[Mesa-dev] segfault in pstip_bind_sampler_states
Kevin H. Hobbs
hobbsk at ohio.edu
Mon Aug 12 10:30:14 PDT 2013
On 08/12/2013 10:29 AM, Brian Paul wrote:
> Can you run with valgrind? That should give us some useful info if
> there's a use-after-free.
Sure,
$ valgrind /home/kevin/kitware/VTK_OSMesa_Build/bin/vtkpython
"--enable-bt"
"/home/kevin/kitware/VTK_OSMesa_Build/Utilities/vtkTclTest2Py/rtImageTest.py"
"/home/kevin/kitware/VTK/Filters/Hybrid/Testing/Python/largeImageOffset.py"
"-D" "/home/kevin/kitware/VTK_OSMesa_Build/ExternalData/Testing" "-T"
"/home/kevin/kitware/VTK_OSMesa_Build/Testing/Temporary" "-V"
"/home/kevin/kitware/VTK_OSMesa_Build/ExternalData/Filters/Hybrid/Testing/Data/Baseline/largeImageOffset.png"
"-A" "/home/kevin/kitware/VTK_OSMesa_Build/Utilities/vtkTclTest2Py" >
/tmp/osmesa_valgrind.txt 2>&1
-------------- next part --------------
==30166== Memcheck, a memory error detector
==30166== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==30166== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==30166== Command: /home/kevin/kitware/VTK_OSMesa_Build/bin/vtkpython --enable-bt /home/kevin/kitware/VTK_OSMesa_Build/Utilities/vtkTclTest2Py/rtImageTest.py /home/kevin/kitware/VTK/Filters/Hybrid/Testing/Python/largeImageOffset.py -D /home/kevin/kitware/VTK_OSMesa_Build/ExternalData/Testing -T /home/kevin/kitware/VTK_OSMesa_Build/Testing/Temporary -V /home/kevin/kitware/VTK_OSMesa_Build/ExternalData/Filters/Hybrid/Testing/Data/Baseline/largeImageOffset.png -A /home/kevin/kitware/VTK_OSMesa_Build/Utilities/vtkTclTest2Py
==30166==
vtk version 6.1.0
<DartMeasurement name="ImageError" type="numeric/double">0</DartMeasurement><DartMeasurement name="BaselineImage" type="text/string">Standard</DartMeasurement><DartMeasurement name="WallTime" type="numeric/double">29.2597</DartMeasurement>
<DartMeasurement name="CPUTime" type="numeric/double">29.19</DartMeasurement>
==30166== Invalid write of size 8
==30166== at 0x4C2C29B: memcpy@@GLIBC_2.14 (mc_replace_strmem.c:882)
==30166== by 0x1DB7DF37: osmesa_st_framebuffer_flush_front (osmesa.c:329)
==30166== by 0x1D957491: st_manager_flush_frontbuffer (st_manager.c:770)
==30166== by 0x1D92C802: display_front_buffer (st_cb_flush.c:73)
==30166== by 0x1D92C9C9: st_glFlush (st_cb_flush.c:124)
==30166== by 0x1D7CD172: _mesa_flush (context.c:1643)
==30166== by 0x1D7CCD4B: _mesa_make_current (context.c:1455)
==30166== by 0x1D95733B: st_api_make_current (st_manager.c:722)
==30166== by 0x1DB7E5F8: OSMesaMakeCurrent (osmesa.c:653)
==30166== by 0x2131C322: vtkOSOpenGLRenderWindow::MakeCurrent() (vtkOSOpenGLRenderWindow.cxx:344)
==30166== by 0x2131BC50: vtkOSOpenGLRenderWindow::DestroyWindow() (vtkOSOpenGLRenderWindow.cxx:147)
==30166== by 0x2131C128: vtkOSOpenGLRenderWindow::Finalize() (vtkOSOpenGLRenderWindow.cxx:281)
==30166== Address 0x91fdd18 is not stack'd, malloc'd or (recently) free'd
==30166==
--30166-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--30166-- si_code=80; Faulting address: 0x0; sp: 0x4030fdd50
