1.15 Android mystery crash thread

[hrydgard]

I've started the slow rollout, and we got our first crash already:

  #00  pc 0x0000000000cc9c98  !libppsspp_jni.so (UI::ScrollView::Touch(TouchInput const&)+156)
  #01  pc 0x0000000000cc3f00  !libppsspp_jni.so (UI::ViewGroup::Touch(TouchInput const&)+100)
  #02  pc 0x0000000000cc3f00  !libppsspp_jni.so (UI::ViewGroup::Touch(TouchInput const&)+100)
  #03  pc 0x0000000000cb4f4c  !libppsspp_jni.so (UI::TouchEvent(TouchInput const&, UI::ViewGroup*)+44)
  #04  pc 0x0000000000cb766c  !libppsspp_jni.so (ScreenManager::touch(TouchInput const&)+120)
  #05  pc 0x00000000007ab498  !libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeApp_touch+60)

addr2line: ppsspp/Common/UI/ScrollView.cpp:206

EDIT: A bit later, this is by far the most prominent new crash. Fix implemented!

Link to browse files as 1.15, so line numbers match: https://github.com/hrydgard/ppsspp/tree/4a9227504219bbc64e444ba7f0e306746e5a806d

[unknownbrackets]

Is that a null deref or could it be a divide by zero or something? I guess that wouldn't crash.

-[Unknown]

[hrydgard]

Not sure, seems the only way that function can crash if is this == nullptr.. weird. fixed now

Here's more, first an assert, that now reports the game:

(VulkanRenderManager.cpp:BeginFrame:546): [false] (ULES01410 UFC® Undisputed™ 2010) Device lost in vkWaitForFences

Android 12 (SDK 31) - samsung a12s (Galaxy A12)

Also got another identical one on another device.
Similar

(VulkanFrameData.cpp:SubmitPending:209): [false] (ULUS10537 Dragon Ball Z: Tenkaichi Tag Team) Lost the Vulkan device in vkQueueSubmit! If this happens again, switch Graphics Backend away from Vulkan

motorola sofiar (moto g(8) power)
Android 11 (SDK 30)

There's very few reports so far so these are really not statistically significant in any way.

[hrydgard]

There's a hang (ANR), where we can see multiple callstacks:

  #00  pc 0x00000000005cf50a  !libppsspp_jni.so (TextDrawerAndroid::OncePerFrame()+374)
  #01  pc 0x00000000005e8a4d  !libppsspp_jni.so (NativeRender(GraphicsContext*)+532)
  #02  pc 0x00000000005e1bc3  !libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+26)
  #03  pc 0x00000000005e349d  !libppsspp_jni.so
  #04  pc 0x0000000000342b15  !libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+24)

  #02  pc 0x00000000000aa353  /apex/com.android.runtime/lib/bionic/libc.so (pthread_cond_wait+32)
  #03  pc 0x0000000000c77585  libppsspp_jni.so (std::__ndk1::condition_variable::wait(std::__ndk1::unique_lock<std::__ndk1::mutex>&)+12)
  #04  pc 0x00000000005a25e1  libppsspp_jni.so (GLRenderManager::ThreadFrame()+96)
  #05  pc 0x00000000005e1ca1  libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeRenderer_displayRender+64)

  at java.lang.Object.wait (Native method)
  at java.lang.Object.wait (Object.java:442)
  at java.lang.Object.wait (Object.java:568)
  at android.opengl.GLSurfaceView$GLThread.onPause (GLSurfaceView.java:1743)
  at android.opengl.GLSurfaceView.onPause (GLSurfaceView.java:582)
  at org.ppsspp.ppsspp.NativeGLView.onPause (NativeGLView.java:118)

Though given that one is on onPause, dunno how serious is it. Quite common to see ANRs related to onPause..

[hrydgard]

A potentially interesting one, though, could just be a OOM (actually, if so, should have asserted in PushPool):

  #00  pc 0x000000000007f308  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+248) 
  #01  pc 0x0000000000cb0140  libppsspp_jni.so (Draw::VKContext::DrawUP(void const*, int)+200)
  #02  pc 0x00000000007a2930  libppsspp_jni.so (DrawBuffer::Flush(bool)+132)
  #03  pc 0x00000000007987a8  libppsspp_jni.so (UIContext::Flush()+28)
  #04  pc 0x00000000007d5cc0  libppsspp_jni.so (UIScreenWithBackground::DrawBackground(UIContext&)+76)
  #05  pc 0x00000000007d0db8  libppsspp_jni.so (MainScreen::DrawBackground(UIContext&)+28)
  #06  pc 0x0000000000cb8da4  libppsspp_jni.so (UIScreen::render()+164)
  #07  pc 0x0000000000cb7b3c  libppsspp_jni.so (ScreenManager::render()+212)
  #08  pc 0x00000000007b3ab4  libppsspp_jni.so (NativeRender(GraphicsContext*)+468)
  #09  pc 0x00000000007ac85c  libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+412)
  #10  pc 0x0000000000009198  /data/app/org.ppsspp.ppsspp-nc2Njbc55yBGrjXXCBCngg==/oat/arm64/base.odex (art_jni_trampoline+152)

memcpy(void*, void const* pass_object_size0, unsigned long)
C:/Android\sdk\ndk\21.4.7075529\toolchains\llvm\prebuilt\windows-x86_64\sysroot\usr\include\bits\fortify/string.h:62

DrawBuffer::Flush(bool)
D:/Temp/BuildTemp/1.15_Android_BUILD/ppsspp/Common/Render/DrawBuffer.cpp:85

This is really weird, the flush is from:

void UIScreenWithBackground::DrawBackground(UIContext &dc) {
	float x, y, z;
	screenManager()->getFocusPosition(x, y, z);
	::DrawBackground(dc, 1.0f, x, y, z);
	dc.Flush();
}

And the only background animation that doesn't already flush is FloatingSymbolsAnimation.

[hrydgard]

One in the jit:

  #00  pc 0x00000000005e7c1c  /!libppsspp_jni.so (Memory::Read_U32(unsigned int)+124)
  #01  pc 0x0000000000437ec8  /!libppsspp_jni.so (JitBlockCache::GetBlockNumberFromStartAddress(unsigned int, bool) const+132)
  #02  pc 0x000000000042ab44  /!libppsspp_jni.so (MIPSComp::Arm64Jit::WriteExit(unsigned int, int)+104)
  #03  pc 0x000000000041e780  /!libppsspp_jni.so (MIPSComp::Arm64Jit::Comp_Jump(Memory::Opcode)+408)
  #04  pc 0x00000000005dfc84  /!libppsspp_jni.so (MIPSCompileOp(Memory::Opcode, MIPSComp::MIPSFrontendInterface*)+324)
  #05  pc 0x000000000042a6ac  /!libppsspp_jni.so (MIPSComp::Arm64Jit::DoJit(unsigned int, JitBlock*)+640)
  #06  pc 0x000000000042a274  /!libppsspp_jni.so (MIPSComp::Arm64Jit::Compile(unsigned int)+264)

I don't see how this could crash unless currentMIPS was stomped on?

