 :
> >>>>>>> 0000000000000001
> >>>>>>> [ 0.000000] s5 : ffffffe0016e5108 s6 : fffffffffffff000 s7 :
> >>>>>>> dfffffc810040000
> >>>>>>> [ 0.000000] s8 : 0000000000000080 s9 : ffffffffffffffff s10:
> >>>>>>> ffffffe07a119000
> >>>>>>> [ 0.000000] s11: 000000000000ffc0 t3 : ffffffe0016eb908 t4 :
> >>>>>>> 0000000000000001
> >>>>>>> [ 0.000000] t5 : ffffffc4001c150a t6 : ffffffe001603be8
> >>>>>>> [ 0.000000] status: 0000000000000100 badaddr: dfffffc810040000
> >>>>>>> cause: 000000000000000f
> >>>>>>> [ 0.000000] random: get_random_bytes called from
> >>>>>>> oops_exit+0x30/0x58 with crng_init=0
> >>>>>>> [ 0.000000] ---[ end trace 0000000000000000 ]---
> >>>>>>> [ 0.000000] Kernel panic - not syncing: Fatal exception
> >>>>>>> [ 0.000000] ---[ end Kernel panic - not syncing: Fatal exception ]---
> >>>>>>>
> >>>>>>>
> >>>>>>> But I first tried with a the kernel image I had in the dir, I think it
> >>>>>>> was this config (no KASAN):
> >>>>>>> https://gist.githubusercontent.com/dvyukov/b2b62beccf80493781ab03b41430e616/raw/62e673cff08a8a41656d2871b8a37f74b00f509f/gistfile1.txt
> >>>>>>>
> >>>>>>> and earlycon=sbi did not change anything (no output after OpenSBI).
> >>>>>>> So potentially there are 2 different problems.
> >>>>>>
> >>>>>> Thanks for reporting this. Looks like I'd forgotten to add a kasan config to
> >>>>>> my tests. There's one in there now, and it's passing as of the fix that Nylon
> >>>>>> posted.
> >>>>>
> >>>>> I can boot the KASAN kernel now on riscv/fixes.
> >>>>>
> >>>>> Next problem: I've got only to:
> >>>>>
> >>>>> [ 90.498967][ T1] Run /sbin/init as init process
> >>>>> [ 91.164353][ T4022] init[4022]: unhandled signal 11 code 0x1 at
> >>>>> 0x0000000000000bb0 in busybox[10000+d7000]
> >>>>> [ 91.179640][ T4022] CPU: 1 PID: 4022 Comm: init Not tainted
> >>>>> 5.11.0-rc2-00012-g0983834a8393 #19
> >>>>> [ 91.180853][ T4022] epc: 0000000000000bb0 ra : 0000003fccab09d0 sp
> >>>>> : 0000003fffa8c7b0
> >>>>> [ 91.181861][ T4022] gp : 00000000000e8d70 tp : 0000003fccaaf820 t0
> >>>>> : 000000000000001e
> >>>>> [ 91.182810][ T4022] t1 : 0000003fccab0bfc t2 : 000000000000000a s0
> >>>>> : 0000003fffa8c850
> >>>>> [ 91.183749][ T4022] s1 : 0000003fccab1070 a0 : 0000003fccab1070 a1
> >>>>> : 0000003fffa8c8c8
> >>>>> [ 91.184689][ T4022] a2 : 0000000000000001 a3 : 0000000000000020 a4
> >>>>> : 0000000000000000
> >>>>> [ 91.185620][ T4022] a5 : 0000000000000000 a6 : 0000003fcc9c4260 a7
> >>>>> : fffffffffffffffe
> >>>>> [ 91.186566][ T4022] s2 : 0000000000000000 s3 : 0000003fffa8c8c8 s4
> >>>>> : 0000003fccab1000
> >>>>> [ 91.187500][ T4022] s5 : 0000003fccab1078 s6 : 0000003fffa8c8d0 s7
> >>>>> : 0000000000000010
> >>>>> [ 91.189672][ T4022] s8 : 0000000000000016 s9 : 0000000000000000
> >>>>> s10: 0000003fffa8c8c8
> >>>>> [ 91.190637][ T4022] s11: 0000000000000000 t3 : 0000000000000bb0 t4
> >>>>> : 0000000000000000
> >>>>> [ 91.191568][ T4022] t5 : 0000003fffa8c360 t6 : 0000000000000000
> >>>>> [ 91.192389][ T4022] status: 8000000000004020 badaddr:
