The crash happens only when calling eglReleaseThread() from destructor of the process. Please find the attached simple app which can be used to repro the issue.
With valgrind, I see there is some invalid memory access during the eglReleaseThread() call. Find the logs below: ==5059== Invalid read of size 8 ==5059== at 0x70480EC: eglReleaseThread (eglapi.c:1706) ==5059== by 0x48825B7: eglReleaseThread (in /usr/lib/aarch64-linux-gnu/libEGL.so.1.1.0) ==5059== by 0x1089FB: deinit (in /home/ubuntu/egl_sample/egl_sample) ==5059== by 0x400EBFF: _dl_fini (dl-fini.c:138) ==5059== by 0x48DC84B: __run_exit_handlers (exit.c:108) ==5059== by 0x48DC9DB: exit (exit.c:139) ==5059== by 0x48C7093: (below main) (libc-start.c:342) ==5059== Address 0x4c6f8c8 is 8 bytes inside a block of size 48 free'd ==5059== at 0x484AF20: free (in /usr/lib/aarch64-linux-gnu/valgrind/vgpreload_memcheck-arm64-linux.so) ==5059== by 0x7051FE3: _eglDestroyThreadInfo (eglcurrent.c:134) ==5059== by 0x7051FE3: _eglFiniTSD (eglcurrent.c:76) ==5059== by 0x70539CF: _eglAtExit (eglglobals.c:112) ==5059== by 0x48DC84B: __run_exit_handlers (exit.c:108) ==5059== by 0x48DC9DB: exit (exit.c:139) ==5059== by 0x48C7093: (below main) (libc-start.c:342) So eglReleaseThread() in this case, tries to access the _EGLThreadInfo memory already freed by _eglFiniTSD() ? But it is expected that a new instance of _EGLThreadInfo has to be created when eglReleaseThread() is called from the app in this case. ** Attachment added: "egl_sample.tar" https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/1946621/+attachment/5531907/+files/egl_sample.tar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1946621 Title: Crash in libegl-mesa0 (eglReleaseThread) Status in mesa package in Ubuntu: New Bug description: Crash in libegl-mesa0 (in eglReleaseThread API), please find the backtrace: #0 0x0000fffff7c86ac4 in __GI___pthread_mutex_lock (mutex=mutex@entry=0x8) at pthread_mutex_lock.c:67 #1 0x0000fffff4a7d110 in mtx_lock (mtx=0x8) at ../include/c11/threads_posix.h:223 #2 eglReleaseThread () at ../src/egl/main/eglapi.c:1713 #3 0x0000fffff6c115b8 in eglReleaseThread () at /lib/aarch64-linux-gnu/libEGL.so.1 #4 0x0000fffff7fdac00 in () at /lib/ld-linux-aarch64.so.1 #5 0x0000fffff7b4284c in __run_exit_handlers (status=0, listp=0xfffff7c76680 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 #6 0x0000fffff7b429dc in __GI_exit (status=<optimized out>) at exit.c:139 #7 0x0000fffff7b2d094 in __libc_start_main (main= 0xaaaaaaaa3530 <main>, argc=13, argv=0xfffffffff488, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>) at ../csu/libc-start.c:342 #8 0x0000aaaaaaaa4014 in _start () It crashes at: https://github.com/mesa3d/mesa/blob/mesa-21.0.3/src/egl/main/eglapi.c#L1713. 'disp' pointer is being NULL in this case. Actually nvidia's EGL backend is being loaded by glvnd in this case. But the eglReleaseThread() implementation of glvnd calls the eglReleaseThread() API of all the vendors, that's how it end-up calling the eglReleaseThread() API of Mesa backend. Refer: https://github.com/NVIDIA/libglvnd/blob/master/src/EGL/libegl.c#L806 lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal apt-cache policy libegl-mesa0 libegl-mesa0: Installed: 21.0.3-0ubuntu0.3~20.04.2 Candidate: 21.0.3-0ubuntu0.3~20.04.2 Version table: *** 21.0.3-0ubuntu0.3~20.04.2 500 500 http://ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages 100 /var/lib/dpkg/status 20.0.4-2ubuntu1 500 500 http://ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/1946621/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