[hrydgard]

  #00  pc 0x0000000000624da4  !libppsspp_jni.so (TextureCacheGLES::BindTexture(TexCacheEntry*)+116)
  #01  pc 0x00000000006921e0  !libppsspp_jni.so (TextureCacheCommon::ApplyTexture()+788)
  #02  pc 0x0000000000628074  !libppsspp_jni.so (DrawEngineGLES::DoFlush()+960)
  #03  pc 0x00000000006c3c50  !libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+284)
  #04  pc 0x00000000006bd6c0  !libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
  #05  pc 0x00000000006bcbec  !libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #06  pc 0x00000000006bca70  !libppsspp_jni.so (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1852)
  #07  pc 0x00000000004ef310  !libppsspp_jni.so (void WrapU_UUIU<&sceGeListEnQueue(unsigned int, unsigned int, int, unsigned int)>()+60)
  #08  pc 0x00000000004cb4d0  !libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)

crash in push_back, either oom, or not in a render pass similar to the SetNoBlendAndMask crash we've seen in past mystery threads.

[hrydgard]

  #00  pc 0x0000000000683b14  .apk (SoftwareTransform::ExpandLines(int, int&, unsigned short*&, TransformedVertex const*, TransformedVertex*, int&, bool)+896)
  #01  pc 0x0000000000683120  .apk (SoftwareTransform::BuildDrawingParams(int, int, unsigned int, unsigned short*&, int&, SoftwareTransformResult*)+256)
  #02  pc 0x00000000006284fc  .apk (DrawEngineGLES::DoFlush()+2120)
  #03  pc 0x000000000066c088  .apk (void DrawEngineCommon::SubmitCurve<Spline::SplineSurface>(void const*, void const, Spline::SplineSurface&, unsigned int, int*, char const*)+2012)
  #04  pc 0x00000000006c4e58  .apk (GPUCommonHW::Execute_Spline(unsigned int, unsigned int)+924)
  #05  pc 0x00000000006c3bec  .apk (GPUCommonHW::FastRunLoop(DisplayList&)+184)
  #06  pc 0x00000000006bd6c0  .apk (GPUCommon::InterpretList(DisplayList&)+608)
  #07  pc 0x00000000006bcbec  .apk (GPUCommon::ProcessDLQueue()+100)
  #08  pc 0x00000000006bca70  .apk (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1852)
  #09  pc 0x00000000004ef310  .apk (void WrapU_UUIU<&sceGeListEnQueue(unsigned int, unsigned int, int, unsigned int)>()+60)
  #10  pc 0x00000000004cb4d0  .apk (CallSyscallWithoutFlags(HLEFunction const*)+52)
  #11  pc 0x0000000000014484 

GPU/Common/SoftwareTransformCommon.cpp:847

which is indsOut[2] = i * 2 + 2;

Maybe some bad arithmetic? Or just not enough space in the buffer,

I guess Execute_Spline can generate a lot of verts here potentially..

Have we ever seen a game legitimately using splines + lines? Or actually I guess this is the flush before actually drawing the spline, but seems likely that the previous command might also have been a spline.

[hrydgard]

Here's an easy one, will fix:

(app-android.cpp:getEnv:240): [status >= 0] (B26PESLIB eFootball Libertadores 2022 By T. Bendezu.) 'Report': Can only call getEnv if you've attached the thread already!
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 8293 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 0x0000000000062b60  /apex/com.android.runtime/lib/bionic/libc.so (abort+172)
  #01  pc 0x00000000003fefb5  /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1768)
  #02  pc 0x000000000000d97f  /system/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+46)
  #03  pc 0x0000000000005333  /system/lib/liblog.so (__android_log_assert+174)
  #04  pc 0x00000000005d5587  !libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+162)
  #05  pc 0x00000000005de645  !libppsspp_jni.so (getEnv()+72)
  #06  pc 0x0000000000590c17  !libppsspp_jni.so (Android_OpenContentUriFd(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&, Android_OpenContentUriMode)+214)
  #07  pc 0x0000000000595429  !libppsspp_jni.so (File::OpenCFile(Path const&, char const*)+316)
  #08  pc 0x000000000059793b  !libppsspp_jni.so (File::ReadFileToString(bool, Path const&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>&)+30)
  #09  pc 0x0000000000479869  !libppsspp_jni.so (Reporting::AddScreenshotData(MultipartFormDataEncoder&, Path const&)+48)
  #10  pc 0x000000000047a35f  !libppsspp_jni.so (Reporting::Process(int)+1278)
  #11  pc 0x000000000041f1cf  !libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, int (*)(int), int>>(void*)+26)
  #12  pc 0x00000000000aacf3  /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+40)
  #13  pc 0x0000000000064063  /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30)

[hrydgard]

  #00  pc 0x00000000005e952a  /lib/arm/libppsspp_jni.so (NativeKey(KeyInput const&)+157)
  #01  pc 0x00000000005e1e91  /lib/arm/libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeApp_keyDown+36)
  #02  pc 0x0000000000009863  /oat/arm/base.odex

Data race in HLE plugin input data map. Fixing.

[hrydgard]

  #00  pc 0x000000000002f280  /apex/com.android.runtime/lib/bionic/libc.so (je_free+284)
  #01  pc 0x00000000003363bb  !libppsspp_jni.so (CoreTiming::Shutdown()+126)
  #02  pc 0x0000000000486271  !libppsspp_jni.so (CPU_Shutdown()+112)
  #03  pc 0x000000000048690b  !libppsspp_jni.so (PSP_Shutdown()+94)
  #04  pc 0x00000000005ed999  !libppsspp_jni.so (EmuScreen::sendMessage(char const*, char const*)+396)
  #05  pc 0x0000000000b1fa0b  !libppsspp_jni.so (ScreenManager::sendMessage(char const*, char const*)+130)
  #06  pc 0x00000000005e92bb  !libppsspp_jni.so (NativeUpdate()+98)

CoreTiming, crash during deleting events on exit. Hard to say, memory corruption?

[hrydgard]

 #00  pc 0x000000000001e6d8  /system/lib64/libc.so (abort+120)
  #01  pc 0x000000000000843c  /system/lib64/liblog.so (__android_log_assert+296)
  #02  pc 0x000000000079a978  ibppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+324)
  #03  pc 0x00000000007b2d6c  ibppsspp_jni.so (NativeInitGraphics(GraphicsContext*)+108)
  #04  pc 0x00000000007ac7e0  ibppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+288)
  #05  pc 0x00000000000091b8  /data/app/org.ppsspp.ppsspp-ucdy5rzpavkZyMl6tKgDrg==/oat/arm64/base.odex

[hrydgard]

  #00  pc 0x000000000004a238  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+232)
  #01  pc 0x00000000006a68e8  !libppsspp_jni.so (TextureReplacer::NotifyTextureDecoded(ReplacedTexture*, ReplacedTextureDecodeInfo const&, void const*, int, int, int, int, int, int)+1344)
  #02  pc 0x000000000063d46c  !libppsspp_jni.so (TextureCacheVulkan::BuildTexture(TexCacheEntry*)+3108)
  #03  pc 0x0000000000692098  !libppsspp_jni.so (TextureCacheCommon::ApplyTexture()+460)
  #04  pc 0x000000000062dcdc  !libppsspp_jni.so (DrawEngineVulkan::DoFlush()+1672)
  #05  pc 0x00000000006c3c50  !libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+284)
  #06  pc 0x00000000006bd6c0  !libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
  #07  pc 0x00000000006bcbec  !libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #08  pc 0x00000000006bd0a0  !libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
  #09  pc 0x00000000004ef400  !libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>()+4096)
  #10  pc 0x00000000004cb4d0  !libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)
  #11  pc 0x0000000000049090 

#00  pc 0x0000000000088c5c  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+300)
  #01  pc 0x00000000006a68e8  !libppsspp_jni.so (TextureReplacer::NotifyTextureDecoded(ReplacedTexture*, ReplacedTextureDecodeInfo const&, void const*, int, int, int, int, int, int)+1344)
  #02  pc 0x000000000063d46c  !libppsspp_jni.so (TextureCacheVulkan::BuildTexture(TexCacheEntry*)+3108)
  #03  pc 0x0000000000692098  !libppsspp_jni.so (TextureCacheCommon::ApplyTexture()+460)
  #04  pc 0x000000000062dcdc  !libppsspp_jni.so (DrawEngineVulkan::DoFlush()+1672)
  #05  pc 0x00000000006bd728  !libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+712)
  #06  pc 0x00000000006bcbec  !libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #07  pc 0x00000000006bd0a0  !libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
  #08  pc 0x00000000004ef400  !libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>())
  #09  pc 0x00000000004cb4d0  !libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)
  #10  pc 0x0000000000003ad0 

These are the memcpy loop at in TextureReplacer::NotifyTextureDecoded, at GPU/Common/TextureReplacer.cpp:718.

Don't know how that can crash...

[hrydgard]

backtrace:
  #00  pc 0x00000000003ce084 .apk (PSPAlarm* KernelObjectPool::Get<PSPAlarm>(int, unsigned int&)+44)
  #01  pc 0x00000000003cdaf9 .apk!libppsspp_jni.so (__KernelTriggerAlarm(unsigned long long, int)+4096)
  #02  pc 0x0000000000336e89 .apk (CoreTiming::Advance()+136)
  #03  pc 0x00000000000000a2 

I don't see how this can crash..

[hrydgard]

  #00  pc 0x00000000005a3af2  split_config.armeabi_v7a.apk!libppsspp_jni.so (GLPushBuffer::Flush()+22)
  #01  pc 0x00000000005a275d  split_config.armeabi_v7a.apk!libppsspp_jni.so (GLRenderManager::Run(GLRRenderThreadTask&)+140)
  #02  pc 0x00000000005a2641  split_config.armeabi_v7a.apk!libppsspp_jni.so (GLRenderManager::ThreadFrame()+192)
  #03  pc 0x00000000005e1ca1  split_config.armeabi_v7a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeRenderer_displayRender+64)
  #04  pc 0x0000000000009053  oat/arm/base.odex (art_jni_trampoline+74)
  #05  pc 0x0000000002001f5b  /memfd:jit-cache (org.ppsspp.ppsspp.NativeRenderer.onDrawFrame+42)
  #06  pc 0x0000000000565f4d  /system/framework/arm/boot-framework.oat (android.opengl.GLSurfaceView$GLThread.guardedRun+5516)

[hrydgard]

Found the first one that seems related to the new parallel shader compiles..

Thread
FORTIFY: pthread_mutex_lock called on a destroyed mutex (0x<sanitized>)

backtrace:
  #00  pc 0x000000000008a04c  /apex/com.android.runtime/lib64/bionic/libc.so (abort+180)
  #01  pc 0x00000000000ee3c4  /apex/com.android.runtime/lib64/bionic/libc.so (__fortify_fatal(char const*, ...)+124)
  #02  pc 0x00000000000ed944  /apex/com.android.runtime/lib64/bionic/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+52)
  #03  pc 0x00000000000ed79c  /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+172)
  #04  pc 0x0000000000eb8e38  !libppsspp_jni.so (std::__ndk1::mutex::lock()+8)
  #05  pc 0x00000000006345d0  !libppsspp_jni.so (Promise<VkShaderModule_T*>::BlockUntilReady()+48)
  #06  pc 0x00000000007714b4  !libppsspp_jni.so (VKRGraphicsPipeline::Create(VulkanContext*, VkRenderPass_T*, RenderPassType, VkSampleCountFlagBits, double, int)+180)
  #07  pc 0x00000000007771fc  !libppsspp_jni.so (CreateMultiPipelinesTask::Run()+52)
  #08  pc 0x0000000000795f64  !libppsspp_jni.so (WorkerThreadFunc(GlobalThreadContext*, TaskThreadContext*)+4096)
  #09  pc 0x0000000000797a74  !libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)(GlobalThreadContext*, TaskThreadContext*), GlobalThreadContext*, TaskThreadContext*>>(void*)+48)
  #10  pc 0x00000000000ecc10  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64)
  #11  pc 0x000000000008c360  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)

[hrydgard]

#00  pc 0x00000000004374f8  libppsspp_jni.so (JitBlockCache::ProxyBlock(unsigned int, unsigned int, unsigned int, unsigned char const*)+212)
#01  pc 0x000000000042b2b4  libppsspp_jni.so (MIPSComp::Arm64Jit::ReplaceJalTo(unsigned int)+584)
#02  pc 0x000000000041e6fc  libppsspp_jni.so (MIPSComp::Arm64Jit::Comp_Jump(Memory::Opcode)+276)
#03  pc 0x00000000005dfc84  libppsspp_jni.so (MIPSCompileOp(Memory::Opcode, MIPSComp::MIPSFrontendInterface*)+324)
#04  pc 0x000000000042a6ac  libppsspp_jni.so (MIPSComp::Arm64Jit::DoJit(unsigned int, JitBlock*)+640)
#05  pc 0x000000000042a274  libppsspp_jni.so (MIPSComp::Arm64Jit::Compile(unsigned int)+264)
#06  pc 0x00000000000001a0 

I think this one is because IsFull doesn't leave space for another block, and we don't check it again before we call ProxyBlock.

[hrydgard]

#00  pc 0x0000000000b2aa22  libppsspp_jni.so (UI::LinearLayout::Measure(UIContext const&, UI::MeasureSpec, UI::MeasureSpec)+122)
#01  pc 0x0000000000b2de7b  libppsspp_jni.so (UI::ScrollView::Measure(UIContext const&, UI::MeasureSpec, UI::MeasureSpec)+342)
#02  pc 0x0000000000b2abbd  libppsspp_jni.so (UI::LinearLayout::Measure(UIContext const&, UI::MeasureSpec, UI::MeasureSpec)+532)
#03  pc 0x0000000000b1d11f  libppsspp_jni.so (UI::LayoutViewHierarchy(UIContext const&, UI::ViewGroup*, bool)+106)
#04  pc 0x0000000000b205d9  libppsspp_jni.so (UIScreen::render()+56)
#05  pc 0x0000000000b1f723  libppsspp_jni.so (ScreenManager::render()+126)
#06  pc 0x00000000005e8a3b  libppsspp_jni.so (NativeRender(GraphicsContext*)+514)
#07  pc 0x00000000005e1bc3  libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+26)
#08  pc 0x00000000005e349d  libppsspp_jni.so (EmuThreadFunc()+4096)
#09  pc 0x0000000000342b15  libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+24)
#10  pc 0x00000000000a8147  /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+20)
#11  pc 0x0000000000061467  /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30)

This doesn't make too much sense, this is the line, and we've already checked that it's not empty a few lines above:

	for (View *view : views_) {

I should also mention that many of these have single-digit occurence counts, and fixing them all for 1.15.1 is not really necessary (some are very hard to root cause).

