mesa: ac8448dd9779478b570ef15f7232cfcf22f2d3db (master) $ ./bin/occlusion-query-discard -auto *** Error in `./bin/occlusion-query-discard': free(): invalid pointer: 0x00007fd3878517b8 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x80a46)[0x7fd387510a46] mesa/src/mesa/libdricore/.libs/libdricore9.3.0-devel.so.1(+0x1807e4)[0x7fd3839867e4] mesa/src/mesa/libdricore/.libs/libdricore9.3.0-devel.so.1(_mesa_DeleteQueries+0x208)[0x7fd383986d5b] piglit/lib/libpiglitutil_gl.so(+0x80e33)[0x7fd387adbe33] ./bin/occlusion-query-discard(piglit_display+0x24b)[0x401311] piglit/lib/libpiglitutil_gl.so(+0x74018)[0x7fd387acf018] /usr/lib/x86_64-linux-gnu/libglut.so.3(+0x1ffc4)[0x7fd387269fc4] /usr/lib/x86_64-linux-gnu/libglut.so.3(fgEnumWindows+0x39)[0x7fd38726d719] /usr/lib/x86_64-linux-gnu/libglut.so.3(glutMainLoopEvent+0x11c)[0x7fd38726a45c] /usr/lib/x86_64-linux-gnu/libglut.so.3(glutMainLoop+0xa1)[0x7fd38726ad81] piglit/lib/libpiglitutil_gl.so(+0x74247)[0x7fd387acf247] piglit/lib/libpiglitutil_gl.so(piglit_gl_test_run+0x92)[0x7fd387acd189] ./bin/occlusion-query-discard(main+0x67)[0x401053] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fd3874b1ea5] ./bin/occlusion-query-discard[0x400f29] (gdb) bt #0 0x00007fd3874c7037 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007fd3874ca698 in __GI_abort () at abort.c:90 #2 0x00007fd3875045ab in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fd387617860 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199 #3 0x00007fd387510a46 in malloc_printerr (ptr=0x7fd3878517b8 <main_arena+120>, str=0x7fd387613825 "free(): invalid pointer", action=3) at malloc.c:4902 #4 _int_free (av=<optimized out>, p=0x7fd3878517a8 <main_arena+104>, have_lock=0) at malloc.c:3758 #5 0x00007fd3839867e4 in _mesa_delete_query (ctx=0x7fd387f4a010, q=0x268e090) at ../../../src/mesa/main/queryobj.c:129 #6 0x00007fd383986d5b in _mesa_DeleteQueries (n=1, ids=0x7fff4d3466d4) at ../../../src/mesa/main/queryobj.c:257 #7 0x00007fd387adbe33 in stub_glDeleteQueries (n=1, ids=0x7fff4d3466d4) at piglit/tests/util/generated_dispatch.c:5548 #8 0x0000000000401311 in piglit_display () at piglit/tests/general/occlusion-query-discard.c:122 #9 0x00007fd387acf018 in display () at piglit/tests/util/piglit-framework-gl/piglit_glut_framework.c:60 #10 0x00007fd387269fc4 in fghRedrawWindow (window=0x2462140) at freeglut_main.c:210 #11 fghcbDisplayWindow (window=0x2462140, enumerator=0x7fff4d3467c0) at freeglut_main.c:227 #12 0x00007fd38726d719 in fgEnumWindows (enumCallback=enumCallback@entry=0x7fd387269f20 <fghcbDisplayWindow>, enumerator=enumerator@entry=0x7fff4d3467c0) at freeglut_structure.c:394 #13 0x00007fd38726a45c in fghDisplayAll () at freeglut_main.c:249 #14 glutMainLoopEvent () at freeglut_main.c:1450 #15 0x00007fd38726ad81 in glutMainLoop () at freeglut_main.c:1498 #16 0x00007fd387acf247 in run_test (gl_fw=0x7fd387dbc320 <glut_fw>, argc=1, argv=0x7fff4d346b78) at piglit/tests/util/piglit-framework-gl/piglit_glut_framework.c:142 #17 0x00007fd387acd189 in piglit_gl_test_run (argc=1, argv=0x7fff4d346b78, config=0x7fff4d346a60) at piglit/tests/util/piglit-framework-gl.c:141 #18 0x0000000000401053 in main (argc=1, argv=0x7fff4d346b78) at piglit/tests/general/occlusion-query-discard.c:42 6d8dd59cf53d2f47b817d79204a52bb3a46e8c77 is the first bad commit commit 6d8dd59cf53d2f47b817d79204a52bb3a46e8c77 Author: Timothy Arceri <t_arceri@yahoo.com.au> Date: Mon Aug 26 17:16:08 2013 +1000 mesa: free object labels when deleting Signed-off-by: Timothy Arceri <t_arceri@yahoo.com.au> Reviewed-by: Brian Paul <brianp@vmware.com> :040000 040000 b55eb77568b58c50433dad2ce7d9dbc83d9940df d02f84ce03a49cc2d138229d1c8d9cbcdbe4d53b M src bisect run success
