Donnie Berkholz wrote: > You might like to follow https://bugs.freedesktop.org/show_bug.cgi?id=943.
I'm now stuck again with a strange crash. DRI clients such as glxgears and glxinfo crash inside malloc(), probably due to memory corruption: ---cut--- #0 0x006dec48 in _int_malloc () from /lib/libc.so.6 #1 0x006e06f2 in malloc () from /lib/libc.so.6 #2 0xf7f8165c in drmMalloc (size=512) at ../../../../r300_driver/drm.newioctl32/libdrm32/xf86drm.c:158 #3 0xf7f82d60 in drmMapBufs (fd=7) at ../../../../r300_driver/drm.newioctl32/libdrm32/xf86drm.c:1150 #4 0xf7d203e1 in radeonCreateScreen (sPriv=0x8056168) at radeon_screen.c:502 #5 0xf7d208b0 in radeonInitDriver (sPriv=0x8056168) at radeon_screen.c:653 #6 0xf7d1c497 in __driUtilCreateNewScreen (dpy=0x804c008, scrn=0, psc=0x8054ed8, modes=0x0, ddx_version=0xffffb500, ---cut--- My feeling is this corruption might be caused by the kernel stomping over user memory somewhere within ioctl32(): ---cut--- ioctl(4, 0xc0086451, 0xffffcf44) = 0 ioctl(4, 0xc0086451, 0xffffcf44) = 0 ioctl(4, 0xc0086451, 0xffffcf44) = 0 mmap2(NULL, 524288, PROT_READ|PROT_WRITE, MAP_SHARED, 4, 0x80000) = 0xffffffffefc49000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 4, 0x1000) = 0xffffffffefc48000 ioctl(4, 0xc00c6419, 0xffffcef4) = 0 ioctl(4, 0xc00c6419, 0xffffcef4) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ ---cut--- (fd 4 is the card device) I've tracked the last to ioctl() calls to drm_ioctl32.c:drm_buf_map_32_64(), which I've instrumented with a few printk's, like so: ---cut--- static int drm_buf_map_32_64(unsigned int fd, unsigned cmd, unsigned long arg, struct file *file) { DECLARE_ARG32(drm32_buf_map_t); DECLARE_ARG64_NOALLOC(drm_buf_map_t); int err = 0; drm32_buf_pub_t __user *list32; drm_buf_pub_t __IOCTL32_USER *list64; int i, count, tmp_count; u64 tmp; DUMMY_ARG; DUMMY_ARG_P; OLD_FS; printk(KERN_DEBUG "bernie: drm_buf_map_32_64: %d, %x, %lx, %p\n", fd, cmd, arg, file); if (get_user(count,& ARG32(count)) || count < 0) return -EFAULT; if (get_user(tmp,&ARG32(list))) return -EFAULT; list32 = (drm32_buf_pub_t __user *) tmp; printk(KERN_DEBUG "bernie: count=%d\n", count); K_ALLOC(list64, count * sizeof (drm_buf_pub_t)); if (!list64) return -EFAULT; PUT_ARG64(list,list64); GET_USER(count); if (err) { K_FREE(list64); return -EFAULT; } SYS_IOCTL; if (err) { K_FREE(list64); return err; } PUT_USER(count); PUT_USER_P(virtual); GET_ARG64(tmp_count,count); if (count > tmp_count) count = tmp_count; for (i = 0 ; i < count; i ++) { printk(KERN_DEBUG "bernie: i=%d, idx64=%d, total64=%d, used64=%d,addr64=%d\n", i, list64[i].idx, list64[i].total, list64[i].used, list64[i].address); PUT_USER_ARG(list64[i].idx,list32[i].idx); PUT_USER_ARG(list64[i].total,list32[i].total); PUT_USER_ARG(list64[i].used,list32[i].used); PUT_USER_ARG_P(list64[i].address,list32[i].address); } K_FREE(list64); return err ? -EFAULT : 0; } ---cut--- And this is the dmesg output I get: ---cut--- bernie: drm_buf_map_32_64: 4, c00c6419, ffffcef4, ffff81006f76f080 bernie: count=0 SYS_IOCTL_FUNC called bernie: drm_buf_map_32_64: 4, c00c6419, ffffcef4, ffff81006f76f080 bernie: count=32 SYS_IOCTL_FUNC called bernie: i=0, idx64=134576296, total64=134573700, used64=-13364,addr64=134573688 bernie: i=1, idx64=-13336, total64=10282607, used64=134590276,addr64=-13160 bernie: i=2, idx64=134590276, total64=134590216, used64=16,addr64=134575272 bernie: i=3, idx64=-13272, total64=-137246631, used64=134592752,addr64=-13256 bernie: i=4, idx64=-13200, total64=-135048648, used64=0,addr64=0 bernie: i=5, idx64=-13208, total64=-13176, used64=134590312,addr64=5 bernie: i=6, idx64=134590312, total64=134573272, used64=-13160,addr64=10387328 bernie: i=7, idx64=134590312, total64=-13176, used64=134592752,addr64=-13176 bernie: i=8, idx64=4, total64=134573688, used64=0,addr64=0 bernie: i=9, idx64=-13000, total64=10301112, used64=134573272,addr64=134590312 bernie: i=10, idx64=134594655, total64=-13016, used64=-13020,addr64=-134925752 bernie: i=11, idx64=10387328, total64=0, used64=134573272,addr64=134573560 bernie: i=12, idx64=795308655, total64=794978668, used64=-134902188,addr64=6 bernie: i=13, idx64=134592696, total64=134575272, used64=6808360,addr64=7203530 bernie: i=14, idx64=0, total64=0, used64=134565472,addr64=0 bernie: i=15, idx64=134590311, total64=10390632, used64=0,addr64=-12968 bernie: i=16, idx64=134590301, total64=134590312, used64=134573296,addr64=29 bernie: i=17, idx64=-12808, total64=10295986, used64=134573272,addr64=134590312 bernie: i=18, idx64=10387328, total64=7704113, used64=-12840,addr64=72 bernie: i=19, idx64=8006848, total64=8006840, used64=-1,addr64=7999476 bernie: i=20, idx64=134576304, total64=7948829, used64=8005760,addr64=8005796 bernie: i=21, idx64=8005816, total64=21488, used64=2008,addr64=-12808 bernie: i=22, idx64=10387328, total64=134576304, used64=7999476,addr64=0 bernie: i=23, idx64=7204845, total64=10390632, used64=134573272,addr64=-12744 bernie: i=24, idx64=134573768, total64=524288, used64=8006844,addr64=0 bernie: i=25, idx64=-12744, total64=10299249, used64=521,addr64=3 bernie: i=26, idx64=7203007, total64=8005760, used64=134592792,addr64=7999476 bernie: i=27, idx64=134573272, total64=-12696, used64=7203007,addr64=134573272 bernie: i=28, idx64=64, total64=-12664, used64=-12648,addr64=134573272 bernie: i=29, idx64=16777217, total64=134575092, used64=7999476,addr64=134570408 bernie: i=30, idx64=7210738, total64=8005760, used64=512,addr64=-135269416 bernie: i=31, idx64=-12600, total64=-134736292, used64=512,addr64=0 glxgears32[4460]: segfault at 0000000000000008 rip 00000000006dec48 rsp 00000000ffffcdec error 6 ---cut--- Some of those numbers look weird to me, but I'm not sure what the correct values should look like. Any idea? (I'm leaving for vacation today and won't be able to read my mail for a few days). -- // Bernardo Innocenti - Develer S.r.l., R&D dept. \X/ http://www.develer.com/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel