Brad King wrote: > For the SEGFAULT ones the stack traces all point to VTK code. My > hypothesis is that mesa is writing over some VTK memory and corrupting > it.
For this test: http://www.vtk.org/Testing/Sites/hythloth.kitware/Linux-gcc33/20070414-0300-Nightly/Results/__Graphics_Testing_Tcl_TestCellDerivs-image.html I ran it under valgrind --tool=memcheck and got the output below. I'm guessing that this bug may be overwriting some VTK memory also which would not be detected by valgrind because the memory is owned by the process. Also this looks like it is in the vbo code which was merged from a branch in that Feb 2-4 range according to the git log: commit b59657ad965f9471574e914b861bb1d2a17d772e Merge: 325196f... 2ddc879... Author: Keith Whitwell <[EMAIL PROTECTED]> Date: Fri Feb 2 12:26:10 2007 +0000 Merge branch 'vbo-0.2' Conflicts: src/mesa/main/texcompress_s3tc.c src/mesa/tnl/t_array_api.c -Brad ==15820== Invalid read of size 1 ==15820== at 0x1D4CB23F: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C3F9B: choose_interp_func (t_vertex.c:167) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A4A57: clip_quad_4 (t_vb_cliptmp.h:254) ==15820== Address 0x1FB692D1 is 1 bytes inside a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid write of size 1 ==15820== at 0x1D4CB245: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C3F9B: choose_interp_func (t_vertex.c:167) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A4A57: clip_quad_4 (t_vb_cliptmp.h:254) ==15820== Address 0x1FB692EE is 4 bytes after a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid read of size 1 ==15820== at 0x1D4CB23F: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A4A57: clip_quad_4 (t_vb_cliptmp.h:254) ==15820== by 0x1D4A5E66: clip_render_quads_verts (t_vb_rendertmp.h:338) ==15820== Address 0x1FB692D2 is 2 bytes inside a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid write of size 1 ==15820== at 0x1D4CB245: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A4A57: clip_quad_4 (t_vb_cliptmp.h:254) ==15820== by 0x1D4A5E66: clip_render_quads_verts (t_vb_rendertmp.h:338) ==15820== Address 0x1FB692EF is 5 bytes after a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid read of size 1 ==15820== at 0x1D4CB23F: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A33D9: clip_tri_4 (t_vb_cliptmp.h:203) ==15820== by 0x1D4A5B74: clip_render_poly_verts (t_vb_rendertmp.h:313) ==15820== Address 0x1FB692D9 is 9 bytes inside a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid write of size 1 ==15820== at 0x1D4CB245: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A33D9: clip_tri_4 (t_vb_cliptmp.h:203) ==15820== by 0x1D4A5B74: clip_render_poly_verts (t_vb_rendertmp.h:313) ==15820== Address 0x1FB692EE is 4 bytes after a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid read of size 1 ==15820== at 0x1D4CB23F: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A32FD: clip_tri_4 (t_vb_cliptmp.h:203) ==15820== by 0x1D4A5B74: clip_render_poly_verts (t_vb_rendertmp.h:313) ==15820== Address 0x1FB692DA is 10 bytes inside a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid write of size 1 ==15820== at 0x1D4CB245: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A32FD: clip_tri_4 (t_vb_cliptmp.h:203) ==15820== by 0x1D4A5B74: clip_render_poly_verts (t_vb_rendertmp.h:313) ==15820== Address 0x1FB692EF is 5 bytes after a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid read of size 1 ==15820== at 0x1D4CB23F: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A3218: clip_tri_4 (t_vb_cliptmp.h:203) ==15820== by 0x1D4A5B74: clip_render_poly_verts (t_vb_rendertmp.h:313) ==15820== Address 0x1FB692DB is 11 bytes inside a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid write of size 1 ==15820== at 0x1D4CB245: _tnl_generic_interp_extras (t_vertex_generic.c:1089) ==15820== by 0x1D4C406B: _tnl_interp (t_vertex.c:199) ==15820== by 0x1D4A3218: clip_tri_4 (t_vb_cliptmp.h:203) ==15820== by 0x1D4A5B74: clip_render_poly_verts (t_vb_rendertmp.h:313) ==15820== Address 0x1FB692EF is 5 bytes after a block of size 26 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D42972C: _mesa_free (imports.c:85) ==15820== by 0x1D49238F: _tnl_draw_prims (t_draw.c:60) ==15820== by 0x1D49122E: vbo_save_playback_vertex_list (vbo_save_draw.c:218) ==15820== ==15820== Invalid read of size 4 ==15820== at 0x1D59EE98: xmesa_delete_framebuffer (xm_buffer.c:386) ==15820== by 0x1D400600: _mesa_unreference_framebuffer (framebuffer.c:256) ==15820== by 0x1D59B5EA: xmesa_destroy_buffers_on_display (xm_api.c:486) ==15820== by 0x1D5993AF: close_display_callback (fakeglx.c:950) ==15820== Address 0x1FBD9B98 is 208 bytes inside a block of size 8772 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D5993C1: close_display_callback (fakeglx.c:934) ==15820== by 0x1D6D4745: XCloseDisplay (in /usr/lib/libX11.so.6.2.0) ==15820== by 0x1C363CED: TkpCloseDisplay (in /usr/lib/libtk8.4.so.0) ==15820== ==15820== Invalid read of size 4 ==15820== at 0x1D59EEBA: xmesa_delete_framebuffer (xm_buffer.c:388) ==15820== by 0x1D400600: _mesa_unreference_framebuffer (framebuffer.c:256) ==15820== by 0x1D59B5EA: xmesa_destroy_buffers_on_display (xm_api.c:486) ==15820== by 0x1D5993AF: close_display_callback (fakeglx.c:950) ==15820== Address 0x1FBD9B98 is 208 bytes inside a block of size 8772 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D5993C1: close_display_callback (fakeglx.c:934) ==15820== by 0x1D6D4745: XCloseDisplay (in /usr/lib/libX11.so.6.2.0) ==15820== by 0x1C363CED: TkpCloseDisplay (in /usr/lib/libtk8.4.so.0) ==15820== ==15820== Invalid read of size 4 ==15820== at 0x1D59EEDC: xmesa_delete_framebuffer (xm_buffer.c:390) ==15820== by 0x1D400600: _mesa_unreference_framebuffer (framebuffer.c:256) ==15820== by 0x1D59B5EA: xmesa_destroy_buffers_on_display (xm_api.c:486) ==15820== by 0x1D5993AF: close_display_callback (fakeglx.c:950) ==15820== Address 0x1FBD9B98 is 208 bytes inside a block of size 8772 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D5993C1: close_display_callback (fakeglx.c:934) ==15820== by 0x1D6D4745: XCloseDisplay (in /usr/lib/libX11.so.6.2.0) ==15820== by 0x1C363CED: TkpCloseDisplay (in /usr/lib/libtk8.4.so.0) ==15820== ==15820== Invalid read of size 4 ==15820== at 0x1D59EEF0: xmesa_delete_framebuffer (xm_buffer.c:392) ==15820== by 0x1D400600: _mesa_unreference_framebuffer (framebuffer.c:256) ==15820== by 0x1D59B5EA: xmesa_destroy_buffers_on_display (xm_api.c:486) ==15820== by 0x1D5993AF: close_display_callback (fakeglx.c:950) ==15820== Address 0x1FBD9AD0 is 8 bytes inside a block of size 8772 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D5993C1: close_display_callback (fakeglx.c:934) ==15820== by 0x1D6D4745: XCloseDisplay (in /usr/lib/libX11.so.6.2.0) ==15820== by 0x1C363CED: TkpCloseDisplay (in /usr/lib/libtk8.4.so.0) ==15820== ==15820== Invalid read of size 4 ==15820== at 0x1D59EF1F: xmesa_delete_framebuffer (xm_buffer.c:397) ==15820== by 0x1D400600: _mesa_unreference_framebuffer (framebuffer.c:256) ==15820== by 0x1D59B5EA: xmesa_destroy_buffers_on_display (xm_api.c:486) ==15820== by 0x1D5993AF: close_display_callback (fakeglx.c:950) ==15820== Address 0x1FBD9B98 is 208 bytes inside a block of size 8772 free'd ==15820== at 0x1B908460: free (vg_replace_malloc.c:153) ==15820== by 0x1D5993C1: close_display_callback (fakeglx.c:934) ==15820== by 0x1D6D4745: XCloseDisplay (in /usr/lib/libX11.so.6.2.0) ==15820== by 0x1C363CED: TkpCloseDisplay (in /usr/lib/libtk8.4.so.0) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Mesa3d-dev mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mesa3d-dev
