1.16 Android mystery crash thread

[hrydgard]

Alright, looking at Google Play crash reports again, a few reports have started to come in.

  #00  pc 0x0000000000bdb63a  armeabi_v7a.apk!libppsspp_jni.so (std::__ndk1::__function::__func<UI::PopupTextInputChoice::HandleClick(UI::EventParams&)::$_3, std::__ndk1::allocator<UI::PopupTextInputChoice::HandleClick(UI::EventParams&)::$_3>, void (char const*, int)>::operator()(char const*&&, int&&)+4096)
  #01  pc 0x0000000000645221  armeabi_v7a.apk (RequestManager::ProcessRequests()+88)
  #02  pc 0x000000000066429b  armeabi_v7a.apk (NativeFrame(GraphicsContext*)+186)
  #03  pc 0x000000000065d233  armeabi_v7a.apk (UpdateRunLoopAndroid(_JNIEnv*)+22)
  #04  pc 0x000000000065f7c7  armeabi_v7a.apk!libppsspp_jni.so (EmuThreadFunc()+4096)
  #05  pc 0x0000000000381219  armeabi_v7a.apk (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+24)
  #06  pc 0x0000000000063af5  /system/lib/libc.so (__pthread_start(void*)+22)
  #07  pc 0x000000000001df95  /system/lib/libc.so (__start_thread+22)

Kinda similar:

  #00  pc 0x0000000000bd6386  libppsspp_jni.so (UI::PopupMultiChoice::ChoiceCallback(int)+26)
  #01  pc 0x0000000000bd5add  libppsspp_jni.so (UI::ListPopupScreen::OnListChoice(UI::EventParams&)+48)
  #02  pc 0x0000000000bc7693  libppsspp_jni.so (UI::Event::Dispatch(UI::EventParams&)+30)
  #03  pc 0x0000000000bc16b9  libppsspp_jni.so (UI::DispatchEvents()+384)
  #04  pc 0x0000000000bc2b8d  libppsspp_jni.so (UI::UpdateViewHierarchy(UI::ViewGroup*)+1748)
  #05  pc 0x0000000000bc5413  libppsspp_jni.so (UIScreen::update()+122)
  #06  pc 0x0000000000bc5bb9  libppsspp_jni.so (PopupScreen::update()+16)
  #07  pc 0x0000000000bc3cdf  libppsspp_jni.so (ScreenManager::update()+54)
  #08  pc 0x00000000006642b5  libppsspp_jni.so (NativeFrame(GraphicsContext*)+212)
  #09  pc 0x000000000065d233  libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+22)
  #10  pc 0x000000000065f7c7  libppsspp_jni.so (EmuThreadFunc())
  #11  pc 0x0000000000381219  libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+24)

Similar:

  #00  pc 0x0000000000bdb63a  armeabi_v7a.apk!libppsspp_jni.so (std::__ndk1::__function::__func<UI::PopupTextInputChoice::HandleClick(UI::EventParams&)::$_3, std::__ndk1::allocator<UI::PopupTextInputChoice::HandleClick(UI::EventParams&)::$_3>, void (char const*, int)>::operator()(char const*&&, int&&)+4096)
  #01  pc 0x0000000000645221  armeabi_v7a.apk (RequestManager::ProcessRequests()+88)
  #02  pc 0x000000000066429b  armeabi_v7a.apk (NativeFrame(GraphicsContext*)+186)
  #03  pc 0x000000000065d233  armeabi_v7a.apk (UpdateRunLoopAndroid(_JNIEnv*)+22)
  #04  pc 0x000000000065f7c7  armeabi_v7a.apk!libppsspp_jni.so (EmuThreadFunc()+4096)
  #05  pc 0x0000000000381219  armeabi_v7a.apk (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+24)