[unknownbrackets]

These are the memcpy loop at in TextureReplacer::NotifyTextureDecoded, at GPU/Common/TextureReplacer.cpp:718.

Don't know how that can crash...

Maybe somehow w/h being crazy values? Or data being nullptr somehow (alloc failure?) since this is the first access to it.

backtrace:
  #00  pc 0x00000000003ce084 .apk (PSPAlarm* KernelObjectPool::Get<PSPAlarm>(int, unsigned int&)+44)
  #01  pc 0x00000000003cdaf9 .apk!libppsspp_jni.so (__KernelTriggerAlarm(unsigned long long, int)+4096)
  #02  pc 0x0000000000336e89 .apk (CoreTiming::Advance()+136)
  #03  pc 0x00000000000000a2 

I don't see how this can crash..

I can only think of a use-after-free, but that shouldn't be possible... so memory corruption?

This doesn't make too much sense, this is the line, and we've already checked that it's not empty a few lines above:

I guess also has to be memory corruption... although it's likely a PPSSPP issue, at least one of these could feasibly be from a device with failing RAM or something.

-[Unknown]

[hrydgard]

====================================================================

Below here, only 1.15.1 crashes.

====================================================================

#00  pc 0x0000000000028a4e  /vendor/lib/libsrv_um.so (PVRSRVDevMemXUnmapVirtualRange+26)
#01  pc 0x000000000003ca49  /vendor/lib/hw/vulkan.sp9863a.so
#02  pc 0x000000000003e67d  /vendor/lib/hw/vulkan.sp9863a.so
#03  pc 0x0000000000b958df  libppsspp_jni.so (vmaDestroyImage+40)
#04  pc 0x00000000005ab56b  libppsspp_jni.so (VulkanDeleteList::PerformDeletes(VulkanContext*, VmaAllocator_T*)+334)
#05  pc 0x00000000005ab3fb  libppsspp_jni.so (VulkanContext::BeginFrame(VkCommandBuffer_T*)+34)
#06  pc 0x00000000005b846b  libppsspp_jni.so (VulkanRenderManager::BeginFrame(bool, bool)+1410)
#07  pc 0x0000000000b1810d  libppsspp_jni.so (Draw::VKContext::BeginFrame()+24)
#08  pc 0x00000000005f13a5  libppsspp_jni.so (EmuScreen::preRender()+36)
#09  pc 0x0000000000b20467  libppsspp_jni.so (ScreenManager::render()+114)
#10  pc 0x00000000005e980b  libppsspp_jni.so (NativeRender(GraphicsContext*)+514)
#11  pc 0x00000000005e3b77  libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+338)
#12  pc 0x00000000000090e5  /data/app/~~CVlYRNAV-pNnvVeGbQQ_JQ==/org.ppsspp.ppsspp-5Q0SG8ycYk5k4E_lpGKiOw==/oat/arm/base.odex (art_jni_trampoline+92)

``` #00 pc 0x0000000000630a10 !libppsspp_jni.so (GPU_Vulkan::~GPU_Vulkan()+56) #1 pc 0x0000000000630b90 !libppsspp_jni.so (GPU_Vulkan::~GPU_Vulkan()+16) #2 pc 0x00000000006bb5c0 !libppsspp_jni.so (GPU_Shutdown()+100) #3 pc 0x0000000000601a48 !libppsspp_jni.so (PSP_Shutdown()+132) #4 pc 0x00000000007bb9a8 !libppsspp_jni.so (EmuScreen::~EmuScreen()+48) #5 pc 0x00000000007bbaa0 !libppsspp_jni.so (EmuScreen::~EmuScreen()+16) #6 pc 0x0000000000cb85b0 !libppsspp_jni.so (ScreenManager::shutdown()+80) #7 pc 0x00000000007b7248 !libppsspp_jni.so (NativeShutdown()+28) #8 pc 0x00000000007ac6b8 !libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeApp_shutdown+600) #9 pc 0x00000000000094c0 /oat/arm64/base.odex (art_jni_trampoline+144) ```

apparently draw_ can be nullptr here in some shutdown scenarios. Oh well, fixing.

[hrydgard]

Many of the crashes above no longer seems to be happening, thanks to the fixes.

There's a new-looking crash in GPU_Vulkan::~GPU_Vulkan() , a few varieties. This is becoming the new top crash. Unfortunately the stack traces aren't loading (only the top frame which is visible in the stack title), it's often like that on Play right after a release. (Finally got it, see above)

Other than that, it's mainly the usual Vulkan lost devices and weird ones left, like GPUCommonHW::FastRunLoop(DisplayList&).

There is still a DrawUP crash which should be fixable if only I understood it..

Overall looking good so far but I only have very few early crashes so far. Should have better data tomorrow.

[hrydgard]

Ah, the new OpenGL assert pays off (replaces a bunch of different crashes in the GL rendermanager):

(DrawEngineGLES.cpp:DoFlush:254): [render_->IsInRenderPass()] (ULUS10025 Burnout Legends) Assert!
(DrawEngineGLES.cpp:DoFlush:254): [render_->IsInRenderPass()] (BENDEZU26 eFootball 2023 By T. Bendezu) Assert!

Although, I haven't been able to trigger it yet in the game...

  #04  pc 0x00000000005d6357  .armeabi_v7a.apk
  #05  pc 0x00000000004a85ed  .armeabi_v7a.apk
  #06  pc 0x00000000005286ef  .armeabi_v7a.apk
  #07  pc 0x00000000005238eb  .armeabi_v7a.apk
  #08  pc 0x00000000005231a9  .armeabi_v7a.apk
  #09  pc 0x0000000000523015  .armeabi_v7a.apk
  #10  pc 0x00000000003b5f7d  .armeabi_v7a.apk
  #11  pc 0x0000000000399f95  .armeabi_v7a.apk

#02  pc 0x00000000005d6357  armeabi_v7a.apk (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+162)
#03  pc 0x00000000004a85ed  armeabi_v7a.apk (DrawEngineGLES::DoFlush()+76)
#04  pc 0x00000000005286ef  armeabi_v7a.apk (GPUCommonHW::FastRunLoop(DisplayList&)+226)
#05  pc 0x00000000005238eb  armeabi_v7a.apk (GPUCommon::InterpretList(DisplayList&)+470)
#06  pc 0x00000000005231a9  armeabi_v7a.apk (GPUCommon::ProcessDLQueue()+196)
#07  pc 0x0000000000523015  armeabi_v7a.apk (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1296)

[hrydgard]

GPU/GPUCommonHW.cpp:801

An oldie but goodie. These have always been happening occasionally and usually we're screwed anyway, but maybe we should introduce a GPU-induced bluescreen, because I think we can either detect these from the memory exceptions fairly easily, or directly through not-too-expensive checks.

#00  pc 0x00000000006c3e78  arm64_v8a.apk!libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+232)
#01  pc 0x00000000006bd91c  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
#02  pc 0x00000000006bce48  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
#03  pc 0x00000000006bd2fc  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
