The 1.11/1.11.1 Android mystery crash thread!

First crashes are in!

I'm hoping to see a lot less no-call-stack crashes this time around, with the new exception handler. Let's see how it goes, so far, so good. Starting out weird though, a logoscreen crash?

Itel itel W5001P
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 00000000005120c8  /data/app/org.ppsspp.ppsspp-67DzoQ04oxgto8D31lAYuQ==/lib/arm/libppsspp_jni.so (LogoScreen::render()+43)
  #00  pc 00000000009f9079  /data/app/org.ppsspp.ppsspp-67DzoQ04oxgto8D31lAYuQ==/lib/arm/libppsspp_jni.so (ScreenManager::render()+88)
  #00  pc 00000000004f34b5  /data/app/org.ppsspp.ppsspp-67DzoQ04oxgto8D31lAYuQ==/lib/arm/libppsspp_jni.so (NativeRender(GraphicsContext*)+508)
  #00  pc 00000000004ecd8f  /data/app/org.ppsspp.ppsspp-67DzoQ04oxgto8D31lAYuQ==/lib/arm/libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+18)
  #00  pc 00000000004ee699  /data/app/org.ppsspp.ppsspp-67DzoQ04oxgto8D31lAYuQ==/lib/arm/libppsspp_jni.so
  #00  pc 00000000002c24d9  /data/app/org.ppsspp.ppsspp-67DzoQ04oxgto8D31lAYuQ==/lib/arm/libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+24)
  #00  pc 0000000000047b2b  /system/lib/libc.so (__pthread_start(void*)+22)
  #00  pc 000000000001afef  /system/lib/libc.so (__start_thread+32)

This one is an alignment error: (driver bug, or data we pass in somewhere?)

signal 7 (SIGBUS), code 1 (BUS_ADRALN)

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 00000000000a5898  /vendor/lib64/hw/vulkan.msm8953.so (qglinternal::vkAcquireImageANDROID(VkDevice_T*, VkImage_T*, int, VkSemaphore_T*, VkFence_T*)+88)
  #00  pc 00000000000235b4  /system/lib64/libvulkan.so (vulkan::driver::AcquireNextImageKHR(VkDevice_T*, VkSwapchainKHR_T*, unsigned long, VkSemaphore_T*, VkFence_T*, unsigned int*)+592)
  #00  pc 000000000063a518  /data/app/org.ppsspp.ppsspp-6DaeytBdsGE179vNmfw0Cg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (VulkanRenderManager::BeginSubmitFrame(int)+112)
  #00  pc 0000000000637c34  /data/app/org.ppsspp.ppsspp-6DaeytBdsGE179vNmfw0Cg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (VulkanRenderManager::Run(int)+28)
  #00  pc 000000000063717c  /data/app/org.ppsspp.ppsspp-6DaeytBdsGE179vNmfw0Cg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (VulkanRenderManager::ThreadFunc()+108)
  #00  pc 000000000063b174  /data/app/org.ppsspp.ppsspp-6DaeytBdsGE179vNmfw0Cg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (VulkanRenderManager::*)(), VulkanRenderManager*> >(void*)+64)
  #00  pc 00000000000e68e0  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36)
  #00  pc 0000000000084c54  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)

All 8 crashes we have so far are wacky graphics driver crashes. This is, well, both good and bad, but it's great to see that the exception handler probably have eliminated all those pesky no-call-stack crashes that happens when games crash. Although I guess it's also not great that those are completely invisible now... But we could report them to our own system, and maybe should.

We should already report them to report.ppsspp.org if that's enabled.

-[Unknown]

Well, yes, but we are not reporting all of them. Especially not those that happen with "ignore bad memory access" within the games' memory space, with fast memory enabled. (we just ignore or substitute with 0 in that case, previously the app would die)

A cwcheat one!

00  pc 00000000000831f0  /apex/com.android.runtime/lib64/bionic/libc.so (abort+160)
  #00  pc 0000000000008a14  /system/lib64/liblog.so (__android_log_assert+328)
  #00  pc 000000000065bbbc  /data/app/org.ppsspp.ppsspp-wReXsNwwzAqO_VdkunsbGA==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+248)
  #00  pc 000000000039f330  /data/app/org.ppsspp.ppsspp-wReXsNwwzAqO_VdkunsbGA==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (CWCheatEngine::InterpretNextOp(CheatCode const&, unsigned long&)+88)
  #00  pc 000000000039e14c  /data/app/org.ppsspp.ppsspp-wReXsNwwzAqO_VdkunsbGA==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (CWCheatEngine::Run()+116)
  #00  pc 000000000039d834  /data/app/org.ppsspp.ppsspp-wReXsNwwzAqO_VdkunsbGA==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (hleCheat(unsigned long long, int)+748)
  #00  pc 000000000039ae68  /data/app/org.ppsspp.ppsspp-wReXsNwwzAqO_VdkunsbGA==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (CoreTiming::Advance()+204)
  #00  pc 0000000000475214  /data/app/org.ppsspp.ppsspp-wReXsNwwzAqO_VdkunsbGA==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (__KernelReSchedule(char const*)+40)
  #00  pc 00000000000019ec  <anonymous>

CheatOperation CWCheatEngine::InterpretNextOp(const CheatCode &cheat, size_t &i) {
	if (cheat.fmt == CheatCodeFormat::CWCHEAT)
		return InterpretNextCwCheat(cheat, i);
	else if (cheat.fmt == CheatCodeFormat::TEMPAR)
		return InterpretNextTempAR(cheat, i);
	else
		_assert_(false);
	return { CheatOp::Invalid };
}

So that means unknown cheat code format. We shouldn't crash, at least, this needs fixing.

Hm, that shouldn't happen?

It's pushed here:

ppsspp/Core/CwCheat.cpp

Lines 121 to 122 in b539ce8

    
           cheats_.push_back({ codeFormat_, pendingLines_ }); 
        
           pendingLines_.clear();

And that's set here:

ppsspp/Core/CwCheat.cpp

Lines 207 to 214 in b539ce8

    
           if (codeFormat_ == CheatCodeFormat::UNDEFINED) { 
        
           	codeFormat_ = format; 
        
           } else if (codeFormat_ != format) { 
        
           	AddError("mixed code format (cwcheat/tempar)"); 
        
           	lastCheatInfo_ = { 0 }; 
        
           	pendingLines_.clear(); 
        
           	cheatEnabled_ = false; 
        
           }

Which is set here:

ppsspp/Core/CwCheat.cpp

Lines 192 to 197 in b539ce8

    
           	ParseDataLine(line.substr(2), CheatCodeFormat::CWCHEAT); 
        
           	return; 
        
           case 'M': 
        
           	// TempAR data line. 
        
           	ParseDataLine(line.substr(2), CheatCodeFormat::TEMPAR);

It shouldn't be possible to add to pendingLines_ and have cheatEnabled_ true unless codeFormat_ is valid. I'm worried this means the cheat data was corrupted in memory.

-[Unknown]

Yeah, that might be a likely, and scary, explanation.

Here's another one, maybe a postshader failing to compile and us not handling it? Or wait, we compile shaders on the other thread now.. hm.

 #00  pc 0000000000063bc4  /system/lib/libc.so (pthread_mutex_lock+4)
  #00  pc 0000000000069339  /system/lib/libc.so (je_arena_dalloc_large+20)
  #00  pc 000000000007b741  /system/lib/libc.so (je_free+68)
  #00  pc 00000000003f62ff  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (GLRenderManager::CreateShader(unsigned int, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&)+398)
  #00  pc 00000000003fb11d  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (FramebufferManagerGLES::CompileDraw2DProgram()+388)
  #00  pc 00000000003fb695  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (FramebufferManagerGLES::CreateDeviceObjects()+28)
  #00  pc 00000000003fcaaf  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (FramebufferManagerGLES::DeviceRestore(Draw::DrawContext*)+12)
  #00  pc 0000000000465fff  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (GPUCommon::DeviceRestore()+28)
  #00  pc 00000000003f9a33  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (GPU_GLES::DeviceRestore()+6)
  #00  pc 00000000004f2a2d  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (NativeInitGraphics(GraphicsContext*)+1024)
  #00  pc 00000000004ee65f  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000)
  #00  pc 00000000002c24d9  /data/app/org.ppsspp.ppsspp-LbQd1oOoRpPhQ5V0XSJE3w==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+24)
  #00  pc 00000000000632f9  /system/lib/libc.so (__pthread_start(void*)+22)
  #00  pc 000000000001de51  /system/lib/libc.so (__start_thread+24)```

  #00  pc 0000000000b42100  /data/app/org.ppsspp.ppsspp-2/lib/arm64/libppsspp_jni.so (UIScreen::preRender()+44)
  #00  pc 0000000000b4163c  /data/app/org.ppsspp.ppsspp-2/lib/arm64/libppsspp_jni.so (ScreenManager::render()+132)
  #00  pc 000000000066f348  /data/app/org.ppsspp.ppsspp-2/lib/arm64/libppsspp_jni.so (NativeRender(GraphicsContext*)+640)
  #00  pc 0000000000666aac  /data/app/org.ppsspp.ppsspp-2/lib/arm64/libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+32)
  #00  pc 0000000000668db4  /data/app/org.ppsspp.ppsspp-2/lib/arm64/libppsspp_jni.so
  #00  pc 00000000003a81dc  /data/app/org.ppsspp.ppsspp-2/lib/arm64/libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+44)
  #00  pc 000000000006a35c  /system/lib64/libc.so (__pthread_start(void*)+208)
  #00  pc 000000000001db68  /system/lib64/libc.so (__start_thread+

The LogoScreen crash I posted previously is the top crash currently, very strange.

About the LogoScreen since ed8188e there is:

double rate = std::max(30.0, (double)System_GetPropertyFloat(SYSPROP_DISPLAY_REFRESH_RATE));
double sinceStart = (double)frames_ / rate;

May some device return some broken value or the refresh rate variable is not yet set? Getting either a NaN or a big number into a division by zero could lead to some float error crash maybe?

Yeah, I suppose so, though no matter what, floating point division shouldn't crash. Maybe something wacky happens with the math later. Though either way, the std::max should have taken care of it...

Top crasher, passing LogoScreen, is now this lovely specimen:

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 0 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 0000000000506b5c  /data/app/~~nXj0luwk0-4glfNdSp69rQ==/org.ppsspp.ppsspp-ClctrPMq4af_tatLBp9U2Q==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (Memory::Write_Opcode_JIT(unsigned int, Memory::Opcode const&)+16)
  #00  pc 00000000004ecce0  /data/app/~~nXj0luwk0-4glfNdSp69rQ==/org.ppsspp.ppsspp-ClctrPMq4af_tatLBp9U2Q==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (JitBlockCache::FinalizeBlock(int, bool)+128)
  #00  pc 000000000037fde8  /data/app/~~nXj0luwk0-4glfNdSp69rQ==/org.ppsspp.ppsspp-ClctrPMq4af_tatLBp9U2Q==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (MIPSComp::Arm64Jit::Compile(unsigned int)+248)
  #00  pc 00000000000001a0  <anonymous>

That one I can see how it happens, if we try to compile at a bad address. (Read_Opcode_JIT which is called before Write_Opcode_JIT checks the address, write doesn't). We're already screwed here, but shouldn't let PPSSPP crash.

Excuse me?
I can't download the v1.11 for Android from Download page.

Is it normally?

But, I can download v1.11-2-gb539ce8c2.

