Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Toriko Gourmet Survival 2 Invalid address hangs and corrupted picture #5496

Open
daniel229 opened this issue Feb 17, 2014 · 34 comments
Open

Toriko Gourmet Survival 2 Invalid address hangs and corrupted picture #5496

daniel229 opened this issue Feb 17, 2014 · 34 comments

Comments

@daniel229
Copy link
Collaborator

It is in the area 5,16 mission,other areas seem do not happen,after boss fight,then would report Invalid address,sometime hangs,someting does not,and the following picture is corrupted.In Gedebugger,it does not read that texture.
01

in psp
201402171945_001

Debug log (rename jpg to rar)
ppsspplog

savestate
https://drive.google.com/file/d/0BzGZGDfFE68zU2V4VHBoV2ZTT3M/edit?usp=sharing
@sum2012
Copy link
Collaborator

sum2012 commented Feb 17, 2014

Good ,this morning just want to test this game.

@sum2012
Copy link
Collaborator

sum2012 commented Feb 17, 2014

Add breakpoint on invalid memoary.
Seem hard to solve
2

@unknownbrackets
Copy link
Collaborator

Is it possible to get these problems in the demo?

-[Unknown]

@daniel229
Copy link
Collaborator Author

I do not see the bug in demo.

@unknownbrackets
Copy link
Collaborator

Has this changed or improved with "simulate block transfers"?

-[Unknown]

@daniel229
Copy link
Collaborator Author

graphic is correct now,still hangs on Invalid address

@sum2012
Copy link
Collaborator

sum2012 commented Jun 7, 2014

@daniel229 Can you share game save or newsest save status ?

@daniel229
Copy link
Collaborator Author

Sure.
https://drive.google.com/file/d/0BzGZGDfFE68zaWpKLXU4ME9kdUE/edit?usp=sharing

@sum2012 sum2012 mentioned this issue Jun 7, 2014
Merged
@sum2012
Copy link
Collaborator

sum2012 commented Jun 7, 2014

v0.9.8-1074-g8dbc407 turn off fast memory
info log
https://gist.github.com/sum2012/46bfbab83575078cd3a9
debug log (stop on invalid address)
https://gist.github.com/sum2012/49926634248ae28dfbfa

I feel sceKernelMemset() Do somewrong

@daniel229 Can you help to do JPCSPTrace log ? Thanks
sceKernelMemset 0xa089eca4 3 xxx

@daniel229
Copy link
Collaborator Author

JPCSPTrace shutdown PSP in laoding savedata.just log these.
https://gist.github.com/daniel229/a7ea8d35f5ad13ffe77c

@unknownbrackets
Copy link
Collaborator

That happens sometimes. Try mine as well, I've made some tweaks that make it better for me:
https://github.com/unknownbrackets/JpcspTrace
(it does flush less often, though.)

If that doesn't work, some things can be gained by messing with buffer sizes.

That said, I'm not really sure what to expect to be wrong in sceKernelMemset().

-[Unknown]

@daniel229
Copy link
Collaborator Author

Still does not work.

@sum2012
Copy link
Collaborator

sum2012 commented Jun 8, 2014

@daniel229 Thanks

@sum2012
Copy link
Collaborator

sum2012 commented Jun 8, 2014

@unknownbrackets this is disassembly
(Use save status ,stop on invalid adress)
Not sure whether you have idea.
2

@unknownbrackets
Copy link
Collaborator

First thing is to look at the caller. Who passed a0 = 0 to this function, and why? Gotta trace it back.

-[Unknown]

@sum2012
Copy link
Collaborator

sum2012 commented Jun 8, 2014

How to know "Who passed a0 = 0 to this function" ?

@unknownbrackets
Copy link
Collaborator

Well, ra shows the callers address, so that -8 (2 instructions up) is gonna be the jal. Somewhere there will be something setting a0.

That is equivalent to this C code:

u8 *a0 = 0;
func(a0);

// Func does blah blah blah blah blah blah.
// Must always pass a non-NULL a0.
// Returns blah blah.
void func(u8 *a0) {
   u8 a1 = *a0; // CRASH
}

Clearly, the caller should not have passed a NULL pointer to a0. Why did they do that? We emulated something wrong but we have to find the source of the problem. The problem is not in func; it is never supposed to get a NULL pointer in the first place.

-[Unknown]

@daniel229
Copy link
Collaborator Author

It crashes
01

@unknownbrackets
Copy link
Collaborator

Unfortunately, still the same issue. Nothing is wrong with memset, it would also crash on a psp (although maybe we could avoid crashing with fast memory off.) Still need to figure out why it is passing bad arguments to memset somewhere in mips code out due to a recent syscall.

