Re: Oopses and invalid addresses under Hatari

Finn Thain <fthain@xxxxxxxxxxxxxxxxxxx> · Tue, 9 Apr 2019 10:39:46 +1000 (AEST)

On Mon, 8 Apr 2019, Eero Tamminen wrote:

...
I also found a 100% reproducible way to trigger the Oops, and surprise,
surprise, that's also related to kernel <-> user-space interface:
------------------------------
# echo t > /proc/sysrq-trigger

Does that work OK for you outside of Hatari?  On real m68k HW?

I pulled out a PowerBook 180 to try this. It looks like there's a kernel 
bug. This crash looks the same as the crash we saw in Hatari.

In Hatari the crash is unavoidable whereas on physical '030 it's never 
seen in normal use (on Macs at least).

I don't have a physical '040 here to try this sysrq-trigger test. It 
doesn't happen in Aranym or QEMU.

Michael, have you seen anything like this on your Falcon?

Linux version 5.0.0-mac-00059-ge8627d0188f1 (fthain@nippy) (gcc version 6.4.0 (btc)) #8 Tue Apr 9 09:19:58 AEST 2019
printk: debug: ignoring loglevel setting.
Detected Macintosh model: 33
 Penguin bootinfo data:
 Video: addr 0x60040000 row 0x140 depth 4 dimensions 640 x 400
 Videological 0xf0040000 phys. 0x60040000, SCC at 0x50f04000
 Boottime: 0x83da55a8 GMTBias: 0x0
 Machine ID: 33 CPUid: 0x1 memory size: 0xc
VIA1: DDRA = 0x28 DDRB = 0x87 ACR = 0x00
         PCR = 0x22  IFR = 0xE3 IER = 0xB3
VIA2: DDRA = 0x00 DDRB = 0xBD ACR = 0x00
         PCR = 0x00  IFR = 0x01 IER = 0x9A
Apple Macintosh PowerBook 180
On node 0 totalpages: 3072
  DMA zone: 27 pages used for memmap
  DMA zone: 0 pages reserved
  DMA zone: 3072 pages, LIFO batch:0
initrd: 00b0ec00 - 00c00000
pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
pcpu-alloc: [0] 0 
Built 1 zonelists, mobility grouping off.  Total pages: 3045
Kernel command line: mac_scsi.setup_use_pdma=0 console=ttyS0 ignore_loglevel fbcon=font:ProFont6x11
Dentry cache hash table entries: 2048 (order: 1, 8192 bytes)
Inode-cache hash table entries: 1024 (order: 0, 4096 bytes)
Sorting __ex_table...
Memory: 6952K/12288K available (2337K kernel code, 1210K rwdata, 544K rodata, 96K init, 1119K bss, 5336K reserved, 0K cma-reserved)
SLUB: HWalign=16, Order=0-3, MinObjects=0, CPUs=1, Nodes=8
NR_IRQS: 72
clocksource: via1: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 2439823894983 ns
Console: colour dummy device 80x25
printk: console [ttyS0] enabled
Calibrating delay loop... 7.83 BogoMIPS (lpj=39168)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
devtmpfs: initialized
random: get_random_u32 called from bucket_table_alloc.isra.9+0x8c/0x194 with crng_init=0
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: -1, 3072 bytes)
NuBus: Scanning NuBus slots.
SCSI subsystem initialized
clocksource: Switched to clocksource via1
Trying to unpack rootfs image as initramfs...
random: fast init done
Freeing initrd memory: 964K
workingset: timestamp_bits=27 max_order=11 bucket_order=0
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
io scheduler mq-deadline registered
macfb: framebuffer at 0x60040000, mapped to 0xd0000000, size 125k
macfb: mode is 640x400x4, linelength=320
Console: switching to colour frame buffer device 106x36
fb0: GSC frame buffer device
pmac_zilog: 0.6 (Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>)
scc.0: ttyS0 at MMIO 0x50f04002 (irq = 4, base_baud = 230400) is a Z85c30 ESCC - Serial port
scc.1: ttyS1 at MMIO 0x50f04000 (irq = 4, base_baud = 230400) is a Z85c30 ESCC - Serial port
SWIM floppy driver Version 0.2 (2008-10-30)
SWIM device not found !
brd: module loaded
Warning: no ADB interface detected
Uniform Multi-Platform E-IDE driver
ide-gd driver 1.18
scsi host0: Macintosh NCR5380 SCSI, irq 19, io_port 0x0, base 0x50010000, can_queue 16, cmd_per_lun 2, sg_tablesize 1, this_id 7, flags { NO_PSEUDO_DMA }
scsi 0:0:0:0: Direct-Access     QUANTUM  DAYTONA514S      5110 PQ: 0 ANSI: 2 CCS
sd 0:0:0:0: [sda] 1005569 512-byte logical blocks: (515 MB/491 MiB)
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 91 00 00 08
mousedev: PS/2 mouse device common for all mice
sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
rtc-generic rtc-generic: registered as rtc0
 sda: [mac] sda1 sda2 sda3 sda4 sda5 sda6
sd 0:0:0:0: [sda] Attached SCSI disk
Freeing unused kernel memory: 96K
This architecture does not have kernel memory protection.
Run /init as init process
mount: mounting none on /dev/pts failed: No such file or directory
/init: line 10: ifconfig: not found
/init: line 11: ifconfig: not found
/init: line 11: ifconfig: not found
# cat /proc/mounts
rootfs / rootfs rw,size=3476k,nr_inodes=869 0 0
none /proc proc rw,relatime 0 0
