Re: m68k-v4.19 crashes in free_all_bootmem

[Michael Schmitz <schmitzmic@xxxxxxxxx>]

Geert,

On 2/12/18 10:57 PM, Geert Uytterhoeven wrote:
> On Fri, Nov 30, 2018 at 10:24 PM Michael Schmitz <schmitzmic@xxxxxxxxx> wrote:
> > Am 01.12.2018 um 10:12 schrieb Andreas Schwab:
> > > On Nov 30 2018, Andreas Schwab <schwab@xxxxxxxxxxxxxx> wrote:
> > >
> > > > [    0.000000] Linux version 4.19.0 (andreas@xxxxxxxxx) (gcc version 8.1.1 20180712 (GCC)) #3 Fri Nov 30 20:53:33 CET 2018
> > > > [    0.000000] Saving 190 bytes of bootinfo
> > > > [    0.000000] console [debug0] enabled
> > > > [    0.000000] Atari hardware found: VIDEL STDMA-SCSI ST_MFP YM2149 PCM CODEC DSP56K SCC ANALOG_JOY BLITTER IDE TT_CLK FDC_SPEED
> > > > [    0.000000] Ignoring memory chunk at 0x0:0xe00000 before the first chunk
> > The difference appears to be this:
> >
> > > [    0.000000] Linux version 4.19.0-rc1-atari-fpuemu-clocksource4+ (schmitz@xplor) (gcc version 4.6.3 (GCC)) #925 Wed Nov 21 12:51:19 NZDT 2018
> > > [    0.000000] Saving 202 bytes of bootinfo
> > > [    0.000000] console [debug0] enabled
> > > [    0.000000] Atari hardware found: VIDEL STDMA-SCSI ST_MFP YM2149 PCM CODEC DSP56K SCC ANALOG_JOY BLITTER IDE TT_CLK FDC_SPEED
> > > [    0.000000] On node 0 totalpages: 3584
> > > [    0.000000]   DMA zone: 35 pages used for memmap
> > > [    0.000000]   DMA zone: 0 pages reserved
> > > [    0.000000]   DMA zone: 3584 pages, LIFO batch:0
> > > [    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
> > > [    0.000000] pcpu-alloc: [0] 0
> > > [    0.000000] Built 1 zonelists, mobility grouping off.  Total pages: 3549
> > Only a single memory chunk (ST-RAM), and kernel loaded there.
> Same here.
>
> The only memory-related option I have in my ARAnyM config is
>
>      FastRAM = 256
>
> and that works.
>
> Andreas: can you please share your ARAnyM config, so we can reproduce?
> Thanks!

For the record:

LoadToFastRAM = yes

in the [LILO] section does reproduce the bug for me.

Disassembly of free_all_bootmem() (the nobootmem.c variety reveals the 
null pointer access:

> 00409780 <free_all_bootmem>:
>   409780:    4fef ffec          lea %sp@(-20),%sp
>   409784:    48e7 3f1e          moveml %d2-%d7/%a3-%fp,%sp@-
>   409788:    4eb9 0040 9738     jsr 409738 <reset_all_zones_managed_pages>
>   40978e:    4878 ffff          pea ffffffff <FP_SCR6+0xf>
>   409792:    42a7               clrl %sp@-
>   409794:    4eb9 0041 a270     jsr 41a270 <memblock_clear_hotplug>
>   40979a:    42af 0034          clrl %sp@(52)
>   40979e:    42af 0038          clrl %sp@(56)
>   4097a2:    7640               moveq #64,%d3
>   4097a4:    d68f               addl %sp,%d3
>   4097a6:    2f03               movel %d3,%sp@-
>   4097a8:    7440               moveq #64,%d2
>   4097aa:    d48f               addl %sp,%d2
>   4097ac:    2f02               movel %d2,%sp@-
>   4097ae:    49ef 003c          lea %sp@(60),%a4
>   4097b2:    2f0c               movel %a4,%sp@-
>   4097b4:    47f9 0041 9716     lea 419716 
> <__next_reserved_mem_region>,%a3
>   4097ba:    4e93               jsr %a3@
>   4097bc:    4fef 0014          lea %sp@(20),%sp
>   4097c0:    4bf9 0041 912c     lea 41912c <reserve_bootmem_region>,%a5
>   4097c6:    6016               bras 4097de <free_all_bootmem+0x5e>
>   4097c8:    2f2f 0038          movel %sp@(56),%sp@-
>   4097cc:    2f2f 0038          movel %sp@(56),%sp@-
>   4097d0:    4e95               jsr %a5@
>   4097d2:    2f03               movel %d3,%sp@-
>   4097d4:    2f02               movel %d2,%sp@-
>   4097d6:    2f0c               movel %a4,%sp@-
>   4097d8:    4e93               jsr %a3@
>   4097da:    4fef 0014          lea %sp@(20),%sp
>   4097de:    202f 002c          movel %sp@(44),%d0
>   4097e2:    222f 0030          movel %sp@(48),%d1
>   4097e6:    78ff               moveq #-1,%d4
>   4097e8:    7aff               moveq #-1,%d5
>   4097ea:    9285               subl %d5,%d1
>   4097ec:    9184               subxl %d4,%d0
>   4097ee:    66d8               bnes 4097c8 <free_all_bootmem+0x48>
>   4097f0:    42af 002c          clrl %sp@(44)
>   4097f4:    42af 0030          clrl %sp@(48)
>   4097f8:    42a7               clrl %sp@-
>   4097fa:    763c               moveq #60,%d3
>   4097fc:    d68f               addl %sp,%d3
>   4097fe:    2f03               movel %d3,%sp@-
>   409800:    743c               moveq #60,%d2
>   409802:    4877 2800          pea %sp@(0000000000000000,%d2:l)
>   409806:    4879 0042 0d56     pea 420d56 <memblock+0x1a>
>   40980c:    4879 0042 0d42     pea 420d42 <memblock+0x6>
>   409812:    42a7               clrl %sp@-
>   409814:    4878 ffff          pea ffffffff <FP_SCR6+0xf>
>   409818:    47ef 0048          lea %sp@(72),%a3
>   40981c:    2f0b               movel %a3,%sp@-
>   40981e:    4eb9 0041 9788     jsr 419788 <__next_mem_range>
>   409824:    4fef 0020          lea %sp@(32),%sp
>   409828:    4286               clrl %d6
>   40982a:    7a00               moveq #0,%d5
>   40982c:    2a45               moveal %d5,%a5
>   40982e:    49f9 0040 7754     lea 407754 <__free_pages_bootmem>,%a4
>   409834:    2c43               moveal %d3,%fp
>   409836:    6000 00bc          braw 4098f4 <free_all_bootmem+0x174>
>   40983a:    282f 0034          movel %sp@(52),%d4
>   40983e:    0684 0000 0fff     addil #4095,%d4
>   409844:    700c               moveq #12,%d0
>   409846:    e0ac               lsrl %d0,%d4
>   409848:    242f 0038          movel %sp@(56),%d2
>   40984c:    2039 003e c020     movel 3ec020 <max_low_pfn>,%d0
>   409852:    720c               moveq #12,%d1
>   409854:    e2aa               lsrl %d1,%d2
>   409856:    b082               cmpl %d2,%d0
>   409858:    6402               bccs 40985c <free_all_bootmem+0xdc>
>   40985a:    2400               movel %d0,%d2
>   40985c:    b484               cmpl %d4,%d2
