MALI: eglDestroySurface() causes segmentation fault

Hi,

Some EGL applications in Wayland (using Odroid XU3 Wayland drivers r12p0) crash in eglDestroySurface

Example: start totem playing a video (totem <file>), then press the "<" back button to go to the totem main screen (from the video screen) => crash.

This is a gdb trace:

Thread 1 "totem" hit Breakpoint 1, _cogl_winsys_onscreen_deinit (
    onscreen=0x918bb8) at winsys/cogl-winsys-egl.c:691
691           if (eglDestroySurface (egl_renderer->edpy, egl_onscreen->egl_surface)
(gdb) bt
#0  0xb625247a in _cogl_winsys_onscreen_deinit (onscreen=0x918bb8) at winsys/cogl-winsys-egl.c:691
#1  0xb6243312 in _cogl_onscreen_free (onscreen=0x918bb8) at cogl-onscreen.c:169
#2  0xb6243312 in _cogl_object_onscreen_indirect_free (obj=0x918bb8) at cogl-onscreen.c:53
#3  0xb62d8b08 in  () at /usr/lib/arm-linux-gnueabihf/libclutter-1.0.so.0
(gdb) bt full
#0  0xb625247a in _cogl_winsys_onscreen_deinit (onscreen=0x918bb8) at winsys/cogl-winsys-egl.c:691
        framebuffer = 0x918bb8
        context = <optimized out>
        egl_display = <optimized out>
        renderer = <optimized out>
        egl_renderer = 0x4a8c18
        egl_onscreen = 0x6a8d20
#1  0xb6243312 in _cogl_onscreen_free (onscreen=0x918bb8) at cogl-onscreen.c:169
        framebuffer = 0x918bb8
        winsys = 0xb627ee78 <vtable>
        frame_info = 0x0
#2  0xb6243312 in _cogl_object_onscreen_indirect_free (obj=0x918bb8) at cogl-onscreen.c:53
#3  0xb62d8b08 in  () at /usr/lib/arm-linux-gnueabihf/libclutter-1.0.so.0
(gdb) p egl_renderer->edpy
$6 = (EGLDisplay) 0x4e5dc8
(gdb) p egl_onscreen->egl_surface
$7 = (EGLSurface) 0x5997e8
(gdb) p *0x5997e8
$8 = 5300096
(gdb) p *0x4e5dc8
$9 = 0
(gdb) step
[Thread 0xa94221e0 (LWP 7997) exited]
[Thread 0x945a91e0 (LWP 7979) exited]
[Thread 0x955a91e0 (LWP 7977) exited]
[Thread 0x965a91e0 (LWP 7975) exited]
[Thread 0x97cf81e0 (LWP 7973) exited]
[Thread 0x95da91e0 (LWP 7976) exited]
[Thread 0x92dd51e0 (LWP 7996) exited]
[Thread 0x94da91e0 (LWP 7978) exited]

Thread 1 "totem" received signal SIGSEGV, Segmentation fault.
0xb59c3518 in wl_proxy_marshal () from /usr/lib/arm-linux-gnueabihf/libwayland-client.so.0
(gdb) bt full
#0  0xb59c3518 in wl_proxy_marshal () at /usr/lib/arm-linux-gnueabihf/libwayland-client.so.0
#1  0xb4afb85e in window_surface_delete () at /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1
#2  0xb4af31e4 in eglp_window_surface_specific_deinitialization () at /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1
#3  0xb4af1d14 in eglp_delete_surface () at /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1
#4  0xb4af2540 in eglDestroySurface () at /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1
#5  0xb6252480 in _cogl_winsys_onscreen_deinit (onscreen=0x918bb8) at winsys/cogl-winsys-egl.c:691
        framebuffer = 0x918bb8
        context = <optimized out>
        egl_display = <optimized out>
        renderer = <optimized out>
        egl_renderer = 0x4a8c18
        egl_onscreen = 0x6a8d20
#6  0xb6243312 in _cogl_onscreen_free (onscreen=0x918bb8) at cogl-onscreen.c:169
        framebuffer = 0x918bb8
        winsys = 0xb627ee78 <vtable>
        frame_info = 0x0
#7  0xb6243312 in _cogl_object_onscreen_indirect_free (obj=0x918bb8) at cogl-onscreen.c:53
#8  0xb62d8b08 in  () at /usr/lib/arm-linux-gnueabihf/libclutter-1.0.so.0

You can see that _cogl_winsys_onscreen_deinit calls eglDestroySurface with valid parameters (EGLDisplay and EGLSurface) but then there is a crash after window_surface_delete in libwayland-egl.so.1 (which points to libmali.so)

Any thoughts on this issue?

Thanks.

  • Hi ,

    I had a chat with our driver team and they think the application is causing the crash because its calling eglDestroySurface after the app destroyed the window. Could you please check if that is the case?

    Regards,

    DDD

  • Hi

    I will have a look at the application code. The trace here is from cogl library, not the totem app.

    But this issue happens when going from playing the video to showing the list of videos/playlist. So I'm not exiting the app, and the app doesn't change the window when pressing the BACK button, just the contents. I would assume the playlist content does not use EGL, so the egl "window" might get destroyed/corrupted.

    Another thing pointing to the driver is that this issue does not happen on my desktop with intel GPU, and never heard of it happening either with nvidia/amd gpus...

    Thanks for the reply, I'll post back after combing the app code...

More questions in this forum