Yeah, that's a bug in the build server. 1.11-2 will serve you fine. You can also download 1.11 signed with release keys from ppsspp.org.

if we try to compile at a bad address.

Maybe that's a Resume on a jump to bad address? In theory, we shouldn't even try to compile on a bad address...

Though either way, the std::max should have taken care of it...

I suppose Bad Things could occur if SYSPROP_DISPLAY_REFRESH_RATE is NaN. But yeah, wouldn't crash there...

We don't know what the LogoScreen signal is, do we? If it's a nullptr, etc.?

-[Unknown]

The LogoScreen signal is signal 11 (SIGSEGV), code 1 (SEGV_MAPERR)

As for the compile at bad address, explanation and tentative fix is in #14085.

(by the way, browsing crashes in Play Console's laughably slow UI, it's so nice to not have to wade through a zillion different empty stack reports... far more actually have substance now, making real issues stand out better)

backtrace:
  #00  pc 000000000001a48c  /system/lib/libc.so (abort+63)
  #00  pc 00000000000065c3  /system/lib/liblog.so (__android_log_assert+154)
  #00  pc 00000000004e4ef5  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+116)
  #00  pc 00000000004b8095  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (GLPushBuffer::Unmap()+36)
  #00  pc 0000000000407967  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (DrawEngineGLES::EndFrame()+34)
  #00  pc 00000000004fc52d  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (EmuScreen::render()+508)
  #00  pc 00000000009f9079  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (ScreenManager::render()+88)
  #00  pc 00000000004f34b5  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (NativeRender(GraphicsContext*)+508)
  #00  pc 00000000004ecd8f  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+18)
  #00  pc 00000000004ee699  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so
  #00  pc 00000000002c24d9  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+24)
  #00  pc 0000000000047ba3  /system/lib/libc.so (__pthread_start(void*)+22)
  #00  pc 000000000001b067  /system/lib/libc.so (__start_thread+32)

  #00  pc 000000000227e774  /vendor/lib64/egl/libGLES_mali.so (vkUnmapMemory+36)
  #00  pc 0000000000632e08  /data/app/org.ppsspp.ppsspp-ycY2uZ5elmI2WFom-OavBg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (VulkanPushBuffer::Unmap()+160)
  #00  pc 0000000000b37e04  /data/app/org.ppsspp.ppsspp-ycY2uZ5elmI2WFom-OavBg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (Draw::VKContext::EndFrame()+28)
  #00  pc 0000000000b416d0  /data/app/org.ppsspp.ppsspp-ycY2uZ5elmI2WFom-OavBg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (ScreenManager::render()+280)
  #00  pc 000000000066f348  /data/app/org.ppsspp.ppsspp-ycY2uZ5elmI2WFom-OavBg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (NativeRender(GraphicsContext*)+640)
  #00  pc 00000000006684dc  /data/app/org.ppsspp.ppsspp-ycY2uZ5elmI2WFom-OavBg==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (Java_org_ppsspp_ppsspp_NativeActivity_runEGLRenderLoop+748)
  #00  pc 0000000000003198  /data/app/org.ppsspp.ppsspp-ycY2uZ5elmI2WFom-OavBg==/oat/arm64/base.odex (art_jni_trampoline+152)

 #00  pc 00000000004e4ef5  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+116)
  #00  pc 00000000004998d5  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (PointerWrap::DoMarker(char const*, unsigned int)+96)
  #00  pc 0000000000499c27  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (PointerWrapSection::~PointerWrapSection()+18)
  #00  pc 00000000003439a5  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (__InterruptsDoStateLate(PointerWrap&)+60)
  #00  pc 000000000033e42f  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (__KernelDoState(PointerWrap&)+446)
  #00  pc 00000000003dc7ff  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (SaveState::SaveStart::DoState(PointerWrap&)+322)
  #00  pc 00000000003dc419  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (CChunkFileReader::Error CChunkFileReader::LoadPtr<SaveState::SaveStart>(unsigned char*, SaveState::SaveStart&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>*)+40)
  #00  pc 00000000003dfc4f  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (CChunkFileReader::Error CChunkFileReader::Load<SaveState::SaveStart>(std::__ndk1::basic_string<char, CChunkFileReader::Error::char_traits<char>, CChunkFileReader::Error::allocator<char>> const&, CChunkFileReader::Error::allocator<char>*, SaveState::SaveStart&, std::__ndk1::basic_string<char, CChunkFileReader::Error::char_traits<char>, CChunkFileReader::Error::allocator<char>> const&)+122)
  #00  pc 00000000003df0c5  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (SaveState::Process()+644)
  #00  pc 00000000003e2c2b  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (PSP_RunLoopWhileState()+114)
  #00  pc 00000000004fc415  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (EmuScreen::render()+228)
  #00  pc 00000000009f9079  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (ScreenManager::render()+88)
  #00  pc 00000000004f34b5  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (NativeRender(GraphicsContext*)+508)
  #00  pc 00000000004edfcb  /data/app/org.ppsspp.ppsspp-HOgw25O8DAkSqwWYd8k21A==/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libppsspp_jni.so (offset 0x1000) (Java_org_ppsspp_ppsspp_NativeActivity_runEGLRenderLoop+326)

 #00  pc 00000000004ee75c  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (std::__ndk1::__hash_table<std::__ndk1::__hash_value_type<unsigned int, int>, std::__ndk1::__unordered_map_hasher<unsigned int, std::__ndk1::__hash_value_type<unsigned int, int>, std::__ndk1::hash<unsigned int>, true>, std::__ndk1::__unordered_map_equal<unsigned int, std::__ndk1::__hash_value_type<unsigned int, int>, std::__ndk1::equal_to<unsigned int>, true>, std::__ndk1::allocator<std::__ndk1::__hash_value_type<unsigned int, int>>>::__rehash(unsigned long)+216)
  #00  pc 00000000004ee4b4  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000)
  #00  pc 00000000004ee334  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000)
  #00  pc 00000000004ecd5c  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (JitBlockCache::FinalizeBlock(int, bool)+252)
  #00  pc 000000000037fde8  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (MIPSComp::Arm64Jit::Compile(unsigned int)+248)

^ Starting to feel like we have some creepy heap corruption...

 #00  pc 0000000000626148  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (GLQueueRunner::RunSteps(std::__ndk1::vector<GLRStep*, std::__ndk1::allocator<GLRStep*>> const&, bool)+528)
  #00  pc 0000000000621b70  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (GLRenderManager::Run(int)+380)
  #00  pc 000000000062195c  /data/app/org.ppsspp.ppsspp-gzWPq5FJ79XNVb4em8LQaQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (GLRenderManager::ThreadFrame()+420)

 #00  pc 00000000004e4ef5  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+116)
  #00  pc 00000000004b8095  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (GLPushBuffer::Unmap()+36)
  #00  pc 0000000000407967  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (DrawEngineGLES::EndFrame()+34)
  #00  pc 00000000004fc52d  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (EmuScreen::render()+508)
  #00  pc 00000000009f9079  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (ScreenManager::render()+88)
  #00  pc 00000000004f34b5  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (NativeRender(GraphicsContext*)+508)
  #00  pc 00000000004ecd8f  /data/app/org.ppsspp.ppsspp-iPv2msUb-4nc2_wnQzmOfA==/lib/arm/libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+18)

This one is not very common (clearly one of the late memsets in CISO..::ReadBlocks):