valgrind: the 'impossible' happened:
Killed by fatal signal
==30166== at 0x3806236E: mkFreeBlock (m_mallocfree.c:290)
==30166== by 0x38064436: vgPlain_arena_free (m_mallocfree.c:1846)
==30166== by 0x38029725: create_MC_Chunk (mc_malloc_wrappers.c:165)
==30166== by 0x38029944: vgMemCheck_new_block (mc_malloc_wrappers.c:283)
==30166== by 0x38029B9D: vgMemCheck___builtin_new (mc_malloc_wrappers.c:311)
==30166== by 0x3809E490: vgPlain_scheduler (scheduler.c:1667)
==30166== by 0x380AD6F9: run_a_thread_NORETURN (syswrap-linux.c:103)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==30166== at 0x4C2A361: operator new(unsigned long) (vg_replace_malloc.c:298)
==30166== by 0x1DE5891F: llvm::JIT::removeModule(llvm::Module*) (in /home/kevin/mesa_nightly/lib/libOSMesa.so.8.0.0)
==30166== by 0x1DEA8149: LLVMRemoveModule (in /home/kevin/mesa_nightly/lib/libOSMesa.so.8.0.0)
==30166== by 0x1DB2297F: free_gallivm_state (lp_bld_init.c:200)
==30166== by 0x1DB22D08: gallivm_destroy (lp_bld_init.c:554)
==30166== by 0x1DB4A006: draw_llvm_destroy_variant (draw_llvm.c:1998)
==30166== by 0x1DB4B6E0: vs_llvm_delete (draw_vs_llvm.c:73)
==30166== by 0x1DA251DD: draw_delete_vertex_shader (draw_vs.c:142)
==30166== by 0x1DBAC1CD: llvmpipe_delete_vs_state (lp_state_vs.c:105)
==30166== by 0x1D9FAB73: cso_delete_vertex_shader (cso_context.c:608)
==30166== by 0x1D95BE3E: delete_vp_variant (st_program.c:66)
==30166== by 0x1D95BEDA: st_release_vp_variants (st_program.c:90)
==30166== by 0x1D934F9F: st_delete_program (st_cb_program.c:131)
==30166== by 0x1D9ED388: _mesa_reference_program_ (program.c:421)
==30166== by 0x1D9D8AF7: _mesa_reference_program (program.h:102)
==30166== by 0x1D9D8D22: clear_cache (prog_cache.c:126)
==30166== by 0x1D9D8E14: _mesa_delete_program_cache (prog_cache.c:159)
==30166== by 0x1D9ECC90: _mesa_free_program_data (program.c:119)
==30166== by 0x1D7CC11C: _mesa_free_context_data (context.c:1166)
==30166== by 0x1D93C691: st_destroy_context (st_context.c:310)
==30166== by 0x1D956E2D: st_context_destroy (st_manager.c:578)
==30166== by 0x1DB7E4AD: OSMesaDestroyContext (osmesa.c:583)
==30166== by 0x2131BF2E: vtkOSOpenGLRenderWindow::DestroyOffScreenWindow() (vtkOSOpenGLRenderWindow.cxx:226)
==30166== by 0x2131BD21: vtkOSOpenGLRenderWindow::DestroyWindow() (vtkOSOpenGLRenderWindow.cxx:169)
==30166== by 0x2131C128: vtkOSOpenGLRenderWindow::Finalize() (vtkOSOpenGLRenderWindow.cxx:281)
==30166== by 0x2131B952: vtkOSOpenGLRenderWindow::~vtkOSOpenGLRenderWindow() (vtkOSOpenGLRenderWindow.cxx:103)
==30166== by 0x2131BA1B: vtkOSOpenGLRenderWindow::~vtkOSOpenGLRenderWindow() (vtkOSOpenGLRenderWindow.cxx:114)
==30166== by 0x5F95FBC: vtkObjectBase::UnRegisterInternal(vtkObjectBase*, int) (vtkObjectBase.cxx:232)
==30166== by 0x5F982E2: vtkObject::UnRegisterInternal(vtkObjectBase*, int) (vtkObject.cxx:904)
==30166== by 0x5F95E71: vtkObjectBase::UnRegister(vtkObjectBase*) (vtkObjectBase.cxx:189)
==30166== by 0x1C4079C4: vtkRenderWindow::UnRegister(vtkObjectBase*) (vtkRenderWindow.cxx:1453)
