Bug 28457

Summary: double free or corruption
Product: DRI Reporter: andrey <andi123>
Component: DRM/IntelAssignee: Jesse Barnes <jbarnes>
Status: CLOSED FIXED QA Contact:
Severity: critical    
Priority: medium Keywords: NEEDINFO
Version: XFree86 4.4.0   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description andrey 2010-06-08 23:21:59 UTC 
FSC u9200+Slackware 13.1+kernel 2.6.34.4+libdrm-2.4.20+blender-2.50.alpha
00:02.0 VGA compatible controller: Intel Corporation Mobile GM965/GL960 Integrated Graphics Controller (rev 03)


bash-4.1$ gdb blender (open valid project -> crash)
GNU gdb (GDB) 7.1
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-slackware-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/blender...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/local/bin/blender 
[Thread debugging using libthread_db enabled]
[New Thread 0xb6ee4b70 (LWP 2170)]
found bundled python: /usr/local/lib/blender-2.5-alpha2-linux-glibc27-i686/.blender/python
read blend: /home/andrey/work/3d/mi24/mi24V_P.blend
INFO: Converting to Animato... 
INFO: Animato convert done 
*** glibc detected *** /usr/local/bin/blender: double free or corruption (!prev): 0x0cb11eb0 ***

======= Backtrace: =========
/lib/libc.so.6(+0x705aa)[0xb79ec5aa]
/lib/libc.so.6(+0x73503)[0xb79ef503]
/lib/libc.so.6(cfree+0x70)[0xb79f26b0]
/usr/lib/libdrm_intel.so.1(+0x5731)[0xb7fda731]
/usr/lib/libdrm_intel.so.1(+0x5947)[0xb7fda947]
/usr/lib/libdrm_intel.so.1(drm_intel_bo_unreference+0x1d)[0xb7fd646d]
/usr/lib/xorg/modules/dri/i965_dri.so(+0x1026e)[0xb74c126e]
/usr/lib/xorg/modules/dri/i965_dri.so(+0x36a87)[0xb74e7a87]
/usr/lib/xorg/modules/dri/i965_dri.so(+0xfa5d4)[0xb75ab5d4]
/usr/lib/xorg/modules/dri/i965_dri.so(+0xf7cfa)[0xb75a8cfa]
/usr/lib/xorg/modules/dri/i965_dri.so(+0xf7db0)[0xb75a8db0]
/usr/lib/xorg/modules/dri/i965_dri.so(+0x9640b)[0xb754740b]
/usr/lib/xorg/modules/dri/i965_dri.so(+0x96b4f)[0xb7547b4f]
/usr/local/bin/blender[0x87a4833]
/usr/local/bin/blender[0x87a4f60]
/usr/local/bin/blender(draw_object+0x194c)[0x87ac64c]
/usr/local/bin/blender(view3d_main_area_draw+0x79c)[0x87bbe9c]
/usr/local/bin/blender(ED_region_do_draw+0x3b2)[0x891a1a2]
/usr/local/bin/blender(wm_draw_update+0x4d2)[0x8757112]
/usr/local/bin/blender(WM_main+0x38)[0x8755b58]
/usr/local/bin/blender(main+0x2a3)[0x87543a3]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb7992b86]
/usr/local/bin/blender[0x8753721]
======= Memory map: ========
08048000-0a896000 r-xp 00000000 08:03 82726      /usr/local/lib/blender-2.5-alpha2-linux-glibc27-i686/blender
0a896000-0ac07000 rw-p 0284d000 08:03 82726      /usr/local/lib/blender-2.5-alpha2-linux-glibc27-i686/blender
0ac07000-0ceaf000 rw-p 00000000 00:00 0          [heap]
b3e88000-b3f88000 rw-s 114951000 00:05 4173      /dev/dri/card0
b3f88000-b4088000 rw-s 1147bd000 00:05 4173      /dev/dri/card0
b4089000-b4189000 rw-s 114a51000 00:05 4173      /dev/dri/card0
b4189000-b4289000 rw-s 114694000 00:05 4173      /dev/dri/card0
b4361000-b4362000 rw-s 1147bc000 00:05 4173      /dev/dri/card0
b4362000-b4363000 rw-s 1147bb000 00:05 4173      /dev/dri/card0
b4363000-b4364000 rw-s 1147ba000 00:05 4173      /dev/dri/card0
b4364000-b4365000 rw-s 1147b9000 00:05 4173      /dev/dri/card0
b4365000-b4366000 rw-s 1147b8000 00:05 4173      /dev/dri/card0
b4366000-b4367000 rw-s 1147b7000 00:05 4173      /dev/dri/card0
b4387000-b4388000 rw-s 114796000 00:05 4173      /dev/dri/card0
b4388000-b4389000 rw-s 114795000 00:05 4173      /dev/dri/card0
b4389000-b438a000 rw-s 114794000 00:05 4173      /dev/dri/card0
b438a000-b585f000 rw-p 00000000 00:00 0 
b5a00000-b5a21000 rw-p 00000000 00:00 0 
b5a21000-b5b00000 ---p 00000000 00:00 0 
b5bc2000-b5bc3000 rw-s 1142d9000 00:05 4173      /dev/dri/card0
b5be0000-b5be1000 rw-s 114b6f000 00:05 4173      /dev/dri/card0
b5be1000-b5be2000 rw-s 114b6e000 00:05 4173      /dev/dri/card0
b5be2000-b5be3000 rw-s 114b6d000 00:05 4173      /dev/dri/card0
b5be3000-b5be4000 rw-s 114b6c000 00:05 4173      /dev/dri/card0
b5be4000-b5be5000 rw-s 114b6b000 00:05 4173      /dev/dri/card0
b5be5000-b5be6000 rw-s 114b6a000 00:05 4173      /dev/dri/card0
b5be6000-b5be7000 rw-s 114b69000 00:05 4173      /dev/dri/card0
b5be7000-b5be8000 rw-s 11425d000 00:05 4173      /dev/dri/card0
b5be8000-b5be9000 rw-s 1148c4000 00:05 4173      /dev/dri/card0