-[Unknown]

@daniel229
Copy link
Collaborator Author

Still happen invalid addresses with v0.9.8-1558-g3cb59ee

@daniel229
Copy link
Collaborator Author

The hangs seems randomly depend on the words what NPC said.So before fightting the boss make a savedata,just waitting NPC said someting,eventually will pass that hanging point.

@daniel229
Copy link
Collaborator Author

Change CPU clock to 25 helps it.

@benderscruffy01
Copy link

still happens
DUMP.ZIP

@Saramagrean
Copy link
Contributor

v1.11.3-1237-g730d2d288 still crash.

09-02 16:18:24.743  4373  4741 D DeviceStateHelper: Audio mode: 0
09-02 16:18:24.758 23017 23017 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-02 16:18:24.759 23017 23017 F DEBUG   : Build fingerprint: 'google/redfin/redfin:12/SPB4.210715.014/7654839:user/release-keys'
09-02 16:18:24.759 23017 23017 F DEBUG   : Revision: '0'
09-02 16:18:24.759 23017 23017 F DEBUG   : ABI: 'arm64'
09-02 16:18:24.759 23017 23017 F DEBUG   : Timestamp: 2021-09-02 16:18:23.514093388+0700
09-02 16:18:24.759 23017 23017 F DEBUG   : Process uptime: 614s
09-02 16:18:24.759 23017 23017 F DEBUG   : Cmdline: org.ppsspp.ppsspp
09-02 16:18:24.759 23017 23017 F DEBUG   : pid: 7915, tid: 21925, name: Emu  >>> org.ppsspp.ppsspp <<<
09-02 16:18:24.759 23017 23017 F DEBUG   : uid: 10239
09-02 16:18:24.759 23017 23017 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
09-02 16:18:24.759 23017 23017 F DEBUG   : Cause: null pointer dereference
09-02 16:18:24.759 23017 23017 F DEBUG   :     x0  0000000000000000  x1  0000000000000004  x2  0000000000000000  x3  000000798de78047
09-02 16:18:24.759 23017 23017 F DEBUG   :     x4  00000000000001a9  x5  000000798de7811f  x6  00000079ece11410  x7  000000000897f6e8
09-02 16:18:24.759 23017 23017 F DEBUG   :     x8  0000000000000003  x9  0000000000000020  x10 0000000000000000  x11 000000798e15b1d0
09-02 16:18:24.759 23017 23017 F DEBUG   :     x12 000000798e181d30  x13 000000003f800000  x14 0000000000000000  x15 0000000000000000
09-02 16:18:24.759 23017 23017 F DEBUG   :     x16 000000798e14a8a8  x17 000000798d63a5d8  x18 0000000000000003  x19 0000000000000000
09-02 16:18:24.759 23017 23017 F DEBUG   :     x20 0000000000000000  x21 00000000f8800000  x22 00000079ece12000  x23 000000798e15b1d0
09-02 16:18:24.759 23017 23017 F DEBUG   :     x24 000000798dea9e80  x25 00000000f8800000  x26 000000798dea9e80  x27 000000798e0fc078
09-02 16:18:24.759 23017 23017 F DEBUG   :     x28 00000079ecd19000  x29 00000079ece11720
09-02 16:18:24.759 23017 23017 F DEBUG   :     lr  000000798d630d70  sp  00000079ece11710  pc  000000798d63a6ec  pst 0000000020000000
09-02 16:18:24.759 23017 23017 F DEBUG   : backtrace:
09-02 16:18:24.759 23017 23017 F DEBUG   :       #00 pc 000000000054f6ec  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (ReadVector(float*, VectorSize, int)+276) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #01 pc 0000000000545d6c  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (MIPSInt::Int_SVQ(Memory::Opcode)+288) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #02 pc 000000000054ebcc  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (MIPSInterpret(Memory::Opcode)+172) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #03 pc 000000000054ed94  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (MIPSInterpret_RunUntil(unsigned long long)+148) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #04 pc 000000000056e57c  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (PSP_RunLoopWhileState()+116) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #05 pc 00000000006d9738  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (EmuScreen::render()+296) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #06 pc 0000000000bcc764  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (ScreenManager::render()+220) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #07 pc 00000000006d03ac  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (NativeRender(GraphicsContext*)+752) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #08 pc 00000000006c7168  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (UpdateRunLoopAndroid(_JNIEnv*)+44) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.759 23017 23017 F DEBUG   :       #09 pc 00000000006c9448  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.760 23017 23017 F DEBUG   :       #10 pc 00000000003e40d0  /data/app/~~uejzhAXIXZe_kSdgCDU02A==/org.ppsspp.ppsspp-9EUzOC1bfOu5lhpHG5qGgw==/lib/arm64/libppsspp_jni.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_delete<std::__ndk1::__thread_struct> >, void (*)()> >(void*)+44) (BuildId: 76a95db4e8eb35a8b0a619edbb267df7dda00995)
09-02 16:18:24.760 23017 23017 F DEBUG   :       #11 pc 00000000000b19e0  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-02 16:18:24.760 23017 23017 F DEBUG   :       #12 pc 000000000005148c  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-02 16:18:24.805   617   617 E tombstoned: Tombstone written to: tombstone_12

unknownbrackets added a commit to unknownbrackets/ppsspp that referenced this issue Sep 2, 2021
@unknownbrackets
interp: Prevent crash on bad lv.q or sv.q addr.
5293297 
See hrydgard#5496.
@unknownbrackets unknownbrackets mentioned this issue Sep 2, 2021
Merged
@Saramagrean
Copy link
Contributor

Saramagrean commented Sep 3, 2021
edited
Loading

Update log.

09-03 16:56:21.537  2427  7766 D qc_adm  : ns 2724114 > expected_ns 2000000 (skipped 20790)
09-03 16:56:21.755 19497 19497 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-03 16:56:21.756 19497 19497 F DEBUG   : Build fingerprint: 'google/redfin/redfin:12/SPB4.210715.014/7654839:user/release-keys'
09-03 16:56:21.756 19497 19497 F DEBUG   : Revision: '0'
09-03 16:56:21.756 19497 19497 F DEBUG   : ABI: 'arm64'
09-03 16:56:21.756 19497 19497 F DEBUG   : Timestamp: 2021-09-03 16:56:20.571383719+0700
09-03 16:56:21.756 19497 19497 F DEBUG   : Process uptime: 272s
09-03 16:56:21.756 19497 19497 F DEBUG   : Cmdline: org.ppsspp.ppsspp
09-03 16:56:21.756 19497 19497 F DEBUG   : pid: 11066, tid: 16499, name: Thread-5  >>> org.ppsspp.ppsspp <<<
09-03 16:56:21.756 19497 19497 F DEBUG   : uid: 10293
09-03 16:56:21.756 19497 19497 F DEBUG   : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
09-03 16:56:21.756 19497 19497 F DEBUG   : Abort message: 'Scudo ERROR: corrupted chunk header at address 0x200007cc80a4150
09-03 16:56:21.756 19497 19497 F DEBUG   : '
09-03 16:56:21.756 19497 19497 F DEBUG   :     x0  0000000000000000  x1  0000000000004073  x2  0000000000000006  x3  0000007af990e6f0
09-03 16:56:21.756 19497 19497 F DEBUG   :     x4  0080808080808080  x5  0080808080808080  x6  0080808080808080  x7  8080808080808080
09-03 16:56:21.756 19497 19497 F DEBUG   :     x8  00000000000000f0  x9  8e2f5dca695a0b0e  x10 0000000000000000  x11 ffffff80fffffbdf
09-03 16:56:21.756 19497 19497 F DEBUG   :     x12 0000000000000001  x13 0000000000000030  x14 0000000000000030  x15 0000000000000010
09-03 16:56:21.756 19497 19497 F DEBUG   :     x16 0000007dab098050  x17 0000007dab074f80  x18 0000000000000001  x19 0000000000002b3a
09-03 16:56:21.756 19497 19497 F DEBUG   :     x20 0000000000004073  x21 00000000ffffffff  x22 0000000000000000  x23 b400007c880d06b0
09-03 16:56:21.756 19497 19497 F DEBUG   :     x24 0000007b0534cd88  x25 0000000000000002  x26 0000000000000053  x27 0000007af9910000
09-03 16:56:21.756 19497 19497 F DEBUG   :     x28 0000007af990ee10  x29 0000007af990e770
09-03 16:56:21.756 19497 19497 F DEBUG   :     lr  0000007dab027c3c  sp  0000007af990e6d0  pc  0000007dab027c68  pst 0000000000000000
09-03 16:56:21.756 19497 19497 F DEBUG   : backtrace:
09-03 16:56:21.756 19497 19497 F DEBUG   :       #00 pc 000000000004fc68  /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #01 pc 0000000000040364  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+8) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #02 pc 0000000000040b00  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+32) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #03 pc 0000000000040bc8  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportHeaderCorruption(void*)+60) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #04 pc 0000000000042328  /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+296) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #05 pc 0000000000fbf55c  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (UninstallExceptionHandler()+160) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #06 pc 0000000000cabeb4  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (CPU_Shutdown()+24) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #07 pc 0000000000caca98  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (PSP_Shutdown()+144) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #08 pc 0000000000ff7e14  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (EmuScreen::sendMessage(char const*, char const*)+332) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.757 19497 19497 F DEBUG   :       #09 pc 00000000017d4434  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (ScreenManager::sendMessage(char const*, char const*)+200) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #10 pc 0000000000fe5b70  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (NativeUpdate()+336) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #11 pc 0000000000fd1764  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (LockedNativeUpdateRender()+40) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #12 pc 0000000000fd3364  /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/lib/arm64/libppsspp_jni.so (Java_org_ppsspp_ppsspp_NativeActivity_runEGLRenderLoop+1016) (BuildId: f891cc79ce7e9a3874014528ee58a234c740edda)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #13 pc 0000000000330044  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #14 pc 0000000000326764  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #15 pc 0000000000323b9c  /apex/com.android.art/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+312) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #16 pc 000000000032335c  /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+2312) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #17 pc 0000000000321518  /apex/com.android.art/lib64/libart.so (MterpInvokeVirtual+436) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #18 pc 000000000033ce14  /apex/com.android.art/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #19 pc 000000000010dbe8  [anon:dalvik-classes.dex extracted in memory from /data/app/~~HFBz2D_t4Qqxa3NkAEiZnQ==/org.ppsspp.ppsspp-WtU7cD0-Q589UhMkG7oWVg==/base.apk]
09-03 16:56:21.758 19497 19497 F DEBUG   :       #20 pc 0000000000349634  /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.15880507524294088337)+628) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #21 pc 0000000000352ea4  /apex/com.android.art/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+124) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #22 pc 00000000003234bc  /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+2664) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #23 pc 0000000000464674  /apex/com.android.art/lib64/libart.so (MterpInvokeInterface+464) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #24 pc 000000000033d014  /apex/com.android.art/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #25 pc 00000000000eda70  /apex/com.android.art/javalib/core-oj.jar
09-03 16:56:21.758 19497 19497 F DEBUG   :       #26 pc 0000000000349634  /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.15880507524294088337)+628) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #27 pc 0000000000348950  /apex/com.android.art/lib64/libart.so (artQuickToInterpreterBridge+1184) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #28 pc 0000000000330178  /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #29 pc 0000000000326764  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #30 pc 000000000038fc74  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+156) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #31 pc 00000000003ca084  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+380) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #32 pc 000000000071163c  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1008) (BuildId: 50c25b4aa1972771dac15f87d726a606)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #33 pc 00000000000b19e0  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.758 19497 19497 F DEBUG   :       #34 pc 000000000005148c  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 16a146efb5b048d744b674e300d5bcaf)
09-03 16:56:21.813   619   619 E tombstoned: Tombstone written to: tombstone_16

From PPSSPP Debug build.

@unknownbrackets
Copy link
Collaborator

That's not good, that implies memory corruption. It was already shutting down, though.

It draws the text box at 3075/3302, which seems fine.

After that, 3114/3302 appears to be intended to show a portrait. However, it shows a part of the text that was just drawn.

Interestingly, it goes through the trouble of setting up some miplevel texture addresses, but doesn't enable them. That said, the texture data at those addresses doesn't look interesting. Must be a bug. This even happens for the working portrait.

Anyway, my guess is that some error occurs allocating or loading the picture data, and then it sets the old texture address again. Just noting this for clarity - I don't think it's a graphics issue, specifically, but rather something CPU/HLE related.

-[Unknown]

@Saramagrean
Copy link
Contributor

Saramagrean commented Sep 5, 2021
edited
Loading

Seem like graphic show character picture cut-in correctly except effect border is strange flickering.

TRK2-Flikering

Video. (831 KB.)
https://user-images.githubusercontent.com/26355472/132116980-3a597942-8481-4f90-8121-e7f8f0eb206a.mp4

TRK2-Hang

and dump from that scene. GE DUMP.zip

@sum2012
Copy link
Collaborator

sum2012 commented Sep 6, 2021 via email

@Saramagrean
Copy link
Contributor

Here, I download from gamefaq. :)
https://gamefaqs.gamespot.com/psp/653321-toriko-gourmet-survival-2/saves

@sum2012
Copy link
Collaborator

sum2012 commented Nov 22, 2023

I want test again,
Can anyone give me save status rather than game save ? Thanks

@Saramagrean
Copy link
Contributor

Saramagrean commented Nov 22, 2023
edited
Loading

I want test again, Can anyone give me save status rather than game save ? Thanks

Here. NPJH50564R00.zip

v1.16.6-341-g4d7f00f96 still crash.

@sum2012
Copy link
Collaborator

sum2012 commented Nov 22, 2023

@Saramagrean It is game save , I need save status
1

@Saramagrean
Copy link
Contributor

Saramagrean commented Nov 22, 2023
edited
Loading

Sure.

@sum2012
Copy link
Collaborator

sum2012 commented Nov 22, 2023

@Saramagrean Very thanks

2
3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@unknownbrackets @sum2012 @daniel229 @Saramagrean @benderscruffy01