> >>>>> 0000000000000bb0 cause: 000000000000000c
> >>>>> [ 91.201573][ T1] Kernel panic - not syncing: Attempted to kill
> >>>>> init! exitcode=0x0000000b
> >>>>> [ 91.202906][ T1] CPU: 0 PID: 1 Comm: init Not tainted
> >>>>> 5.11.0-rc2-00012-g0983834a8393 #19
> >>>>> [ 91.204139][ T1] Call Trace:
> >>>>> [ 91.204849][ T1] [<ffffffe0000095c0>] walk_stackframe+0x0/0x1d0
> >>>>> [ 91.206124][ T1] [<ffffffe00458b2d8>] show_stack+0x3a/0x46
> >>>>> [ 91.207240][ T1] [<ffffffe0045a5b72>] dump_stack+0x11c/0x180
> >>>>> [ 91.208732][ T1] [<ffffffe00458b6a0>] panic+0x20a/0x5cc
> >>>>> [ 91.209890][ T1] [<ffffffe00002eea4>] do_exit+0x1846/0x1874
> >>>>> [ 91.211052][ T1] [<ffffffe00002efdc>] do_group_exit+0xa0/0x192
> >>>>> [ 91.212224][ T1] [<ffffffe000047d30>] get_signal+0x2d6/0x13dc
> >>>>> [ 91.213390][ T1] [<ffffffe000007eb0>] do_notify_resume+0xa8/0x912
> >>>>> [ 91.214567][ T1] [<ffffffe00000559c>] ret_from_exception+0x0/0x14
> >>>>>
> >>>>> The image is buildroot on 2020.11.x built with this script:
> >>>>> https://gist.githubusercontent.com/dvyukov/1a9a01ca2189e35175a021820c95b04d/raw/5c01d755e83f4eab0d56aa7dc84af3b2d5e80423/gistfile1.txt
> >>>>>
> >>>>> Readelf for init shows the following (is it that [10000+d7000] address
> >>>>> is not .text at all?):
> >>>>>
> >>>>> $ riscv64-linux-gnu-readelf --sections image/bin/busybox
> >>>>> There are 27 section headers, starting at offset 0xd7f20:
> >>>>>
> >>>>> Section Headers:
> >>>>> [Nr] Name Type Address Offset
> >>>>> Size EntSize Flags Link Info Align
> >>>>> [ 0] NULL 0000000000000000 00000000
> >>>>> 0000000000000000 0000000000000000 0 0 0
> >>>>> [ 1] .interp PROGBITS 0000000000010238 00000238
> >>>>> 0000000000000021 0000000000000000 A 0 0 1
> >>>>> [ 2] .note.ABI-tag NOTE 000000000001025c 0000025c
> >>>>> 0000000000000020 0000000000000000 A 0 0 4
> >>>>> [ 3] .hash HASH 0000000000010280 00000280
> >>>>> 00000000000009cc 0000000000000004 A 5 0 8
> >>>>> [ 4] .gnu.hash GNU_HASH 0000000000010c50 00000c50
> >>>>> 0000000000000ac8 0000000000000000 A 5 0 8
> >>>>> [ 5] .dynsym DYNSYM 0000000000011718 00001718
> >>>>> 00000000000021f0 0000000000000018 A 6 1 8
> >>>>> [ 6] .dynstr STRTAB 0000000000013908 00003908
> >>>>> 0000000000000c66 0000000000000000 A 0 0 1
> >>>>> [ 7] .gnu.version VERSYM 000000000001456e 0000456e
> >>>>> 00000000000002d4 0000000000000002 A 5 0 2
> >>>>> [ 8] .gnu.version_r VERNEED 0000000000014848 00004848
> >>>>> 0000000000000050 0000000000000000 A 6 2 8
> >>>>> [ 9] .rela.dyn RELA 0000000000014898 00004898
> >>>>> 00000000000000c0 0000000000000018 A 5 0 8
> >>>>> [10] .rela.plt RELA 0000000000014958 00004958
> >>>>> 00000000000020a0 0000000000000018 AI 5 22 8
> >>>>> [11] .plt PROGBITS 0000000000016a00 00006a00
> >>>>> 00000000000015e0 0000000000000010 AX 0 0 16
> >>>>> [12] .text PROGBITS 0000000000017fe0 00007fe0
> >>>>> 00000000000a3668 0000000000000000 AX 0 0 4
> >>>>> [13] .rodata PROGBITS 00000000000bb648 000ab648
> >>>>> 000000000002b076 0000000000000000 A 0 0 8
> >>>>> [14] .sdata2 PROGBITS 00000000000e66c0 000d66c0
