Linux kernel oops on Malta board while accessing pflash

Relevant 32-bit output:

tests/acceptance/linux_ssh_mips_malta.py:LinuxSSH.test_mips_malta32eb_kernel3_2_0

[ 34.968000] Using buffer write method
[ 38.324000] Searching for RedBoot partition table in physmap-flash.0 at offset 0x3f0000
[ 38.328000] No RedBoot partition table detected in physmap-flash.0
[ 39.032000] Creating 3 MTD partitions on "physmap-flash.0":
[ 39.032000] 0x000000000000-0x000000100000 : "YAMON"
[ 39.052000] 0x000000100000-0x0000003e0000 : "User FS"
[ 39.068000] 0x0000003e0000-0x000000400000 : "Board Config"
[ 40.924000] CPU 0 Unable to handle kernel paging request at virtual address 00000014, epc == c0203278, ra == c0203254
[ 40.932000] Oops[#1]:
[ 40.932000] Cpu 0
[ 40.932000] $ 0 : 00000000 1000a400 00000000 00000001
[ 40.932000] $ 4 : c012f590 00000001 00000000 7fffffff
[ 40.932000] $ 8 : 8fbcbfe0 0000a400 00000000 8fae0000
[ 40.932000] $12 : 74646368 00000001 806c0078 61720053
[ 40.932000] $16 : 8fb38000 8fba63c0 c0200000 00000001
[ 40.932000] $20 : 00000000 c0205074 8020953c 7fac45e4
[ 40.932000] $24 : 00000003 80338058
[ 40.932000] $28 : 8fbca000 8fbcbcd0 00000008 c0203254
[ 40.932000] Hi : 00000009
[ 40.932000] Lo : 85d47900
[ 40.932000] epc : c0203278 mtd_open+0x94/0x1d0 [mtdchar]
[ 40.932000] Not tainted
[ 40.932000] ra : c0203254 mtd_open+0x70/0x1d0 [mtdchar]
[ 40.932000] Status: 1000a403 KERNEL EXL IE
[ 40.932000] Cause : 10800008
[ 40.932000] BadVA : 00000014
[ 40.932000] PrId : 00019300 (MIPS 24Kc)
[ 40.932000] Modules linked in: mtdchar(+) redboot cfi_cmdset_0001 cfi_probe cfi_util gen_probe sg evdev uhci_hcd ehci_hcd physmap map_funcs chipreg usbcore mtd psmouse sr_mod i2c_piix4 i2c_core cdrom serio_raw usb_common
[ 40.932000] Process mtd_probe (pid: 268, threadinfo=8fbca000, task=8fbbda88, tls=774b0490)
[ 40.932000] Stack : 00000000 8e9b9470 8fba63c0 8e9b9470 802094b0 8e9ad980 8e9b9470 8fba63c0
[ 40.932000] 8e9ad980 802095d4 00000000 00000000 00000000 7fac45e4 00000003 8033768c
[ 40.932000] 8fba63c0 8f5a7518 8f811c80 8e9b9470 802094b0 00000000 00000000 7fac45e4
[ 40.932000] 00000008 80202bb4 8fbcbe14 8fbcbe68 8fbcbdc0 8f4f4498 8f811c80 8fbcbe70
[ 40.932000] 8fa29140 8fbcbe68 8e9b9470 00000024 00000000 00000000 00000005 7fac45e4
[ 40.932000] ...
[ 40.932000] Call Trace:
[ 40.932000] [<c0203278>] mtd_open+0x94/0x1d0 [mtdchar]
[ 40.932000] [<802095d4>] chrdev_open+0x124/0x250
[ 40.932000] [<80202bb4>] __dentry_open+0x27c/0x3d8
[ 40.932000] [<8020400c>] nameidata_to_filp+0x64/0x78
[ 40.932000] [<80214160>] do_last.isra.17+0x3a4/0x81c
[ 40.932000] [<802146d4>] path_openat+0xc0/0x4c4
[ 40.932000] [<80214bf0>] do_filp_open+0x3c/0xac
[ 40.932000] [<80204134>] do_sys_open+0x114/0x200
[ 40.932000] [<8010a9d0>] stack_done+0x20/0x40
[ 40.932000]
[ 40.932000]
[ 40.932000] Code: 3c02c013 3c02c020 8c425070 <8c440014> 3c028022 2442eef4 0040f809 02602821 10400043
[ 40.956000] ---[ end trace e666aa8cbfdf5c7f ]---
udevd[192]: 'mtd_probe /dev/.tmp-char-90:3'
[hang]

Relevant 64-bit output:

tests/acceptance/linux_ssh_mips_malta.py:LinuxSSH.test_mips_malta64eb_kernel3_2_0