  #00  pc 0x0000000000087918  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+248)
  #01  pc 0x0000000000d99784  libppsspp_jni.so (Draw::VKContext::DrawUP(void const*, int)+264)
  #02  pc 0x000000000085dbf0  libppsspp_jni.so (DrawBuffer::Flush(bool)+132)
  #03  pc 0x000000000084e4bc  libppsspp_jni.so (UIContext::Flush()+28)
  #04  pc 0x0000000000899cc4  libppsspp_jni.so (FloatingSymbolsAnimation::Draw(UIContext&, double, float, float, float, float)+64)
  #05  pc 0x00000000008928cc  libppsspp_jni.so (DrawBackground(UIContext&, float, float, float, float)+604)
  #06  pc 0x0000000000893354  libppsspp_jni.so (UIScreenWithBackground::DrawBackground(UIContext&)+68)
  #07  pc 0x000000000088d694  libppsspp_jni.so (MainScreen::DrawBackground(UIContext&)+28)
  #08  pc 0x0000000000da2964  libppsspp_jni.so (UIScreen::render()+164)
  #09  pc 0x0000000000da114c  libppsspp_jni.so (ScreenManager::render()+212)
  #10  pc 0x000000000086f328  libppsspp_jni.so (NativeFrame(GraphicsContext*)+772)
  #11  pc 0x000000000086843c  libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+416)

[hrydgard]

  #00  pc 0x00000000000890e8  /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy+248)
  #01  pc 0x0000000000d99784  libppsspp_jni.so (Draw::VKContext::DrawUP(void const*, int)+264)
  #02  pc 0x000000000085dbf0  libppsspp_jni.so (DrawBuffer::Flush(bool)+132)
  #03  pc 0x000000000084e4bc  libppsspp_jni.so (UIContext::Flush()+28)
  #04  pc 0x0000000000899cc4  libppsspp_jni.so (FloatingSymbolsAnimation::Draw(UIContext&, double, float, float, float, float)+64)
  #05  pc 0x00000000008928cc  libppsspp_jni.so (DrawBackground(UIContext&, float, float, float, float)+604)
  #06  pc 0x0000000000893354  libppsspp_jni.so (UIScreenWithBackground::DrawBackground(UIContext&)+68)
  #07  pc 0x000000000088d694  libppsspp_jni.so (MainScreen::DrawBackground(UIContext&)+28)
  #08  pc 0x0000000000da2964  libppsspp_jni.so (UIScreen::render()+164)
  #09  pc 0x0000000000da114c  libppsspp_jni.so (ScreenManager::render()+212)
  #10  pc 0x000000000086f328  libppsspp_jni.so (NativeFrame(GraphicsContext*)+772)

  #00  pc 0x0000000000062b20  /apex/com.android.runtime/lib/bionic/libc.so (abort+172)
  #01  pc 0x00000000000abe5f  /apex/com.android.runtime/lib/bionic/libc.so (__fortify_fatal(char const*, ...)+26)
  #02  pc 0x00000000000ab599  /apex/com.android.runtime/lib/bionic/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+20)
  #03  pc 0x00000000000ab483  /apex/com.android.runtime/lib/bionic/libc.so (pthread_mutex_lock+138)
  #04  pc 0x0000000000d38ddb libppsspp_jni.so (std::__ndk1::mutex::lock()+6)
  #05  pc 0x0000000000616efd libppsspp_jni.so (GLRenderManager::ThreadFrame()+56)
  #06  pc 0x000000000065d311 libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeRenderer_displayRender+64)
  #07  pc 0x0000000000009053  /data/app/~~pZh5yOzJPZWVLEg2pzZYxw==/org.ppsspp.ppsspp-RMdEWXsG9cgVPlZaTVgCRQ==/oat/arm/base.odex (art_jni_trampoline+74)
  #08  pc 0x00000000020006e3  /memfd:jit-cache (org.ppsspp.ppsspp.NativeRenderer.onDrawFrame+42)

