OpenMW occasionally crashing on mali t760

[icecream95]

I'm getting problems with OpenMW crashing every 30 minutes or so.

The problem is reproducible - when it crashes soon after saving, if I load that save and repeat the same actions it crashes again.

Here is a typical crash log:

*** Fatal Error ***
Invalid permissions for mapped object (signal 11)
Address: 0xa2b9d000

System: Linux alarm 5.1.0+ #1 SMP PREEMPT Wed May 29 15:11:54 NZST 2019 armv7l

Executing: gdb --quiet --batch --command=/tmp/gdb-respfile-NpSyeb
[New LWP 7277]
[New LWP 7278]
[New LWP 7279]
[New LWP 7280]
[New LWP 7281]
[New LWP 7282]
[New LWP 7283]
[New LWP 7284]
[New LWP 7285]
[New LWP 7286]
[New LWP 7290]
[New LWP 7291]
[New LWP 7292]
[New LWP 7293]
[New LWP 7294]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () from /usr/lib/libpthread.so.0

* Loaded Libraries
From        To          Syms Read   Shared Object Library
0xb6cf8bb0  0xb6eb3674  Yes (*)     /mnt/usr/local/lib/libosg.so.158
0xb6c36314  0xb6c37ef4  Yes (*)     /mnt/usr/local/lib/libOpenThreads.so.21
0xb6bebf00  0xb6c1b9e4  Yes (*)     /mnt/usr/local/lib/libosgParticle.so.158
0xb6aa11a8  0xb6ba0bb4  Yes (*)     /mnt/usr/local/lib/libosgUtil.so.158
0xb695c8b8  0xb6a09d6c  Yes (*)     /mnt/usr/local/lib/libosgDB.so.158
0xb685b758  0xb68da070  Yes (*)     /mnt/usr/local/lib/libosgViewer.so.158
0xb67b5228  0xb67ede9c  Yes (*)     /mnt/usr/local/lib/libosgGA.so.158
0xb672a300  0xb672a428  Yes (*)     /usr/lib/libboost_system.so.1.69.0
0xb6709158  0xb6716ac4  Yes (*)     /usr/lib/libboost_filesystem.so.1.69.0
0xb66a1f68  0xb66e8c48  Yes (*)     /usr/lib/libboost_program_options.so.1.69.0
0xb6599e48  0xb65f7410  Yes (*)     /usr/lib/libopenal.so.1
0xb5330480  0xb5b26480  Yes (*)     /usr/lib/libavcodec.so.58
0xb510bd08  0xb5297900  Yes (*)     /usr/lib/libavformat.so.58
0xb507cba0  0xb50bf918  Yes (*)     /usr/lib/libavutil.so.56
0xb5002750  0xb5057170  Yes (*)     /usr/lib/libswscale.so.5
0xb4fde950  0xb4fec108  Yes (*)     /usr/lib/libswresample.so.3
0xb4e74878  0xb4fa74b4  Yes         /mnt/usr/local/lib/libMyGUIEngine.so.3
0xb4d0d788  0xb4de2628  Yes         /usr/local/lib/libSDL2-2.0.so.0
0xb4cd77b0  0xb4ce7604  Yes (*)     /usr/lib/libpthread.so.0
0xb4c898d8  0xb4cbaf7c  Yes (*)     /mnt/usr/local/lib/libosgText.so.158
0xb4ba8938  0xb4c57be4  Yes (*)     /usr/lib/libBulletCollision.so.2.88
0xb4b4f6a8  0xb4b61c04  Yes (*)     /usr/lib/libLinearMath.so.2.88
0xb4a69de0  0xb4b16b6c  Yes         /mnt/openmw/gl4es/build/lib/libGL.so.1
0xb45fa408  0xb4995890  Yes (*)     /usr/lib/libQt5Widgets.so.5
0xb4103400  0xb44984c4  Yes (*)     /usr/lib/libQt5Gui.so.5
0xb3c1c950  0xb3edc114  Yes (*)     /usr/lib/libQt5Core.so.5
0xb3ac5398  0xb3b7d100  Yes         /usr/lib/libstdc++.so.6
0xb39dd2a0  0xb3a106f8  Yes (*)     /usr/lib/libm.so.6
0xb39b61b8  0xb39c4134  Yes         /usr/lib/libgcc_s.so.1
0xb3875040  0xb3974d48  Yes (*)     /usr/lib/libc.so.6
0xb6f01b80  0xb6f1cc9c  Yes (*)     /lib/ld-linux-armhf.so.3
0xb3848820  0xb384c10c  Yes (*)     /usr/lib/librt.so.1
0xb3834a20  0xb3835a6c  Yes (*)     /usr/lib/libdl.so.2
0xb3810b58  0xb381dd74  Yes (*)     /usr/lib/libz.so.1
0xb37028c8  0xb3785af0  Yes (*)     /usr/lib/libX11.so.6
0xb36dc8f4  0xb36dd380  Yes (*)     /usr/lib/libXinerama.so.1
0xb36c472c  0xb36ca8a8  Yes (*)     /usr/lib/libXrandr.so.2
0xb351c3d0  0xb368bd80  Yes (*)     /usr/lib/libvpx.so.6
0xb3502000  0xb350761c  Yes (*)     /usr/lib/libwebpmux.so.3
0xb34a9ff8  0xb34e7440  Yes (*)     /usr/lib/libwebp.so.7
0xb34793c8  0xb348fe7c  Yes (*)     /usr/lib/liblzma.so.5
0xb3456658  0xb345fa88  Yes (*)     /usr/lib/libopencore-amrwb.so.0
0xb343ce24  0xb3444644  Yes (*)     /usr/lib/libgsm.so.1
0xb33c5828  0xb33f317c  Yes (*)     /usr/lib/libmp3lame.so.0
0xb338e81c  0xb33a76dc  Yes (*)     /usr/lib/libopencore-amrnb.so.0
0xb33386b8  0xb3375c48  Yes (*)     /usr/lib/libopenjp2.so.7
0xb32d2428  0xb3314d10  Yes (*)     /usr/lib/libopus.so.0
0xb32ad890  0xb32bb308  Yes (*)     /usr/lib/libspeex.so.1
0xb3267e78  0xb328b74c  Yes (*)     /usr/lib/libtheoraenc.so.1
0xb3244050  0xb3254fc8  Yes (*)     /usr/lib/libtheoradec.so.1
0xb320e918  0xb32230a0  Yes (*)     /usr/lib/libvorbis.so.0
0xb3180d78  0xb31833d0  Yes (*)     /usr/lib/libvorbisenc.so.2
0xb2f3dcd8  0xb3052158  Yes (*)     /usr/lib/libx264.so.157
0xb2e106e8  0xb2f125d0  Yes (*)     /usr/lib/libx265.so.169
0xb2d11528  0xb2d74168  Yes (*)     /usr/lib/libxvidcore.so.4
0xb2ce2fc4  0xb2cf5d04  Yes (*)     /usr/lib/libva.so.2
0xb2bc0ea8  0xb2cac8d4  Yes (*)     /usr/lib/libxml2.so.2
0xb2b84eb8  0xb2b91504  Yes (*)     /usr/lib/libbz2.so.1.0
0xb29f9d78  0xb2a306dc  Yes (*)     /usr/lib/libmodplug.so.1