#04  pc 0x00000000004efe94  arm64_v8a.apk!libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>()+4096)
#05  pc 0x00000000004cac6c  arm64_v8a.apk!libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)
#06  pc 0x000000000001ee78 

[hrydgard]

So, somehow the floating symbol animation can cause a crash? Or on this device the vulkan device is so broken that the first draw crashes.. Actually, something might linger? Because the flush below is from MiscScreens.cpp:163, which is the flush at the very start of FloatingSymbolsAnimation... Weird!

device is xiaomi jasmine_sprout (Mi A2) , Android 10 (SDK 29)
also happened in 1.15 on xiaomi lavender (Redmi Note 7) Android 10 (SDK 29)

  #00  pc 0x000000000007f308  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+248)
  #01  pc 0x0000000000cb178c  libppsspp_jni.so (Draw::VKContext::DrawUP(void const*, int)+208)
  #02  pc 0x00000000007a5058  libppsspp_jni.so (DrawBuffer::Flush(bool)+132)
  #03  pc 0x000000000079aed0  libppsspp_jni.so (UIContext::Flush()+28)
  #04  pc 0x00000000007dead0  libppsspp_jni.so (FloatingSymbolsAnimation::Draw(UIContext&, double, float, float, float, float)+64)
  #05  pc 0x00000000007d788c  libppsspp_jni.so (DrawBackground(UIContext&, float, float, float, float)+604)
  #06  pc 0x00000000007d8314  libppsspp_jni.so (UIScreenWithBackground::DrawBackground(UIContext&)+68)
  #07  pc 0x00000000007d3414  libppsspp_jni.so (MainScreen::DrawBackground(UIContext&)+28)
  #08  pc 0x0000000000cba3f0  libppsspp_jni.so (UIScreen::render()+164)
  #09  pc 0x0000000000cb9188  libppsspp_jni.so (ScreenManager::render()+212)
  #10  pc 0x00000000007b61dc  libppsspp_jni.so (NativeRender(GraphicsContext*)+468)
  #11  pc 0x00000000007aef84  libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+412)

Another one (1.15): GPU/Common/DrawEngineCommon.cpp:625

	dec_->DecodeVerts(dest + decodedVerts * (int)dec_->GetDecVtxFmt().stride,

  #01  pc 0x000000000065ecb8  arm64_v8a.apk!libppsspp_jni.so (DrawEngineCommon::DecodeVertsStep(unsigned char*, int&, int&)+320)
  #02  pc 0x000000000065ecb8  arm64_v8a.apk!libppsspp_jni.so (DrawEngineCommon::DecodeVertsStep(unsigned char*, int&, int&)+320)
  #03  pc 0x000000000065eae8  arm64_v8a.apk!libppsspp_jni.so (DrawEngineCommon::DecodeVerts(unsigned char*)+112)
  #04  pc 0x000000000062e644  arm64_v8a.apk!libppsspp_jni.so (DrawEngineVulkan::DoFlush()+4080)
  #05  pc 0x00000000006c3c50  arm64_v8a.apk!libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+284)

#00  pc 0x000000000062dbc0  arm64_v8a.apk!libppsspp_jni.so (DrawEngineVulkan::DoFlush()+2716)
#01  pc 0x00000000006c3eac  arm64_v8a.apk!libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+284)
#02  pc 0x00000000006bd91c  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
#03  pc 0x00000000006bce48  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
#04  pc 0x00000000006bd2fc  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
#05  pc 0x00000000004efe94  arm64_v8a.apk!libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>()+4096)
#06  pc 0x00000000004cac6c  arm64_v8a.apk!libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)

[hrydgard]

Wow, here's a quite special assert. Clearly a modded game, but that's quite an allocation it's trying to do:

(MemoryUtil.cpp:AllocateAlignedMemory:260): [ptr != nullptr] (GOMZ20223 WWE 2K21 PRICELESS ALACRITY V3.0.1) Failed to allocate aligned memory of size 2018789504

#01  pc 0x0000000000005a31  /system/lib/liblog.so (__android_log_assert+176)
#02  pc 0x00000000005d6357  !libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+162)
#03  pc 0x00000000005d7e6f  !libppsspp_jni.so (AllocateAlignedMemory(unsigned int, unsigned int)+46)
#04  pc 0x00000000005a4aff  !libppsspp_jni.so (GLPushBuffer::AddBuffer()+22)
#05  pc 0x00000000005a532b  !libppsspp_jni.so (GLPushBuffer::Defragment()+106)
#06  pc 0x00000000004a80a1  !libppsspp_jni.so (DrawEngineGLES::BeginFrame()+76)
#07  pc 0x000000000049a55f  !libppsspp_jni.so (GPU_GLES::BeginHostFrame()+18)
#08  pc 0x00000000005f1599  !libppsspp_jni.so (EmuScreen::render()+216)
#09  pc 0x0000000000b20473  !libppsspp_jni.so (ScreenManager::render()+126)

I think the GLPushBuffer might need some work..

[hrydgard]

Hm, this doesn't sound good. Race condition?

(Hashmaps.h:Insert:72): [false] (ULUS10277 Castlevania The Dracula X Chronicles) DenseHashMap: Duplicate key of size 8 inserted

(Hashmaps.h:Insert:72): [false] (ULUS10537 Dragon Ball TAG VS) DenseHashMap: Duplicate key of size 8 inserted
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 15604 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 0x000000000004e574  /apex/com.android.runtime/lib64/bionic/libc.so (abort+180)
  #01  pc 0x00000000005677d8  /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+2320)
  #02  pc 0x0000000000013ab0  /system/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+80)
  #03  pc 0x0000000000006ec8  /system/lib64/liblog.so (__android_log_assert+336)
  #04  pc 0x000000000079d0a0  !libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+324)
  #05  pc 0x00000000006206ac  !libppsspp_jni.so (DenseHashMap<FShaderID, Shader*, (Shader*)0>::Insert(FShaderID const&, Shader*)+336)
  #06  pc 0x00000000006202d8  !libppsspp_jni.so (ShaderManagerGLES::ApplyFragmentShader(VShaderID, Shader*, ComputedPipelineState const&, bool)+476)
  #07  pc 0x000000000062800c  !libppsspp_jni.so (DrawEngineGLES::DoFlush()+2252)
  #08  pc 0x00000000006c3eac  !libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+284)
  #09  pc 0x00000000006bd91c  !libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
  #10  pc 0x00000000006bce48  !libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #11  pc 0x00000000006bd2fc  !libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
