Mysterious crash on OpenGL ES Surface closing on Galaxy S3 or Note 2
I was faced by a fairly ugly issue on Guidants Mobile these days. After the 4.3 update by Samsung our app crashed on the S3 and the Note 2 with a corrupted heap whenever the OpenGL ES Surface (in this case a TextureView) was closed. The crash didn’t occur on 4.1 or on other devices. The crash log might look something like this:
F/libc (19140): Fatal signal 11 (SIGSEGV) at 0xffffffff (code=1), thread 19196 (Thread-215)
I/DEBUG ( 2104): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 2104): Build fingerprint: ‘samsung/m0xx/m0:4.3/JSS15J/I9300XXUGMJ9:user/release-keys’
I/DEBUG ( 2104): Revision: '12’
I/DEBUG ( 2104): pid: 19140, tid: 19196, name: Thread-215 >>> ag.boersego.myrmecophaga <<<
I/DEBUG ( 2104): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr ffffffff
I/DEBUG ( 2104): r0 ffffffff r1 4014ce00 r2 401142f1 r3 00000000
I/DEBUG ( 2104): r4 5d7effa0 r5 5d6b5c58 r6 00000001 r7 00000003
I/DEBUG ( 2104): r8 4014f538 r9 4014f2f0 sl 63d23dd0 fp 4014f2f0
I/DEBUG ( 2104): ip 60f54ea0 sp 63d23d50 lr 40110cdd pc 60ebae24 cpsr a00e0010
I/DEBUG ( 2104): d0 0000000000000000 d1 0000000000000000
I/DEBUG ( 2104): d2 0000000000000000 d3 0000000000000000
I/DEBUG ( 2104): d4 0000000000000001 d5 0000000000000000
I/DEBUG ( 2104): d6 44340000000002d0 d7 00000000000002d0
I/DEBUG ( 2104): d8 0000000000000000 d9 0000000000000000
I/DEBUG ( 2104): d10 0000000000000000 d11 0000000000000000
I/DEBUG ( 2104): d12 0000000000000000 d13 0000000000000000
I/DEBUG ( 2104): d14 0000000000000000 d15 0000000000000000
I/DEBUG ( 2104): d16 0000000000000001 d17 0000000000000000
I/DEBUG ( 2104): d18 0000000000000000 d19 0000000000000001
I/DEBUG ( 2104): d20 0000000000004000 d21 0000000000000000
I/DEBUG ( 2104): d22 0000000000004000 d23 0000000000000001
I/DEBUG ( 2104): d24 0000000000000000 d25 3f67f26832c604c8
I/DEBUG ( 2104): d26 3c60000000000000 d27 4338000000000000
I/DEBUG ( 2104): d28 3fe45f306dc9c883 d29 4338000000000130
I/DEBUG ( 2104): d30 4073000000000000 d31 0000000000004000
I/DEBUG ( 2104): scr 20000013
I/DEBUG ( 2104):
I/DEBUG ( 2104): backtrace:
I/DEBUG ( 2104): #00 pc 00053e24 /system/lib/libMali.so
I/DEBUG ( 2104): #01 pc 0000d71c /system/lib/libc.so
I/DEBUG ( 2104): #02 pc 0000ee78 /system/lib/libc.so (pthread_exit+80)
I/DEBUG ( 2104): #03 pc 0000d3e0 /system/lib/libc.so (pthread_create+240)
I/DEBUG ( 2104):
I/DEBUG ( 2104): stack:
I/DEBUG ( 2104): 63d23d10 00000001
I/DEBUG ( 2104): 63d23d14 60eb5e5c /system/lib/libMali.so
I/DEBUG ( 2104): 63d23d18 00000001
I/DEBUG ( 2104): 63d23d1c 00000000
I/DEBUG ( 2104): 63d23d20 00000003
I/DEBUG ( 2104): 63d23d24 000030a0
I/DEBUG ( 2104): 63d23d28 401b847d /system/lib/libbinder.so (android::IPCThreadState::threadDestructor(void*))
I/DEBUG ( 2104): 63d23d2c 5d7effa0