0xb29a1ef0  0xb29d8c08  Yes (*)     /usr/lib/libbluray.so.2
0xb293a2e0  0xb29841f4  Yes (*)     /usr/lib/libgmp.so.10
0xb27b26a0  0xb28da70c  Yes (*)     /usr/lib/libgnutls.so.30
0xb2722658  0xb275cb80  Yes (*)     /usr/lib/libssh.so.4
0xb2706940  0xb2707030  Yes (*)     /usr/lib/libva-drm.so.2
0xb26f2224  0xb26f446c  Yes (*)     /usr/lib/libva-x11.so.2
0xb26ddbc0  0xb26dec54  Yes (*)     /usr/lib/libvdpau.so.1
0xb26c13fc  0xb26caf40  Yes (*)     /usr/lib/libdrm.so.2
0xb2653a00  0xb26762c8  Yes (*)     /usr/lib/libsoxr.so.0
0xb25a3f70  0xb261ae80  Yes (*)     /usr/lib/libfreetype.so.6
0xb2560edc  0xb25878e4  Yes (*)     /usr/lib/libdbus-1.so.3
0xb24ea1a8  0xb251f66c  Yes (*)     /usr/lib/libibus-1.0.so.5
0xb2381a58  0xb24973a0  Yes (*)     /usr/lib/libgio-2.0.so.0
0xb22ffb90  0xb23393b0  Yes (*)     /usr/lib/libgobject-2.0.so.0
0xb21fc5d8  0xb2283b78  Yes (*)     /usr/lib/libglib-2.0.so.0
0xb21b1a5c  0xb21bad24  Yes (*)     /usr/lib/libunwind.so.8
0xb2175954  0xb2184380  Yes (*)     /usr/lib/libunwind-arm.so.8
0xb2160e28  0xb2162380  Yes (*)     /usr/lib/libts.so.0
0xb2127958  0xb21495b0  Yes (*)     /usr/lib/libpng16.so.16
0xb20439f8  0xb20f1730  Yes (*)     /usr/lib/libharfbuzz.so.0
0xb1f95c98  0xb20155f4  Yes (*)     /usr/lib/libsystemd.so.0
0xb1de54e0  0xb1f43808  Yes (*)     /usr/lib/libicui18n.so.64
0xb1be7598  0xb1cb9644  Yes (*)     /usr/lib/libicuuc.so.64
0xb1b1f988  0xb1b75100  Yes (*)     /usr/lib/libpcre2-16.so.0
0xb1afb0b8  0xb1b084f4  Yes (*)     /usr/lib/libdouble-conversion.so.3
0xb1ad315c  0xb1ae6224  Yes (*)     /usr/lib/libxcb.so.1
0xb1aaca24  0xb1ab7718  Yes (*)     /usr/lib/libXext.so.6
0xb1a90550  0xb1a9643c  Yes (*)     /usr/lib/libXrender.so.1
0xb1a7b510  0xb1a7d784  Yes (*)     /usr/lib/libogg.so.0
0xb1a361b0  0xb1a5959c  Yes (*)     /usr/lib/libfontconfig.so.1
0xb193c12c  0xb19f18b0  Yes (*)     /usr/lib/libp11-kit.so.0
0xb1901080  0xb1905268  Yes (*)     /usr/lib/libidn2.so.0
0xb178fe94  0xb17bf83c  Yes (*)     /usr/lib/libunistring.so.2
0xb176596c  0xb1770bcc  Yes (*)     /usr/lib/libtasn1.so.6
0xb172626c  0xb174762c  Yes (*)     /usr/lib/libnettle.so.6
0xb16e5f00  0xb16f47fc  Yes (*)     /usr/lib/libhogweed.so.4
0xb151e000  0xb1670218  Yes (*)     /usr/lib/libcrypto.so.1.1
0xb14c4078  0xb14c6480  Yes (*)     /usr/lib/libXfixes.so.3
0xb148fbe8  0xb14afd14  Yes         /usr/lib/libgomp.so.1
0xb1476bd4  0xb1477c3c  Yes (*)     /usr/lib/libgmodule-2.0.so.0
0xb141d8c0  0xb145c2c8  Yes (*)     /usr/lib/libmount.so.1
0xb13f3454  0xb13ffbc4  Yes (*)     /usr/lib/libresolv.so.2
0xb13da2d0  0xb13dee20  Yes (*)     /usr/lib/libffi.so.6
0xb1360f0c  0xb13b2c78  Yes (*)     /usr/lib/libpcre.so.1
0xb1336834  0xb134cfc8  Yes (*)     /usr/lib/libgraphite2.so.3
0xb1309a3c  0xb1322be0  Yes (*)     /usr/lib/liblz4.so.1
0xb12f1e84  0xb12f3d20  Yes (*)     /usr/lib/libcap.so.2
0xb1236300  0xb12b1a44  Yes (*)     /usr/lib/libgcrypt.so.20
0xaf7dd2f0  0xaf7dd414  Yes (*)     /usr/lib/libicudata.so.64
0xaf7ca920  0xaf7cb620  Yes (*)     /usr/lib/libXau.so.6
0xaf7b5ef0  0xaf7b7628  Yes (*)     /usr/lib/libXdmcp.so.6
0xaf7762e0  0xaf7a0898  Yes (*)     /usr/lib/libexpat.so.1
0xaf75e0a0  0xaf76231c  Yes (*)     /usr/lib/libuuid.so.1
0xaf70ccd0  0xaf743cb4  Yes (*)     /usr/lib/libblkid.so.1
0xaf6e02c0  0xaf6f14e8  Yes (*)     /usr/lib/libgpg-error.so.0
0xae68f8a0  0xaf39b428  Yes (*)     /home/ixn/mali/fbdev/libGLESv1_CM.so
0xaad04ed8  0xaad09e54  Yes (*)     /usr/lib/libXcursor.so.1
0xaace6ac0  0xaacf1494  Yes (*)     /usr/lib/libXi.so.6
0xaacd2a18  0xaacd3734  Yes (*)     /usr/lib/libXss.so.1
0xaacbdc70  0xaacc068c  Yes (*)     /usr/lib/libXxf86vm.so.1
0xaad215c8  0xaad3f41c  Yes (*)     /usr/lib/libudev.so.1
0xaa82e4b0  0xaa830f80  Yes (*)     /mnt/usr/local/lib/osgPlugins-3.6.3/osgdb_png.so
0xaa811020  0xaa816f60  Yes (*)     /mnt/usr/local/lib/osgPlugins-3.6.3/osgdb_dds.so
0xa873a2c0  0xa875f150  Yes (*)     /usr/lib/libjack.so.0
0xa870eef0  0xa871f004  Yes (*)     /usr/lib/libcelt0.so.2
0xa84b1a90  0xa84e53ec  Yes (*)     /usr/lib/libpulse.so.0
0xa8435790  0xa8485230  Yes (*)     /usr/lib/pulseaudio/libpulsecommon-12.2.so
0xa83ac848  0xa8403170  Yes (*)     /usr/lib/libsndfile.so.1
0xaa308ccc  0xaa30b430  Yes (*)     /usr/lib/libasyncns.so.0
0xa835beb8  0xa8394a60  Yes (*)     /usr/lib/libFLAC.so.8
0xa7ab66b0  0xa7b346d8  Yes (*)     /usr/lib/libasound.so.2
0xaa7f8060  0xaa7fa5a8  Yes (*)     /mnt/usr/local/lib/osgPlugins-3.6.3/osgdb_tga.so
0x9ace9224  0x9aced708  Yes (*)     /mnt/usr/local/lib/osgPlugins-3.6.3/osgdb_jpeg.so
0x9ac59a50  0x9ac8e604  Yes (*)     /usr/lib/libjpeg.so.8
(*): Shared library is missing debugging information.

