Project

General

Profile

Emulator Issues #2433

F-Zero GX crashes at title screen (Linux x86_64)

Added by benpicco almost 12 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
JIT
% Done:

0%

Operating system:
N/A
Issue type:
Bug
Milestone:
Regression:
No
Relates to usability:
No
Relates to performance:
No
Easy:
No
Relates to maintainability:
No
Regression start:
Fixed in:

Description

What steps will reproduce the problem?
1. Start F-Zero GX
2. Enter name/load saved profile
3. Segmentation fault

What is the expected output? What do you see instead?
According to [1], F-Zero GX should work with at least r4865 - this is not
the case (tried both a current revision (r5210) and r4865.)
Using the Interpreter, everything (well, the title screen, it's too slow to
try further) works.

[1] http://www.dolphin-emu.com/print.php?type=N&item_id=70

What version of the product are you using? On what operating system?
r4865 and above
Ubuntu 9.10 x86_64
nvidia 190.53

Please provide any additional information below.

Last bits of strace, in case this is usefull

[...]
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\0\4\0N\1\300\4\0@\0\0\7\0\300\4\2\1\4\0N\1\300\4\0@\0\0\7\0\300\4"..., 48},
{NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
51) = 1 ([{fd=3, revents=POLLIN}])
read(3, "A", 1) = 1
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
6) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
inotify_add_watch(8, "/home/benpicco/.config/ibus/bus",
IN_MODIFY|IN_ATTRIB|IN_CLOSE_WRITE|IN_MOVED_FROM|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT|IN_ONLYDIR)
= -1 ENOENT (No such file or directory)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
49) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"5\30\4\0\v\f\300\4N\1\300\4\34\3\25\0\230\4\5\0\f\f\300\4\v\f\300\4\7\1\0\0"...,
1124}, {NULL, 0}, {"", 0}], 3) = 1124
poll([{fd=5, events=POLLIN}], 1, -1) = 1 ([{fd=5, revents=POLLIN}])
read(5,
"\1\1\2\200\0\0\0\0\3\0@\6\0\0\0\0pT\265\2\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\30\4\0N\1\300\4\0@\0\0\7\0\300\4\2\4\4\0N\1\300\4\0@\0\0\7\0\300\4"...,
48}, {NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
83) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\30\4\0N\1\300\4\0@\0\0\7\0\300\4\2\4\4\0N\1\300\4\0@\0\0\7\0\300\4"...,
48}, {NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\30\4\0N\1\300\4\0@\0\0\7\0\300\4\2\4\4\0N\1\300\4\0@\0\0\7\0\300\4"...,
48}, {NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\30\4\0N\1\300\4\0@\0\0\7\0\300\4\2\4\4\0N\1\300\4\0@\0\0\7\0\300\4"...,
48}, {NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\30\4\0N\1\300\4\0@\0\0\7\0\300\4\2\4\4\0N\1\300\4\0@\0\0\7\0\300\4"...,
48}, {NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
9953:08:592 Source/Core/DiscIO/Src/FileMonitor.cpp:113 W[FileMon]: 483
kB snd/normal_se/PACK0.bin
53:08:592 Source/Core/DiscIO/Src/FileMonitor.cpp:113 W[FileMon]: 10 kB
snd/normal_se/PACK0.tbl
) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
0) = 0 (Timeout)
poll([{fd=5, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=5, revents=POLLOUT}])
writev(5,
[{"\2\30\4\0N\1\300\4\0@\0\0\7\0\300\4\2\4\4\0N\1\300\4\0@\0\0\7\0\300\4"...,
48}, {NULL, 0}, {"", 0}], 3) = 48
read(5, 0x2923984, 4096) = -1 EAGAIN (Resource temporarily
unavailable)
poll([{fd=3, events=POLLIN}, {fd=5, events=POLLIN}, {fd=9, events=POLLIN},
{fd=7, events=POLLIN}, {fd=10, events=POLLIN}, {fd=8, events=POLLIN}], 6,
99 <unfinished ...>
+++ killed by SIGSEGV +++

History

#1 Updated by BhaaL almost 12 years ago

Did you try the JITIL core yet? Plain JIT might be a bit dodgy there.

#2 Updated by benpicco almost 12 years ago

yes, this also happens with JitIL instead of JIT

#3 Updated by a.j.buxton over 11 years ago

I have the same issue. Also on 64 bit, Ubuntu 9.10 and nvidia 190.53.

I have tried building it myself and also the weekly ppa builds.

