Core dump when enabled CCW tracing for 2703 BSC device

[MattisLind]

I get a core dump from Hyperion when trying to login over BSC to the 2703 emulation in commadpt.c. It works fine in Spinhawk but not when trying Hyperion.

I get the TSO Login message. Then I am able to start the login process and get a few login messages from TSO and then Hyperion barfs.

I am on commit 2c0d41e of SDL Hyperion.

• Core file : https://drive.google.com/file/d/10Ts9wgjdlysAQ1ZfCFDc8zfGaEcpImWF/view?usp=sharing
• Config file: https://drive.google.com/file/d/1wgPTcfsn5hhFBsXI85h8BAx-KOYEqzq6/view?usp=sharing

Log file with t+604 (which is the 2703 used):

• https://drive.google.com/file/d/1zwbN4KGZ2n1Xb2_uhhslC_Y8mTaVuQGE/view?usp=sharing

Trying gdb on the Hercules binary with the core gives this:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  display_ccw (dev=dev@entry=0x34ec000, ccw=0x7f9bd2348ffb <error: Cannot access memory at address 0x7f9bd2348ffb>, addr=3233857728, 
    count=6470755, flags=flags@entry=32 ' ') at channel.c:789
789     if (IS_CCW_READ(ccw[0])             ||

Thread 1 (Thread 0x7f9ad04d3700 (LWP 23894)):
#0  display_ccw (dev=dev@entry=0x34ec000, ccw=0x7f9bd2348ffb <error: Cannot access memory at address 0x7f9bd2348ffb>, addr=3233857728, 
    count=6470755, flags=flags@entry=32 ' ') at channel.c:789
#1  0x00007f9ad4e8588d in s370_execute_ccw_chain (arg=arg@entry=0x34ec000) at channel.c:5415
#2  0x00007f9ad4e833a8 in call_execute_ccw_chain (arch_mode=<optimized out>, pDevBlk=pDevBlk@entry=0x34ec000) at channel.c:6246
#3  0x00007f9ad4e8d136 in device_thread (arg=<optimized out>) at channel.c:2463
#4  0x00007f9ad4b44225 in hthread_func (arg2=0x7f9ac8000ee0) at hthreads.c:1050
#5  0x00007f9ad49196ba in start_thread (arg=0x7f9ad04d3700) at pthread_create.c:333
#6  0x00007f9ad464f4dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

It appears that there is a wild BYTE pointer ccw dereferenced. The source of the problem somewhere around line 5415 in the function execute_ccw_chain in channel.c I believe:

hyperion/channel.c

Lines 5414 to 5417 in 928dd38

	/* Display CCW */
	display_ccw (dev,
	dev->mainstor +
	(prefetch.ccwaddr[ts] - 8),

Unfortunately it is very hard to get a grip of the code since it is not only 1500 lines long but also filled with goto.
What the prefetch system does is unclear to me.

However disabling this code by setting line 5399 to "if (false)" at least makes it not crash any longer:

hyperion/channel.c

Lines 5398 to 5400 in 928dd38

	/* Display prefetch data */
	if (prefetch.seq)
	{

The code that creates the path that is taken when it crashes was added in commit accb0fc. If this the offending commit or other commits after this has caused the problem is hard to say. I have been building those old versions but was unable to run them: "check-stop due to host error: Segementation fault". No other diagnostics given on what is happening.

[dasdman]

Notes:

1. Code path is used all the time when tracing; commit accb0fc in and of itself is not the error.
2. gotos were used due to the level of nesting of generated jump statements and secondary/tertiary/... if statements needed in C. C standard never properly permitted a multi-level break statements compatible across compilers. On older machines running the code paths, the difference was nearly a full percentage point CPU performance improvement and 4-5% in I/O rates under load.
3. CCW address is highly suspect as it is NOT on a proper boundary.
4. addr resolves to 0xC0C0C0, normally reserved for uninitialized storage.
5. count is out-of-range.
6. flags 0x20, if valid, indicates Suppress Length.

Need to collect additional information. In channel.c:

1. Set DEBUG_PREFETCH to 1 (around line 57)
2. Recompile and rerun with tracing for the device in error.

Will need to see the debug output starting at the beginning of the CCW chain in error, along with the dump. Please make sure compilation was with -g3 or -ggdb3 specified and preferably not optimized (-O0). Also need to know the compiler and compiler version/level used.

If no failure is seen with these options, then it is definitely a compiler failure and you will need to update your compiler.

[MattisLind]

$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/5/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 5.4.0-6ubuntu1~16.04.12' --with-bugurl=file:///usr/share/doc/gcc-5/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-5 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-5-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-5-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-5-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12) 


$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.7 LTS
Release:	16.04
Codename:	xenial

$ uname -r
4.4.0-187-generic

[MattisLind]

I used this to disable optimization:

make distclean ; ./configure --enable-optimization="-ggdb3 -g3 -O0"

Enabled DEBUG_PREFETCH

Then rebuilt the entire thing and re-installed. Now it crashes a bit later, but in a completely different location:

$ gdb hercules core
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from hercules...done.