Looks like the field ql_query_object:Label was not initialized. (gdb) frame 5 #5 0x00007fd3839867e4 in _mesa_delete_query (ctx=0x7fd387f4a010, q=0x268e090) at ../../../src/mesa/main/queryobj.c:129 129 free(q->Label); ==15578== Conditional jump or move depends on uninitialised value(s) ==15578== at 0x4C2BA22: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==15578== by 0x91DE7E3: _mesa_delete_query (queryobj.c:129) ==15578== by 0x91DED5A: _mesa_DeleteQueries (queryobj.c:257) ==15578== by 0x4EB4E32: stub_glDeleteQueries (generated_dispatch.c:5548) ==15578== by 0x401310: piglit_display (occlusion-query-discard.c:122) ==15578== by 0x4EA8017: display (piglit_glut_framework.c:60) ==15578== by 0x5780FC3: fghcbDisplayWindow (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x5784718: fgEnumWindows (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x578145B: glutMainLoopEvent (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x5781D80: glutMainLoop (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x4EA8246: run_test (piglit_glut_framework.c:142) ==15578== by 0x4EA6188: piglit_gl_test_run (piglit-framework-gl.c:141) ==15578== Uninitialised value was created by a heap allocation ==15578== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==15578== by 0x91DE6E3: _mesa_new_query_object (queryobj.c:46) ==15578== by 0x91DEAD6: _mesa_GenQueries (queryobj.c:216) ==15578== by 0x4EBCBD4: stub_glGenQueries (generated_dispatch.c:9374) ==15578== by 0x401138: piglit_display (occlusion-query-discard.c:89) ==15578== by 0x4EA8017: display (piglit_glut_framework.c:60) ==15578== by 0x5780FC3: fghcbDisplayWindow (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x5784718: fgEnumWindows (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x578145B: glutMainLoopEvent (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x5781D80: glutMainLoop (in /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0) ==15578== by 0x4EA8246: run_test (piglit_glut_framework.c:142) ==15578== by 0x4EA6188: piglit_gl_test_run (piglit-framework-gl.c:141) src/mesa/main/queryobj.c 43 static struct gl_query_object * 44 _mesa_new_query_object(struct gl_context *ctx, GLuint id) 45 { 46 struct gl_query_object *q = MALLOC_STRUCT(gl_query_object); 47 (void) ctx; 48 if (q) { 49 q->Id = id; 50 q->Result = 0; 51 q->Active = GL_FALSE; 52 53 /* This is to satisfy the language of the specification: "In the initial 54 * state of a query object, the result is available" (OpenGL 3.1 § 55 * 2.13). 56 */ 57 q->Ready = GL_TRUE; 58 59 /* OpenGL 3.1 § 2.13 says about GenQueries, "These names are marked as 60 * used, but no object is associated with them until the first time they 61 * are used by BeginQuery." Since our implementation actually does 62 * allocate an object at this point, use a flag to indicate that this 63 * object has not yet been bound so should not be considered a query. 64 */ 65 q->EverBound = GL_FALSE; 66 } 67 return q; 68 }
commit 0a0f543082ce3bbee3d09425a912a9181128a257 Author: Vinson Lee <vlee@freedesktop.org> Date: Fri Sep 6 12:27:11 2013 -0700 mesa: Ensure gl_query_object is fully initialized. 278372b47e4db8a022d57f60302eec74819e9341 added the uninitialized pointer field gl_query_object:Label. A free of this pointer resulted in a crash. This patch fixes piglit regressions with swrast introduced by 6d8dd59cf53d2f47b817d79204a52bb3a46e8c77. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=69047 Signed-off-by: Vinson Lee <vlee@freedesktop.org> Reviewed-by: Brian Paul <brianp@vmware.com>
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.