> >>>>> 0000000000000163 0000000000000000 A 0 0 8
> >>>>> [15] .eh_frame_hdr PROGBITS 00000000000e6824 000d6824
> >>>>> 0000000000000014 0000000000000000 A 0 0 4
> >>>>> [16] .eh_frame PROGBITS 00000000000e6838 000d6838
> >>>>> 000000000000002c 0000000000000000 A 0 0 8
> >>>>> [17] .preinit_array PREINIT_ARRAY 00000000000e7df8 000d6df8
> >>>>> 0000000000000008 0000000000000008 WA 0 0 1
> >>>>> [18] .init_array INIT_ARRAY 00000000000e7e00 000d6e00
> >>>>> 0000000000000008 0000000000000008 WA 0 0 8
> >>>>> [19] .fini_array FINI_ARRAY 00000000000e7e08 000d6e08
> >>>>> 0000000000000008 0000000000000008 WA 0 0 8
> >>>>> [20] .dynamic DYNAMIC 00000000000e7e10 000d6e10
> >>>>> 00000000000001f0 0000000000000010 WA 6 0 8
> >>>>> [21] .data PROGBITS 00000000000e8000 000d7000
> >>>>> 0000000000000240 0000000000000000 WA 0 0 8
> >>>>> [22] .got PROGBITS 00000000000e8240 000d7240
> >>>>> 0000000000000af8 0000000000000008 WA 0 0 8
> >>>>> [23] .sdata PROGBITS 00000000000e8d38 000d7d38
> >>>>> 0000000000000101 0000000000000000 WA 0 0 8
> >>>>> [24] .sbss NOBITS 00000000000e8e40 000d7e39
> >>>>> 000000000000017f 0000000000000000 WA 0 0 8
> >>>>> [25] .bss NOBITS 00000000000e8fc0 000d7e39
> >>>>> 00000000000005b0 0000000000000000 WA 0 0 8
> >>>>> [26] .shstrtab STRTAB 0000000000000000 000d7e39
> >>>>> 00000000000000e6 0000000000000000 0 0 1
> >>>>>
> >>>>>
> >>>>> Before I spent more time on this, am I doing anything obviously wrong?
> >>>>> Is it a known issue? Are there any fresh working recipes?
> >>>>
> >>>> Humm.. I tried to use 2020.05 which Tobias used here:
> >>>> https://github.com/google/syzkaller/blob/master/docs/linux/setup_linux-host_qemu-vm_riscv64-kernel.md#image
> >>>> But there is no make qemu_riscv64_virt_defconfig target... though I
> >>>> remember I tested these instructions at the time...
> >>>
> >>> Weird. `make qemu_riscv64_virt_defconfig` works here on buildroot
> >>> 202.05, 2020.11.1 and on latest master.
> >>>
> >>> Do you see these in your configs/ directory?
> >>>
> >>> $ ls -l configs/qemu_riscv*
> >>> -rw-rw-r-- 1 tklauser tklauser 673 Jan 18 15:51 configs/qemu_riscv32_virt_defconfig
> >>> -rw-rw-r-- 1 tklauser tklauser 682 Jan 18 15:51 configs/qemu_riscv64_virt_defconfig
> >>
> >> Oh, turned out I previously checked out 2011.05 somehow...
> >> Yes, 2020.05 has qemu_riscv64_virt_defconfig and I am building it now.
> >> 2020.11 has the config, but init crashes (see above).
> >
> >
> > 2020.05 is a bit better, but still failed in several ways.
> > First, a number of user-space services including sshd still crashed.
> > Second, kernel also crashed a bit later.
> > And 2020.11 seems to regress even more.
> > It's with the same kernel from the previous email (I did not rebuilt it).
> >
> >
> > 2020.05 buildroot:
> > [ 90.381218][ T1] devtmpfs: mounted
> > [ 90.534531][ T1] Freeing unused kernel memory: 2328K
> > [ 90.537085][ T1] Run /sbin/init as init process
> > [ 91.754610][ T4022] EXT4-fs (vda): re-mounted. Opts: (null). Quota
> > mode: none.