warning: core file may not match specified executable file.
[New LWP 4259]
[New LWP 4224]
[New LWP 4231]
[New LWP 4232]
[New LWP 4234]
[New LWP 4227]
[New LWP 4233]
[New LWP 4239]
[New LWP 4235]
[New LWP 4242]
[New LWP 4226]
[New LWP 4240]
[New LWP 4230]
[New LWP 4246]
[New LWP 4245]
[New LWP 4241]
[New LWP 4273]
[New LWP 4247]
[New LWP 4248]
[New LWP 4228]
[New LWP 4229]
[New LWP 4260]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `hercules'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f968739a445 in logdump (txt=0x7f96873a4f1c "Writ", dev=0x2701000, 
    bfr=0x7f9686778000 '2' <repeats 12 times>, "\002'\361\301\021\302`\035\310\323\301\325\307\344\301\307\305@\327\331\326\303\305\342\342\311\325\307@\303\326\324\324\301\325\304\342z\035@\021\303\360\035\310\035@\021\305@\035\310\301\342\324@@@@@@@@\311\325\345\326\322\305@\301\342\342\305\324\302\323\305\331@\327\331\326\324\327\343\305\331@\301\325\304@\301\342\342\305\324\302\323\305\331@\306@\303\326\324\327\311\323\305\331K\035@\021\306P\035\310\303\301\323\303@@@@@@@\311\325\345\326\322\305@\311\343\306z\327\323a\361@\327\331\326\303\305\342\342\326\331@\306\326\331@\304\305\342\322@\303\301\323\303\344\323\301\343\326\331@\324\326\304\305K\035@\021\307`"..., 
    sz=129293) at commadpt.c:461
461	        MSGBUF(byte, "%02X",bfr[i]);
[Current thread is 1 (Thread 0x7f968678b700 (LWP 4259))]
(gdb) bt
#0  0x00007f968739a445 in logdump (txt=0x7f96873a4f1c "Writ", dev=0x2701000, 
    bfr=0x7f9686778000 '2' <repeats 12 times>, "\002'\361\301\021\302`\035\310\323\301\325\307\344\301\307\305@\327\331\326\303\305\342\342\311\325\307@\303\326\324\324\301\325\304\342z\035@\021\303\360\035\310\035@\021\305@\035\310\301\342\324@@@@@@@@\311\325\345\326\322\305@\301\342\342\305\324\302\323\305\331@\327\331\326\324\327\343\305\331@\301\325\304@\301\342\342\305\324\302\323\305\331@\306@\303\326\324\327\311\323\305\331K\035@\021\306P\035\310\303\301\323\303@@@@@@@\311\325\345\326\322\305@\311\343\306z\327\323a\361@\327\331\326\303\305\342\342\326\331@\306\326\331@\304\305\342\322@\303\301\323\303\344\323\301\343\326\331@\324\326\304\305K\035@\021\307`"..., 
    sz=129293) at commadpt.c:461
#1  0x00007f96873a304c in commadpt_execute_ccw (dev=0x2701000, code=1 '\001', flags=64 '@', chained=0 '\000', 
    count=129293, prevcode=0 '\000', ccwseq=0, 
    iobuf=0x7f9686778000 '2' <repeats 12 times>, "\002'\361\301\021\302`\035\310\323\301\325\307\344\301\307\305@\327\331\326\303\305\342\342\311\325\307@\303\326\324\324\301\325\304\342z\035@\021\303\360\035\310\035@\021\305@\035\310\301\342\324@@@@@@@@\311\325\345\326\322\305@\301\342\342\305\324\302\323\305\331@\327\331\326\324\327\343\305\331@\301\325\304@\301\342\342\305\324\302\323\305\331@\306@\303\326\324\327\311\323\305\331K\035@\021\306P\035\310\303\301\323\303@@@@@@@\311\325\345\326\322\305@\311\343\306z\327\323a\361@\327\331\326\303\305\342\342\326\331@\306\326\331@\304\305\342\322@\303\301\323\303\344\323\301\343\326\331@\324\326\304\305K\035@\021\307`"..., 
    more=0x7f9686775553 "", unitstat=0x7f9686775551 "", residual=0x7f9686775574) at commadpt.c:3376
#2  0x00007f969ede9062 in s370_execute_ccw_chain (arg=0x2701000) at channel.c:5133
#3  0x00007f969edfa252 in call_execute_ccw_chain (arch_mode=0, pDevBlk=0x2701000) at channel.c:6246
#4  0x00007f969ede441a in device_thread (arg=0x0) at channel.c:2463
#5  0x00007f969eaacf2f in hthread_func (arg2=0x7f9694000ae0) at hthreads.c:1050
#6  0x00007f969e8836ba in start_thread (arg=0x7f968678b700) at pthread_create.c:333
#7  0x00007f969e5b94dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Core file

Hercules log file

It appears that it tries to write enormous amount of data. Which is not at all correct.

[Fish-Git]

@dasdman
@MattisLind

I think I may know what your problem is. What guest operating system are you running under Hercules, and is device 604 by perchance used by BTAM?

If my suspicion is correct that your guest is using BTAM, then the cause of your problem is very likely that BTAM is dynamically modifying its channel program(s) "on the fly". This has been a known issue (problem) for as long as I can remember. Back in the day when I was gainfully employed as a DOS/VSE System Software Developer (and VM Administrator to boot), we used BTAM extensively and I recall having to define certain special options to VM/SP to accommodate this standard BTAM behavior. Even VSE itself had a handshaking option to notify CP whenever it dynamically modified one of its channel programs.

 

• Operating Systems in a Virtual Machine - Release 3 (GC19-6212-02), page 1-12:

BTAM Autopoll Channel Programs

If an operating system is executing BTAM channel programs, VM/SP checks each BTAM autopoll CCW string to see if it has been dynamically changed. This is done every time the string is executed. To bypass this checking, issue the CP command:

    set autopoll on

Whenever the BTAM autopoll CCWs are modified, OS Release 6 and DOS Release 34 with the Advanced Functions-DOS Program Product (Program No. 5746-XE2) use the DIAGNOSE instruction code X'28' to notify VM/SP.

The combination of the SET AUTOPOLL ON command and the use of the diagnose interface reduces VM/SP overhead and improves the overall performance for that particular user. However, both of these facilities must be active.