b5be9000-b5bea000 rw-s 1148e8000 00:05 4173      /dev/dri/card0
b5bea000-b5beb000 rw-s 1148e7000 00:05 4173      /dev/dri/card0
b5beb000-b5bec000 rw-s 1148e6000 00:05 4173      /dev/dri/card0
b5bec000-b5bed000 rw-s 1141bb000 00:05 4173      /dev/dri/card0
b5bed000-b5bee000 rw-s 115386000 00:05 4173      /dev/dri/card0
b5bee000-b5bef000 rw-s 115385000 00:05 4173      /dev/dri/card0
b5bef000-b5bf0000 rw-s 115384000 00:05 4173      /dev/dri/card0
b5bf0000-b5bf1000 rw-s 115383000 00:05 4173      /dev/dri/card0
b5bf1000-b5bf2000 rw-s 115382000 00:05 4173      /dev/dri/card0
b5bf2000-b5bf3000 rw-s 115381000 00:05 4173      /dev/dri/card0
b5bf3000-b5bf4000 rw-s 115380000 00:05 4173      /dev/dri/card0
b5bf4000-b5bf5000 rw-s 11537f000 00:05 4173      /dev/dri/card0
b5bf5000-b5bf6000 rw-s 11537e000 00:05 4173      /dev/dri/card0
b5bf6000-b5bf7000 rw-s 11537d000 00:05 4173      /dev/dri/card0
b5bf7000-b5bf8000 rw-s 11537c000 00:05 4173      /dev/dri/card0
b5bf8000-b5bf9000 rw-s 11537b000 00:05 4173      /dev/dri/card0
b5bf9000-b5bfa000 rw-s 11537a000 00:05 4173      /dev/dri/card0
b5bfa000-b5bfb000 rw-s 115379000 00:05 4173      /dev/dri/card0
b5bfb000-b5bfc000 rw-s 115378000 00:05 4173      /dev/dri/card0
b5bfc000-b5bfd000 rw-s 115377000 00:05 4173      /dev/dri/card0
b5bfd000-b5bfe000 rw-s 115376000 00:05 4173      /dev/dri/card0
b5bfe000-b5bff000 rw-s 112fd8000 00:05 4173      /dev/dri/card0
b5bff000-b5c00000 rw-s 1148f0000 00:05 4173      /dev/dri/card0
b5c00000-b5c01000 rw-s 114118000 00:05 4173      /dev/dri/card0
b5c01000-b5c02000 rw-s 115374000 00:05 4173      /dev/dri/card0
b5c02000-b5c03000 rw-s 114b54000 00:05 4173      /dev/dri/card0
b5c03000-b5c04000 rw-s 1148f3000 00:05 4173      /dev/dri/card0
b5c04000-b5c24000 rw-s 114303000 00:05 4173      /dev/dri/card0
b5c24000-b5c44000 rw-s 1142e3000 00:05 4173      /dev/dri/card0
b5c44000-b5c45000 rw-s 1142e2000 00:05 4173      /dev/dri/card0
b5c45000-b5c46000 rw-s 1142e1000 00:05 4173      /dev/dri/card0
b5c46000-b5c47000 rw-s 1142e0000 00:05 4173      /dev/dri/card0
b5c47000-b5c48000 rw-s 1142df000 00:05 4173      /dev/dri/card0
b5c48000-b5c49000 rw-s 1142de000 00:05 4173      /dev/dri/card0
b5c49000-b5c4a000 rw-s 1142dd000 00:05 4173      /dev/dri/card0
b5c4a000-b5c4b000 rw-s 1142dc000 00:05 4173      /dev/dri/card0
b5c4b000-b5c4c000 rw-s 1142db000 00:05 4173      /dev/dri/card0
b5c4c000-b5c4d000 rw-s 1142da000 00:05 4173      /dev/dri/card0
b5c4d000-b5c4e000 rw-s 1142c2000 00:05 4173      /dev/dri/card0
b5c4e000-b5c4f000 rw-s 1142c1000 00:05 4173      /dev/dri/card0
b5c4f000-b5c50000 rw-s 1142c0000 00:05 4173      /dev/dri/card0
b5c50000-b5c51000 rw-s 1142bf000 00:05 4173      /dev/dri/card0
b5c51000-b5c52000 rw-s 1142be000 00:05 4173      /dev/dri/card0
b5c52000-b5c53000 rw-s 1142bd000 00:05 4173      /dev/dri/card0
b5c53000-b5c54000 rw-s 1142bc000 00:05 4173      /dev/dri/card0
b5c54000-b5c55000 rw-s 1142b0000 00:05 4173      /dev/dri/card0
b5c55000-b5c56000 rw-s 1142af000 00:05 4173      /dev/dri/card0
b5c56000-b5c57000 rw-s 1142ae000 00:05 4173      /dev/dri/card0
b5c57000-b5c58000 rw-s 1142ad000 00:05 4173      /dev/dri/card0
b5c58000-b5c59000 rw-s 1142ac000 00:05 4173      /dev/dri/card0
b5c59000-b5c5a000 rw-s 1142ab000 00:05 4173      /dev/dri/card0
b5c5a000-b5c5b000 rw-s 1142aa000 00:05 4173      /dev/dri/card0
b5c5b000-b5c5c000 rw-s 1142a9000 00:05 4173      /dev/dri/card0
b5c5c000-b5c5d000 rw-s 1142a8000 00:05 4173      /dev/dri/card0
b5c5d000-b5c5e000 rw-s 1142a7000 00:05 4173      /dev/dri/card0
b5c5e000-b5c5f000 rw-s 1142a6000 00:05 4173      /dev/dri/card0
b5c5f000-b5c60000 rw-s 1142a5000 00:05 4173      /dev/dri/card0
b5c60000-b5c61000 rw-s 1142a4000 00:05 4173      /dev/dri/card0
b5c61000-b5c62000 rw-s 1142a3000 00:05 4173      /dev/dri/card0
b5c62000-b5c63000 rw-s 1142a2000 00:05 4173      /dev/dri/card0
b5c63000-b5c64000 rw-s 1142a1000 00:05 4173      /dev/dri/card0
b5c64000-b5c65000 rw-s 1142a0000 00:05 4173      /dev/dri/card0
b5c65000-b5c66000 rw-s 11429f000 00:05 4173      /dev/dri/card0
b5c66000-b5c67000 rw-s 11429e000 00:05 4173      /dev/dri/card0
b5c67000-b5c68000 rw-s 11429d000 00:05 4173      /dev/dri/card0
b5c68000-b5c69000 rw-s 11429c000 00:05 4173      /dev/dri/card0
b5c69000-b5c6a000 rw-s 114285000 00:05 4173      /dev/dri/card0
Program received signal SIGABRT, Aborted.
0xb79a7a67 in raise () from /lib/libc.so.6