[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Linux version 3.2.0-4-5kc-malta (<email address hidden>) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 Debian 3.2.51-1
[ 0.000000] bootconsole [early0] enabled
[ 0.000000] CPU revision is: 000182a0 (MIPS 20Kc)
[ 0.000000] FPU revision is: 000f8200
[ 0.000000] Checking for the multiply/shift bug... no.
[ 0.000000] Checking for the daddiu bug... no.
[ 0.000000] Determined physical RAM map:
[ 0.000000] memory: 0000000000001000 @ 0000000000000000 (reserved)
[ 0.000000] memory: 00000000000ef000 @ 0000000000001000 (ROM data)
[ 0.000000] memory: 0000000000748000 @ 00000000000f0000 (reserved)
[ 0.000000] memory: 00000000077c7000 @ 0000000000838000 (usable)
[ 0.000000] Wasting 117824 bytes for tracking 2104 unused pages
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Kernel command line: printk.time=0 console=ttyS0 root=/dev/sda1
[...]
Freeing prom memory: 956k freed
Freeing unused kernel memory: 244k freed

INIT: version 2.88 booting

Using makefile-style concurrent boot in runlevel S.
physmap platform flash device: 00400000 at 1e000000
sr0: scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
[...]
sd 0:0:0:0: Attached scsi generic sg0 type 0
sr 1:0:0:0: Attached scsi generic sg1 type 5
physmap-flash.0: Found 1 x32 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input1
Intel/Sharp Extended Query Table at 0x0031
Using buffer write method
Searching for RedBoot partition table in physmap-flash.0 at offset 0x1003f0000
Creating 3 MTD partitions on "physmap-flash.0":
0x000000000000-0x000000100000 : "YAMON"
0x000000100000-0x0000003e0000 : "User FS"
0x0000003e0000-0x000000400000 : "Board Config"
CPU 0 Unable to handle kernel paging request at virtual address 0000000000000028, epc == ffffffffc00f9234, ra == ffffffffc00f9210

When running tests/acceptance/linux_ssh_mips_malta.py:LinuxSSH.test_mips_malta64el_kernel3_2_0, I'm getting in roughly 8% of executions:

2019-09-18 22:37:43,665 linux_ssh_mips_m L0065 DEBUG| Intel/Sharp Extended Query Table at 0x0031
2019-09-18 22:37:43,668 linux_ssh_mips_m L0065 DEBUG| Using buffer write method
2019-09-18 22:37:45,722 linux_ssh_mips_m L0065 DEBUG| Searching for RedBoot partition table in physmap-flash.0 at offset 0x1003f0000
2019-09-18 22:37:46,287 linux_ssh_mips_m L0065 DEBUG| ESC[?25lESC[?1cESC7Creating 3 MTD partitions on "physmap-flash.0":
2019-09-18 22:37:46,287 linux_ssh_mips_m L0065 DEBUG| 0x000000000000-0x000000100000 : "YAMON"
2019-09-18 22:37:46,314 linux_ssh_mips_m L0065 DEBUG| 0x000000100000-0x0000003e0000 : "User FS"
2019-09-18 22:37:46,319 linux_ssh_mips_m L0065 DEBUG| 0x0000003e0000-0x000000400000 : "Board Config"
2019-09-18 22:37:47,260 linux_ssh_mips_m L0065 DEBUG| ESC[1G[ESC[32m ok ESC[39;49mCPU 0 Unable to handle kernel paging request at virtual address
0000000000000028, epc == ffffffffc00ed234, ra == ffffffffc00ed210
2019-09-18 22:37:47,262 linux_ssh_mips_m L0065 DEBUG| Oops[#1]:

And when running tests/acceptance/linux_ssh_mips_malta.py:LinuxSSH.test_mips_malta32eb_kernel3_2_0:

2019-09-19 00:02:47,151 linux_ssh_mips_m L0065 DEBUG| Searching for RedBoot partition table in physmap-flash.0 at offset 0x3f0000
2019-09-19 00:02:47,154 linux_ssh_mips_m L0065 DEBUG| No RedBoot partition table detected in physmap-flash.0
2019-09-19 00:02:47,847 linux_ssh_mips_m L0065 DEBUG| Creating 3 MTD partitions on "physmap-flash.0":
2019-09-19 00:02:47,850 linux_ssh_mips_m L0065 DEBUG| 0x000000000000-0x000000100000 : "YAMON"
2019-09-19 00:02:47,875 linux_ssh_mips_m L0065 DEBUG| 0x000000100000-0x0000003e0000 : "User FS"
2019-09-19 00:02:47,875 linux_ssh_mips_m L0065 DEBUG| 0x0000003e0000-0x000000400000 : "Board Config"
2019-09-19 00:02:48,792 linux_ssh_mips_m L0065 DEBUG| ESC[?25lESC[?1cESC7CPU 0 Unable to handle kernel paging request at virtual address 00000014,
 epc == c0205278, ra == c0205254
2019-09-19 00:02:48,794 linux_ssh_mips_m L0065 DEBUG| Oops[#1]:

The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Or mark it as "Fix Released" if the problem has been solved with a newer version of QEMU already. Thank you and sorry for the inconvenience.

This is an automated cleanup. This bug report has been moved
to QEMU's new bug tracker on gitlab.com and thus gets marked
as 'expired' now. Please continue with the discussion here:

 https://gitlab.com/qemu-project/qemu/-/issues/51