This is what GDB says:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1219910 (LWP 12913)]
0x0000000040c4bc19 in ?? ()
(gdb) bt
#0 0x0000000040c4bc19 in ?? ()
#1 0x0000000000000003 in ?? ()
#2 0x0000000000000003 in ?? ()
#3 0x0000000000000000 in ?? ()
(gdb) thread 1
[Switching to thread 1 (Thread 0x7ffff7eaf820 (LWP 12908))]#0 0x00007ffff47643c3 in
poll () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff47643c3 in poll () from /lib/libc.so.6
#1 0x00007ffff58e48b4 in ?? () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#2 0x00007ffff13dc37c in ?? () from /lib/libglib-2.0.so.0
#3 0x00007ffff13dc9f5 in g_main_loop_run () from /lib/libglib-2.0.so.0
#4 0x00007ffff30aa177 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#5 0x00007ffff58fc9c8 in wxEventLoop::Run() () from /usr/lib/libwx_gtk2u_core-2.8.so.0
#6 0x00007ffff59818eb in wxAppBase::MainLoop() () from
/usr/lib/libwx_gtk2u_core-2.8.so.0
#7 0x00007ffff545144c in wxEntry(int&, wchar_t*) () from /usr/lib/libwx_baseu-2.8.so.0
#8 0x000000000048a282 in ?? ()
#9 0x00007ffff46afabd in __libc_start_main () from /lib/libc.so.6
#10 0x000000000041f259 in ?? ()
#11 0x00007fffffffe408 in ?? ()
#12 0x000000000000001c in ?? ()
#13 0x0000000000000001 in ?? ()
#14 0x00007fffffffe6a9 in ?? ()
#15 0x0000000000000000 in ?? ()
(gdb) thread 2
[Switching to thread 2 (Thread 0x7fffe3f96910 (LWP 12911))]#0 0x00007ffff75176dd in
pthread_mutex_unlock ()
from /lib/libpthread.so.0
(gdb) bt
#0 0x00007ffff75176dd in pthread_mutex_unlock () from /lib/libpthread.so.0
#1 0x00007fffe5a959cc in Fifo_EnterLoop(SVideoInitialize const&) () from
/usr/lib/dolphin-emu/libPlugin_VideoOGL.so
#2 0x00000000004af1e3 in ?? ()
#3 0x00007ffff7513a04 in start_thread () from /lib/libpthread.so.0
#4 0x00007ffff477080d in clone () from /lib/libc.so.6
#5 0x0000000000000000 in ?? ()
(gdb) thread 3
[Switching to thread 3 (Thread 0x7fffd3c77910 (LWP 12912))]#0 0x00007ffff4734f51 in
nanosleep () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff4734f51 in nanosleep () from /lib/libc.so.6
#1 0x00007ffff4769bb4 in usleep () from /lib/libc.so.6
#2 0x00007fffe5a65c41 in XEventThread(void
) () from
/usr/lib/dolphin-emu/libPlugin_VideoOGL.so
#3 0x00007ffff7513a04 in start_thread () from /lib/libpthread.so.0
#4 0x00007ffff477080d in clone () from /lib/libc.so.6
#5 0x0000000000000000 in ?? ()
(gdb) thread 4
[Switching to thread 4 (Thread 0x7fffd1219910 (LWP 12913))]#0 0x0000000040c4bc19 in
?? ()
(gdb) bt
#0 0x0000000040c4bc19 in ?? ()
#1 0x0000000000000003 in ?? ()
#2 0x0000000000000003 in ?? ()
#3 0x0000000000000000 in ?? ()
(gdb) thread 5
[Switching to thread 5 (Thread 0x7fffd2da2910 (LWP 12914))]#0 0x00007ffff47643c3 in
poll () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff47643c3 in poll () from /lib/libc.so.6
#1 0x00007ffff70790c9 in ?? () from /usr/lib/libasound.so.2
#2 0x00007ffff707942f in ?? () from /usr/lib/libasound.so.2
#3 0x00007ffff70b7d8a in ?? () from /usr/lib/libasound.so.2
#4 0x00007fffe5e3c6c1 in AlsaSound::SoundLoop() () from
/usr/lib/dolphin-emu/libPlugin_DSP_HLE.so
#5 0x00007fffe5e3c2aa in ?? () from /usr/lib/dolphin-emu/libPlugin_DSP_HLE.so
#6 0x00007ffff7513a04 in start_thread () from /lib/libpthread.so.0
#7 0x00007ffff477080d in clone () from /lib/libc.so.6
#8 0x0000000000000000 in ?? ()
(gdb) thread 6
[Switching to thread 6 (Thread 0x7fffc7ffe910 (LWP 12915))]#0 0x00007ffff47643c3 in
poll () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff47643c3 in poll () from /lib/libc.so.6
#1 0x00007ffff427820f in ?? () from /usr/lib/libpulse.so.0
#2 0x00007ffff42685e6 in pa_mainloop_poll () from /usr/lib/libpulse.so.0
#3 0x00007ffff4269eb9 in pa_mainloop_iterate () from /usr/lib/libpulse.so.0
#4 0x00007ffff4269f70 in pa_mainloop_run () from /usr/lib/libpulse.so.0
#5 0x00007ffff427812b in ?? () from /usr/lib/libpulse.so.0
#6 0x00007ffff06d8050 in ?? () from /usr/lib/libpulsecommon-0.9.19.so
#7 0x00007ffff7513a04 in start_thread () from /lib/libpthread.so.0
#8 0x00007ffff477080d in clone () from /lib/libc.so.6
#9 0x0000000000000000 in ?? ()
(gdb) thread 7
Thread ID 7 not known.

#4 Updated by BhaaL over 11 years ago

Is this still an issue with current revisions?

#5 Updated by a.j.buxton over 11 years ago

Yes, it is still an issue with r5817 from the Ubuntu PPA.

The USA version of the game also brings up this warning before it crashes:

GFX FIFO: Unknown Opcode (0xf).
This means one of the following:
* The emulated GPU got desynced, disabling dual core can help
* Command stream corrupted by some spurious memory bug
* This really is an unknown opcode (unlikely)
* Some other sort of bug

Dolphin will now likely crash or hang. Enjoy.

The EU version of the game does not trigger this warning.

#6 Updated by BhaaL over 11 years ago

  • Status changed from New to Accepted
  • Category set to jit
  • Operating system N/A added

Can you dump the code block that shows up in your backtrace, the one with no known location? