<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - SIGBUS in EVERGREENUploadToScreen after hibernation (Linux 3.12.4-tuxonice)"
href="https://bugs.freedesktop.org/show_bug.cgi?id=72716">72716</a>
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dri-devel@lists.freedesktop.org
</td>
</tr>
<tr>
<th>Summary</th>
<td>SIGBUS in EVERGREENUploadToScreen after hibernation (Linux 3.12.4-tuxonice)
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux (All)
</td>
</tr>
<tr>
<th>Reporter</th>
<td>txtoxtox285@googlemail.com
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86-64 (AMD64)
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Component</th>
<td>DRM/Radeon
</td>
</tr>
<tr>
<th>Product</th>
<td>DRI
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=90784" name="attach_90784" title="dmsg">attachment 90784</a> <a href="attachment.cgi?id=90784&action=edit" title="dmsg">[details]</a></span>
dmsg
How to reproduce:
* boot 3.12.4-tuxonice; do not start X
* suspend to disk
* resume
* start KDE 4.10.5
* start Firefox
==> X dies with SIGBUS
Graphics hardware: [AMD/ATI] Cedar [Radeon HD 5000/6000/7350/8350 Series];
VID:PID 1002:68f9, SVID:SPID 1043:03d8
Software:
* Kernel 3.12.4-tuxonice
* Gentoo:
** xorg-x11-7.4-r2
** xorg-server-1.14.3-r2
** xf86-video-ati-7.2.0
GDB:
(gdb) bt
#0 __memcpy_ssse3_back () at
../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:819
#1 0x00002af85fef84b4 in EVERGREENUploadToScreen (pDst=0x2187f90, x=0, y=0,
w=1516, h=43,
src=0x21e1728 "", src_pitch=6064) at /usr/include/bits/string3.h:52
#2 0x00002af8603519dc in exaDoPutImage (src_stride=6064, bits=0x21e1728 "",
format=2, h=43, w=1516,
y=<optimized out>, x=<optimized out>, pGC=0x1f373d0, pDrawable=0x2187f90,
depth=<optimized out>)
at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/exa/exa_accel.c:212
#3 exaPutImage (pDrawable=0x2187f90, pGC=0x1f373d0, depth=32, x=0, y=0,
w=1516, h=43, leftPad=0,
format=2, bits=0x21e1728 "")
at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/exa/exa_accel.c:233
#4 0x000000000076616d in ProcPutImage (client=<optimized out>)
at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/dix/dispatch.c:1966
#5 0x0000000000769556 in Dispatch ()
at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/dix/dispatch.c:432
#6 0x0000000000757ef3 in main (argc=<optimized out>, argv=0x7fffd57dae58,
envp=<optimized out>)
at
/mnt/var-pub/tmp/portage/x11-base/xorg-server-1.14.3-r2/work/xorg-server-1.14.3/dix/main.c:298
(gdb) info locals
pScrn = 0x1818d90
info = 0x1819350
accel_state = 0x2187f90
driver_priv = 0x1818d90 [bogus, should be 0x2052f10]
scratch = <optimized out>
copy_dst = 0x2024720
dst = 0x2af865f19000 <Address 0x2af865f19000 out of bounds>
size = <optimized out>
dst_domain = 4
bpp = <optimized out>
scratch_pitch = <optimized out>
copy_pitch = 6144
ret = <optimized out>
flush = <optimized out>
r = 1
i = <optimized out>
src_obj = {pitch = 3581782816, width = 32767, height = 1141, bpp = 0, domain =
0, bo = 0x1800018a33b0,
tiling_flags = 3581782752, surface = 0x2af85fedec79
<RADEONEXAPixmapIsOffscreen+9>}
dst_obj = {pitch = 3581782784, width = 32767, height = 1614088140, bpp = 11000,
domain = 3581782784,
bo = 0x2af85fedec79 <RADEONEXAPixmapIsOffscreen+9>, tiling_flags =
3581782816,
surface = 0x2af8603507cc <exaPixmapHasGpuCopy_mixed+108>}
height = <optimized out>
base_align = <optimized out>
(gdb) p $driver_priv->bo
$1 = (struct radeon_bo *) 0x2024720
(gdb) p *((struct radeon_bo_gem*)copy_dst)
$2 = {base = {ptr = 0x2af865f19000, flags = 0, handle = 265, size = 7028736,
alignment = 256,
domains = 4, cref = 1, bom = 0x1824130, space_accounted = 0,
referenced_in_cs = 0}, name = 0,
map_count = 1, reloc_in_cs = {atomic = 0}, priv_ptr = 0x2af865f19000}
(gdb) x/x ((struct radeon_bo_gem*)copy_dst)->priv_ptr
0x2af865f19000: Cannot access memory at address 0x2af865f19000
(gdb) ^Z
[1]+ Stopped gdb -p $(pgrep X)
~ # grep 2af865f19000 /proc/$(pgrep X)/maps
2af865f19000-2af8665cd000 rw-s 10aa4c000 00:05 6534
/dev/dri/card0
---------------------------------------------------
Looks like EVERGREENUploadToScreen wants to memcpy into copy_dst->ptr,
which has a value of 0x2af865f19000 and which (according to /proc/$(pgrep
X)/maps)
*is* mapped and should be writable; however, it isn’t.
At this point I lost my wits and would be grateful for a pointer where this
memory is mapped,
both in user and kernel space.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>