> > Starting syslogd: OK
> > Starting klogd: OK
> > Running sysctl: OK
> > Populating /dev using udev: [ 99.413418][ T4051] udevd[4051]:
> > starting version 3.2.9
> > [ 100.480500][ T4052] udevd[4052]: starting eudev-3.2.9
> > [ 101.904876][ T4052] udevd[4052]: unhandled signal 11 code 0x1 at
> > 0x0000000000000bb0 in udevd[10000+35000]
> > [ 101.911401][ T4052] CPU: 1 PID: 4052 Comm: udevd Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 101.913136][ T4052] epc: 0000000000000bb0 ra : 0000003ff5921872 sp
> > : 0000003fffb0c3a0
> > [ 101.914593][ T4052] gp : 000000000004f908 tp : 0000003ff552b720 t0
> > : 0000003ff5943160
> > [ 101.915740][ T4052] t1 : 0000003ff5921bec t2 : 000000000004f450 s0
> > : 0000003fffb0c440
> > [ 101.916872][ T4052] s1 : 0000003ff5922000 a0 : 0000003ff5922000 a1
> > : 0000003fffb0c460
> > [ 101.949318][ T4052] a2 : 0000000000000001 a3 : 0000000000000002 a4
> > : 0000000000000002
> > [ 101.950529][ T4052] a5 : 000000000000000f a6 : 0000000000000007 a7
> > : 0000000000000016
> > [ 101.951653][ T4052] s2 : 0000000000000001 s3 : 0000003fffb0c460 s4
> > : 0000003ff5922030
> > [ 101.952771][ T4052] s5 : 0000003ff5922010 s6 : 0000000000000000 s7
> > : 0000000000000000
> > [ 101.953878][ T4052] s8 : 0000003ff5922004 s9 : 0000003ff5922010
> > s10: 0000003ff5922008
> > [ 101.955016][ T4052] s11: 0000003ff5922038 t3 : 0000000000000bb0 t4
> > : 0000000000000002
> > [ 101.956122][ T4052] t5 : 0000000000000002 t6 : 0000000000003d40
> > [ 101.957072][ T4052] status: 8000000000004020 badaddr:
> > 0000000000000bb0 cause: 000000000000000c
> > [ 154.349233][ T4055] udevadm[4055]: unhandled signal 11 code 0x1 at
> > 0x0000000000000bb0 in udevadm[10000+38000]
> > [ 154.351201][ T4055] CPU: 0 PID: 4055 Comm: udevadm Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 154.352227][ T4055] epc: 0000000000000bb0 ra : 0000003ff2cd3872 sp
> > : 0000003fffe26a50
> > [ 154.353136][ T4055] gp : 0000000000052808 tp : 0000003ff28dd720 t0
> > : 0000003ff2cf5160
> > [ 154.354047][ T4055] t1 : 0000003ff2cd3bec t2 : 0000000000052570 s0
> > : 0000003fffe26af0
> > [ 154.354957][ T4055] s1 : 0000003ff2cd4000 a0 : 0000003ff2cd4000 a1
> > : 0000003fffe26b10
> > [ 154.355860][ T4055] a2 : 000000000003d790 a3 : 0000000000000002 a4
> > : 0000000000000002
> > [ 154.356739][ T4055] a5 : 000000000000000f a6 : ffffffffffffffff a7
> > : 0000000000000000
> > [ 154.366998][ T4055] s2 : 0000000000000001 s3 : 0000003fffe26b10 s4
> > : 0000003ff2cd4030
> > [ 154.372223][ T4055] s5 : 0000003ff2cd4010 s6 : 0000000000000068 s7
> > : 000000000003d000
> > [ 154.373192][ T4055] s8 : 0000003ff2cd4004 s9 : 0000003ff2cd4010
> > s10: 0000003ff2cd4008
> > [ 154.374114][ T4055] s11: 0000003ff2cd4038 t3 : 0000000000000bb0 t4
> > : 0000000000000002
> > [ 154.375023][ T4055] t5 : 0000000000000002 t6 : 0000000000003d40
> > [ 154.375793][ T4055] status: 0000000000004020 badaddr:
> > 0000000000000bb0 cause: 000000000000000c
> > Segmentation fault
> > udevadm settle failed
> > done
> > Saving random seed: OK
> > Starting network: [ 160.769276][ T4073] 8021q: adding VLAN 0 to HW