 #00  pc 000000000007f4cc  /apex/com.android.runtime/lib64/bionic/libc.so (memset+140)
  #00  pc 00000000003f2e2c  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (CISOFileBlockDevice::ReadBlocks(unsigned int, int, unsigned char*)+588)
  #00  pc 00000000003fa004  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (ISOFileSystem::ReadFile(unsigned int, unsigned char*, long long, int&)+884)
  #00  pc 00000000003fea98  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (MetaFileSystem::ReadFile(unsigned int, unsigned char*, long long, int&)+228)
  #00  pc 00000000004db324  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (AsyncIOManager::ProcessEvent(AsyncIOEvent)+92)
  #00  pc 0000000000439f64  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (ThreadEventQueue<NoBase, AsyncIOEvent, AsyncIOEventType, (AsyncIOEventType)0, (AsyncIOEventType)1, (AsyncIOEventType)2>::RunEventsUntil(unsigned long long)+248)
  #00  pc 0000000000437a90  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000)
  #00  pc 00000000003a8474  /data/app/org.ppsspp.ppsspp-cB-6xkViiFH4CfuXcwN5Rw==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+44)
  #00  pc 00000000000e34a4  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36)
  #00  pc 0000000000084e80  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)

#00  pc 0000000000b246c8  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (inflate+776)
  #00  pc 00000000003f2e88  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (CISOFileBlockDevice::ReadBlocks(unsigned int, int, unsigned char*)+680)
  #00  pc 00000000003fa004  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (ISOFileSystem::ReadFile(unsigned int, unsigned char*, long long, int&)+884)
  #00  pc 00000000003fea98  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (MetaFileSystem::ReadFile(unsigned int, unsigned char*, long long, int&)+228)
  #00  pc 00000000004db324  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (AsyncIOManager::ProcessEvent(AsyncIOEvent)+92)
  #00  pc 0000000000439f64  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (ThreadEventQueue<NoBase, AsyncIOEvent, AsyncIOEventType, (AsyncIOEventType)0, (AsyncIOEventType)1, (AsyncIOEventType)2>::RunEventsUntil(unsigned long long)+248)
  #00  pc 0000000000437a90  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000)
  #00  pc 00000000003a8474  /data/app/org.ppsspp.ppsspp-mPpr3es4HFlbLULuJGME1w==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+44)
  #00  pc 00000000000e205c  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36)

Odd driver crash:

 #00  pc 0000000000070a00  /vendor/lib64/hw/vulkan.msm8953.so (qglinternal::vkCreateImage(VkDevice_T*, VkImageCreateInfo const*, VkAllocationCallbacks const*, VkImage_T**)+28)
  #00  pc 000000000062e4ac  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (VulkanTexture::CreateDirect(VkCommandBuffer_T*, VulkanDeviceAllocator*, int, int, int, VkFormat, VkImageLayout, unsigned int, VkComponentMapping const*)+260)
  #00  pc 000000000062e4ac  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (VulkanTexture::CreateDirect(VkCommandBuffer_T*, VulkanDeviceAllocator*, int, int, int, VkFormat, VkImageLayout, unsigned int, VkComponentMapping const*)+260)
  #00  pc 0000000000b39364  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (Draw::VKTexture::Create(VkCommandBuffer_T*, VulkanPushBuffer*, Draw::TextureDesc const&, VulkanDeviceAllocator*)+460)
  #00  pc 0000000000b3b130  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (Draw::VKContext::CreateTexture(Draw::TextureDesc const&)+132)
  #00  pc 00000000006fcc60  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (ManagedTexture::LoadFromFileData(unsigned char const*, unsigned long, ImageFileType, bool, char const*)+884)
  #00  pc 00000000006fce10  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (ManagedTexture::LoadFromFile(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&, ImageFileType, bool)+132)
  #00  pc 00000000006fcf8c  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (CreateTextureFromFile(Draw::DrawContext*, char const*, ImageFileType, bool)+124)
  #00  pc 000000000065861c  /data/app/org.ppsspp.ppsspp-e9MUzwuUJYtcoKu1aqxsaw==/lib/arm64/libppsspp_jni.so (UIContext::BeginFrame()+280)

Many of the latter ones are definitely not new crashes, they've just kinda surfaced now that so much garbage crashes are gone due to the exception handler.