backtrace:
  #00  pc 0x0000000000da15d4  !libppsspp_jni.so (ScreenManager::RecreateAllViews()+12)
  #01  pc 0x0000000000887504  !libppsspp_jni.so (GameBrowser::OnRecentClear(UI::EventParams&)+12)
  #02  pc 0x0000000000da5450  !libppsspp_jni.so (UI::Event::Dispatch(UI::EventParams&)+56)
  #03  pc 0x0000000000d9d8a0  !libppsspp_jni.so (UI::DispatchEvents()+388)
  #04  pc 0x0000000000d9f22c  !libppsspp_jni.so (UI::UpdateViewHierarchy(UI::ViewGroup*)+2208)
  #05  pc 0x0000000000da2664  !libppsspp_jni.so (UIScreen::update()+136)
  #06  pc 0x0000000000da3004  !libppsspp_jni.so (PopupScreen::update()+24)
  #07  pc 0x0000000000da0858  !libppsspp_jni.so (ScreenManager::update()+92)
  #08  pc 0x000000000086f15c  !libppsspp_jni.so (NativeFrame(GraphicsContext*)+312)
  #09  pc 0x000000000086843c  !libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+416)

  #00  pc 0x000000000061ae18  libppsspp_jni.so (GLQueueRunner::PerformRenderPass(GLRStep const&, bool, bool, GLQueueProfileContext&)+2296)
  #01  pc 0x000000000061a463  libppsspp_jni.so (GLQueueRunner::RunSteps(std::__ndk1::vector<GLRStep*, std::__ndk1::allocator<GLRStep*>> const&, GLFrameData&, bool, bool, bool)+362)
  #02  pc 0x0000000000617151  libppsspp_jni.so (GLRenderManager::Run(GLRRenderThreadTask&)+336)
  #03  pc 0x0000000000616f6f  libppsspp_jni.so (GLRenderManager::ThreadFrame()+170)
  #04  pc 0x000000000065d311  libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeRenderer_displayRender+64)
  #05  pc 0x0000000000009053  /data/app/org.ppsspp.ppsspp-INN1sdv8x1m0vCxKFo9vCw==/oat/arm/base.odex (art_jni_trampoline+74)

  #00  pc 0x000000000001c3a4  /system/lib64/libc.so (memcmp+36)
  #01  pc 0x0000000000851484  libppsspp_jni.so (std::__ndk1::__tree_iterator<std::__ndk1::__value_type<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, IconCache::Entry>, std::__ndk1::__tree_node<std::__ndk1::__value_type<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, IconCache::Entry>, void*>*, long> std::__ndk1::__tree<std::__ndk1::__value_type<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, IconCache::Entry>, std::__ndk1::__map_value_compare<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, std::__ndk1::__value_type<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, IconCache::Entry>, std::__ndk1::less<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>>, true>, std::__ndk1::allocator<std::__ndk1::__value_type<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>, IconCache::Entry>>>::find<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>>(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&)+152)
  #02  pc 0x0000000000850e10  libppsspp_jni.so (IconCache::InsertIcon(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&, IconFormat, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>&&)+124)
  #03  pc 0x00000000009076e4  libppsspp_jni.so (HttpImageFileView::HttpImageFileView(http::RequestManager*, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const&, UI::ImageSizeMode, bool, UI::LayoutParams*)::'lambda'(http::Request&)::operator()(http::Request&) const+148)
  #04  pc 0x000000000083b914  libppsspp_jni.so (http::RequestManager::Update()+436)
  #05  pc 0x000000000086f154  libppsspp_jni.so (NativeFrame(GraphicsContext*)+304)
  #06  pc 0x00000000008666cc  libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+36)
  #07  pc 0x00000000008696b4  libppsspp_jni.so (EmuThreadFunc())
  #08  pc 0x00000000004c7304  libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)()>>(void*)+44)
 

[hrydgard]

I finally figured out this old crash:

