<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/61096>61096</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            crash with RISC-V scalable vectorization and kernel address sanitizer
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            backend:RISC-V
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          nathanchance
      </td>
    </tr>
</table>

<pre>
    Initially reported on LKML: https://lore.kernel.org/llvm/202302250924.ukv4ZxOc-lkp@intel.com/

After commit 15c645f7ee67 ("[RISCV] Enable (scalable) vectorization by default"), there is an assertion failure when `-fsanitize=kernel-address` is used. A trivial reproducer from `cvise`:

```c
int get_boot_config_from_initrd_size, __attribute__start_kernel_ret;
void __attribute__((__cold__)) __attribute__start_kernel() {
  char *p;
 while (get_boot_config_from_initrd_size--)
 __attribute__start_kernel_ret += *p++;
}
```

```
$ clang --target=riscv64-linux-gnu -march=rv64imafdcv -O2 -fsanitize=kernel-address -c -o /dev/null main.i
warning: Invalid size request on a scalable vector; Cannot implicitly convert a scalable size to a fixed-width size in `TypeSize::operator ScalarTy()`
clang: /home/nathan/cbl/src/llvm-project/llvm/include/llvm/Support/Casting.h:578: decltype(auto) llvm::cast(From *) [To = llvm::FixedVectorType, From = llvm::Type]: Assertion `isa<To>(Val) && "cast<Ty>() argument of incompatible type!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: clang --target=riscv64-linux-gnu -march=rv64imafdcv -O2 -fsanitize=kernel-address -c -o /dev/null main.i
1.      <eof> parser at end of file
2.      Optimizer
 #0 0x0000aaaad8e30c28 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (../install/llvm-bad/bin/clang+0x4cd0c28)
 #1 0x0000aaaad8e2ee18 llvm::sys::RunSignalHandlers() (../install/llvm-bad/bin/clang+0x4ccee18)
 #2 0x0000aaaad8db2c6c (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0
 #3 0x0000aaaad8db2e1c CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #4 0x0000ffffabc8086c (linux-vdso.so.1+0x86c)
 #5 0x0000ffffab73da38 __pthread_kill_implementation (/lib64/libc.so.6+0x8da38)
 #6 0x0000ffffab6f4980 gsignal (/lib64/libc.so.6+0x44980)
 #7 0x0000ffffab6e0284 abort (/lib64/libc.so.6+0x30284)
 #8 0x0000ffffab6eda84 __assert_fail_base (/lib64/libc.so.6+0x3da84)
 #9 0x0000ffffab6edb00 __assert_perror_fail (/lib64/libc.so.6+0x3db00)
#10 0x0000aaaad8a2d77c (anonymous namespace)::AddressSanitizer::instrumentFunction(llvm::Function&, llvm::TargetLibraryInfo const*) AddressSanitizer.cpp:0:0
#11 0x0000aaaad8a29664 llvm::ModuleAddressSanitizerPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (../install/llvm-bad/bin/clang+0x48c9664)
#12 0x0000aaaad871d61c llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (../install/llvm-bad/bin/clang+0x45bd61c)
#13 0x0000aaaad95b0e24 (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&) BackendUtil.cpp:0:0
#14 0x0000aaaad95aaba4 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>) (../install/llvm-bad/bin/clang+0x544aba4)
#15 0x0000aaaad99064ec clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) CodeGenAction.cpp:0:0
#16 0x0000aaaada0db138 clang::ParseAST(clang::Sema&, bool, bool) (../install/llvm-bad/bin/clang+0x5f7b138)
#17 0x0000aaaad984d810 clang::FrontendAction::Execute() (../install/llvm-bad/bin/clang+0x56ed810)
#18 0x0000aaaad97dac74 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (../install/llvm-bad/bin/clang+0x567ac74)
#19 0x0000aaaad990080c clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (../install/llvm-bad/bin/clang+0x57a080c)
#20 0x0000aaaad72ce060 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (../install/llvm-bad/bin/clang+0x316e060)
#21 0x0000aaaad72cc114 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#22 0x0000aaaad96b34bc void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#23 0x0000aaaad8db2b14 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (../install/llvm-bad/bin/clang+0x4c52b14)
#24 0x0000aaaad96b2f7c clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (../install/llvm-bad/bin/clang+0x5552f7c)
#25 0x0000aaaad967f390 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (../install/llvm-bad/bin/clang+0x551f390)
#26 0x0000aaaad967f610 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (../install/llvm-bad/bin/clang+0x551f610)
#27 0x0000aaaad96945e0 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (../install/llvm-bad/bin/clang+0x55345e0)
#28 0x0000aaaad72cb7b0 clang_main(int, char**) (../install/llvm-bad/bin/clang+0x316b7b0)
#29 0x0000ffffab6e0598 __libc_start_call_main (/lib64/libc.so.6+0x30598)
#30 0x0000ffffab6e0670 __libc_start_main@GLIBC_2.17 (/lib64/libc.so.6+0x30670)
#31 0x0000aaaad72c90b0 _start (../install/llvm-bad/bin/clang+0x31690b0)
clang-16: error: clang frontend command failed with exit code 134 (use -v to see invocation)
ClangBuiltLinux clang version 16.0.0 (https://github.com/llvm/llvm-project 15c645f7ee678d85a7ec8db9a3b1a78b6548baba)
Target: riscv64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/nathan/tmp/cvise.tHJkfPN5TK/install/llvm-bad/bin
clang-16: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.
