[Bug 72716] New: SIGBUS in EVERGREENUploadToScreen after hibernation (Linux 3.12.4-tuxonice)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Dec 14 11:53:14 PST 2013 

https://bugs.freedesktop.org/show_bug.cgi?id=72716

          Priority: medium
            Bug ID: 72716
          Assignee: dri-devel at lists.freedesktop.org
           Summary: SIGBUS in EVERGREENUploadToScreen after hibernation
                    (Linux 3.12.4-tuxonice)
          Severity: normal
    Classification: Unclassified
                OS: Linux (All)
          Reporter: txtoxtox285 at googlemail.com
          Hardware: x86-64 (AMD64)
            Status: NEW
           Version: unspecified
         Component: DRM/Radeon
           Product: DRI

Created attachment 90784
  --> https://bugs.freedesktop.org/attachment.cgi?id=90784&action=edit
dmsg

How to reproduce:
* boot 3.12.4-tuxonice; do not start X
* suspend to disk
* resume
* start KDE 4.10.5
* start Firefox

==> X dies with SIGBUS

Graphics hardware:  [AMD/ATI] Cedar [Radeon HD 5000/6000/7350/8350 Series];
VID:PID 1002:68f9, SVID:SPID 1043:03d8

Software:
* Kernel 3.12.4-tuxonice
* Gentoo:
** xorg-x11-7.4-r2
** xorg-server-1.14.3-r2
** xf86-video-ati-7.2.0

GDB:
(gdb) bt
#0  __memcpy_ssse3_back () at
../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:819
#1  0x00002af85fef84b4 in EVERGREENUploadToScreen (pDst=0x2187f90, x=0, y=0,
w=1516, h=43,
    src=0x21e1728 "", src_pitch=6064) at /usr/include/bits/string3.h:52
#2  0x00002af8603519dc in exaDoPutImage (src_stride=6064, bits=0x21e1728 "",
format=2, h=43, w=1516,
    y=<optimized out>, x=<optimized out>, pGC=0x1f373d0, pDrawable=0x2187f90,
depth=<optimized out>)
    at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/exa/exa_accel.c:212
#3  exaPutImage (pDrawable=0x2187f90, pGC=0x1f373d0, depth=32, x=0, y=0,
w=1516, h=43, leftPad=0,
    format=2, bits=0x21e1728 "")
    at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/exa/exa_accel.c:233
#4  0x000000000076616d in ProcPutImage (client=<optimized out>)
    at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/dix/dispatch.c:1966
#5  0x0000000000769556 in Dispatch ()
    at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/dix/dispatch.c:432
#6  0x0000000000757ef3 in main (argc=<optimized out>, argv=0x7fffd57dae58,
envp=<optimized out>)
    at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/dix/main.c:298

(gdb) info locals
pScrn = 0x1818d90
info = 0x1819350
accel_state = 0x2187f90
driver_priv = 0x1818d90 [bogus, should be 0x2052f10]
scratch = <optimized out>
copy_dst = 0x2024720
dst = 0x2af865f19000 <Address 0x2af865f19000 out of bounds>
size = <optimized out>
dst_domain = 4
bpp = <optimized out>
scratch_pitch = <optimized out>
copy_pitch = 6144
ret = <optimized out>
flush = <optimized out>
r = 1
i = <optimized out>
src_obj = {pitch = 3581782816, width = 32767, height = 1141, bpp = 0, domain =
0, bo = 0x1800018a33b0,
  tiling_flags = 3581782752, surface = 0x2af85fedec79
<RADEONEXAPixmapIsOffscreen+9>}
dst_obj = {pitch = 3581782784, width = 32767, height = 1614088140, bpp = 11000,
domain = 3581782784,
  bo = 0x2af85fedec79 <RADEONEXAPixmapIsOffscreen+9>, tiling_flags =
3581782816,
  surface = 0x2af8603507cc <exaPixmapHasGpuCopy_mixed+108>}
height = <optimized out>
base_align = <optimized out>
(gdb) p $driver_priv->bo
$1 = (struct radeon_bo *) 0x2024720
(gdb) p *((struct radeon_bo_gem*)copy_dst)
$2 = {base = {ptr = 0x2af865f19000, flags = 0, handle = 265, size = 7028736,
alignment = 256,
    domains = 4, cref = 1, bom = 0x1824130, space_accounted = 0,
referenced_in_cs = 0}, name = 0,
  map_count = 1, reloc_in_cs = {atomic = 0}, priv_ptr = 0x2af865f19000}
(gdb) x/x ((struct radeon_bo_gem*)copy_dst)->priv_ptr
0x2af865f19000: Cannot access memory at address 0x2af865f19000
(gdb) ^Z
[1]+  Stopped                 gdb -p $(pgrep X)
~ # grep 2af865f19000 /proc/$(pgrep X)/maps
2af865f19000-2af8665cd000 rw-s 10aa4c000 00:05 6534                     
/dev/dri/card0

---------------------------------------------------

Looks like EVERGREENUploadToScreen wants to memcpy into copy_dst->ptr,
which has a value of 0x2af865f19000 and which (according to /proc/$(pgrep
X)/maps)
*is* mapped and should be writable; however, it isn’t.

At this point I lost my wits and would be grateful for a pointer where this
memory is mapped,
both in user and kernel space.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20131214/2c4ac9d5/attachment-0001.html>

More information about the dri-devel mailing list