 #04  pc 0x000000000064ebef  libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+162)
  #05  pc 0x00000000004e54c5  libppsspp_jni.so (DenseHashMap<FShaderID, Shader*, (Shader*)0>::Insert(FShaderID const&, Shader*)+220)
  #06  pc 0x00000000004e5151  libppsspp_jni.so (ShaderManagerGLES::ApplyFragmentShader(VShaderID, Shader*, ComputedPipelineState const&, bool)+364)
  #07  pc 0x00000000004ea9d3  libppsspp_jni.so (DrawEngineGLES::DoFlush()+2018)
  #08  pc 0x000000000056a055  libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+216)
  #09  pc 0x000000000056534f  libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+470)
  #10  pc 0x0000000000564bfd  libppsspp_jni.so (GPUCommon::ProcessDLQueue()+196)
  #11  pc 0x0000000000564a69  libppsspp_jni.so (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1296)
  #12  pc 0x00000000003f5ccd  libppsspp_jni.so (void WrapU_UUIU<&sceGeListEnQueue(unsigned int, unsigned int, int, unsigned int)>()+48)
  #13  pc 0x00000000003d9aa1  libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+32)

It can happen if a null value was inserted into the hash map, which can happen if shader generation fails (which itself is very bad and we should assert out from). Will fix this.

In other news, this is still around:

  #00  pc 0x00000000004b4d4a  v7a.apk!libppsspp_jni.so (Memory::Write_Opcode_JIT(unsigned int, Memory::Opcode const&)+14)
  #01  pc 0x00000000003604af  v7a.apk!libppsspp_jni.so (JitBlockCache::FinalizeBlock(int, bool)+78)
  #02  pc 0x000000000034afd5  v7a.apk!libppsspp_jni.so (MIPSComp::ArmJit::Compile(unsigned int)+140)

[hrydgard]

In 1.16.1, getting some unexpected crash reports from the soft gpu:

ppsspp/GPU/Software/Rasterizer.cpp:1377

  #01  pc 0x000000000074d7bc  libppsspp_jni.so (Rasterizer::DrawRectangle(VertexData const&, VertexData const&, BinCoords const&, Rasterizer::RasterizerState const&)+2212)
  #02  pc 0x000000000073f444  libppsspp_jni.so (DrawBinItemsTask::ProcessItems()+192)
  #03  pc 0x000000000073f320  libppsspp_jni.so (DrawBinItemsTask::Run()+16)
  #04  pc 0x0000000000849e68  libppsspp_jni.so (WorkerThreadFunc(GlobalThreadContext*, TaskThreadContext*)+4096)
  #05  pc 0x000000000084b978  libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)(GlobalThreadContext*, TaskThreadContext*), GlobalThreadContext*, TaskThreadContext*>>(void*)+48)

ppsspp/GPU/Software/BinManager.cpp:93

  #00  pc 0x000000000063cf80  [anon:libc_malloc]
  #01  pc 0x000000000073ddcc  libppsspp_jni.so (BinManager::Drain(bool)+1476)
  #02  pc 0x000000000073ca94  libppsspp_jni.so (BinManager::Flush(char const*)+96)
  #03  pc 0x000000000075be94  libppsspp_jni.so (TransformUnit::Flush(char const*)+28)
  #04  pc 0x0000000000731df4  libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+712)
  #05  pc 0x00000000007312b8  libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #06  pc 0x000000000073113c  libppsspp_jni.so (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1852)
  #07  pc 0x000000000055c854  libppsspp_jni.so (void WrapU_UUIU<&sceGeListEnQueue(unsigned int, unsigned int, int, unsigned int)>()+60)
  #08  pc 0x00000000005363d0  libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)