Warning: If a user has specified SET AUTOPOLL ON and the operating system does not use the diagnose interface, a channel program modification goes undetected.

The results are unpredictable.

 

• z/VM 7.1 Performance (SC24-6301-02), page 39:

VM/VS Handshaking

In addition to these facilities, the BTAM autopoll facility is supported, ...
... the PCI flag causes an interrupt and CP gains control to determine whether the corresponding virtual CCW string has been changed. Any changes found are made to the real CCW string while it is operating.
... When the SET AUTOPOLL ON command is entered, ... VSE checks for the changes and issue a DIAGNOSE X'28' to inform CP of each change.
If the facility is activated for a virtual machine that does not support the BTAM autopoll interface to z/VM, CP does not detect changes to the BTAM autopoll channel program and results are unpredictable.

 
(links to IBM web pages):

• "Before You Begin to Start Your Virtual Machine" (it mentions BTAM "autopoll" channel programs)
• "VM/VS Handshaking" (web version of SC24-6301-02)
   

As I said, I have not figured out precisely where in Hercules the "bug" is nor how to fix/workaround it yet, but if I discover anything I'll let you know.

In the mean time, please confirm or deny that your Hercules guest is using BTAM (or a program similar to BTAM that dynamically modifies channel programs on the fly). If it's not, then what I've written above isn't your problem.

I'm CC'ing Mark in the hope that he might be able to find the "bug" in channel.c. I use the term "bug" within scare quotes since I personally don't feel it's a bug per se. Rather, it is simply missing support for such unusual guest behavior. We'll probably need some type of new device flag to let Hercules's channel code know that this is a device whose channel programs are dynamically modified, and if set, to bypass CCW prefetch logic or something, but I leave all that to Mark. He's the channel expert.

Hope that helps!

[MattisLind]

Hello Fish and dasdman.

Sounds interesting. Just to make clear the OS is MVS 3.8j installed per the guidelines of Jay Moseley.

On top of that there are TCAM running to control the terminal. I build a TSOMCP program which I have described here.

I can run Hercules/Spinhawk with my patch to correctly handle ETX/ETB without any problems whatsoever. So there has to be some kind of difference in how Spinhawk deals with this and Hyperion-SDL. Most code differences are in the channel.c although there are some in commadpt.c as well.

To test this I use my simple testprogram called 3274emu and the x3270 client. The 3274emu takes a TN3270 session and sends the data over BSC/TCP.

3274emu was designed as a testing tool when building the BSCBridge firmware for the SyncDongle hardware. All this to be able to connect a real Alfaskop terminal with accompanying cluster controller and floppy unit to the Hercules emulator.

[Fish-Git]

I can run Hercules/Spinhawk with my patch to correctly handle ETX/ETB without any problems whatsoever. So there has to be some kind of difference in how Spinhawk deals with this and Hyperion-SDL.

Well DUH!   :)

We know what the channel code differences are between spinhawk and SDL Hyperion and we know why that is causing your crash. That's not the unknown. The unknown is precisely where in SDL Hyperion the problem is and how to fix/workaround the problem.

The issue has to do with CCW prefetching (I think) and the fact that the channel program is being dynamically modified on the fly by your guest unbeknownst to Hercules's channel logic, thereby causing it (SDL Hyperion's channel logic) to end up fetching garbage instead of the actual next CCW. Spinhawk doesn't crash because its channel logic doesn't do that. I always fetches the CCWs one at a time as they're being executed, so if MVS 3.8j's BTAM logic (presumed) dynamically changes a CCW, spinhawk will end up fetching that newly modified CCW and everything proceeds normally. (It's device tracing logic is also very different too.)

With SDL Hyperion however, due to CCW prefetching (Mark? Correct me if I'm wrong here!), instead of the next CCW being fetched, garbage is being fetched instead. Or something like that. I don't know the precise details, but honestly, it is absolutely no surprise whatsoever that spinhawk works fine since it's channel logic isn't as sophisticated (functionally correct) as SDL Hyperion's is. The channel code in SDL Hyperion is much closer to conforming to actual architectural specification. Spinhawk's channel code is not, and technically does not actually behave the way real channels do. It works, sure, but it's not as conformant to the actual specs as SDL Hyperion's channel code is.

To test this I use my simple testprogram called 3274emu and the x3270 client. The 3274emu takes a TN3270 session and sends the data over BSC/TCP.

Cool!  Can I use this program to connect my tn3270 program to it and then have it (3274emu) connect to Hercules via a 2703 device defined the same way that you have it defined?

0604    2703    lport=32701 lnctl=BSC dial=IN rto=20000

If so I might have to give it a try to see if I can recreate your crash on my Windows system. The only problem is, I don't have MVS 3.8j installed nor am I really that interested in doing so. I don't want to have to learn how to use yet another guest operating system just to debug/test Hercules. I'd rather have a simple standalone program I can use instead.

Can you tell me the series/sequence of commands that leads up to the failure? I might be able to write a quick and dirty standalone program that recreates the problematic sequence. The only missing piece of the puzzle is where (i.e. which CCW) and how BTAM is changing its channel program on the fly (presuming that's what it's doing). If I knew that, then I could throw together a dirt simple standalone program to recreate the problem. THAT would go a long way towards us being able to identify and fix this bug!

Thanks for any help you can provide and thank you for your continued patience as well.

(p.s. what you're doing sounds really cool! Trying to connect a real mainframe device to Hercules!)

[MattisLind]

Hello!

So I add here a more detailed instruction on how to recreate this.

I use Jay Moseley build of MVS and added built the TSOMCP program to control a BSC connect terminal through 2703. Here is a link to a tgz for the complete MVS environment fully configured:

• mvs-tcam.tgz

Unpack it to the mvs directory.