> > filter on device eth0
> > udhcpc: started, v1.31.1
> > [ 161.642968][ T4074] udhcpc[4074]: unhandled signal 11 code 0x1 at
> > 0x0000000000000bb0 in busybox[10000+d6000]
> > [ 161.645275][ T4074] CPU: 0 PID: 4074 Comm: udhcpc Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 161.646515][ T4074] epc: 0000000000000bb0 ra : 0000003fd4d43872 sp
> > : 0000003fffedf5c0
> > [ 161.661669][ T4074] gp : 00000000000e7c90 tp : 0000003fd4d42820 t0
> > : 0000003fd4d65160
> > [ 161.662875][ T4074] t1 : 0000003fd4d43bec t2 : 00000000000e7960 s0
> > : 0000003fffedf660
> > [ 161.663979][ T4074] s1 : 0000003fd4d44000 a0 : 0000003fd4d44000 a1
> > : 0000003fffedf690
> > [ 161.665110][ T4074] a2 : 0000000000000019 a3 : 0000000000000002 a4
> > : 0000000000000002
> > [ 161.666351][ T4074] a5 : 000000000000000f a6 : fefefefefefefeff a7
> > : 0000000000000040
> > [ 161.668642][ T4074] s2 : 0000000000000001 s3 : 0000003fffedf690 s4
> > : 0000003fd4d44030
> > [ 161.669785][ T4074] s5 : 0000003fd4d44010 s6 : 00000000149d82c3 s7
> > : 00000000000000fe
> > [ 161.670921][ T4074] s8 : 0000003fd4d44004 s9 : 0000003fd4d44010
> > s10: 0000003fd4d44008
> > [ 161.672150][ T4074] s11: 0000003fd4d44038 t3 : 0000000000000bb0 t4
> > : 0000000000000002
> > [ 161.673355][ T4074] t5 : 0000000000000002 t6 : 0000000000003d40
> > [ 161.674303][ T4074] status: 8000000000004020 badaddr:
> > 0000000000000bb0 cause: 000000000000000c
> > FAIL
> > Starting dhcpcd...
> > [ 162.771471][ T4077] dhcpcd[4077]: unhandled signal 11 code 0x1 at
> > 0x0000000000000bb0 in dhcpcd[10000+39000]
> > [ 162.773414][ T4077] CPU: 0 PID: 4077 Comm: dhcpcd Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 162.774462][ T4077] epc: 0000000000000bb0 ra : 0000003fe6d12872 sp
> > : 0000003fff8527e0
> > [ 162.775366][ T4077] gp : 000000000004adb8 tp : 0000003fe6d11250 t0
> > : 0000003fe6d34160
> > [ 162.776274][ T4077] t1 : 0000003fe6d12bec t2 : 0000000000049a00 s0
> > : 0000003fff852880
> > [ 162.777167][ T4077] s1 : 0000003fe6d13000 a0 : 0000003fe6d13000 a1
> > : 0000003fff8528a0
> > [ 162.779363][ T4077] a2 : 0000000000000004 a3 : 0000000000000002 a4
> > : 0000000000000002
> > [ 162.780279][ T4077] a5 : 000000000000000f a6 : 7efefefefefefeff a7
> > : fffffffffffff000
> > [ 162.781194][ T4077] s2 : 0000000000000001 s3 : 0000003fff8528a0 s4
> > : 0000003fe6d13030
> > [ 162.782106][ T4077] s5 : 0000003fe6d13010 s6 : 0000000000000000 s7
> > : 0000000000000000
> > [ 162.783015][ T4077] s8 : 0000003fe6d13004 s9 : 0000003fe6d13010
> > s10: 0000003fe6d13008
> > [ 162.783940][ T4077] s11: 0000003fe6d13038 t3 : 0000000000000bb0 t4
> > : 0000000000000002
> > [ 162.784853][ T4077] t5 : 0000000000000002 t6 : 0000000000003d40
> > [ 162.785618][ T4077] status: 8000000000006020 badaddr:
> > 0000000000000bb0 cause: 000000000000000c
> > Segmentation fault
> > [ 164.074891][ T4079] ssh-keygen[4079]: unhandled signal 11 code 0x1
> > at 0x0000000000000bb0 in ssh-keygen[2ac3c68000+63000]
> > [ 164.076916][ T4079] CPU: 1 PID: 4079 Comm: ssh-keygen Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 164.096635][ T4079] epc: 0000000000000bb0 ra : 0000003ff6899872 sp