  #12  pc 0x00000000004efe94  !libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>()+4096)
  #13  pc 0x00000000004cac6c  !libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)
  #14  pc 0x000000000000e4d4 

[hrydgard]

Can GetFileLoader return nullptr?

#00  pc 0x00000000007c3ec0  arm64_v8a.apk!libppsspp_jni.so (GameInfoWorkItem::Run()+84)
#01  pc 0x000000000079868c  arm64_v8a.apk!libppsspp_jni.so (WorkerThreadFunc(GlobalThreadContext*, TaskThreadContext*))
#02  pc 0x000000000079a19c  arm64_v8a.apk!libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)(GlobalThreadContext*, TaskThreadContext*), GlobalThreadContext*, TaskThreadContext*>>(void*)+48)
#03  pc 0x00000000000ef578  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208)

if (!info_->GetFileLoader()->Exists()) {

[hrydgard]

Looking deep within the rarest issues at this point. There's a few variations of this:

#00  pc 0x0000000000473424  armeabi_v7a.apk!libppsspp_jni.so (Memory::Read_U16(unsigned int)+4096)
#01  pc 0x000000000039b941  armeabi_v7a.apk (GetReplacedOpAt(unsigned int, unsigned int*)+8)
#02  pc 0x0000000000472b63  armeabi_v7a.apk (Memory::Read_Instruction(unsigned int, bool)+150)
#03  pc 0x000000000031aea5  armeabi_v7a.apk (MIPSComp::ArmJit::Comp_ReplacementFunc(Memory::Opcode)+548)

[hrydgard]

These ones are pretty rare but have occured for a very long time (definitely not new):

  #00  pc 0x0000000000472d3a  armeabi_v7a.apk!libppsspp_jni.so (Memory::Write_Opcode_JIT(unsigned int, Memory::Opcode const&)+14)
  #01  pc 0x0000000000325987  armeabi_v7a.apk!libppsspp_jni.so (JitBlockCache::FinalizeBlock(int, bool)+78)
  #02  pc 0x000000000031a101  armeabi_v7a.apk!libppsspp_jni.so (MIPSComp::ArmJit::Compile(unsigned int)+140)

Baffling to me because we recently read from the location it's trying to write the op to, so I don't see how it can crash.

[hrydgard]

Alright, time for 1.15.2 crashes. Msot of these are obscure and not likely to be common, and are of course not specifically 1.15.2-regressions.

SettingInfoMessage nullptr check

  #00  pc 0x0000000000609e46  libppsspp_jni.so (SettingInfoMessage::GetText() const+10)
  #01  pc 0x0000000000626037  libppsspp_jni.so (GameSettingsScreen::RecreateViews()+26)
  #02  pc 0x0000000000b20b33  libppsspp_jni.so (ScreenManager::sendMessage(char const*, char const*)+58)
  #03  pc 0x00000000005ea39b  libppsspp_jni.so (NativeUpdate()+98)
  #04  pc 0x00000000005e2c99  libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+16)
  #05  pc 0x00000000005e457d  libppsspp_jni.so (EmuThreadFunc()+4096)
  #06  pc 0x0000000000342e9d  libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+24)

AsyncIOManager locking issue

  #00  pc 0x00000000005b6524  arm64_v8a.apk!libppsspp_jni.so (AsyncIOManager::HasOperation(unsigned int)+76)
  #01  pc 0x0000000000508ba8  arm64_v8a.apk!libppsspp_jni.so (__IoLseek(int, long long, int))
  #02  pc 0x0000000000507d50  arm64_v8a.apk!libppsspp_jni.so (void WrapI_I<&IoAsyncFinish(int)>())
  #03  pc 0x00000000004cbea4  arm64_v8a.apk!libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)

  #00  pc 0x0000000000092d88  /system/lib64/libc.so (NonPI::MutexLockWithTimeout(pthread_mutex_internal_t*, bool, timespec const*)+52)
  #01  pc 0x0000000000eb8bc4  arm64_v8a.apk (std::__ndk1::recursive_mutex::lock()+8)
  #02  pc 0x0000000000469ad8  arm64_v8a.apk (SymbolMap::GetFunctionSize(unsigned int)+36)
  #03  pc 0x000000000042b55c  arm64_v8a.apk (MIPSComp::Arm64Jit::Comp_ReplacementFunc(Memory::Opcode)+56)
  #04  pc 0x00000000005df8b4  arm64_v8a.apk (MIPSCompileOp(Memory::Opcode, MIPSComp::MIPSFrontendInterface*)+324)
  #05  pc 0x00000000005df8b4  arm64_v8a.apk (MIPSCompileOp(Memory::Opcode, MIPSComp::MIPSFrontendInterface*)+324)
  #06  pc 0x00000000005df8b4  arm64_v8a.apk (MIPSCompileOp(Memory::Opcode, MIPSComp::MIPSFrontendInterface*)+324)
  #07  pc 0x00000000005df8b4  arm64_v8a.apk (MIPSCompileOp(Memory::Opcode, MIPSComp::MIPSFrontendInterface*)+324)

  #00  pc 0x000000000004bb88  /apex/com.android.runtime/lib/bionic/libc.so (je_large_dalloc+32)
  #01  pc 0x000000000002f70d  /apex/com.android.runtime/lib/bionic/libc.so (je_free+1312)
  #02  pc 0x000000000034835d  libppsspp_jni.so (MemBlockInfoShutdown()+24)
  #03  pc 0x00000000003cc1cb  libppsspp_jni.so (__KernelShutdown()+426)
  #04  pc 0x0000000000486905  libppsspp_jni.so (CPU_Shutdown()+116)
  #05  pc 0x0000000000486f9b  libppsspp_jni.so (PSP_Shutdown()+94)
  #06  pc 0x00000000005ee9fd  libppsspp_jni.so (EmuScreen::sendMessage(char const*, char const*)+396)
  #07  pc 0x0000000000b20b7b  libppsspp_jni.so (ScreenManager::sendMessage(char const*, char const*)+130)
  #08  pc 0x00000000005ea39b  libppsspp_jni.so (NativeUpdate()+98)
  #09  pc 0x00000000005e2c99  libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+16)
  #10  pc 0x00000000005e457d  libppsspp_jni.so (EmuThreadFunc()+4096)
  #11  pc 0x0000000000342e9d  libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+24)

  #00  pc 0x0000000000cad24c  /arm64_v8a.apk!libppsspp_jni.so (Draw::VKContext::GetNullTexture()+256)
  #01  pc 0x0000000000cb007c  /arm64_v8a.apk!libppsspp_jni.so (Draw::VKContext::BindTextures(int, int, Draw::Texture**, Draw::TextureBindFlags)+248)
  #02  pc 0x000000000079c1fc  /arm64_v8a.apk!libppsspp_jni.so (UIContext::BeginPipeline(Draw::Pipeline*, Draw::SamplerState*)+164)
  #03  pc 0x0000000000cb99c8  /arm64_v8a.apk!libppsspp_jni.so (UIScreen::render()+144)
  #04  pc 0x0000000000cb874c  /arm64_v8a.apk!libppsspp_jni.so (ScreenManager::render()+212)
  #05  pc 0x00000000007b76d4  /arm64_v8a.apk!libppsspp_jni.so (NativeRender(GraphicsContext*)+468)
  #06  pc 0x00000000007b047c  /arm64_v8a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+412)
  #07  pc 0x0000000000009198  /oat/arm64/base.odex (art_jni_trampoline+152)

VirtualDiscFileSystem