* Threads
  Id   Target Id                                      Frame 
* 1    Thread 0xaf6d5010 (LWP 7274) "openmw"          0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () from /usr/lib/libpthread.so.0
  2    Thread 0xae5ee110 (LWP 7277) "mali-mem-purge"  0xb38fc65c in nanosleep () from /usr/lib/libc.so.6
  3    Thread 0xadded110 (LWP 7278) "mali-utility-wo" 0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0
  4    Thread 0xad5ec110 (LWP 7279) "mali-utility-wo" 0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0
  5    Thread 0xacdeb110 (LWP 7280) "mali-utility-wo" 0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0
  6    Thread 0xac5ea110 (LWP 7281) "mali-utility-wo" 0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0
  7    Thread 0xabde9110 (LWP 7282) "mali-cmar-backe" 0xb3929688 in poll () from /usr/lib/libc.so.6
  8    Thread 0xab5e8110 (LWP 7283) "mali-hist-dump"  0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0
  9    Thread 0xa9fff110 (LWP 7284) "openmw"          0xb4ce532c in waitpid () from /usr/lib/libpthread.so.0
  10   Thread 0xa97fe110 (LWP 7285) "openmw"          0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () from /usr/lib/libpthread.so.0
  11   Thread 0xa8f7c110 (LWP 7286) "openmw"          0xb4ce0548 in pthread_cond_timedwait@@GLIBC_2.4 () from /usr/lib/libpthread.so.0
  12   Thread 0xa870d110 (LWP 7290) "openmw"          0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () from /usr/lib/libpthread.so.0
  13   Thread 0xa868c110 (LWP 7291) "openmw"          0xb4ce424c in read () from /usr/lib/libpthread.so.0
  14   Thread 0xa2c1d110 (LWP 7292) "openmw"          0xb39300fc in syscall () from /usr/lib/libc.so.6
  15   Thread 0xa8354110 (LWP 7293) "openmw"          0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0
  16   Thread 0xa21de110 (LWP 7294) "openmw"          0xb4ce30bc in do_futex_wait.constprop () from /usr/lib/libpthread.so.0