ppsspp/GPU/Software/Rasterizer.cpp:1458

 #01  pc 0x000000000057df13 armeabi_v7a.apk (Rasterizer::DrawPoint(VertexData const&, BinCoords const&, Rasterizer::RasterizerState const&)+706)
  #02  pc 0x000000000056ed15 armeabi_v7a.apk (BinManager::Drain(bool)+512)
  #03  pc 0x000000000056de2d armeabi_v7a.apk (BinManager::Flush(char const*)+76)
  #04  pc 0x0000000000589fff armeabi_v7a.apk (TransformUnit::Flush(char const*)+14)
  #05  pc 0x000000000058909d armeabi_v7a.apk (SoftGPU::FastRunLoop(DisplayList&)+72)
  #06  pc 0x000000000056530f armeabi_v7a.apk (GPUCommon::InterpretList(DisplayList&)+470)
  #07  pc 0x0000000000564bbd armeabi_v7a.apk (GPUCommon::ProcessDLQueue()+196)
  #08  pc 0x0000000000564a29 armeabi_v7a.apk (GPUCommon::EnqueueList(unsigned int, unsigned int, int, PSPPointer<PspGeListArgs>, bool)+1296)
  #09  pc 0x00000000003f5c5d armeabi_v7a.apk (void WrapU_UUIU<&sceGeListEnQueue(unsigned int, unsigned int, int, unsigned int)>()+48)
  #10  pc 0x00000000003d9a31 armeabi_v7a.apk (CallSyscallWithoutFlags(HLEFunction const*)+32)

[hrydgard]

Hm, these look like calling null pointers, and could be caused by me missing something in my DenseHashMap refactor ( #18129 )

The code does look right, though, and it seems to run for me..

EDIT: These are now fixed.

[hrydgard]

OK, this one is interesting, I feel we should have caught this before and made it an artificial memory exception:

(JitBlockCache.cpp:FinalizeBlock:250): [Memory::IsValidAddress(b.originalAddress)]
(NPJH50679 Retro-Knight.blogspot.com) FinalizeBlock: Bad originalAddress 00000000 in block 16735

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 4053 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 0x00000000000626c0  /apex/com.android.runtime/lib/bionic/libc.so (abort+172)
  #01  pc 0x000000000040abb9  /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1696)
  #02  pc 0x000000000000d989  /system/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+48)
  #03  pc 0x0000000000005323  /system/lib/liblog.so (__android_log_assert+174)
  #04  pc 0x000000000064ec87  v7a.apk!libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+162)
  #05  pc 0x00000000003604db  v7a.apk!libppsspp_jni.so (JitBlockCache::FinalizeBlock(int, bool)+234)
  #06  pc 0x000000000034af65  v7a.apk!libppsspp_jni.so (MIPSComp::ArmJit::Compile(unsigned int)+140)
  #07  pc 0x0000000000000106 

[hrydgard]

Hm, in 1.16.3, I still have some of those destroyed-mutex crashes..

Plus, this one has surfaced:

  #00  pc 0x0000000000376e96 v7a.apk!libppsspp_jni.so (KeyMap::InputMappingsFromPspButton(int, std::__ndk1::vector<KeyMap::MultiInputMapping, std::__ndk1::allocator<KeyMap::MultiInputMapping>>*, bool)+134)
  #01  pc 0x000000000036c49d v7a.apk!libppsspp_jni.so (ControlMapper::UpdatePSPState(InputMapping const&, double)+704)
  #02  pc 0x000000000036cf1f v7a.apk!libppsspp_jni.so (ControlMapper::Axis(AxisInput const&)+270)
  #03  pc 0x0000000000bc4cfd v7a.apk!libppsspp_jni.so (ScreenManager::axis(AxisInput const&)+228)
  #04  pc 0x000000000066533d v7a.apk!libppsspp_jni.so (NativeAxis(AxisInput const*, unsigned int)+92)
  #05  pc 0x000000000065db6b v7a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeApp_accelerometer+74)

another:

  #00  pc 0x000000000080f10c  arm64/libppsspp_jni.so (GLQueueRunner::PerformRenderPass(GLRStep const&, bool, bool, GLQueueProfileContext&)+2924)
  #01  pc 0x000000000080e4f8  arm64/libppsspp_jni.so (GLQueueRunner::RunSteps(std::__ndk1::vector<GLRStep*, std::__ndk1::allocator<GLRStep*>> const&, GLFrameData&, bool, bool, bool)+688)
  #02  pc 0x000000000080a5a4  arm64/libppsspp_jni.so (GLRenderManager::Run(GLRRenderThreadTask&)+476)
  #03  pc 0x000000000080a310  arm64/libppsspp_jni.so (GLRenderManager::ThreadFrame()+244)
  #04  pc 0x0000000000864e60  arm64/libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeRenderer_displayRender+100)

[hrydgard]

I thought I had fixed every avenue for the shader promise mutex crash, but seems not:

  #01  pc 0x000000000008cae4  /apex/com.android.runtime/lib64/bionic/libc.so (__fortify_fatal(char const*, ...)+128)
  #02  pc 0x00000000000f0ca0  /apex/com.android.runtime/lib64/bionic/libc.so (HandleUsingDestroyedMutex(pthread_mutex_t*, char const*)+68)
  #03  pc 0x00000000000f0acc  /apex/com.android.runtime/lib64/bionic/libc.so (pthread_mutex_lock+168)
  #04  pc 0x0000000000fa4664  !libppsspp_jni.so (std::__ndk1::mutex::lock()+8)
  #05  pc 0x00000000006a4820  !libppsspp_jni.so (Promise<VkShaderModule_T*>::BlockUntilReady()+48)
  #06  pc 0x0000000000821184  !libppsspp_jni.so (VKRGraphicsPipeline::Create(VulkanContext*, VkRenderPass_T*, RenderPassType, VkSampleCountFlagBits, double, int)+180)
  #07  pc 0x00000000008279dc  !libppsspp_jni.so (CreateMultiPipelinesTask::Run()+52)
  #08  pc 0x000000000084a258  !libppsspp_jni.so (WorkerThreadFunc(GlobalThreadContext*, TaskThreadContext*))
  #09  pc 0x000000000084bd68  !libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (*)(GlobalThreadContext*, TaskThreadContext*), GlobalThreadContext*, TaskThreadContext*>>(void*)+48)
  #10  pc 0x00000000000efbf4  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264)

Figuring this out is gonna be the priority 1 for 1.16.4...

[unknownbrackets]

FinalizeBlock: Bad originalAddress 00000000 in block 16735

Hm, could it be some corruption of the MIPSState? Or thread data?

-[Unknown]

[hrydgard]

ANR:

thread 1:

  #00  pc 0x00000000000e7a28  /apex/com.android.runtime/lib64/bionic/libc.so (nanosleep+8)
  #01  pc 0x00000000000a2c4c  /apex/com.android.runtime/lib64/bionic/libc.so (usleep+76)
  #02  pc 0x0000000000865d34  /data/app/~~RG93gFN6hq1Hb4Hi1obtVw==/org.ppsspp.ppsspp-eT9iZWhcMqoBkreSgBGy-g==/split_config.arm64_v8a.apk (Java_org_ppsspp_ppsspp_NativeActivity_requestExitVulkanRenderLoop+96)
  at org.ppsspp.ppsspp.NativeActivity.requestExitVulkanRenderLoop (Native method)
  at org.ppsspp.ppsspp.NativeActivity.joinRenderLoopThread (NativeActivity.java:719)
  at org.ppsspp.ppsspp.NativeActivity.onPause (NativeActivity.java:808)
  at android.app.Activity.performPause (Activity.java:8778)
  at android.app.Instrumentation.callActivityOnPause (Instrumentation.java:1585)
  at android.app.ActivityThread.performPauseActivityIfNeeded (ActivityThread.java:5707)
  at android.app.ActivityThread.performPauseActivity (ActivityThread.java:5668)
  at android.app.ActivityThread.handlePauseActivity (ActivityThread.java:5620)
  at android.app.servertransaction.PauseActivityItem.execute (PauseActivityItem.java:47)

thread 2:

  #02  pc 0x00000000000fc23c  /apex/com.android.runtime/lib64/bionic/libc.so (pthread_cond_wait+76)
  #03  pc 0x0000000000f6a06c arm64_v8a.apk (std::__ndk1::condition_variable::wait(std::__ndk1::unique_lock<std::__ndk1::mutex>&)+20)
  #04  pc 0x0000000000824174 arm64_v8a.apk (VulkanRenderManager::BeginFrame(bool, bool)+156)
  #05  pc 0x0000000000d963f8 arm64_v8a.apk (Draw::VKContext::BeginFrame(Draw::DebugFlags)+32)
  #06  pc 0x000000000086d8f0 arm64_v8a.apk (NativeFrame(GraphicsContext*)+592)
  #07  pc 0x0000000000866ab8 arm64_v8a.apk (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+416)

thread 3:

  #03  pc 0x0000000000f6a06c  split_config.arm64_v8a.apk (std::__ndk1::condition_variable::wait(std::__ndk1::unique_lock<std::__ndk1::mutex>&)+20)
  #04  pc 0x0000000000822b3c  split_config.arm64_v8a.apk (VulkanRenderManager::ThreadFunc()+108)
  #05  pc 0x0000000000827d10  split_config.arm64_v8a.apk (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, void (VulkanRenderManager::*)(), VulkanRenderManager*>>(void*)+64)

[hrydgard]

The FinalizeBlock crash still really bothers me, I don't see how it can possibly happen with the new assert I added to the caller...

(JitBlockCache.cpp:FinalizeBlock:251): [Memory::IsValidAddress(b.originalAddress)] (ULUS10598 NBA2K13, 203.3s) FinalizeBlock: Bad originalAddress 9f9f9f9f in block 14804. core=1
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
pid: 0, tid: 27533 >>> org.ppsspp.ppsspp <<<

backtrace:
  #00  pc 0x0000000000038880  /apex/com.android.runtime/lib/bionic/libc.so (abort+172)
  #01  pc 0x00000000003fef8d  /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1768)
  #02  pc 0x000000000000d97f  /system/lib/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+46)
  #03  pc 0x00000000000052eb  /system/lib/liblog.so (__android_log_assert+174)
  #04  pc 0x000000000064f76f  armeabi_v7a.apk!libppsspp_jni.so (HandleAssert(char const*, char const*, int, char const*, char const*, ...)+194)
  #05  pc 0x0000000000360d83  armeabi_v7a.apk!libppsspp_jni.so (JitBlockCache::FinalizeBlock(int, bool)+246)
  #06  pc 0x000000000034b659  armeabi_v7a.apk!libppsspp_jni.so (MIPSComp::ArmJit::Compile(unsigned int)+192)
  #07  pc 0x0000000000000106 

fairly large block count, can it have anything to do with clears? I don't get it.

[hrydgard]

Also, destroyedmutex a few posts above still haunts me. No clue how we end up trying to create a pipeline from deleted shaders. Another shutdown race condition? Can't get it to repro.

[hrydgard]

Here's one, not so common, that's not much of a mystery, but just some lack of range checks when reading indices buffers:

  #00  pc 0x00000000006f3fcc  v8a.apk!libppsspp_jni.so (GetIndexBounds(void const*, int, unsigned int, unsigned short*, unsigned short*)+548)
  #01  pc 0x00000000006cf82c  v8a.apk!libppsspp_jni.so (DrawEngineCommon::SubmitPrim(void const*, void const*, GEPrimitiveType, int, unsigned int, int, int*)+352)
  #02  pc 0x0000000000735cec  v8a.apk!libppsspp_jni.so (GPUCommonHW::Execute_Prim(unsigned int, unsigned int)+2008)
  #03  pc 0x0000000000735400  v8a.apk!libppsspp_jni.so (GPUCommonHW::FastRunLoop(DisplayList&)+180)
  #04  pc 0x000000000072ef70  v8a.apk!libppsspp_jni.so (GPUCommon::InterpretList(DisplayList&)+608)
  #05  pc 0x000000000072e49c  v8a.apk!libppsspp_jni.so (GPUCommon::ProcessDLQueue()+100)
  #06  pc 0x000000000072e950  v8a.apk!libppsspp_jni.so (GPUCommon::UpdateStall(int, unsigned int)+88)
  #07  pc 0x000000000055cd80  v8a.apk!libppsspp_jni.so (void WrapI_UU<&sceGeListUpdateStallAddr(unsigned int, unsigned int)>()+4096)
  #08  pc 0x000000000053880c  v8a.apk!libppsspp_jni.so (CallSyscallWithoutFlags(HLEFunction const*)+52)
  #09  pc 0x0000000000013490 

[hrydgard]

Hm, regarding the FinalizeBlock issue above... On ARM/ARM64, MAX_JIT_BLOCK_EXITS is set to only 2, while 8 on x86. Maybe we somehow get more? Because looking at the struct, it looks like overflowing the exitPtrs/exitAddress arrays could cause trouble by stomping the originalAddress.

[hrydgard]

Here's a rare-ish one, it's happened twice on two different devices. Symbolizing the address leads to somewhere in the implementation of std::map. I don't see how though:

  #00  pc 0x00000000004d2e2c  arm64_v8a.apk!libppsspp_jni.so (SymbolMap::UpdateActiveSymbols()+944)
  #01  pc 0x00000000004d5b5c  arm64_v8a.apk!libppsspp_jni.so (SymbolMap::GetLabelString(unsigned int)+52)
  #02  pc 0x000000000063eef4  arm64_v8a.apk!libppsspp_jni.so (MIPSAnalyst::ApplyHashMap()+380)
  #03  pc 0x000000000063e828  arm64_v8a.apk!libppsspp_jni.so (MIPSAnalyst::FinalizeScan(bool)+428)
  #04  pc 0x0000000000596d0c  arm64_v8a.apk!libppsspp_jni.so (__KernelLoadELFFromPtr(unsigned char const*, unsigned long, unsigned int, bool, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>*, unsigned int*, unsigned int&))
  #05  pc 0x0000000000597ce8  arm64_v8a.apk!libppsspp_jni.so (__KernelLoadExec(char const*, unsigned int, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>*)+704)
  #06  pc 0x0000000000660b68  arm64_v8a.apk!libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct>>, Load_PSP_ISO(FileLoader*, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>>*)::$_0>>(void*))

The SymbolMap has really comprehensive locking and isn't returning any internal pointers outwards..

[hrydgard]

  #00  pc 0x000000000087fa14  v8a.apk!libppsspp_jni.so (GameBrowser::Refresh()+80)
  #01  pc 0x000000000088f254  v8a.apk!libppsspp_jni.so (std::__ndk1::__function::__func<GameBrowser::BrowseClick(UI::EventParams&)::$_0, std::__ndk1::allocator<GameBrowser::BrowseClick(UI::EventParams&)::$_0>, void (char const*, int)>::operator()(char const*&&, int&&))
  #02  pc 0x00000000008450f4  v8a.apk!libppsspp_jni.so (RequestManager::ProcessRequests()+100)
  #03  pc 0x000000000086d388  v8a.apk!libppsspp_jni.so (NativeFrame(GraphicsContext*)+288)
  #04  pc 0x0000000000866624  v8a.apk!libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runVulkanRenderLoop+420)

I think request responses might arrive after the calling screen has been closed.. Though shouldn't be common..

[hrydgard]

Closing this, will start over after the next release. I expect we'll find a couple of these again...