``` #00 pc 0x00000000004c5850 arm64_v8a.apk!libppsspp_jni.so (VirtualDiscFileSystem::GetFileInfo(std::__ndk1::basic_string, std::__ndk1::allocator>)+1228) #1 pc 0x00000000007c6fa8 arm64_v8a.apk!libppsspp_jni.so (ReadFileToString(IFileSystem*, char const*, std::__ndk1::basic_string, std::__ndk1::allocator>*, std::__ndk1::mutex*)+4096) #2 pc 0x00000000007c5974 arm64_v8a.apk!libppsspp_jni.so (GameInfoWorkItem::Run()+1304) #3 pc 0x0000000000799b70 arm64_v8a.apk!libppsspp_jni.so (WorkerThreadFunc(GlobalThreadContext*, TaskThreadContext*)+4096) #4 pc 0x000000000079b680 arm64_v8a.apk!libppsspp_jni.so (void* std::__ndk1::__thread_proxy>, void (*)(GlobalThreadContext*, TaskThreadContext*), GlobalThreadContext*, TaskThreadContext*>>(void*)+48) ```

InitSwapchain thingy

``` #00 pc 0x000000000002114c /system/lib64/libvulkan.so (vulkan::driver::GetPhysicalDeviceSurfaceCapabilitiesKHR(VkPhysicalDevice_T*, VkSurfaceKHR_T*, VkSurfaceCapabilitiesKHR*)+48) #1 pc 0x0000000000768468 split_config.arm64_v8a.apk!libppsspp_jni.so (VulkanContext::InitSwapchain()+80) #2 pc 0x00000000007b2358 split_config.arm64_v8a.apk!libppsspp_jni.so (AndroidVulkanContext::InitFromRenderThread(ANativeWindow*, int, int, int, int)+192) #3 pc 0x00000000007b03e8 split_config.arm64_v8a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+264) #4 pc 0x0000000000009198 oat/arm64/base.odex (art_jni_trampoline+152) ```

(VulkanFrameData.cpp:SubmitPending:159): [res == VK_SUCCESS] (PRIM03079 Battlegrounds3) vkEndCommandBuffer failed (main)! result=VK_ERROR_OUT_OF_DEVICE_MEMORY

[unknownbrackets]

This trace looks wrong, not sure how it gets to Read_U16:

#00  pc 0x0000000000473424  armeabi_v7a.apk!libppsspp_jni.so (Memory::Read_U16(unsigned int)+4096)
#01  pc 0x000000000039b941  armeabi_v7a.apk (GetReplacedOpAt(unsigned int, unsigned int*)+8)

Are the other locking ones ANRs? Memory::Write_Opcode_JIT() could be maybe some kind of shutdown race condition, I guess.

The ShaderManagerGLES::ApplyFragmentShader() one - not sure how it could race, hmm. The cache is loaded during start and not in the background (this is GL, after all.) And there wouldn't be two callers to ApplyFragmentShader() at the same time. Memory corruption somehow within CompileFragmentShader()?

-[Unknown]

[hrydgard]

Yeah, it seems confused, really not sure how that could have happened. Maybe the linker partially merged the functions, or something.

Not all of the lock related ones are ANRs, though I'll mark more clearly when I add more.

Yeah the ApplyFragmentShader / DenseHashMap is quite baffling to me as well...

[hrydgard]

Here's an oldie but goodie that I want to figure out at some point, it's not new but is bubbling up towards the top as other stuff is getting fixed:

Thread
(NativeApp.cpp:NativeInitGraphics:802): [g_screenManager] (menu) Assert!
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 12453 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 0x00000000000895ec  /apex/com.android.runtime/lib64/bionic/libc.so (abort+180)
  #01  pc 0x00000000006f9f28  /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+472)
  #02  pc 0x0000000000016ea8  /apex/com.android.art/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+80)
  #03  pc 0x0000000000006e3c  /system/lib64/liblog.so (__android_log_assert+308)
  #04  pc 0x000000000079b500  arm64_v8a.apk!libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+324)
  #05  pc 0x00000000007b3914  arm64_v8a.apk!libppsspp_jni.so (NativeInitGraphics(GraphicsContext*)+108)
  #06  pc 0x00000000007ad37c  arm64_v8a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+288)
  #07  pc 0x0000000000461554  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148)
  #08  pc 0x000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016)
  #09  pc 0x0000000000102cf6  /data/app/~~9pBlzgyohwIuN86G9cGgmw==/org.ppsspp.ppsspp-b79EhI-0C4HAGOugzG3OUA==/base.apk (org.ppsspp.ppsspp.NativeActivity$1.run+62)
  #10  pc 0x0000000000565200  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.lang.Thread.run+80)

[hrydgard]

Probing the depths of single-digit crash instances in 1.15.3...

A Java nullpointerexception we might be able to avoid:

``` Exception java.lang.RuntimeException: at android.app.ActivityThread.performDestroyActivity (ActivityThread.java:5950) at android.app.ActivityThread.handleDestroyActivity (ActivityThread.java:5995) at android.app.servertransaction.DestroyActivityItem.execute (DestroyActivityItem.java:47) at android.app.servertransaction.ActivityTransactionItem.execute (ActivityTransactionItem.java:45) at android.app.servertransaction.TransactionExecutor.executeLifecycleState (TransactionExecutor.java:176) at android.app.servertransaction.TransactionExecutor.execute (TransactionExecutor.java:97) at android.app.ActivityThread$H.handleMessage (ActivityThread.java:2438) at android.os.Handler.dispatchMessage (Handler.java:106) at android.os.Looper.loopOnce (Looper.java:226) at android.os.Looper.loop (Looper.java:313) at android.app.ActivityThread.main (ActivityThread.java:8669) at java.lang.reflect.Method.invoke at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:571) at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1135) Caused by java.lang.NullPointerException: at org.ppsspp.ppsspp.NativeActivity.onDestroy (NativeActivity.java:757) at android.app.Activity.performDestroy (Activity.java:8571) at android.app.Instrumentation.callActivityOnDestroy (Instrumentation.java:1364) at android.app.ActivityThread.performDestroyActivity (ActivityThread.java:5937) ```

ExpandLines still seems to have an edge case or two left:

  #00  pc 0x0000000000683858  /arm64_v8a.apk!libppsspp_jni.so (SoftwareTransform::ExpandLines(int, int&, unsigned short*&, TransformedVertex const*, TransformedVertex*, int&, bool)+708)
  #01  pc 0x0000000000682f20  /arm64_v8a.apk!libppsspp_jni.so (SoftwareTransform::BuildDrawingParams(int, int, unsigned int, unsigned short*&, int&, SoftwareTransformResult*)+256)
  #02  pc 0x000000000062da60  /arm64_v8a.apk!libppsspp_jni.so (DrawEngineVulkan::DoFlush()+1616)
  #03  pc 0x000000000066be88  /arm64_v8a.apk!libppsspp_jni.so (void DrawEngineCommon::SubmitCurve<Spline::SplineSurface>(void const*, void const*, Spline::SplineSurface&, unsigned int, int*, char const*)+2012)
  #04  pc 0x00000000006c52a0  /arm64_v8a.apk!libppsspp_jni.so (GPUCommonHW::Execute_Spline(unsigned int, unsigned int)+924)
  #05  pc 0x00000000006c4038  /arm64_v8a.apk!libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+180)
  #06  pc 0x00000000006bdc10  /arm64_v8a.apk!libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
  #07  pc 0x00000000006bd13c  /arm64_v8a.apk!libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #08  pc 0x00000000006bcfc0  /arm64_v8a.apk!libppsspp_jni.so (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1852)
  #09  pc 0x00000000004f1fac  /arm64_v8a.apk!libppsspp_jni.so (void WrapU_UUIU<&sceGeListEnQueue(unsigned int, unsigned int, int, unsigned int)>()+60)
  #10  pc 0x00000000004cce74  /arm64_v8a.apk!libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)

weird glslang crash:

  #00  pc 0x0000000000e0a0fc  /split_config.arm64_v8a.apk!libppsspp_jni.so (glslang::TScanContext::tokenizeIdentifier()+96)
  #01  pc 0x0000000000e06340  /split_config.arm64_v8a.apk!libppsspp_jni.so (glslang::TScanContext::tokenize(glslang::TPpContext*, glslang::TParserToken&)+736)
  #02  pc 0x0000000000e06038  /split_config.arm64_v8a.apk!libppsspp_jni.so (yylex(YYSTYPE*, glslang::TParseContext&)+40)
  #03  pc 0x0000000000e1c554  /split_config.arm64_v8a.apk!libppsspp_jni.so (yyparse(glslang::TParseContext*)+1100)
  #04  pc 0x0000000000dd9618  /split_config.arm64_v8a.apk!libppsspp_jni.so (glslang::TParseContext::parseShaderStrings(glslang::TPpContext&, glslang::TInputScanner&, bool)+44)
  #05  pc 0x0000000000d52618  /split_config.arm64_v8a.apk!libppsspp_jni.so ((anonymous namespace)::InitializeSymbolTable(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, glslang::pool_allocator<char>> const&, int, EProfile, glslang::SpvVersion const&, EShLanguage, glslang::EShSource, TInfoSink&, glslang::TSymbolTable&))
  #06  pc 0x0000000000d50cec  /split_config.arm64_v8a.apk!libppsspp_jni.so ((anonymous namespace)::SetupBuiltinSymbolTable(int, EProfile, glslang::SpvVersion const&, glslang::EShSource))
  #07  pc 0x0000000000d4a92c  /split_config.arm64_v8a.apk!libppsspp_jni.so ((anonymous namespace)::CompileDeferred(TCompiler*, char const* const*, int, int const*, char const* const*, char const*, EShOptimizationLevel, TBuiltInResource const*, int, EProfile, bool, int, bool, EShMessages, glslang::TIntermediate&, glslang::TShader::Includer&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, glslang::TEnvironment*))
  #08  pc 0x0000000000d4cb70  /split_config.arm64_v8a.apk!libppsspp_jni.so (glslang::TShader::parse(TBuiltInResource const*, int, EProfile, bool, bool, EShMessages, glslang::TShader::Includer&)+380)
  #09  pc 0x00000000007672c4  /split_config.arm64_v8a.apk!libppsspp_jni.so (GLSLtoSPV(VkShaderStageFlagBits, char const*, GLSLVariant, std::__ndk1::vector<unsigned int, std::__ndk1::allocator<unsigned int>>&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>*)+340)
  #10  pc 0x0000000000ca9ff4  /split_config.arm64_v8a.apk!libppsspp_jni.so (Draw::VKShaderModule::Compile(VulkanContext*, ShaderLanguage, unsigned char const*, unsigned long)+128)
  #11  pc 0x0000000000cad320  /split_config.arm64_v8a.apk!libppsspp_jni.so (Draw::VKContext::CreateShaderModule(ShaderStage, ShaderLanguage, unsigned char const*, unsigned long, char const*)+356)
  #12  pc 0x000000000074e7ac  /split_config.arm64_v8a.apk!libppsspp_jni.so (Draw::DrawContext::CreatePresets()+196)
  #13  pc 0x00000000007af318  /split_config.arm64_v8a.apk!libppsspp_jni.so (AndroidVulkanContext::InitFromRenderThread(ANativeWindow*, int, int, int, int)+260)
  #14  pc 0x00000000007ad364  /split_config.arm64_v8a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+264)
  #15  pc 0x00000000002d4044  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148)

[hrydgard]

This can't possibly be new in 1.15.4, but I haven't seen it before:

#00  pc 0x000000000007f268  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+88)
#01  pc 0x00000000006c9c68  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::DoBlockTransfer(unsigned int)+1736)
#02  pc 0x00000000006cc7f4  arm64_v8a.apk!libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+180)
#03  pc 0x00000000006c6468  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
#04  pc 0x00000000006c5994  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
#05  pc 0x00000000006c5e48  arm64_v8a.apk!libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
#06  pc 0x00000000004f3d20  arm64_v8a.apk!libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>()+4096)
#07  pc 0x00000000004cdaf8  arm64_v8a.apk!libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)

Looks like we're missing some range check for block transfers. We really should have caught this with an assert, or ignored the out-of-bounds part of the copy.

[hrydgard]

Interesting error in the tilt setup screen:

#00  pc 0x0000000000b2c23c  armeabi_v7a.apk!libppsspp_jni.so (UI::ViewGroup::Axis(AxisInput const&)+38)
#01  pc 0x0000000000b2c24b  armeabi_v7a.apk!libppsspp_jni.so (UI::ViewGroup::Axis(AxisInput const&)+52)
#02  pc 0x0000000000b20275  armeabi_v7a.apk!libppsspp_jni.so (UI::AxisEvent(AxisInput const&, UI::ViewGroup*)+528)
#03  pc 0x0000000000635b21  armeabi_v7a.apk!libppsspp_jni.so (TiltAnalogSettingsScreen::axis(AxisInput const&)+8)
#04  pc 0x0000000000b22005  armeabi_v7a.apk!libppsspp_jni.so (ScreenManager::axis(AxisInput const&)+228)
#05  pc 0x00000000005eb955  armeabi_v7a.apk!libppsspp_jni.so (NativeAxis(AxisInput const&)+52)
#06  pc 0x00000000005e4077  armeabi_v7a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeApp_accelerometer+58)
#07  pc 0x0000000000009199  /data/app/org.ppsspp.ppsspp-YQo20lGvQW4pG5hPAFRA_Q==/oat/arm/base.odex (art_jni_trampoline+120)

This one will be resolved by the upcoming UI event refactor though.

[unknownbrackets]

This can't possibly be new in 1.15.4, but I haven't seen it before:

Looks like we're missing some range check for block transfers. We really should have caught this with an assert, or ignored the out-of-bounds part of the copy.

Well, this could happen if a block transfer spans a memory mirror in certain ways, as I realized somewhat recently. For example, suppose I'm copying the 4 bytes from 0x041FFFFE to 0x04200002 to 0x04100010-0x04100014. This may crash, depending on how it's copied, since a single access crossing mirrors is unsafe. That said, maybe it's not this, I'm just not sure how else it wouldn't trip something else.

-[Unknown]

[FATCatAndroid12]

This is different from #19522?