totem (gnome-videos) crashes on exit with the following backtrace:
Core was generated by `totem bbb_720p.mov'. Program terminated with signal SIGSEGV, Segmentation fault. #0 get_next_argument (signature=0x2c <error: Cannot access memory at address 0x2c>, details=details@entry=0xbee39a9c) at ../src/connection.c:430 430 for(; *signature; ++signature) { [Current thread is 1 (Thread 0xb213cd70 (LWP 12827))] (gdb) bt #0 get_next_argument (signature=0x2c <error: Cannot access memory at address 0x2c>, details=details@entry=0xbee39a9c) at ../src/connection.c:430 #1 0xb4ce69ba in wl_argument_from_va_list (signature=<optimized out>, args=args@entry=0xbee39acc, count=count@entry=20, ap=..., ap@entry=...) at ../src/connection.c:493 #2 0xb4ce5598 in wl_proxy_marshal (proxy=0x7f6bedb0, opcode=1) at ../src/wayland-client.c:692 #3 0xb4f8685e in window_surface_delete () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #4 0xb4f7e1e4 in eglp_window_surface_specific_deinitialization () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #5 0xb4f7cd14 in eglp_delete_surface () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #6 0xb4f7ce74 in eglp_destroy_all_non_current_surfaces () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #7 0xb4f7a71a in eglp_try_display_finish_terminating () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #8 0xb4f7b1e2 in eglTerminate () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #9 0xb4f7b22c in eglp_unload_callback () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #10 0xb4decc24 in osup_term_unload_hooks () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #11 0xb4dde4ca in osup_c_unload_hook () from /usr/lib/arm-linux-gnueabihf/egl-current/libwayland-egl.so.1 #12 0xb6fd3f42 in ?? () from /lib/ld-linux-armhf.so.3 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
following it, i get:
(gdb) print (struct wl_proxy) *0x7f6bedb0 $3 = {object = {interface = 0x7fe1bfc8, implementation = 0x7fb51c30, id = 44}, display = 0x7f660ec0, queue = 0x7f660f2c, flags = 2, refcount = 1, user_data = 0x0, dispatcher = 0x0, version = 3} (gdb) print (struct wl_interface) *0x7fe1bfc8 # => this is proxy->interface - you can see the name is garbage already $4 = {name = 0xa93e931d "iXh\377\367Һ\022KP!0\265{D\021L\205\260\025F\034Y#h\003\223\377\367\f\354\016IjF", version = 49, method_count = -2147421248, methods = 0x7f6beda8, event_count = 0, events = 0x0} (gdb) print (struct wl_message) *0x7f6beda8 # => this is proxy->interface->methods => you can see the signature field cannot be accessed (0x31 is invalid) leading to the segmentation fault $5 = {name = 0x0, signature = 0x31 <error: Cannot access memory at address 0x31>, types = 0x7fe1bfc8}
which means that window_surface_delete sends garbage to the wayland-client library.
window_surface_delete
The interesting bit is that this trace was obtained using the corefile => if i run totem in gdb, there is no segmentation fault - probably because the function calls are delayed and the free does not happen fast enough.
free
Any help would be appreciated.
EGL_VERSION = 1.4 Midgard-"r12p0-04rel0" EGL_VENDOR = ARM EGL_EXTENSIONS = EGL_WL_bind_wayland_display EGL_KHR_partial_update EGL_KHR_config_attribs EGL_KHR_image EGL_KHR_image_base EGL_KHR_fence_sync EGL_KHR_wait_sync EGL_KHR_gl_colorspace EGL_KHR_get_all_proc_addresses EGL_IMG_context_priority EGL_ARM_pixmap_multisample_discard EGL_KHR_gl_texture_2D_image EGL_KHR_gl_renderbuffer_image EGL_KHR_create_context EGL_KHR_surfaceless_context EGL_KHR_gl_texture_cubemap_image EGL_EXT_create_context_robustness EGL_KHR_cl_event2 EGL_CLIENT_APIS = OpenGL_ES GL_VERSION: OpenGL ES 3.1 v1.r12p0-04rel0.f9ea82e6bf7f0bb7544260636f375425 GL_RENDERER: Mali-T628 GL_EXTENSIONS: GL_ARM_rgba8, GL_ARM_mali_shader_binary, GL_OES_depth24, GL_OES_depth_texture, GL_OES_depth_texture_cube_map, GL_OES_packed_depth_stencil, GL_OES_rgb8_rgba8, GL_EXT_read_format_bgra, GL_OES_compressed_paletted_texture, GL_OES_compressed_ETC1_RGB8_texture, GL_OES_standard_derivatives, GL_OES_EGL_image, GL_OES_EGL_image_external, GL_OES_EGL_image_external_essl3, GL_OES_EGL_sync, GL_OES_texture_npot, GL_OES_vertex_half_float, GL_OES_required_internalformat, GL_OES_vertex_array_object, GL_OES_mapbuffer, GL_EXT_texture_format_BGRA8888, GL_EXT_texture_rg, GL_EXT_texture_type_2_10_10_10_REV, GL_OES_fbo_render_mipmap, GL_OES_element_index_uint, GL_EXT_shadow_samplers, GL_OES_texture_compression_astc, GL_KHR_texture_compression_astc_ldr, GL_KHR_texture_compression_astc_hdr, GL_KHR_texture_compression_astc_sliced_3d, GL_KHR_debug, GL_EXT_occlusion_query_boolean, GL_EXT_disjoint_timer_query, GL_EXT_blend_minmax, GL_EXT_discard_framebuffer, GL_OES_get_program_binary, GL_OES_texture_3D, GL_EXT_texture_storage, GL_EXT_multisampled_render_to_texture, GL_OES_surfaceless_context, GL_OES_texture_stencil8, GL_EXT_shader_pixel_local_storage, GL_ARM_shader_framebuffer_fetch, GL_ARM_shader_framebuffer_fetch_depth_stencil, GL_ARM_mali_program_binary, GL_EXT_sRGB, GL_EXT_sRGB_write_control, GL_EXT_texture_sRGB_decode, GL_KHR_blend_equation_advanced, GL_KHR_blend_equation_advanced_coherent, GL_OES_texture_storage_multisample_2d_array, GL_OES_shader_image_atomic, GL_EXT_robustness, GL_EXT_texture_border_clamp, GL_OES_texture_border_clamp, GL_EXT_texture_cube_map_array, GL_OES_texture_cube_map_array, GL_OES_sample_variables, GL_OES_sample_shading, GL_OES_shader_multisample_interpolation, GL_EXT_shader_io_blocks, GL_OES_shader_io_blocks, GL_EXT_gpu_shader5, GL_OES_gpu_shader5, GL_EXT_texture_buffer, GL_OES_texture_buffer, GL_EXT_copy_image, GL_OES_copy_image