* FPU Status
fpscr          0x8000001d          -2147483619
s0             0                   (raw 0x00000000)
s1             0                   (raw 0x00000000)
s2             0                   (raw 0x00000000)
s3             1.875               (raw 0x3ff00000)
s4             0                   (raw 0x00000000)
s5             0                   (raw 0x00000000)
s6             3.40282347e+38      (raw 0x7f7fffff)
s7             5.71511555          (raw 0x40b6e23a)
s8             0                   (raw 0x00000000)
s9             0                   (raw 0x00000000)
s10            0.573411167         (raw 0x3f12cb13)
s11            1.76835275          (raw 0x3fe25962)
s12            -0.818140864        (raw 0xbf5171ae)
s13            -1.82953513         (raw 0xbfea2e35)
s14            3192.01245          (raw 0x45478033)
s15            -625.567078         (raw 0xc41c644b)
s16            5.77756515e-15      (raw 0x27d028a2)
s17            3.82946444          (raw 0x407515f2)
s18            -1                  (raw 0xbf800000)
s19            1.57499993          (raw 0x3fc99999)
s20            -7.60843332e+37     (raw 0xfe64f53d)
s21            3.58119607          (raw 0x40653251)
s22            0                   (raw 0x00000000)
s23            0                   (raw 0x00000000)
s24            0                   (raw 0x00000000)
s25            0                   (raw 0x00000000)
s26            0                   (raw 0x00000000)
s27            0                   (raw 0x00000000)
s28            0                   (raw 0x00000000)
s29            0                   (raw 0x00000000)
s30            0                   (raw 0x00000000)
s31            0                   (raw 0x00000000)

* Registers
r0             0x1ef30ac           32452780
r1             0x80                128
r2             0x0                 0
r3             0x0                 0
r4             0x0                 0
r5             0x1ef30ac           32452780
r6             0x1ef3080           32452736
r7             0xf0                240
r8             0x0                 0
r9             0x1ef3094           32452756
r10            0xbeab0c90          3198880912
r11            0x1                 1
r12            0x0                 0
sp             0xbeab0c60          0xbeab0c60
lr             0xaf6d54d0          -1351789360
pc             0xb4ce0138          0xb4ce0138 <pthread_cond_wait@@GLIBC_2.4+564>
cpsr           0x800f0010          -2146500592
fpscr          0x8000001d          -2147483619

* Backtrace

Thread 16 (Thread 0xa21de110 (LWP 7294)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xb65f6520 in  () at /usr/lib/libopenal.so.1

Thread 15 (Thread 0xa8354110 (LWP 7293)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xb65f6520 in  () at /usr/lib/libopenal.so.1

Thread 14 (Thread 0xa2c1d110 (LWP 7292)):
#0  0xb39300fc in syscall () at /usr/lib/libc.so.6
#1  0xa875bf50 in  () at /usr/lib/libjack.so.0
#2  0xa8742c34 in  () at /usr/lib/libjack.so.0
#3  0xa87452e4 in  () at /usr/lib/libjack.so.0
#4  0xa8741d2c in  () at /usr/lib/libjack.so.0
#5  0xa87414fc in  () at /usr/lib/libjack.so.0
#6  0xa8759fcc in  () at /usr/lib/libjack.so.0
#7  0xb4cd94e4 in start_thread () at /usr/lib/libpthread.so.0
#8  0xb3933af8 in  () at /usr/lib/libc.so.6

Thread 13 (Thread 0xa868c110 (LWP 7291)):
#0  0xb4ce424c in read () at /usr/lib/libpthread.so.0
#1  0xa875b300 in  () at /usr/lib/libjack.so.0
#2  0xa875e8c0 in  () at /usr/lib/libjack.so.0
#3  0xa8759fcc in  () at /usr/lib/libjack.so.0
#4  0xb4cd94e4 in start_thread () at /usr/lib/libpthread.so.0
#5  0xb3933af8 in  () at /usr/lib/libc.so.6