> > : 0000003fffed1330
> > [ 164.099233][ T4079] gp : 0000002ac3ccd448 tp : 0000003ff6435cd0 t0
> > : 0000003ff6897000
> > [ 164.100457][ T4079] t1 : 0000003ff6899bec t2 : 0000003ff6891940 s0
> > : 0000003fffed13d0
> > [ 164.101578][ T4079] s1 : 0000003ff689a000 a0 : 0000003ff689a000 a1
> > : 0000003fffed13f8
> > [ 164.102914][ T4079] a2 : 0000000000000000 a3 : 0000000000000001 a4
> > : 0000000000000001
> > [ 164.104058][ T4079] a5 : 000000000000000f a6 : 0000000000000000 a7
> > : 00000000000000ac
> > [ 164.105150][ T4079] s2 : 0000000000000000 s3 : 0000003fffed13f8 s4
> > : 0000003ff689a020
> > [ 164.106241][ T4079] s5 : 0000003ff689a000 s6 : 0000003fd1861830 s7
> > : ffffffffffffffff
> > [ 164.113694][ T4079] s8 : 0000003ff689a004 s9 : 0000003ff689a010
> > s10: 0000003ff689a008
> > [ 164.114869][ T4079] s11: 0000003ff689a028 t3 : 0000000000000bb0 t4
> > : 0000000000000002
> > [ 164.115972][ T4079] t5 : 0000000000000002 t6 : 0000000000003d40
> > [ 164.128360][ T4079] status: 8000000000004020 badaddr:
> > 0000000000000bb0 cause: 000000000000000c
> > Segmentation fault
> > Starting sshd: [ 164.872315][ T4080] sshd[4080]: unhandled signal 11
> > code 0x1 at 0x0000000000000bb0 in sshd[2ac7ea7000+a4000]
> > [ 164.874297][ T4080] CPU: 1 PID: 4080 Comm: sshd Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 164.875331][ T4080] epc: 0000000000000bb0 ra : 0000003ff2222872 sp
> > : 0000003fffbea300
> > [ 164.876230][ T4080] gp : 0000002ac7f4f9d0 tp : 0000003ff1dbecd0 t0
> > : 0000003ff2220000
> > [ 164.877146][ T4080] t1 : 0000003ff2222bec t2 : 0000003ff221a940 s0
> > : 0000003fffbea3a0
> > [ 164.892174][ T4080] s1 : 0000003ff2223000 a0 : 0000003ff2223000 a1
> > : 0000003fffbea3c8
> > [ 164.893137][ T4080] a2 : 0000000000000000 a3 : 0000000000000001 a4
> > : 0000000000000001
> > [ 164.894065][ T4080] a5 : 000000000000000f a6 : 0000000000000000 a7
> > : 00000000000000ac
> > [ 164.895013][ T4080] s2 : 0000000000000000 s3 : 0000003fffbea3c8 s4
> > : 0000003ff2223020
> > [ 164.895947][ T4080] s5 : 0000003ff2223000 s6 : 0000003fd1861830 s7
> > : ffffffffffffffff
> > [ 164.896881][ T4080] s8 : 0000003ff2223004 s9 : 0000003ff2223010
> > s10: 0000003ff2223008
> > [ 164.905684][ T4080] s11: 0000003ff2223028 t3 : 0000000000000bb0 t4
> > : 0000000000000002
> > [ 164.906679][ T4080] t5 : 0000000000000002 t6 : 0000000000003d40
> > [ 164.908565][ T4080] status: 8000000000004020 badaddr:
> > 0000000000000bb0 cause: 000000000000000c
> > Segmentation fault
> > OK
> > syzkaller
> > syzkaller login: [ 167.973016][ T4082] ------------[ cut here ]------------
> > [ 167.975887][ T4082] virt_to_phys used for non-linear address:
> > 0000000059ffc026 (0xffffffd0158d105e)
> > [ 167.979939][ T4082] WARNING: CPU: 0 PID: 4082 at
> > arch/riscv/mm/physaddr.c:16 __virt_to_phys+0x74/0x78
> > [ 167.988658][ T4082] Modules linked in:
> > [ 167.989781][ T4082] CPU: 0 PID: 4082 Comm: getty Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 167.991063][ T4082] epc: ffffffe000011164 ra : ffffffe000011164 sp