>   40985e:    636a               blss 4098ca <free_all_bootmem+0x14a>
>   409860:    2204               movel %d4,%d1
>   409862:    6002               bras 409866 <free_all_bootmem+0xe6>
>   409864:    2207               movel %d7,%d1
>   409866:    2601               movel %d1,%d3
>   409868:    4483               negl %d3
>   40986a:    c681               andl %d1,%d3
>   40986c:    edc3 3000          bfffo %d3,0,0,%d3
>   409870:    7a1f               moveq #31,%d5
>   409872:    9a83               subl %d3,%d5
>   409874:    2605               movel %d5,%d3
>   409876:    700a               moveq #10,%d0
>   409878:    b085               cmpl %d5,%d0
>   40987a:    6406               bccs 409882 <free_all_bootmem+0x102>
>   40987c:    760a               moveq #10,%d3
>   40987e:    6002               bras 409882 <free_all_bootmem+0x102>
>   409880:    5383               subql #1,%d3
>   409882:    7e01               moveq #1,%d7
>   409884:    e7af               lsll %d3,%d7
>   409886:    de81               addl %d1,%d7
>   409888:    b487               cmpl %d7,%d2
>   40988a:    65f4               bcss 409880 <free_all_bootmem+0x100>
>   40988c:    2a01               movel %d1,%d5
>   40988e:    700c               moveq #12,%d0
>   409890:    e1ad               lsll %d0,%d5
>   409892:    0485 0000 0000     subil #0,%d5
>   409898:    200d               movel %a5,%d0
>   40989a:    e0ad               lsrl %d0,%d5
>   40989c:    2070 5db0 003c     moveal @(00000000003cfe44,%d5:l:4),%a0
>   4098a2:    fe44
>   4098a4:    2f03               movel %d3,%sp@-
>   4098a6:    2f01               movel %d1,%sp@-
>   4098a8:    92a8 06ee          subl %a0@(1774),%d1    <===== here
>   4098ac:    2601               movel %d1,%d3
>   4098ae:    e78b               lsll #3,%d3
>   4098b0:    eb89               lsll #5,%d1
>   4098b2:    d283               addl %d3,%d1
>   4098b4:    d2a8 06ea          addl %a0@(1770),%d1
>   4098b8:    2f01               movel %d1,%sp@-
>   4098ba:    4e94               jsr %a4@
>   4098bc:    4fef 000c          lea %sp@(12),%sp
>   4098c0:    b487               cmpl %d7,%d2
>   4098c2:    62a0               bhis 409864 <free_all_bootmem+0xe4>
>   4098c4:    2002               movel %d2,%d0
>   4098c6:    9084               subl %d4,%d0
>   4098c8:    6002               bras 4098cc <free_all_bootmem+0x14c>
>   4098ca:    4280               clrl %d0
>   4098cc:    dc80               addl %d0,%d6
>   4098ce:    42a7               clrl %sp@-
>   4098d0:    2f0e               movel %fp,%sp@-
>   4098d2:    486f 003c          pea %sp@(60)
>   4098d6:    4879 0042 0d56     pea 420d56 <memblock+0x1a>
>   4098dc:    4879 0042 0d42     pea 420d42 <memblock+0x6>
>   4098e2:    42a7               clrl %sp@-
>   4098e4:    4878 ffff          pea ffffffff <FP_SCR6+0xf>
>   4098e8:    2f0b               movel %a3,%sp@-
>   4098ea:    4eb9 0041 9788     jsr 419788 <__next_mem_range>
>   4098f0:    4fef 0020          lea %sp@(32),%sp
>   4098f4:    222f 002c          movel %sp@(44),%d1
>   4098f8:    242f 0030          movel %sp@(48),%d2
>   4098fc:    76ff               moveq #-1,%d3
>   4098fe:    78ff               moveq #-1,%d4
>   409900:    9484               subl %d4,%d2
>   409902:    9383               subxl %d3,%d1
>   409904:    6600 ff34          bnew 40983a <free_all_bootmem+0xba>
>   409908:    ddb9 003e bd48     addl %d6,3ebd48 <totalram_pages>
>   40990e:    2006               movel %d6,%d0
>   409910:    4cdf 78fc          moveml %sp@+,%d2-%d7/%a3-%fp
>   409914:    4fef 0014          lea %sp@(20),%sp
>   409918:    4e75               rts


I have yet to work through the preprocessed function to see where 
exactly this is happening.

Cheers,

    Michael