==30166== by 0x3EF02050: vtkImporter::SetRenderWindow(vtkRenderWindow*) (vtkImporter.cxx:20)
==30166== by 0x3EF02105: vtkImporter::~vtkImporter() (vtkImporter.cxx:30)
==30166== by 0x3EF00E97: vtk3DSImporter::~vtk3DSImporter() (vtk3DSImporter.cxx:1209)
==30166== by 0x3EF00EEB: vtk3DSImporter::~vtk3DSImporter() (vtk3DSImporter.cxx:1305)
==30166== by 0x5F95FBC: vtkObjectBase::UnRegisterInternal(vtkObjectBase*, int) (vtkObjectBase.cxx:232)
==30166== by 0x5F982E2: vtkObject::UnRegisterInternal(vtkObjectBase*, int) (vtkObject.cxx:904)
==30166== by 0x5F95E71: vtkObjectBase::UnRegister(vtkObjectBase*) (vtkObjectBase.cxx:189)
==30166== by 0x5FC33F2: vtkSmartPointerBase::~vtkSmartPointerBase() (vtkSmartPointerBase.cxx:62)
==30166== by 0x520B8E4: vtkPythonUtil::RemoveObjectFromMap(_object*) (vtkPythonUtil.cxx:322)
==30166== by 0x52192A1: PyVTKObject_Delete(_object*) (PyVTKObject.cxx:309)
==30166== by 0x63C3876: insertdict (dictobject.c:539)
==30166== by 0x63C5D31: PyDict_SetItem (dictobject.c:784)
==30166== by 0x63C9621: _PyModule_Clear (moduleobject.c:138)
==30166== by 0x6433CB4: PyImport_Cleanup (import.c:445)
==30166== by 0x643FF7A: Py_Finalize (pythonrun.c:454)
==30166== by 0x643F0C7: Py_Exit (pythonrun.c:1768)
==30166== by 0x643F1E5: handle_system_exit.part.2 (pythonrun.c:1142)
==30166== by 0x643F3ED: PyErr_PrintEx (pythonrun.c:1098)
==30166== by 0x643F894: PyRun_SimpleFileExFlags (pythonrun.c:955)
==30166== by 0x6450C51: Py_Main (main.c:639)
==30166== by 0x4018E1: main (vtkPythonAppInit.cxx:169)
Thread 2: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 3: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 4: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 5: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 6: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 7: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 8: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 9: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 10: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 11: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 12: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 13: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 14: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 15: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 16: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Thread 17: status = VgTs_WaitSys
==30166== at 0x73985E5: pthread_cond_wait@@GLIBC_2.3.2 (pthread_cond_wait.S:165)
==30166== by 0x1DB86906: pipe_semaphore_wait (os_thread.h:434)
==30166== by 0x1DB88091: thread_function (lp_rast.c:773)
==30166== by 0x7394D14: start_thread (pthread_create.c:308)
==30166== by 0x4F2453C: clone (clone.S:114)
Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.
If that doesn't help, please report this bug to: www.valgrind.org
In the bug report, send all the above text, the valgrind
version, and what OS and version you are using. Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20130812/67b4a38e/attachment.pgp>
More information about the mesa-dev
mailing list