I also use the 3274emu test utility (not prettiest code around but it does its job). Best is to clone my entire repo., then you have all code to build 3274emu.

There is some description on how to build and use it in the README and the code itself.

Then the steps are (since you are experts on IBM and Hercules these steps are most likely redundant, but for completeness):

1. Start Hyperion in the mvs directory. The hercules config and everything is in place.
2. Enable tracing of device 604: t+604.
3. Enable logging: log hyperion.log.
4. Attach a console to Hyperion. I use c3270 for console. Port is 3270 on localhost, GROUPNAME console.
5. IPL the OS: ipl 150.
6. Now in the console, press <enter> to the first question.
7. Enter r 0,u in the console.
8. Enter r 1,noreq in the console.
9. Press F12. Now the MVS OS is up and running.
10. Now start the 3274emu program: ./3274emu 127.0.0.1 37252 127.0.0.1 32701.
    (Note: It will not try connecting to Hercules until it first gets an inbound tn3270 client connection to it in step 14.)
    Port 37252 is the port that you connect your tn3270 client to it with. Port 32701 is the port that 3274emu itself will use to connect to Hercules's BSC device 604 with.
11. Start the x3270 client. (Don't connect it to anything yet.)
12. Start TSO by entering S TP on the MVS console.
13. Enable it via: F TP,TS=START.
14. Now connect your tn3270 client (from step 11) to 3274emu by connecting to localhost 37252 (or whatever port 3274emu was started with; see step 10 above).
15. Press RESET and CLEAR in the x3270 client to get your TSO login prompt.
16. Overwrite the LOGIN prompt with the command LOGON HMVS01 and then Erase EOF. Press <enter>.
17. Now you should be logged in to TSO.
18. After pressing <enter> a couple of times, TSO should be ready.
19. Enter the HELP command. MVS now starts doing things with Hercules tracing I/O to device 604, but it (Hercules) quite quickly crashes due to the bug in the I/O tracing logic.

[Fish-Git]

3. Enable logging: log hyperion.log.

FYI:  The preferred way to create a Hercules log is to start Hercules itself with logging enabled via simple standard output redirection:

hercules > hyperion.log

Refer to the Hercules "> logfile" command line "option".

Note that you might need to make a minor change to one or more of the MVS 3.8j package's pre-provided script/batch files in order to accomplish that, but it is recommended that you take the time to do so.

Starting Hercules with standard output redirected to a log file (> logfile) will cause your logfile to contain everything (i.e. all messages) from the very beginning of Hercules startup. Doing it the way you are currently doing, the all important startup/initialization messages are missing from your resulting manually created logfile.

I really wish the people responsible for the MVS 3.8j package ("TK4-"?) would fix that. It's been a problem (bug) for a long time now. Being able to capture the Hercules startup/initialization messages in the logfile becomes very important when trying to debug a problem!

[Fish-Git]

I am personally unable to proceed with debugging this issue due to the unavailability of a Windows version of your 3274emu utility. For me to try and convert 3274emu to Windows would involve more effort than I am willing to expend.

[Fish-Git]

Mattis,   (@MattisLind)

Have you tried Mark's suggested patch to channel.c yet? In case you missed it, here it is again:

One item to try (untested) is to reactivate the "if" statement at lines 5084 & 5085 in channel.c.

Change:

        /* Note: This test is commented out as we prefetch the data;
                 chain data, therefore, must always be handled.

        if ((dev->orb.flag5 & ORB5_P) ||
            dev->cdwmerge)                                        */

to:

        /* Note: Normally this test is commented out as we prefetch
           the data; when this is done, chain data, therefore, must
           always be handled. */

        if (((dev->orb.flag5 & ORB5_P) | dev->cdwmerge))

And, yes, the logical OR is correct; fewer cycles to OR the values together and then perform the test in the code generated rather than two tests and two possible branches.

The below patch contains Mark's above suggested change. Please apply it to current git, rebuild Hercules, and then try your test again, letting us know whether or not Hercules still crashes or not. We're hoping it won't.

• #319.patch.txt

Thanks!

[Fish-Git]

Hello? (@MattisLind)

Anyone home?

[MattisLind]

Been busy with work, life in general and other projects. Sorry.

I have tested applying the above patch. It makes the situation worse. With this patch it is not possible to IPL the system properly any longer.

After doing the IPL 150 in the Hercules console I get the usual "IEA101A SPECIFY SYSTEM FOR RELEASE 03.8 .VS2"
At this point you would normally press ENTER in the c3270 window to let MVS continue.

Now what happens when I press enter is that I get a message from c3270 saying:
"
Unknown 3270 Data Stream command: 0x40

Press to resume session.
c3270>
"
Pressing Enter at this point resumes the session but nothing more is printed on the screen and nothing happens whatever I type. So definitely a regression compared to the previous situation.

The log file is here:

log file

[Fish-Git]

I have tested applying the above patch. It makes the situation worse. [...]

Dang.   :(

Oh well. I guess we'll have to let Mark look into this issue whenever he can (which as we both know may be quite a while given his current workload and financial situation).

But don't despair! We'll get it figured out eventually! I promise you!

---

As mentioned earlier, if I had a Windows version of your 3274emu utility that I could use, then I could debug this problem directly myself. But I honestly don't have the time it would take to convert it to Windows. I tried but quickly gave up. There are simply too many changes that would need to be made. Maybe you can get someone else to do it for you?

And while I do indeed have a version of Linux installed in a VMware virtual machine that I could use (CentOS 6.10), my Linux debugging skills are virtually non-existent so my trying to debug it using Linux is pretty much a no-go from the get-go. Sorry!

