Created attachment 90074 [details] output System Environment: -------------------------- Platform: Sandybridge/Ivybridge/Haswell Libdrm: (master)libdrm-2.4.49-2-gc3d96897de647bd5f6d4802c108a3f65a307d61b Mesa: (master)862044c7f7d55b7e6459e3e948c376e6894a72ff Xf86_video_intel:(master)2.99.906-65-g3dae8b97151f1d08942ec690dac5a5008901d7d0 Cairo: (master)31eff5c6eb57ad379689748fd8c60a5ffe0ba481 Libva: (staging)1264cd81fd8728f18bd2feedf6e9c1a232663890 Libva_intel_driver: (staging)34627c96f331f7a344270c3d51b634f5f166073e Kernel: (drm-intel-nightly) 164a4cb4c1431a0689f85507868356fae24da638 Bug detailed description: ------------------------- It aborted on sandybridge, ivybridge and haswell with mesa master branch,It works well on 10.0 branch. Bisect shows: 1fb106527faa195197fa52e28e1b941c97e520c2 is the first bad commit. commit 1fb106527faa195197fa52e28e1b941c97e520c2 Author: Brian Paul <brianp@vmware.com> AuthorDate: Fri Nov 29 06:40:35 2013 -0700 Commit: Brian Paul <brianp@vmware.com> CommitDate: Fri Nov 29 06:41:14 2013 -0700 mesa: fix mem leak of glPixelMap data in display list And simplify save_PixelMapfv() by using the memdup() function. Reviewed-by: Ian Romanick <ian.d.romanick@intel.com> (gdb) bt #0 0xb7fff424 in __kernel_vsyscall () #1 0x4d0c4776 in raise () from /usr/lib/libc.so.6 #2 0x4d0c5fb3 in abort () from /usr/lib/libc.so.6 #3 0x4d103f05 in __libc_message () from /usr/lib/libc.so.6 #4 0x4d10bb32 in _int_free () from /usr/lib/libc.so.6 #5 0xb775bcf3 in _mesa_delete_list (ctx=ctx@entry=0xb76db01c, dlist=0x83211c8) at main/dlist.c:723 #6 0xb775bd4a in destroy_list (ctx=ctx@entry=0xb76db01c, list=list@entry=677) at main/dlist.c:764 #7 0xb776bd15 in destroy_list (list=677, ctx=0xb76db01c) at main/dlist.c:757 #8 _mesa_DeleteLists (list=677, range=1) at main/dlist.c:8049 #9 0x0804f2e2 in test_dlist_exec (test=0x8054ec8 <error_tests+424>, expected_error=1282) at /GFX/Test/Piglit/piglit/tests/spec/gl-1.0/beginend-coverage.c:719 #10 0x0804f71b in run_tests (tests=0x8054d20 <error_tests>, num_tests=109, expected_error=1282) at /GFX/Test/Piglit/piglit/tests/spec/gl-1.0/beginend-coverage.c:831 #11 0x0804f9b5 in piglit_init (argc=1, argv=0xbffff354) at /GFX/Test/Piglit/piglit/tests/spec/gl-1.0/beginend-coverage.c:923 #12 0xb7f09c55 in run_test (gl_fw=0x8057008, argc=1, argv=0xbffff354) at /GFX/Test/Piglit/piglit/tests/util/piglit-framework-gl/piglit_fbo_framework.c:50 #13 0xb7f07aa4 in piglit_gl_test_run (argc=1, argv=0xbffff354, config=0xbffff27c) at /GFX/Test/Piglit/piglit/tests/util/piglit-framework-gl.c:191 #14 0x0804ce2d in main (argc=1, argv=0xbffff354) at /GFX/Test/Piglit/piglit/tests/spec/gl-1.0/beginend-coverage.c:55 Reproduce steps: ------------------------- 1. xinit 2. bin/gl-1.0-beginend-coverage -auto -fbo
Patch sent to the mesa-dev list: http://lists.freedesktop.org/archives/mesa-dev/2014-January/052156.html
Fixed by: commit c11d76c51a29ed4fe02a8c46ba9fd64083f155ed Author: Ian Romanick <ian.d.romanick@intel.com> Date: Tue Jan 21 16:52:42 2014 -0800 mesa: Increment the list pointer while freeing instruction data Since the list pointer was never incremented when a OPCODE_PIXEL_MAP opcode was encountered, the data for the instruction would get freed over and over and over... resulting in a crash. Fixes gl-1.0-beginend-coverage. Signed-off-by: Ian Romanick <ian.d.romanick@intel.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72214 Reviewed-by: Brian Paul <brianp@vmware.com> Cc: Lu Ha <huax.lu@intel.com>
Verified.Fixed.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.