Thread 12 (Thread 0xa870d110 (LWP 7290)):
#0  0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () at /usr/lib/libpthread.so.0
#1  0xa875a9d8 in  () at /usr/lib/libjack.so.0
#2  0xa8752558 in  () at /usr/lib/libjack.so.0
#3  0xa8759fcc in  () at /usr/lib/libjack.so.0
#4  0xb4cd94e4 in start_thread () at /usr/lib/libpthread.so.0
#5  0xb3933af8 in  () at /usr/lib/libc.so.6

Thread 11 (Thread 0xa8f7c110 (LWP 7286)):
#0  0xb4ce0548 in pthread_cond_timedwait@@GLIBC_2.4 () at /usr/lib/libpthread.so.0
#1  0xb6c37b30 in OpenThreads::Condition::wait(OpenThreads::Mutex*, unsigned long) () at /mnt/usr/local/lib/libOpenThreads.so.21
#2  0x009fea0c in MWSound::OpenAL_Output::StreamThread::run() ()
#3  0xb6c37370 in OpenThreads::ThreadPrivateActions::StartThread(void*) () at /mnt/usr/local/lib/libOpenThreads.so.21
#4  0xb4cd94e4 in start_thread () at /usr/lib/libpthread.so.0
#5  0xb3933af8 in  () at /usr/lib/libc.so.6

Thread 10 (Thread 0xa97fe110 (LWP 7285)):
#0  0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () at /usr/lib/libpthread.so.0
#1  0xb6c37a64 in OpenThreads::Condition::wait(OpenThreads::Mutex*) () at /mnt/usr/local/lib/libOpenThreads.so.21
#2  0x00c90d74 in SceneUtil::WorkQueue::removeWorkItem() ()
#3  0x00c90fcc in SceneUtil::WorkThread::run() ()
#4  0xb6c37370 in OpenThreads::ThreadPrivateActions::StartThread(void*) () at /mnt/usr/local/lib/libOpenThreads.so.21
#5  0xb4cd94e4 in start_thread () at /usr/lib/libpthread.so.0
#6  0xb3933af8 in  () at /usr/lib/libc.so.6

Thread 9 (Thread 0xa9fff110 (LWP 7284)):
#0  0xb4ce532c in waitpid () at /usr/lib/libpthread.so.0
#1  0x00de9118 in crash_catcher(int, siginfo_t*, void*) ()
#2  0xb388ae10 in <signal handler called> () at /usr/lib/libc.so.6
#3  0xb38d6ec8 in memcpy () at /usr/lib/libc.so.6
#4  0xb4a6ed40 in copy_gl_array_texcoord (src=<optimized out>, from=<optimized out>, width=2, stride=24, to=to@entry=5126, to_width=to_width@entry=4, skip=skip@entry=0, count=<optimized out>, count@entry=6, filler=0xa9ffe5d0, filler@entry=0xa9ffe5c8, dest=0x9ad5a0c0) at /openmw/gl4es/src/gl/array.c:93
        i = 3
        out = 0x9ad5a0f0
        unknown_str = 0xb4b16bf0 "LIBGL: copy_gl_array -> unknown type: %x\n"
        dst = 0x6
        from_size = 4
        to_elem = -1264128704
        in = 2730086400
#5  0xb4a763a0 in copy_gl_pointer_tex_noalloc (dest=<optimized out>, ptr=ptr@entry=0x1ef7e7c, width=width@entry=4, skip=skip@entry=0, count=count@entry=6) at /openmw/gl4es/src/gl/array.c:272
        filler = 1
#6  0xb4adf424 in tex_setup_texcoord (len=6, len@entry=3030930072, changes=<optimized out>, itarget=itarget@entry=1, ptr=ptr@entry=0x1ef7e7c) at /openmw/gl4es/src/gl/texture.c:132
        gles_glTexCoordPointer = 0xae987a61 <glTexCoordPointer>
        tex = {0x9ad5a0c0, 0x9e17e4a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
        texlen = {2496, 289, 0, 0, 0, 0, 0, 0}
#7  0xb4a85298 in glDrawElementsCommon (mode=0, mode@entry=4, first=-1263276636, first@entry=0, count=<optimized out>, count@entry=6, len=3030930072, len@entry=6, sindices=sindices@entry=0x0, iindices=iindices@entry=0x0, instancecount=instancecount@entry=1) at /openmw/gl4es/src/gl/drawing.c:336
        changes = <optimized out>
        aa = 0
        old_tex = 0
        buffered = <optimized out>
        p = 0x1ef7e7c
        gles_glDrawElements = 0xae9843c9 <glDrawElements>
        gles_glDrawArrays = 0xae984379 <glDrawArrays>
        gles_glNormalPointer = 0xae987375 <glNormalPointer>
        gles_glVertexPointer = 0xae987f71 <glVertexPointer>
        gles_glColorPointer = 0xae985f09 <glColorPointer>
        gles_glTexCoordPointer = 0xae987a61 <glTexCoordPointer>
        gles_glEnable = 0xae9844b1 <glEnable>
        gles_glDisable = 0xae9842e5 <glDisable>
        gles_glEnableClientState = 0xae986251 <glEnableClientState>
        gles_glDisableClientState = 0xae986061 <glDisableClientState>
        gles_glMultiTexCoord4f = 0xae9871c9 <glMultiTexCoord4f>
        mode_init = 4
#8  0xb4a86a9c in gl4es_glDrawArrays (mode=<optimized out>, first=0, count=6) at /openmw/gl4es/src/gl/drawing.c:687
        intercept = <optimized out>
#9  0x00dafa00 in osgMyGUI::Drawable::drawImplementation(osg::RenderInfo&) const ()
#10 0xb6d61ba8 in osg::Drawable::draw(osg::RenderInfo&) const () at /mnt/usr/local/lib/libosg.so.158
#11 0xb6b52524 in osgUtil::RenderLeaf::render(osg::RenderInfo&, osgUtil::RenderLeaf*) () at /mnt/usr/local/lib/libosgUtil.so.158
#12 0xb6b4c928 in osgUtil::RenderBin::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) () at /mnt/usr/local/lib/libosgUtil.so.158
#13 0xb6b58b3c in osgUtil::RenderStage::drawImplementation(osg::RenderInfo&, osgUtil::RenderLeaf*&) () at /mnt/usr/local/lib/libosgUtil.so.158
#14 0xb6b4db90 in osgUtil::RenderBin::draw(osg::RenderInfo&, osgUtil::RenderLeaf*&) () at /mnt/usr/local/lib/libosgUtil.so.158
#15 0xb6b57dc8 in osgUtil::RenderStage::drawInner(osg::RenderInfo&, osgUtil::RenderLeaf*&, bool&) () at /mnt/usr/local/lib/libosgUtil.so.158
#16 0xb6b59c3c in osgUtil::RenderStage::draw(osg::RenderInfo&, osgUtil::RenderLeaf*&) () at /mnt/usr/local/lib/libosgUtil.so.158
#17 0xb6b59ab0 in osgUtil::RenderStage::draw(osg::RenderInfo&, osgUtil::RenderLeaf*&) () at /mnt/usr/local/lib/libosgUtil.so.158
#18 0xb6b6138c in osgUtil::SceneView::draw() () at /mnt/usr/local/lib/libosgUtil.so.158
#19 0xb688bed0 in osgViewer::Renderer::draw() () at /mnt/usr/local/lib/libosgViewer.so.158
#20 0xb6d8fc44 in osg::GraphicsContext::runOperations() () at /mnt/usr/local/lib/libosg.so.158
#21 0xb6dec26c in osg::OperationThread::run() () at /mnt/usr/local/lib/libosg.so.158
#22 0xb6d91fe8 in non-virtual thunk to osg::GraphicsThread::run() () at /mnt/usr/local/lib/libosg.so.158

Thread 8 (Thread 0xab5e8110 (LWP 7283)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xae6fdf48 in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 7 (Thread 0xabde9110 (LWP 7282)):
#0  0xb3929688 in poll () at /usr/lib/libc.so.6
#1  0xae9fdf56 in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 6 (Thread 0xac5ea110 (LWP 7281)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xae9fddae in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 5 (Thread 0xacdeb110 (LWP 7280)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xae9fddae in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 4 (Thread 0xad5ec110 (LWP 7279)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xae9fddae in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 3 (Thread 0xadded110 (LWP 7278)):
#0  0xb4ce30bc in do_futex_wait.constprop () at /usr/lib/libpthread.so.0
#1  0xb4ce3228 in __new_sem_wait_slow.constprop.1 () at /usr/lib/libpthread.so.0
#2  0xae9fddae in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 2 (Thread 0xae5ee110 (LWP 7277)):
#0  0xb38fc65c in nanosleep () at /usr/lib/libc.so.6
#1  0xb392d648 in usleep () at /usr/lib/libc.so.6
#2  0xae7d1dca in  () at /home/ixn/mali/fbdev/libGLESv1_CM.so

Thread 1 (Thread 0xaf6d5010 (LWP 7274)):
#0  0xb4ce0138 in pthread_cond_wait@@GLIBC_2.4 () at /usr/lib/libpthread.so.0
#1  0xb6c37a64 in OpenThreads::Condition::wait(OpenThreads::Mutex*) () at /mnt/usr/local/lib/libOpenThreads.so.21
#2  0xb68c16b0 in osgViewer::ViewerBase::renderingTraversals() () at /mnt/usr/local/lib/libosgViewer.so.158
#3  0x00c23cc8 in OMW::Engine::go() ()
#4  0x00c10970 in runApplication(int, char**) ()
#5  0x00d5d300 in wrapApplication(int (*)(int, char**), int, char**, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ()
#6  0x007702b8 in main ()
[Inferior 1 (process 7274) detached]

In doing some investigation with gdb (this is a different OpenMW instance to the crash log above):

(gdb) list
88          GLsizei from_size = gl_sizeof(from) * width;
89          GLsizei to_elem = gl_sizeof(to);
90          uintptr_t in = (uintptr_t)src;
91          in += stride*skip;
92          if (from == to && to_width >= width) {
93              GL_TYPE_SWITCH(out, dst, to,
94                  for (int i = skip; i < count; i++) {
95                      memcpy(out, (GLvoid *)in, from_size); // <== Segfault was while in memcpy
96                      for (int j = width; j < to_width; j++) {
97                          if(j==to_width-1)
(gdb) p *out
$1 = 1
(gdb) p *in
Cannot access memory at address 0x9ebd7cc8

Going up to copy_gl_pointer_tex_noalloc, and looking at ptr, from which p came from:

(gdb) p *ptr
$5 = {size = 2, type = 5126, stride = 24, pointer = 0x9ebd7cc8, enabled = 1 '\001'}

After going up to glDrawElementsCommon:

(gdb) p glstate->vao->pointers[ATT_MULTITEXCOORD0+aa]
$9 = {size = 2, type = 5126, stride = 24, pointer = 0x9ebd7cc8, enabled = 1 '\001'}
(gdb) p aa
$10 = 0

Looking at glstate->vao->pointers, all of the objects in that array with a pointer that dereferences to something have the enabled flag set to 0, and none of those with enabled 0 with a non-NULL pointer have memory that can't be accessed.

How should I proceed in debugging?

I know C, but am not very experienced in gdb.

I'm going to try compiling more of OpenMW and OSG with debugging symbols, to see if I can find out more about the issue...

[icecream95]

Turns out it's related to a "fix" I made, disabling VBO's.

I've re-enabled them, so time to see how long it is before the next crash...

[icecream95]

Well, with VBOs enabled, I'm getting this crash:

Thread 9 (Thread 0xaa4ff130 (LWP 19931)):
#0  0xb4da032c in waitpid () from /usr/lib/libpthread.so.0
No symbol table info available.
#1  0x00ceb7b0 in crash_catcher(int, siginfo_t*, void*) ()
No symbol table info available.
#2  <signal handler called>
No symbol table info available.
#3  0xb6db8554 in osg::GLBufferObject::compileBuffer() () from /usr/local/lib/libosg.so.158
No symbol table info available.
#4  0x3f613660 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Time to recompile BufferObject.cpp from OSG with debugging symbols...

[icecream95]

It seems to segfault (with VBOs enabled) at this line in OpenSceneGraph/src/osg/BufferObject.cpp:

    const osg::Image* image = entry.dataSource->asImage();

That's all I can say at the moment as konsole crashed before I could do any more investigation.

[ptitSeb]

So the first crash is a false alarm? Now, a crash in osg::Image... do you know the version of OSG you are using (that const osg::Image* image = entry.dataSource->asImage(); is from the function osg::GLBufferObject::compileBuffer()?

[ptitSeb]

I checked here: https://github.com/openscenegraph/OpenSceneGraph/blob/master/src/osg/BufferObject.cpp The function is basically just doing a few glBufferData / glBufferSubData, wich in gl4es simply translate to a few memcpy (with some sanity checks). This doesn't seems harmfull. you probably need to add debug info to BufferEntry sources to have more crash details.

Also, if you want details on what gl4es is doing, you can uncomment this line https://github.com/ptitSeb/gl4es/blob/master/src/gl/buffers.c#L11 (that may turn out to be too chaty, I don't know)

[icecream95]

Konsole just crashed again - I really need to start using screen or tmux.

It looks like disabling VBO was only for the GUI (the hud, menus), which explains why the performance didn't absolutely tank - it seems about the same.

So the first crash is a false alarm?

Maybe, it looks like I don't get the second crash with GUI VBO disabled, so I'd be happy with just a workaround for the first crash.

I'm using OSG 3.6.3, commit d011ca4e, which is from September last year, so maybe I should try master.

Annoyingly, the second crash is quite rare, so I need to play a lot before it crashes, and it doesn't seem to be very reproducible, so I'd better get my finger ready on the bound longsword hotkey...

I think [the second crash] could be a race between OSG and the OpenMW GUI - openmw-android has some patches for thread races, which I previously dismissed as just for keeping Android happy, but maybe they actually have a function.

[ptitSeb]

I think in the first crash there is some memory overwriting. Local Stack variable and parameters seems to have strange value, if I can trust the callstack difference bewteen @entry and current values of them.

A race condition can happens yes. GL4ES is not thread safe for now. I should work on that, but I'm a bit afraid of the slowdown this will bring.

[icecream95]

Okay, so now I've got the second crash caught in gdb, and konsole is still running.