```

I have been unable to reproduce this crash with just `opt` but my LLVM-fu is not too strong. I am not really sure whose bug this is so I am just putting it under the RISC-V label for now but please adjust it as necessary.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkWltv47iS_jXKC2FDomRJfsiD48Sn0ye93Wjn9MO-CBRZsnlCkRqScuL59QtScmw6t0kvsDvAGXQmsURWffXVhZcyMYZvJMBlNLuKZtcXpLdbpS8lsVsiqfuBi1qx_eWt5JYTIfZIQ6e0BYaURHf__HYXpQu0tbYzUbqI8CrCK6E0TB9ASxBTpTfuidi1EV7hGKcxxrN4jrNp_7DL_vvpO52Ihy7KYi4tiClVblwUX0fxYvj_orGgEVVtyy1KZjTPZk0BkBcowmWEcTS7-nm7Xv6KZtfoRpJagHthKBHu7wjP0Q6oVZr_SSxXEtV7xKAhvbBuMp5HeInsFjQgbhCRiBgD2o9sCBe9BvS4BYmiPJ40hjgW_oQovR7MmxDGNBgT5bGb3htgU7RAVvMdJ8JRpRXrKWjUaNU6IXTHDUR57Mg6sdI98f_o8JlLizZgq1opW1ElG76pnIiKS241q4xDgZeoqoi1mte9haoylmhbDcgqDTZKrwZpO8VZONRzV1YVVYK5T3NH1JvC_Og5iopRHkJ0SzSK8KJ71oEet3zg_iPck4nTN0x6Fz-K8FWUXg968JX_NGqLiusz4l5lc_yIM0QFkRs0mViiN46Za80N3eXZRHDZP002skeTlmi6da92ecZb0jC6Q5PvGL3jeDShaKJQhFcMdhFeyV4I1BIup3zQ_Ui05HLjkuRW7ojgDDkOkIY_ejDWJRFBh2gdQzVKr9CSSKks4m0nOOVW7BFVcgfang73kqxCBDX8CdjkkTO7HZ5yH7L3-w7WHvciSheqA02s0mjtBOj7_eDXZ548Rw5phFdb1YKzxxeCCK9oLSK8MpqO2TzptPo3UHtMbi6p6BkcH6z7zlWKCK-WxFguN9NtlC5mRelUMKDC7juIcEl6q1x4-WkeKCXGRrhc-ZzBCx97s6t7hVw0HIetnNG_PGX3XtQSDVOCUf7V7NopXTzndpTH3JAoXd6rKL2JcPmLCK8G5xHOUYSxx5Au7_fDe_eS6E3fgrRINYhLqtqOWO78MBiS-IJS-LoBbDpw-uPuZrG-QaavXf0iqO43YwV1jgvr5obbbV-PNXAk8YxrbkwPJsIrRCRDI-WufiGqidmimtAHqwn1ZHS-_lAwBhgyqtfDYzeTGKMoJ66M614iQzXv7Ah5bQl9QKxvu-ciFU_RD602mrTPJDjY_29ZlUyR_y9Kl6CaKL1BHdEGNCIWgWTOQQ0XMAzG4-DvneUt_xP0WHsinMYoforjOCaEEFZCGlNcnoSO2Zvhjx-aS-t5uR_ILY-DNHmslLEaSOujZ4m4tEMsldOpTwxjiRAHZ9aERXhVc59VPuPwVfyUUeaUHytjhNMkRIcBklfR_ezlmm8kEV-IZAK0OdTrzwGgTn4AAAcAWI1pTp1UIpXct6o3SJIWTOcpmQ9gli4OfwJVO9D7pZIWnuxt24nh7YDQj4lw6Ylaol76TQhDQjkwc_SajCntXDzG_ucZYXqOEBIaTg-YOej8jIpsVNE0TUNqWsblQMIQ4jtm1NSoaeJJLHMaEDgL5hYpI2mJqqqzWw2EVQ9ciMqVeHAZNexPvO9Wgtd5NvymTnw-iHfzAwV5oCBvsnkZo43xNr8rKnMjA1FFKApiXGaI1K5SvScodeMCQeWZIEbKzC30vvhWrjpWNTHwvlQ3KZA6P5dax_FRagdaK-2FfyC3jo9muxwLSwDBrCg-jPHFUKbWY_