> > : ffffffe01354fb10
> > [ 167.992243][ T4082] gp : ffffffe006234420 tp : ffffffe009c8ad80 t0
> > : ffffffe006cafb67
> > [ 167.993384][ T4082] t1 : 0000000000000001 t2 : 0000000000000000 s0
> > : ffffffe01354fb40
> > [ 167.994531][ T4082] s1 : fffffff0158d105e a0 : 000000000000004f a1
> > : 00000000000f0000
> > [ 167.995690][ T4082] a2 : 0000000000000002 a3 : ffffffe0000d1a30 a4
> > : 763e2d90a60ec500
> > [ 167.996803][ T4082] a5 : 763e2d90a60ec500 a6 : 0000000000f00000 a7
> > : ffffffe00009481c
> > [ 167.999690][ T4082] s2 : ffffffd0158d105e s3 : 0000001fffffffff s4
> > : 0000000000000001
> > [ 168.000898][ T4082] s5 : ffffffd0158d105f s6 : ffffffd0158d3260 s7
> > : 0000003fff81eac8
> > [ 168.002093][ T4082] s8 : ffffffd0158d105e s9 : 0000000000000001
> > s10: 0000000000000000
> > [ 168.003226][ T4082] s11: 0000000000000000 t3 : 763e2d90a60ec500 t4
> > : ffffffc4026a9efd
> > [ 168.004361][ T4082] t5 : ffffffc4026a9eff t6 : ffffffe01354f7f8
> > [ 168.005328][ T4082] status: 0000000000000120 badaddr:
> > 0000000000000000 cause: 0000000000000003
> > [ 168.006756][ T4082] Kernel panic - not syncing: panic_on_warn set ...
> > [ 168.008056][ T4082] CPU: 0 PID: 4082 Comm: getty Not tainted
> > 5.11.0-rc2-00012-g0983834a8393 #19
> > [ 168.009301][ T4082] Call Trace:
> > [ 168.009969][ T4082] [<ffffffe0000095c0>] walk_stackframe+0x0/0x1d0
> > [ 168.011166][ T4082] [<ffffffe00458b2d8>] show_stack+0x3a/0x46
> > [ 168.012215][ T4082] [<ffffffe0045a5b72>] dump_stack+0x11c/0x180
> > [ 168.013262][ T4082] [<ffffffe00458b6a0>] panic+0x20a/0x5cc
> > [ 168.014264][ T4082] [<ffffffe000024210>] __warn+0x110/0x20a
> > [ 168.015285][ T4082] [<ffffffe001759424>] report_bug+0x156/0x200
> > [ 168.016324][ T4082] [<ffffffe0000093f6>] do_trap_break+0xa6/0x152
> > [ 168.017431][ T4082] [<ffffffe00000559c>] ret_from_exception+0x0/0x14
> > [ 168.018560][ T4082] [<ffffffe0018c97bc>] n_tty_read+0x908/0x115a
> > [ 168.020124][ T4082] SMP: stopping secondary CPUs
> > [ 168.022087][ T4082] Rebooting in 86400 seconds..
> >
>
> I was fixing KASAN support for my sv48 patchset so I took a look at your
> issue: I built a kernel on top of the branch riscv/fixes using
> https://github.com/google/syzkaller/blob/269d24e857a757d09a898086a2fa6fa5d827c3e1/dashboard/config/linux/upstream-riscv64-kasan.config
> and Buildroot 2020.11. I have the warnings regarding the use of
> __virt_to_phys on wrong addresses (but that's normal since this function
> is used in virt_addr_valid) but not the segfaults you describe.
Hi Alex,
Let me try to rebuild buildroot image. Maybe there was something wrong
with my build, though, I did 'make clean' before doing. But at the
same time it worked back in June...
Re WARNINGs, they indicate kernel bugs. I am working on setting up a
syzbot instance on riscv. If there a WARNING during boot then the
kernel will be marked as broken. No further testing will happen.
Is it a mis-use of WARN_ON? If so, could anybody please remove it or
replace it with pr_err.
More information about the linux-riscv
mailing list