Bug 11354

Summary: Savage driver crashes when the last client disconnects
Product: xorg Reporter: Dima Ryazanov <dima>
Component: Driver/savageAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: major    
Priority: medium CC: alexdeucher
Version: 7.2 (2007.02)   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
Log none

Description Dima Ryazanov 2007-06-23 10:48:25 UTC 
Any time I end the X session, X crashes. It can be reproduced simply by running:

X
DISPLAY=:0 xset q

Backtrace:
#0  0xb7d5c34c in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7bc9ba8 in SavageLoadCursorImage (pScrn=0x820dce0, 
    src=0x8387ee0 "\017�) at savage_cursor.c:214
#2  0x080ff4e6 in xf86SetCursor (pScreen=0x82bd718, pCurs=0x839a1c8, x=512, 
    y=384) at xf86HWCurs.c:148
#3  0x080fec4b in xf86CursorSetCursor (pScreen=0x82bd718, pCurs=0x839a1c8, 
    x=<value optimized out>, y=<value optimized out>) at xf86Cursor.c:325
#4  0x0812ac54 in miPointerUpdate () at mipointer.c:358
#5  0x0812ad69 in miPointerDisplayCursor (pScreen=0x82bd718, pCursor=0x839a1c8)
    at mipointer.c:181
#6  0x081434fe in CursorDisplayCursor (pScreen=0x82bd718, pCursor=0x839a1c8)
    at cursor.c:136
#7  0x08167367 in AnimCurDisplayCursor (pScreen=0x82bd718, pCursor=0x839a1c8)
    at animcur.c:234
#8  0x0809766b in DefineInitialRootWindow (win=0x825f5c8) at events.c:2133
#9  0x0807673a in main (argc=1, argv=0xbf80aae4, envp=0xf000f065) at main.c:431

The call to "memcpy" looks like this:
memcpy(psav->FBBase + psav->CursorKByte * 1024, src, 1024);
where "psav->FBBase" is 0.

(The backtrace is actually from xorg-server 1.3.0 and xf86-video-savage-2.1.2, but I wasn't sure what to select in the report. Xorg 7.2 crashes the same way, though.)
Comment 1 Dima Ryazanov 2007-06-23 10:50:23 UTC 
Created attachment 10422 [details]
Log
Comment 2 Dima Ryazanov 2007-06-23 11:15:22 UTC 
Looks like psav->FBBase gets set to 0 here, and is not initialized again:

#0  SavageUnmapMem (pScrn=0x820d448, All=0) at savage_driver.c:2938
#1  0xb7caa785 in SavageCloseScreen (scrnIndex=0, pScreen=0x8210200)
    at savage_driver.c:3852
#2  0x080c8201 in DPMSClose (i=0, pScreen=0x8210200) at xf86DPMS.c:138
#3  0xb7cce083 in XvCloseScreen (ii=0, pScreen=0x8210200) at xvmain.c:328
#4  0x08169d37 in RRCloseScreen (i=0, pScreen=0x8210200) at randr.c:108
#5  0x080e8cdc in xf86RandRCloseScreen (index=0, pScreen=0x8210200)
    at xf86RandR.c:342
#6  0x080ce4d9 in VidModeClose (i=0, pScreen=0x8210200) at xf86VidMode.c:126
#7  0x08143488 in CursorCloseScreen (index=0, pScreen=0x8210200)
    at cursor.c:174
#8  0x081675c5 in AnimCurCloseScreen (index=0, pScreen=0x8210200)
    at animcur.c:129
#9  0x080767ec in main (argc=1, argv=0xbf946c24, envp=0xa0000) at main.c:470
Comment 3 Dima Ryazanov 2007-09-08 23:49:19 UTC 
Fixed in Xorg 7.3! (xf86-video-savage-2.1.3)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.