Like, it seems to be doable to crash the CISO code with a corrupt file.

Still, the LogoScreen crash is haunting me. But it could just be one of the many weird intermittent GL initialization / task switching bugs I guess...

If inflate() is crashing, I suppose we either have corruption in the z_stream or we need to update zlib. Or I suppose it could be #14132 if it's writing outside valid memory in z.next_out.

-[Unknown]

one that's not new, but haven't noticed before:


  #00  pc 0000000000008a14  /system/lib64/liblog.so (__android_log_assert+328)
  #00  pc 000000000065c33c  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+248)
  #00  pc 00000000005625f4  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (Vulkan2D::GetDescriptorSet(VkImageView_T*, VkSampler_T*, VkImageView_T*, VkSampler_T*)+328)
  #00  pc 0000000000553b9c  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (FramebufferManagerVulkan::DrawActiveTexture(float, float, float, float, float, float, float, float, float, float, int, int)+624)
  #00  pc 000000000056e3a8  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (FramebufferManagerCommon::DrawPixels(VirtualFramebuffer*, int, int, unsigned char const*, GEBufferFormat, int, int, int)+664)
  #00  pc 000000000056deb8  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (FramebufferManagerCommon::UpdateFromMemory(unsigned int, int, bool)+520)
  #00  pc 0000000000488c5c  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000)
  #00  pc 000000000040b4b8  /data/app/org.ppsspp.ppsspp-m4lb6uwksI7g346Z8OKCzQ==/split_config.arm64_v8a.apk!lib/arm64-v8a/libppsspp_jni.so (offset 0x1000) (CallSyscallWithoutFlags(HLEFunction const*)+28)
  #00  pc 0000000000425278  <anonymous>

Maybe vkAllocateDescriptorSets returned out of memory?

-[Unknown]

That's the only assert in the function, but it's odd. The descriptor pool has space for 3000 entries and we reset it per frame. No way we're doing 3000 depals or post shaders in a frame

This one pretty much has to be memory corruption, right?

#00  pc 00000000004e55c5  /data/app/org.ppsspp.ppsspp-2/lib/arm/libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+116)
  #00  pc 00000000002bae1d  /data/app/org.ppsspp.ppsspp-2/lib/arm/libppsspp_jni.so (CWCheatEngine::Run()+208)
  #00  pc 00000000002ba687  /data/app/org.ppsspp.ppsspp-2/lib/arm/libppsspp_jni.so (hleCheat(unsigned long long, int)+578)
  #00  pc 00000000002b87fd  /data/app/org.ppsspp.ppsspp-2/lib/arm/libppsspp_jni.so (CoreTiming::Advance()+180)
  #00  pc 0000000000363a37  /data/app/org.ppsspp.ppsspp-2/lib/arm/libppsspp_jni.so (__KernelReSchedule(char const*)+26)
  #00  pc 0000000000001b88  <anonymous>

the only assert there is in the default case of ExecuteOp ...

Probably related to the other cheat assert, yeah.

-[Unknown]

I think the ValidSize bug not working may have caused some of these. With that fixed, should we close this until next time?

-[Unknown]

Going to close this now given it's been quite some commits since v1.11.x, I'm sure we'll have new ones to look at for v1.12. I'm optimistic that several of these may be fixed for next time around now.

-[Unknown]

	cheats_.push_back({ codeFormat_, pendingLines_ });
	pendingLines_.clear();

	if (codeFormat_ == CheatCodeFormat::UNDEFINED) {
	codeFormat_ = format;
	} else if (codeFormat_ != format) {
	AddError("mixed code format (cwcheat/tempar)");
	lastCheatInfo_ = { 0 };
	pendingLines_.clear();
	cheatEnabled_ = false;
	}

	ParseDataLine(line.substr(2), CheatCodeFormat::CWCHEAT);
	return;

	case 'M':
	// TempAR data line.
	ParseDataLine(line.substr(2), CheatCodeFormat::TEMPAR);