Ubuntu
xserver-xorg-video-savage package

segfault during X startup with savage driver

Bug #311544 reported by knarf
6
Affects Status Importance Assigned to Milestone
X.Org X server
Fix Released
Unknown
xserver-xorg-video-savage (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: xserver-xorg-video-savage

Running 2.6.28-rc7 (which used to work fine with previous savage drivers). Xorg.0.log attached.
running up-to-date Jaunty
Problem appeared when restarting machine after Xmas. BTW dist-upgrade wanted to remove savage driver (and mouse and kbd drivers).

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 9.04
NonfreeKernelModules: ath_hal
Package: xserver-xorg-video-savage 1:2.2.1-3build1
ProcEnviron:
 PATH: custom, user
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: xserver-xorg-video-savage
Uname: Linux 2.6.28-rc7-t23-200812042304 i686

Tags: apport-bug
Revision history for this message
knarf (launchpad-ubuntu-f) wrote :
Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

BTW problem is not related to xorg.conf, it appears whether that file is present (with correct contents which used to work) or not.

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

Problem is also not related to the presence of the non_free ath_hal module - unloading this module does not make the problem disappear

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

Running 2.6.28 final now, bug still there...

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :
Download full text (3.4 KiB)

Running Xorg under gdb gives the following:

This is a pre-release version of the X server from The X.Org Foundation.
It is not supported in any way.
Bugs may be filed in the bugzilla at http://bugs.freedesktop.org/.
Select the "xorg" product for bugs you find in this release.
Before reporting bugs in pre-release versions please check the
latest version in the X.Org Foundation git repository.
See http://wiki.x.org/wiki/GitPage for git access instructions.

X.Org X Server 1.5.99.3
Release Date: (unreleased)
X Protocol Version 11, Revision 0
Build Operating System: Linux 2.6.24-19-server i686 Ubuntu
Current Operating System: Linux ostrogoth 2.6.28-t23-200812261629 #26 PREEMPT Fri Dec 26 16:46:55 CET 2008 i686
Build Date: 17 December 2008 03:10:17AM
xorg-server 2:1.5.99.3-0ubuntu3 (<email address hidden>)
 Before reporting problems, check http://wiki.x.org
 to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
 (++) from command line, (!!) notice, (II) informational,
 (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun Dec 28 19:42:04 2008
(==) Using config file: "/etc/X11/xorg.conf"
[New Thread 0xb7a406c0 (LWP 7886)]
[tcsetpgrp failed in terminal_inferior: Operation not permitted]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
    [10f] 320 x 200, 70Hz
    [112] 640 x 480, 60Hz, 72Hz, 75Hz, 85Hz, 100Hz
    [115] 800 x 600, 60Hz, 72Hz, 75Hz, 85Hz, 100Hz
    [118] 1024 x 768, 60Hz, 70Hz, 75Hz, 85Hz, 100Hz
    [11b] 1280 x 1024, 60Hz, 75Hz, 85Hz
    [11e] 640 x 400, 70Hz
    [124] 1600 x 1200, 60Hz, 75Hz, 85Hz
    [134] 320 x 240, 72Hz
    [13e] 1400 x 1050, 60Hz, 75Hz
    [144] 400 x 300, 72Hz
    [154] 512 x 384, 70Hz
    [175] 720 x 480, 75Hz
    [17f] 720 x 576, 75Hz

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7b886c0 (LWP 30543)]
xf86_wrap_crtc_notify (screen=0x9ea5b70, new=0xb7b278c0 <dri_crtc_notify>) at ../../../../hw/xfree86/modes/xf86Crtc.c:2947
warning: Source file is more recent than executable.
2947 old = config->xf86_crtc_notify;

(gdb) thread apply all bt

Thread 1 (Thread 0xb7b886c0 (LWP 30543)):
#0 xf86_wrap_crtc_notify (screen=0x9ea5b70, new=0xb7b278c0 <dri_crtc_notify>)
    at ../../../../hw/xfree86/modes/xf86Crtc.c:2947
#1 0xb7b27821 in DRIFinishScreenInit (pScreen=0x9ea5b70) at ../../../../hw/xfree86/dri/dri.c:620
#2 0xb7af1dc0 in SAVAGEDRIFinishScreenInit (pScreen=0x9ea5b70) at ../../src/savage_dri.c:1071
#3 0xb7ae56f2 in SavageScreenInit (scrnIndex=0, pScreen=0x9ea5b70, argc=1, argv=0xbf9841c4)
    at ../../src/savage_driver.c:3646
#4 0x080711dd in AddScreen (pfnInit=0xb7ae4910 <SavageScreenInit>, argc=1, argv=0xbf9841c4) at ../../dix/main.c:688
#5 0x080adeb6 in InitOutput (pScreenInfo=0x81f3ee0, argc=1, argv=0xbf9841c4)
    at ../../../../hw/xfree86/common/xf86Init.c:1245
#6 0x080718d1 in main (argc=1, argv=0xbf9841c4, envp=0xbf9841cc) at ../../dix/main.c:309

So the segfault happens in xf86_wrap_crtc_n...

Read more...

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

OK, recompiled without optimizations but it still crashes. This time config is initialized incorrectly:

(gdb) p config
$9 = (xf86CrtcConfigPtr) 0x11
(gdb) p *config
Cannot access memory at address 0x11

config is derived from ((xf86CrtcConfigPtr) ((p)->privates[xf86CrtcConfigPrivateIndex].ptr))

The value of xf86CrtcConfigPrivateIndex is... -1:

(gdb) p xf86CrtcConfigPrivateIndex
$27 = -1

This value gets initialized to -1 in xf86Crtc.c:57 and gets updated in xf86Crtc.c:xf86CrtcConfigInit(). This function does not seem to be called before the crash occurs as it crashes before a breakpoint set on this function gets triggered. This leaves xf86CrtcConfigPrivateIndex set to -1 and with that config is undefined...

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

Patching the savage driver to call xf86CrtcConfigInit makes this segfault disappear; a draft patch is attached. Binary (i386) package is available on request - I´d rather not attach it here nor encourage others to download packages from untrusted sources...

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

you should send this upstream for a review, to bugs.freedesktop.org and/or <email address hidden>

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

Removed unused variable

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

Sent upstream, see http://bugs.freedesktop.org/show_bug.cgi?id=19337

Tormod Volden (tormodvolden)
Changed in xserver-xorg-video-savage:
status: New → Confirmed
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

excellent, thanks. Sending it on the xorg@l.fd.o list wouldn't hurt either, I guess you'll get a quicker reply that way :) I could apply it upstream once it's accepted.

Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

Sent it in git format (after fighting git-send-email for a bit), http://lists.freedesktop.org/archives/xorg/2008-December/041970.html

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Unknown → Confirmed
Revision history for this message
knarf (launchpad-ubuntu-f) wrote :

After following the xorg bug development and seeing Alex's alternative (and better) patch I adapted his patch (to xorg-server) to the current version used in Jaunty. The patch is attached to LP: #319210 as http://launchpadlibrarian.net/21471674/160_xserver-xf86Crtc-check-private-index.patch

Applying the latter patch negates the need for patching the savage driver.

Revision history for this message
Oibaf (oibaf) wrote :

There are too many open bugs for this problem. Consolidating in bug #319210.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.