[MattisLind]

You should be able to run 3274emu on the VMware virtual machine while Hyperion runs on windows I guess. The command line can be used to specify a different host than localhost if one wish so. 3274emu is just a simple network tool and as long as the ports are not behind a firewall on the VMware machine it should work fine as far as I can see.

[dasdman]

MVS is in a minimal I/O mode for console support in handling the IEA101A message and response. The non-response issue also appeared heavily on real hardware when certain timings happened. One item to try is instead of just hitting enter is to respond with “r 00,u”. A console device trace would also be helpful.

[MattisLind]

The same happens if I try r 0,u (or r 00,u for that matter)

log file with trace on console device

[Fish-Git]

You should be able to run 3274emu on the VMware virtual machine while Hyperion runs on windows I guess. The command line can be used to specify a different host than localhost if one wish so. 3274emu is just a simple network tool and as long as the ports are not behind a firewall on the VMware machine it should work fine as far as I can see.

(Doh!)   Thanks. I'm duly embarrassed for not having thought of that myself. I will give it a try as soon as I can and get back to you. (Might still be a day or three however due to my own workload.)

[Fish-Git]

@MattisLind

FYI: "A day or three" == "(undefined length of time)".   ;-)

also use the 3274emu test utility (not prettiest code around but it does its job). Best is to clone my entire repo., then you have all code to build 3274emu.

There is some description on how to build and use it in the README and the code itself.

I could not find any instructions on how to build 3274emu. I cloned your repo, so I supposedly have everything I need, but I don't know how to build anything! HELP!! All I need is 3274emu!!

I'm using CentOS 6.10 under VMware, which I use to build Hercules all the time, so I know I have all the pieces needed. I just need a makefile and a command I can use to build 3274emu!! HELP!!

(p.s. it doesn't matter if I have to build a bunch of other stuff that I don't need. That's okay. As long as 3274emu also gets built, then that's fine. I just need 3274emu one way or the other! Thanks.)

[MattisLind]

Sorry Fish! My bad. All these small stupid utils I just compiled directly on the command line without proper makefile.

c++ -DDEBUG -DHERCULES 3274emu.cpp ../BSCGateway/BSCBridge/MessageFSM.cpp ../BSCGateway/BSCBridge/crc-16.cpp -o 3274emu

EDIT: I just saw that in the top comment of the 3274emu.cpp file it says "Compile using ..."

[Fish-Git]

THANK YOU! I was able to successfully build and run 3274emu on my CentOS 6.10 system, and used it to attempt reproducing your problem (crash) as detailed in your earlier post.

Unfortunately however, my attempt was unsuccessful.   :(

First, after entering s tp, the system loops 100% CPU for a minute or so, and then eventually issues message IED079I:

12. Start TSO by entering S TP on the MVS console.

  - s tp                                                               
    $HASP100 TP       ON STCINRDR                                      
  - $HASP373 TP       STARTED                                          
  - IEF403I TP - STARTED - TIME=01.13.31                               
00  IED079I ENDING STATUS NOT RECEIVED FROM LINE 604 - LINE UNAVAILABLE

Presuming that's normal I then entered the f tp,ts=start command, but got a "member not found" error:

13. Enable it via: F TP,TS=START.

00- f tp,ts=start                      
    IKJ408I MEMBER 'IKJPRM00' NOT FOUND
    IKJ019I TIME SHARING IS INITIALIZED

Ever thinking positively, I presumed that was benign as well, and pushed on, eventually reaching steps 16-18:

16. Overwrite the LOGIN prompt with the command LOGON HMVS01 and then Erase EOF. Press <enter>.
17. Now you should be logged in to TSO.
18. After pressing <enter> a couple of times, TSO should be ready.

However, after receiving the login prompt and entering the LOGON HMVS01 command (and yes, I did hit Erase EOF to erase the text first!), the login appeared to have failed(?): instead of getting some type of TSO screen (which I presume is what I should have seen), I get some type of "invalid login" error message which is immediately overlaid with another login prompt. That is to say, I am apparently never able to successfully login to TSO.   :(

Do I need to enter a password on my login? Should the command instead be: LOGON HMVS01 password? (where "password" is of course the TSO password for user HMVS01, which I was not provided?)

Bottom line: since I was never able to logon to TSO (and thus was never able to reach step 19), I was never able to reproduce your crash.   :(

What now?

[MattisLind]

That is indeed strange. Tried again here and could reproduce the crash.

The HMVS01 user has no password.

[Fish-Git]

What am I supposed to see (what does the 3270 screen look like) after logging on to TSO? (i.e. after entering LOGON HMVS01, erasing EOF, and pressing enter, what does your 3270 screen look like?)

[MattisLind]

After the login there shall be a transient screen saying something about login in progress.
This is how it should look like in the steady state.

A good idea is to use Hercules 3.13 as a reference. Make sure to include the patch I have created to make it work correctly. PR with BSC fixes

I have BTW now bitten the bullet and compiled gcc 10.2.0 so the "old compiler" issue is off the table. It still crashes. Sometimes it crashes directly after logging in. Sometimes I am able to issue the HELP command and then it crashes during the printout of the HELP screens.

Just like before Hercules is spewing out loads and loads of data over the TCP socket.

While compiling I see quite many warnings about potential buffer overflows:
msgenu.h:207:33: note: 'snprintf' output between 22 and 85 bytes into a destination of size 64 207 | #define MSGBUF( _buf, ... ) snprintf(_buf, sizeof(_buf), ## __VA_ARGS__ ) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Fish-Git]

A good idea is to use Hercules 3.13 as a reference. Make sure to include the patch I have created to make it work correctly. PR with BSC fixes

I'll try to remember to eventually give that a try. Thanks.