Thread 9 "openmw" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaa3ff130 (LWP 24568)]
osg::GLBufferObject::compileBuffer (this=0x9b4e5cf0) at /openmw/OpenSceneGraph/src/osg/BufferObject.cpp:134
(gdb) list
129
130         unsigned int bufferAlignment = 4;
131
132         unsigned int newTotalSize = 0;
133         unsigned int i=0;
134         for(; i<_bufferObject->getNumBufferData(); ++i)
135         {
136             BufferData* bd = _bufferObject->getBufferData(i);
137             if (i<_bufferEntries.size())
138             {
(gdb) p _bufferObject
$1 = (osg::BufferObject *) 0x0
(gdb) p *this
$2 = {<osg::GraphicsObject> = {<No data fields>}, _contextID = 0, _glObjectID = 4540, _profile = {_target = 0, _usage = 0, _size = 0}, _allocatedSize = 3072, _dirty = false,
  _bufferEntries = std::vector of length 1, capacity 1 = {{numRead = 0, modifiedCount = 16777215, dataSize = 3072, offset = 0, dataSource = 0x788bd60}}, _bufferObject = 0x0,
  _set = 0xa0d17168, _previous = 0x9a1cc8b0, _next = 0x0, _frameLastUsed = 8960, _extensions = 0xaa5006a8}
(gdb) bt 5
#0  osg::GLBufferObject::compileBuffer (this=0x9b4e5cf0) at /openmw/OpenSceneGraph/src/osg/BufferObject.cpp:134
#1  0xb6df4b4c in osg::DrawElementsUShort::draw(osg::State&, bool) const () from /usr/local/lib/libosg.so.158
#2  0xb6df4b4c in osg::DrawElementsUShort::draw(osg::State&, bool) const () from /usr/local/lib/libosg.so.158
#3  0xb6df4b4c in osg::DrawElementsUShort::draw(osg::State&, bool) const () from /usr/local/lib/libosg.so.158
#4  0xb6df4b4c in osg::DrawElementsUShort::draw(osg::State&, bool) const () from /usr/local/lib/libosg.so.158
(More stack frames follow...)

Not much more to see here without symbols for DrawElementsUShort::draw.

Here is DrawElementsUShort, from PrimitiveSet.cpp:

 250   │ void DrawElementsUShort::draw(State& state, bool useVertexBufferObjects) const
 251   │ {
 252   │     GLenum mode = _mode;
 253   │     #if defined(OSG_GLES1_AVAILABLE) || defined(OSG_GLES2_AVAILABLE) || defined(OSG_GLES3_AVAILABLE)
 254   │         if (mode==GL_POLYGON) mode = GL_TRIANGLE_FAN;
 255   │         if (mode==GL_QUAD_STRIP) mode = GL_TRIANGLE_STRIP;
 256   │     #endif
 257   │
 258   │     if (useVertexBufferObjects)
 259   │     {
 260   │         GLBufferObject* ebo = getOrCreateGLBufferObject(state.getContextID());
 261   │
 262   │         if (ebo)
 263   │         {
 264   │             state.getCurrentVertexArrayState()->bindElementBufferObject(ebo);
 265   │             if (_numInstances>=1) state.glDrawElementsInstanced(mode, size(), GL_UNSIGNED_SHORT, (const GLvoid *)(ebo->getOffset(getBufferIndex())), _numInstances);
 266   │             else glDrawElements(mode, size(), GL_UNSIGNED_SHORT, (const GLvoid *)(ebo->getOffset(getBufferIndex())));
 267   │         }
 268   │         else
 269   │         {
 270   │             state.getCurrentVertexArrayState()->unbindElementBufferObject();
 271   │             if (_numInstances>=1) state.glDrawElementsInstanced(mode, size(), GL_UNSIGNED_SHORT, &front(), _numInstances);
 272   │             else glDrawElements(mode, size(), GL_UNSIGNED_SHORT, &front());
 273   │         }
 274   │     }
 275   │     else
 276   │     {
 277   │         if (_numInstances>=1) state.glDrawElementsInstanced(mode, size(), GL_UNSIGNED_SHORT, &front(), _numInstances);
 278   │         else glDrawElements(mode, size(), GL_UNSIGNED_SHORT, &front());
 279   │     }
 280   │ }

Any ideas?

[ptitSeb]

with a NULL _bufferObject, not much can be done...

I guess you can simply change line 134 from for(; i<_bufferObject->getNumBufferData(); ++i) to for(; _bufferObject && i<_bufferObject->getNumBufferData(); ++i) to workaround the issue, but it would be better to track why there this NULL buffer that is used. But tracking it may proved tricky, as you probably needs to put a (conditionnal) breakpoint in the the assign method of BufferObject and check the callstack to track that issue.

[terabyte25]

@icecream95 for my builds of openmw for Android, I use latest OSG + openmw optimized patches (which you can find here.). It might fix it, but don't count on it.

[icecream95]

By the way @terabyte25, what sort of crash was this MR meant to fix? It's only caused extra problems for me...

[icecream95]

I just compiled OSG 78f6b293 (from the branch terabyte linked to) and OpenMW master, and I've now figured out the point of the "Fix red sky after shadows" patch of openmw-android. :)

It does look cool, I must admit...

[icecream95]

Someone should tell the OpenMW UI designers that that font doesn't go will with the flat UI.

(or maybe I just rsync'd the OpenMW build in the wrong direction and stopped it a little too late...)

[ptitSeb]

Bah, Cursive-like font for an Elder Scroll game makes sense :p

[icecream95]

Whoops, and now I ran out of space due to doing a RelWithDebInfo build.

Obviously, once it's built it won't crash anymore, or otherwise why would Sotha Sil be trying so hard to stop me?

[icecream95]

It looks like the newer OSG and/or the OpenMW specific OSG patches have fixed the problem.

I might get round to bisecting it someday... probably... maybe...

As an added bonus, I seem to be getting better performance, as well as a lot less stuttering (shader compiling?) with the GLES 2 backend, so I'm now enjoying some terrain reflections on my water.

[ptitSeb]

Nice! Thanks for the follow-up on this :)