3Sw1OXZtrXxlUvqXNmUCeOD32ROFmgfPG847Umen8rG-WWercA-oXvXNfLIHVWJGdWzPM8O1HxTbFewLmoH8SMFUT3IdZh_AukC0nE3nDzjUiycWYvX0xxi2X--eJTUoc4cExYfIqE5Qk9weLAv4PjN3C7f38LMma1szUgI6hz81kdA84-itKbllu342lrsf8CojvE6c9ejkuhrzg_eAeCS7eoHTaAUbq4IvQBJFuMIbtExrLhTS_5Hz1UnQ1Ndstg96i5heqwGJ5MGo9cFQMBFj6YOPhi4PsjtfdKie-97Xq74oPb_4rOs1lHhXM0Gv4vy8XrqZaFriCkJuPx4kj7KGRQERJ7zclGKmM5NTdy43n3hp4M-QKEgV6D2zg5TylpDiXhfOhSMfgHyA9GDRXmg0F3RG5eG3JkbW01l5uf0ISPD_mxOBP4NwihT2beLMucN4PMmwXunsd5BvQVK5dKmr49pNiw3bjXRBrhk-xfkp_FwWJ9P247xsAbXTnQ9Xro5adYSMzqJC1Psfxwm-DF-j7UtIaWjL6slRLH359lpymcwoCdImCnzFiZxKeIVtrZ-BwEQ4I8Ae0t_M4mdZaD0xBAKAMIBSO0yMIUaTsuQN86BZJCAOIQnOXbmH-jgs_ywqEIYM7P4igu4yCORkBHtDtFyUtwL6wZj8efglcQp_0UHg62QQWmEOcxojSp3LErWA4XWpO9KwLp0t8CPW9WXMItUfgML9FOcfY7KNMkdyAClMkZSpokGTowt0zufVifYF23RIjhhmA4g7wC2buXab57Y2-Fg43IPK_TrKbeqpMa2Iybu0p7Yvzb8XblsK2gRAh3PK8a6XAcXTroHt27TJaqbYlk57nyqgOOD4fKTUTw8Fiwx3p4Uk6rij49JcnwoSaGU1c7_VWVJykY7B5UVhPujv3D6zNxRAgXr0qfvHdDFsdy40NgoN5PiXBWxcPtyuHg91XVr_vgxTmvTk73t6-d5o5nY9KA2AcUvu-uzx-dZw5PEKnZWdDgpgjS_T_P6Z-sUbOZoyzgNFyK86JJ5_GbnPo6SV6sOgeig6J6NtENeGuX9M7QRbDI_qbViTMqsDo_tzpPPm31V1Wbt03-quo7buxbu74XNfTZ_x3hzvXjNc5fZel0e_-_5CoP9wI43I7k82wGb3J1ffJ3sPi-suq-xfH_IVefXeNnqTM-YKc8Wz3roh7ZOazyB3S-FCx-c9V2YgO951c38WxeoqoSvKZjz8etjR7DB1dNs3mw_Xy-v32WnBdxKNkblsX_uLu9WlZ4mhQfaMiLAHt6vuOYx3WMBtmfJsbNfRbu30ySPEoXyF9eHe_Tm3ED6rueLhyGjgJ65HaL4Im7TGWAktRfAfQG0GSHrEIGAPGTfeOoaemEXvVc2Dsu-6dRyQ604UqiJJ_G09gJ-lwzIujFlqyckQJoyeo5SeuEFGWdz7KyJjV5xnE_NgkW6NAl6OWDVI_y2C0YB_rbUdQqBsIN75ThT8Or24FqYNdcv9Gpsm3niN9xA1P75etD8-O_Zvf_fM9NL_whlTtgLhB7Pquj1vjO2I3zFNqABE0sl5vXeyylcXkzQVKdvPcdOy673prpO73LW7QlO0A1gET90M-26thJRnbLzdjs8fHw794VzjxWnY3yGNW9Re0e3d39-jZpesSNMwZZpZCxWsnNFN0i0vqHGnw_3ww9bmXAN6e8fG6QUcNIL7_rrbeWW9RLBtp3nH7erpeTX0iQGgRqlEZSPXr9nQBiABHm53KLiEESPAd6P71glymbp3NyAZdJXhR5WaQFvtheFnOI82Se5JBi1sRpjmMW41mREmBFU-MLfum_QJDGSZIneYKnLCdlUsdJmhUlYTSNshhawsXUOXiq9ObC98su8ySe5xceqPHfdMC4Ho7tbofozfDfJLi-0JdDbPQbE2Wx4MaaozDLrYDLE-5HBs7at4dvGrjMHfpa6NDXOnS89EWvxeXvd_-8Qf8TAAD___SdcjU">