While compiling I see quite many warnings about potential buffer overflows:

msgenu.h:207:33: note: 'snprintf' output between 22 and 85 bytes into a destination of size 64 207
#define MSGBUF( _buf, ... )     snprintf(_buf, sizeof(_buf),      ## __VA_ARGS__ )
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Obvious compiler bug.

Maybe that's your problem? Maybe that's what's causing your crash?[1] Maybe your compiler is generating bad code that results in your crash? <shrug> Just a thought. And the only reason I say this is because of the example compiler warning you provided, which is obviously 100% bogus, indicating a buggy compiler.

Just as a point of note too, so far I have been using using current SDL Hyperion (i.e. as of commit 360156d) for all of my tests, not commit 2c0d41e which appears to be what you are using.

I will next try 2c0d41e (the same as what you are using, but with your patch applied of course)[2], to see whether that makes any difference.

In the mean time, have YOU tried using the latest and greatest most current SDL Hyperion yet? Does it also crash the same way?

Finally, something else to consider: the tn3270 emulator you are using: x3270. Have you tried a different tn3270 client? I'm using Tom Brennan's Vista tn3270 on Windows, not x3270 (which I don't have on my Linux system). I had to make a minor change to your 2703 device statement [3] so my Windows system could connect to 3274emu running on my Linux system, but I don't think that makes any difference.

(And just to make sure we're on the same page, are you using your 3274emu utility too? Or are you connecting directly to Hercules? I'd just like to confirm that too.)

Oh yeah! I'm also using CCKD64 dasd too, not CCKD, but I seriously doubt that makes any difference.

Let me do some more testing to see if I can eventually recreate your crash on my Windows system. Maybe the problem is in the difference in the way sockets are handled on Linux vs. the way they're handled on Windows? Dunno. <shrug> I'll also have to try running it on Linux instead too, to see whether that makes any difference. Maybe it's the difference in the way sockets are handled on Linux vs. on Linux that's causing the crash? Dunno. Something else for me to try.

Bottom line: I'm trying to get to the bottom of this! But obviously having trouble recreating it. But don't despair: I'll eventually figure it out I'm sure.

---

[1] I'm not talking about your specific msgenu.h:207:33: compiler warning example either. I'm talking "in general". That is to say, your compiler, when compiling is generating bad code for either commadpt.c or channel.c such that your crash occurs when tracing is enabled?

[2] Which has already been applied to SDL Hyperion by commit 7c83bd1 made on July 20.

[3] I added a lhost=<my windows ip addr> option to my 2703 device statement (in addition to the existing lport=32701 option) so that my 3274emu instance running on my Linux virtual machine could connect to my Hercules instance running on my Windows host. But again, I don't believe that makes any difference. I also had to temporarily disable the firewall on my Linux machine too (so my tn3270 client could connect to 3274emu running on my Linux system), but I don't believe that should make any difference either.

I'm only itemizing the differences so we have a record of how my attempts to recreate your crash are obviously different from the environment that you use where the crash occurs, just in case one of them does unexpectedly make a difference.

[wrljet]

While compiling I see quite many warnings about potential buffer overflows:

msgenu.h:207:33: note: 'snprintf' output between 22 and 85 bytes into a destination of size 64 207
#define MSGBUF( _buf, ... )     snprintf(_buf, sizeof(_buf),      ## __VA_ARGS__ )
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Obvious compiler bug.

Not that this has anything to do with the issue at hand, that msg is a gcc "note", not a "warning".

Here's an example:

console.c:2915:5: note: 'snprintf' output between 29 and 599 bytes into a destination of size 256
     MSGBUF( hostmsg, MSG_C( HHC01031, "I"

The pre-processor expands that to:

snprintf(hostmsg, sizeof(hostmsg), "HHC01031" "%s " "Running on %s (%s-%s.%s %s %s)" "",
	"I",
	hostinfo.nodename , // field size 64
	hostinfo.sysname ,  // field size 64
	hostinfo.release ,  // field size 64
	hostinfo.version ,  // field size 64
	hostinfo.machine ,  // field size 64
	procsmsg )          // field size 256

What the compiler msg is stating is true. It's not a bug.
The compiler cannot tell what length strings will be present at runtime, and it's
just letting us know the output buffer might not hold it all.

Bill

[Fish-Git]

Not that this has anything to do with the issue at hand, that msg is a gcc "note", not a "warning".

What the compiler msg is stating is true. It's not a bug.
The compiler cannot tell what length strings will be present at runtime, and it's
just letting us know the output buffer might not hold it all.

Ah. I see. GCC is just trying to be <cough> "helpful", eh?   <me, rolls eyes>

In my years of experience using gcc for Hercules development, gcc's overabundance of "helpful" warning and note messages only serve to accomplish the complete opposite of their intended function. They are rarely if ever helpful and only serve to get in the way and either alarm developers who then must go out of their way to suppress such <cough> "helpful" messages or cause actual bona-fide important messages to be missed due to their spamming the log with an overabundance of "helpful" messages (which, as said, only serve to accomplish the complete opposite of their intended effect).

But then to be fair that's probably because Hercules's build default on Linux is to "show me everything!" instead of simply requesting default gcc message settings? Maybe we should consider fixing/changing that?

[MattisLind]

To rule out potential environment problems I got myself a new cloudserver. I installed it with Ubuntu 18.04. Not very old. Not the latest. I then installed gcc, g++, make and tools. gcc is now 7.5.0

I cloned the spinhawk repo and built it. Then downloaded the mvs environment from the link in this thread. I started hercules and was able to connect to the hercules from my c3270 console from my laptop, ipled the system and started TCAM. Then started 3274emu x3270 on my laptop and performed the steps above. Worked as expected. Was able to log in and was greeted with the TSO screen. I never applied my ETX/ETB length patch so there were some problems. But it worked.

Then I did exactly the same steps with Hyperion-SDL. Cloned it from HEAD (6de77e1) and built the thing with ./configure and make. I did a make check which revealed some kind of problem. 1 out 322 tests was failing:

`

line 83478: Informational message mismatch.
Want: HHC17003I MAIN storage is 1G (mainsize); storage is not locked
Got: HHC02388E Configure storage error -1
line 83507: Informational message mismatch.
Want: HHC17003I MAIN storage is 2G (mainsize); storage is not locked
Got: HHC02388E Configure storage error -1
line 83523: Informational message mismatch.
Want: HHC17003I MAIN storage is 2G (mainsize); storage is not locked
Got: HHC02388E Configure storage error -1
line 83539: Informational message mismatch.
Want: HHC17003I MAIN storage is 2G (mainsize); storage is not locked
Got: HHC02388E Configure storage error -1
line 83591: Informational message mismatch.
Want: HHC17006W MAINSIZE decreased to 2G architectural maximim
Got: HHC02204I ARCHLVL set to S/370
Test "mainsize check storage size": 21 OK compares. 5 failures.
`

Nevertheless I decided to give it a try so I did a make install and started hercules in the mvs directory.

The c3270 client on my laptop connected to Hyperion and got the Hyperion 3270 greeting screen. Then when ipling the system nothing whatsoever happened. It just sat there. One could see the instruction count increasing. Typing exit on the hercules prompt gave "HHC01420I Begin Hercules shutdown". But it never really exited. Had to Ctrl-Z and kill -9 it.

[Fish-Git]

I just tried Herc 3.13, and the behavior is exactly identical as when SDL Hyperion is used: whenever I connect my 3270 client (from Windows) to 3274emu (on Linux), I get the login prompt, but upong entering the logon command, the logon appears to fail because I'm almost immediately presented with another identical login prompt. I am unable to login to TSO.   :(

One thing that bothers me is the terminology you use when describing your connecting 3270 sessions:

... and was able to connect to the hercules from my c3270 console from my laptop ...

Then started 3274emu x3270 on my laptop ...

The c3270 client on my laptop connected to Hyperion ...

I'm not familiar with the tn3270 client you are using, but why is it that you sometimes use the term "c3270" whereas other times you use "x3270"? Is there a difference? If so, WHAT is the difference?

Is it possible for you to try your same test using a different 3270 client? What other tn3270 products are there for Linux?

If needed, is there a way for ME to get x3270 installed on MY Linux system? [*]   It appears that I do indeed have "c3270" on my Linux system: a 'which c3270' does indeed return a path (/usr/bin/c3270), and entering the command 'c3270' does present me with a small banner and a "c3270>" prompt, but I don't know what to do from there. I don't know how to use it. But "x3270" is nowhere on my system. Is there a difference between the two and if so WHAT is it?

I'n beginning to suspect the problem may be in what the 3270 client is sending to your 3274emu utility and what your 3274emu utility is then sending to Hercules.

Thanks.

(This is so very frustrating! It shouldn't be this difficult to get this working!)

---

[*] And is so, is there any type of configuration I need to do after installing it? And can you give me any tips on how to use it?

[wrljet]

Fish,

I'm not familiar with the tn3270 client you are using, but why is it that you sometimes use the term "c3270" whereas other times you use "x3270"? Is there a difference? If so, WHAT is the difference?

Is it possible for you to try your same test using a different 3270 client? What other tn3270 products are there for Linux?

If needed, is there a way for ME to get x3270 installed on MY Linux system? [*] It appears that I do indeed have "c3270" on my Linux system: a 'which c3270' does indeed return a path (/usr/bin/c3270), and entering the command 'c3270' does present me with a small banner and a "c3270>" prompt, but I don't know what to do from there. I don't know how to use it. But "x3270" is nowhere on my system. Is there a difference between the two and if so WHAT is it?

x3270 is the X windows version of the same program.
c3270 is the curses terminal version.

On CentOS you should be able to install it with:

sudo yum install x3270
sudo yum install x3270-x11

And then just run x3270

Bill

[wrljet]

To rule out potential environment problems I got myself a new cloudserver. I installed it with Ubuntu 18.04. Not very old. Not the latest. I then installed gcc, g++, make and tools. gcc is now 7.5.0

Then I did exactly the same steps with Hyperion-SDL. Cloned it from HEAD (6de77e1) and built the thing with ./configure and make. I did a make check which revealed some kind of problem. 1 out 322 tests was failing:

Ubuntu 18.04 and gcc 7.5.0 are in my test suite for the build changes I'm working on, and
all tests pass here.

How much ram and how many CPU cores are you running?

Can you post the output from these:
uname -a
util/bldlvlck
./config.status --config

I'd like to try building with your exact settings.

Thanks,
Bill

[Fish-Git]

@MattisLind
@wrljet

Bill Lewis wrote:

sudo yum install x3270-x11

Thank you, Bill!

When I tried installing x3270, it said it was already installed (which I thought was strange), but then I tried installing x3270-x11, and sure enough, it installed just fine!

Then I started x3270 just to see what it looked like and how it behaved. It's mouse/menu handling sucks. It behaves like the Mac: clicking on a menu displays the menu, but the click isn't sticky like the way I'm used to. As soon as you let the mouse button go, the menu you clicked on disappears! I was expecting normal menu behavior like the way it works on every other program on Linux and Windows and everywhere else: you click a menu and it drops down but doesn't disappear as soon as the mouse button is released. So then you can mouse over the menu item you want and click on that item to "execute" that menu command. But with x3270, its menus aren't "sticky"! No big deal though. I can deal with it.

