From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA662C433DB for ; Fri, 12 Mar 2021 16:23:38 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1979A64EC0 for ; Fri, 12 Mar 2021 16:23:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1979A64EC0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:55304 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lKkZd-0004V7-6B for qemu-devel@archiver.kernel.org; Fri, 12 Mar 2021 11:23:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:58668) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lKkS6-0005wv-D3 for qemu-devel@nongnu.org; Fri, 12 Mar 2021 11:15:50 -0500 Received: from indium.canonical.com ([91.189.90.7]:59856) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lKkS0-00014k-Kg for qemu-devel@nongnu.org; Fri, 12 Mar 2021 11:15:50 -0500 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1lKkRz-0002tm-0T for ; Fri, 12 Mar 2021 16:15:43 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 017242E815A for ; Fri, 12 Mar 2021 16:15:43 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Fri, 12 Mar 2021 16:07:32 -0000 From: Dmitry Vyukov <1918917@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=New; importance=Undecided; assignee=None; X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: arnd-arndb dvyukov pmaydell X-Launchpad-Bug-Reporter: Dmitry Vyukov (dvyukov) X-Launchpad-Bug-Modifier: Dmitry Vyukov (dvyukov) References: <161554541665.16519.7546318758364401915.malonedeb@wampee.canonical.com> Message-Id: <161556525299.18765.11643655248769910652.malone@soybean.canonical.com> Subject: [Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64 X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="d4fcb062545ed29d3cd7773e52e43615e042623f"; Instance="production" X-Launchpad-Hash: 0df0e1880f20b819d060d92133ca1c5d6ba5daaa Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-Spam_score_int: -65 X-Spam_score: -6.6 X-Spam_bar: ------ X-Spam_report: (-6.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1918917 <1918917@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Uploaded the binary reproducer as: https://storage.googleapis.com/syzkaller/temp/arm64-tty-crash -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=3Don,graphics=3Don,usb=3Don -cpu cortex-a57= -smp 2 -m 2G \ -device virtio-blk-device,drive=3Dhd0 \ -drive if=3Dnone,format=3Draw,id=3Dhd0,file=3Dbuildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=3D10.0.2.10,hostfwd=3Dtcp::10022-:22 -net nic,model=3Dvir= tio-net-pci \ -append "root=3D/dev/vda earlyprintk=3Dserial console=3DttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0xffffffff in this case. This is factored out of this LKML thread where Arnd describes it in more = details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=3Db= xFgv5Y3mA@mail.gmail.com/ Internal error: synchronous external abort: 96000050 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-0= 0302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 80000085 (Nzcv daIf -PAN -UAO -TCO BTYPE=3D--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : ffff000015f0f980 x29: ffff000015f0f980 x28: ffff80001de0005d = x27: ffff80001601df00 x26: ffff000015f0fc90 = x25: ffff80001de00000 x24: ffff80001de00000 = x23: ffff00000e27f600 x22: 0000000000000000 = x21: 0000000000000002 x20: 0000000000000002 = x19: fffffbfffe800001 x18: ffff00006a678b48 = x17: 0000000000000000 x16: 0000000000000000 = x15: ffff8000197be810 x14: 1fffe00002be1f0e = x13: 1fffe00002be1e90 x12: ffff600002be1f39 = x11: 1fffe00002be1f38 x10: ffff600002be1f38 = x9 : dfff800000000000 x8 : 0000000000000003 = x7 : 0000000000000001 x6 : 0000000000000004 = x5 : ffff000015f0f9c0 x4 : dfff800000000000 = x3 : 0000000000000001 x2 : 1ffff00003494e6b = x1 : fffffbfffe800000 x0 : 0000000000ffbffe = Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432 el0_sync+0x170/0x180 arch/arm64/kernel/entry.S:699 Code: d2bfd001 f2df7fe1 f2ffffe1 8b010273 (39000274) = ---[ end trace 79cb47219936c254 ]--- To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1918917/+subscriptions