none /dev devtmpfs rw,relatime,size=3476k,nr_inodes=869,mode=755 0 0
none /sys sysfs rw,relatime 0 0
# cat /proc/hardware
Model:		Macintosh PowerBook 180
System Memory:	12288K
# cat /proc/cpuinfo
CPU:		68030
MMU:		68030
FPU:		68882
Clocking:	31.3MHz
BogoMips:	7.83
Calibration:	39168 loops
# cat /proc/meminfo
MemTotal:           8012 kB
MemFree:            4412 kB
MemAvailable:       3968 kB
Buffers:               0 kB
Cached:             2124 kB
SwapCached:            0 kB
Active:             1076 kB
Inactive:           1084 kB
Active(anon):       1076 kB
Inactive(anon):     1084 kB
Active(file):          0 kB
Inactive(file):        0 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:             0 kB
SwapFree:              0 kB
Dirty:                 0 kB
Writeback:             0 kB
AnonPages:            60 kB
Mapped:              824 kB
Shmem:              2124 kB
KReclaimable:         96 kB
Slab:               1084 kB
SReclaimable:         96 kB
SUnreclaim:          988 kB
KernelStack:         168 kB
PageTables:           20 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:        4004 kB
Committed_AS:       2740 kB
VmallocTotal:    3391488 kB
VmallocUsed:           0 kB
VmallocChunk:          0 kB
Percpu:               32 kB
# ps
  PID USER       VSZ STAT COMMAND
    1 0         1184 S    /bin/sh
    2 0            0 SW   [kthreadd]
    3 0            0 IW   [kworker/0:0-eve]
    4 0            0 IW<  [kworker/0:0H-kb]
    5 0            0 IW   [kworker/u2:0-ev]
    6 0            0 IW<  [mm_percpu_wq]
    7 0            0 SW   [ksoftirqd/0]
    8 0            0 SW   [kdevtmpfs]
    9 0            0 SW   [khungtaskd]
   10 0            0 SW   [oom_reaper]
   11 0            0 IW<  [writeback]
   12 0            0 IW<  [kblockd]
   13 0            0 IW   [kworker/0:1-eve]
   14 0            0 SW   [kswapd0]
   15 0            0 IW   [kworker/u2:1-nc]
   18 0            0 SW   [scsi_eh_0]
   19 0            0 IW<  [scsi_tmf_0]
   20 0            0 IW<  [ncr5380_0]
   21 0            0 IW   [kworker/u2:2-ev]
   22 0            0 IW<  [kworker/0:1H-kb]
   34 0         1184 R    ps
# echo t > /proc/sysrq-trigger
sysrq: SysRq : Show State
  task                PC stack   pid father
sh              S    0     1      0 0x00000000
Stack from 00a1dfcc:
        ffffffff ef86a968 00000002 ffffffff 800e4494 800ea480 800e44f1 80000de0
        00000007 00000007 00000000 00008002 b75c0080
Call Trace: [<00008002>] iop_ism_irq+0x32/0x23a
kthreadd        S    0     2      0 0x00000000
Stack from 00a2bfcc:
        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
        00000000 00000000 00000000 20000000 00000000
Call Trace:
kworker/0:0     I    0     3      2 0x00000000
Data read fault at 0x00000004 in Super Data (pc=0x2449e6)
BAD KERNEL BUSERR
Oops: 00000000
Modules linked in:
PC: [<002449e6>] __generic_copy_from_user+0x1e/0x46
SR: 2000  SP: 00b63d00  a2: 0084a800
d0: 00000001    d1: 00000000    d2: 00000003    d3: 000609c0
d4: 00036554    d5: 00a18a00    a0: 00000008    a1: 00b63de4
Process echo (pid: 35, task=0084a800)
Frame format=B ssw=074d isc=22c2 isb=5380 daddr=00000004 dobuf=00068c04
baddr=002449ec dibuf=00000000 ver=f
Stack from 00b63d88:
        00000001 00b63da4 00068c16 00b63de4 00000004 00000004 00000402 00b63e18
        0002edb6 00b63de4 00000004 00000004 00b63de0 00a0f190 00000004 00b63ddc
        00a0f18c 00000004 00a18a00 00a18a00 00043350 00000000 00000000 00000000
        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
        00000000 00000000 00000000 00000000 00b63e48 000365e0 0029f684 00a18a00
        0029f66c 00000000 00000003 00000002 00000000 00000000 00a18a00 00a18b3c
Call Trace: [<00068c16>] __probe_kernel_read+0x2a/0x50
 [<0002edb6>] print_worker_info+0x9a/0x134
 [<00043350>] printk+0x0/0x16
 [<000365e0>] sched_show_task.part.3+0x8c/0xf2
 [<00038756>] show_state_filter+0x80/0xd6
 [<00043350>] printk+0x0/0x16
 [<001bf9e4>] sysrq_handle_showstate+0xc/0x18
 [<001c0028>] __handle_sysrq+0x8e/0x12e
 [<001c04a4>] write_sysrq_trigger+0x26/0x3c
 [<00002004>] _start+0x4/0x8
 [<000f3ec0>] proc_reg_write+0x46/0x8a
 [<000a54a4>] __vfs_write+0x2c/0x17a
 [<0003e612>] up_read+0xe/0x14
 [<0000640c>] buserr_c+0x452/0x5d0
 [<000a57e0>] vfs_write+0x11a/0x1de
 [<000a59ee>] ksys_write+0x40/0xb6
 [<00008008>] iop_ism_irq+0x38/0x23a
 [<000a5a7a>] sys_write+0x16/0x1a
 [<00002bf8>] syscall+0x8/0xc
 [<00008003>] iop_ism_irq+0x33/0x23a
Code: 7403 c282 206e 000c 226e 0008 4a80 670a <0e98> 2000 22c2 5380 66f6 0801 0001 6706 0e58 2000 32c2 0801 0000 6706 0e18 2000
Disabling lock debugging due to kernel taint
Segmentation fault
# 

-- 