I then investigated how to do a "Reset" and "Clear" and "Erase EOF", and just could not figure it out! ..... at first. But then I noticed an interesting keyboard icon/image at the top right of the screen, so I clicked that and VOILA! A very nice auxilary window appeared with buttons for all of the usual 3270 functions! PA1, Clear, Reset, Erase EOF, Erase Input, Cursor Up, Cursor Down, etc... Great!

So now we get to the good part.   :)

Long story short: I was able to recreate the crash! Every time! But for me, the crash occurs as soon as I try to logon. I do reset and clear and get my login prompt. I then enter my login (LOGON HMVS01), Erase EOF and press enter, and BOOM! Hercules immediately crashes! I tried it twice and both times it crashed immediately upon attempting to logon, so the crash appears to be consistent.

So now that I am able to recreate the bug, I can now begin looking into the cause of the crash and hopefully devise a fix for you. Given my current workload however (I'm also working on something else too at the same time), it might be a "day or three" (*) before I have a fix.

Thank you both for the great help you've each provided! I couldn't have gotten this far without you guys. MUCH appreciated!!

So hang in there Mattis!  A fix is on the way!!     :))

---

(*) And please remember that "A day or three" == "(undefined length of time)".     ;-)

[Fish-Git]

FYI: Lesson learned: apparently your 3274emu utility was written to work only with x3270, but not with any other tn3270 client.

I wish I had known that earlier!

[Fish-Git]

UPDATE:

I tried it twice and both times it crashed immediately upon attempting to logon, so the crash appears to be consistent.

It's not as consistent as I had originally thought. I just tried it again, and this time I was actually able to successfully logon to TSO! And not only that, after logging on (and seeing my nice TSO welcome screen), I entered "help", and that worked too! No crash! It displayed a nice(?) help screen (list of commands?).

So I then entered "logoff", and I guess it logged me off, because the help screen changed. (logoff was no longer in the list). So then I entered "logoff" again, and THIS time it crashed!

So the crash isn't consistent as I originally thought. But hey, at least I am able to cause a crash without a lot of effort, so I am be able to look into the problem.

In fact, I think I may have already found the bug!   :)

Give me "a day or three" to do some more tests to make sure I've actually found it and that I know how to fix it, and then I'll go ahead and commit it and let you know.

So hang loose! Things are looking good!

(This is great!)

[Fish-Git]

@MattisLind

Fixed by commit 1ba20b4.

Closing.

[Fish-Git]

@MattisLind

Then I did exactly the same steps with Hyperion-SDL. Cloned it from HEAD (6de77e1) and built the thing with ./configure and make. I did a make check which revealed some kind of problem. 1 out 322 tests was failing:

I don't know why the "mainsize check storage size" test failed for you, but it's really not that big of a deal. If it always fails for you however, then we might want to look into it, but for now, I'm not going to worry about it.

Nevertheless I decided to give it a try so I did a make install and started hercules in the mvs directory.

The c3270 client on my laptop connected to Hyperion and got the Hyperion 3270 greeting screen. Then when ipling the system nothing whatsoever happened. It just sat there. One could see the instruction count increasing. Typing exit on the hercules prompt gave "HHC01420I Begin Hercules shutdown". But it never really exited. Had to Ctrl-Z and kill -9 it.

THIS however, is somewhat concerning!

I'll have to give it a try on my Linux system to see whether or not it behaves similarly. FWIW, it works flawlessly on Windows. <shrug>

If it continues to fail the same way every time you try it, then that's something we'll definitely need to look into it. If that's the case, then please open a new GitHub Issue so we can look into it. Thanks.

In the mean time, as my previous comment states, your original crash when CCW tracing 2703 BSC device issue should be fixed now. Please give SDL Hyperion another try to confirm. Thanks.

[wrljet]

@MattisLind
@wrljet

Bill Lewis wrote:

sudo yum install x3270-x11

Thank you, Bill!

When I tried installing x3270, it said it was already installed (which I thought was strange), but then I tried installing x3270-x11, and sure enough, it installed just fine!

x3270 is the guts and x3270-x11 is the GUI front end.

Then I started x3270 just to see what it looked like and how it behaved. It's mouse/menu handling sucks. It behaves like the Mac: clicking on a menu displays the menu, but the click isn't sticky like the way I'm used to. As soon as you let the mouse button go, the menu you clicked on disappears! I was expecting normal menu behavior like the way it works on every other program on Linux and Windows and everywhere else: you click a menu and it drops down but doesn't disappear as soon as the mouse button is released. So then you can mouse over the menu item you want and click on that item to "execute" that menu command. But with x3270, its menus aren't "sticky"! No big deal though. I can deal with it.

I don't run that thing, myself.

Yeah, it's an X Windows (X11) program. And they, well, take some getting used to.
That was (I believe) the first GUI rigging for Unix back in 1984.

Glad you got it going!
Bill

[wrljet]

@MattisLind

Fixed by commit 1ba20b4.

Closing.

Painful to reproduce and good to get it fixed!

[MattisLind]

@MattisLind

Fixed by commit 1ba20b4.

Closing.

That is fantastic!

Thanks!

[wrljet]

Fish,

Can we (meaning you, since I don't know how :-), create a new issue for this Mainsize Test problem.
I have been able to reproduce it quite easily. It would be better to discuss it in its own place.

Bill

[Fish-Git]

@wrljet

... (meaning you, since I don't know how :-), create a new issue for ...

See that big green "New issue" button at the top right of your screen? Click it.