(gdb) bt
#0  0xb79a7a67 in raise () from /lib/libc.so.6
#1  0xb79a92e2 in abort () from /lib/libc.so.6
#2  0xb79e605d in __libc_message () from /lib/libc.so.6
#3  0xb79ec5aa in malloc_printerr () from /lib/libc.so.6
#4  0xb79ef503 in _int_free () from /lib/libc.so.6
#5  0xb79f26b0 in free () from /lib/libc.so.6
#6  0xb7fda731 in drm_intel_gem_bo_unreference_final (bo=0xb958d08, time=5760) at intel_bufmgr_gem.c:867
#7  0xb7fda947 in drm_intel_gem_bo_unreference (bo=0xb958d08) at intel_bufmgr_gem.c:918
#8  0xb7fd646d in drm_intel_bo_unreference (bo=0xb958d08) at intel_bufmgr.c:80
#9  0xb74c126e in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#10 0xb74e7a87 in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#11 0xb75ab5d4 in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#12 0xb75a8cfa in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#13 0xb75a8db0 in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#14 0xb754740b in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#15 0xb7547b4f in ?? () from /usr/lib/xorg/modules/dri/i965_dri.so
#16 0x087a4833 in ?? ()
#17 0x087a4f60 in ?? ()
#18 0x087ac64c in draw_object ()
#19 0x087bbe9c in view3d_main_area_draw ()
#20 0x0891a1a2 in ED_region_do_draw ()
#21 0x08757112 in wm_draw_update ()
#22 0x08755b58 in WM_main ()
#23 0x087543a3 in main ()
(gdb)
Comment 1 Jesse Barnes 2010-07-01 14:04:29 UTC 
Do you still see this in more recent versions of libdrm (i.e. git)?  A bunch of fixes have landed recently...
Comment 2 Jesse Barnes 2010-07-08 10:03:48 UTC 
I guess this has been fixed...

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.