I/DEBUG ( 2104): 63d23d30 4014d000 /system/lib/libc.so
I/DEBUG ( 2104): 63d23d34 5d7effa0
I/DEBUG ( 2104): 63d23d38 5d6b5c58
I/DEBUG ( 2104): 63d23d3c 00000001
I/DEBUG ( 2104): 63d23d40 00000003
I/DEBUG ( 2104): 63d23d44 40110cdd /system/lib/libc.so (free+12)
I/DEBUG ( 2104): 63d23d48 00000001
I/DEBUG ( 2104): 63d23d4c 60ebae0c /system/lib/libMali.so
I/DEBUG ( 2104): #00 63d23d50 5d7effa0
I/DEBUG ( 2104): 63d23d54 4014f348 /system/lib/libc.so
I/DEBUG ( 2104): 63d23d58 0000001c
I/DEBUG ( 2104): 63d23d5c 4014f35c /system/lib/libc.so
I/DEBUG ( 2104): 63d23d60 60ebaf20 /system/lib/libMali.so
I/DEBUG ( 2104): 63d23d64 40110720 /system/lib/libc.so
I/DEBUG ( 2104): #01 63d23d68 419775dc /system/lib/libdvm.so
I/DEBUG ( 2104): 63d23d6c 5d7effa0
I/DEBUG ( 2104): 63d23d70 00000004
I/DEBUG ( 2104): 63d23d74 4014f2f0 /system/lib/libc.so
I/DEBUG ( 2104): 63d23d78 00000001
I/DEBUG ( 2104): 63d23d7c 5f1166d0
I/DEBUG ( 2104): 63d23d80 00000000
I/DEBUG ( 2104): 63d23d84 00000000
I/DEBUG ( 2104): 63d23d88 000fe000
I/DEBUG ( 2104): 63d23d8c 63c26000
I/DEBUG ( 2104): 63d23d90 63d23dd0
I/DEBUG ( 2104): 63d23d94 bedd0574 [stack]
I/DEBUG ( 2104): 63d23d98 00000000
I/DEBUG ( 2104): 63d23d9c 40111e7c /system/lib/libc.so (pthread_exit+84)
I/DEBUG ( 2104): #02 63d23da0 63d23dd0
I/DEBUG ( 2104): 63d23da4 5f1166d0
I/DEBUG ( 2104): 63d23da8 4191b6f5 /system/lib/libdvm.so
I/DEBUG ( 2104): 63d23dac 5f116278
I/DEBUG ( 2104): 63d23db0 4191b6f5 /system/lib/libdvm.so
I/DEBUG ( 2104): 63d23db4 5f1166d0
I/DEBUG ( 2104): 63d23db8 400fff2c /system/bin/linker
I/DEBUG ( 2104): 63d23dbc 0000000b
I/DEBUG ( 2104): 63d23dc0 00000078
I/DEBUG ( 2104): 63d23dc4 4191b6f5 /system/lib/libdvm.so
I/DEBUG ( 2104): 63d23dc8 bedd0574 [stack]
I/DEBUG ( 2104): 63d23dcc 401103e4 /system/lib/libc.so (pthread_create+244)
It might complain about a corrupt heap on free or dlmalloc, and every now and then libMali.so might crop up in the stack trace. I started instrumenting all my native code for heap debugging (hint: This android dev post or this SO post are quite helpful for that). It didn’t appear that I had any stray memset or memcpy calls, so I started the good old divide-and-conquer commenting out of code.
It turned out that after you’re done with an EGL context, you can’t just call eglDestroyContext on it with the latest Sammy GL libs. You need to use eglMakeCurrent first to make another context (or none at all) the current context, something that all other EGL implementations do for you. So the code to destroy the context should look something like:
mEgl.eglMakeCurrent(mEglDisplay, EGL10.EGL_NO_SURFACE, EGL10.EGL_NO_SURFACE, EGL10.EGL_NO_CONTEXT);
mEgl.eglDestroyContext(mEglDisplay, mEglContext);
mEgl.eglDestroySurface(mEglDisplay, mEglSurface);
mEglSurface = null;
mEglContext = null;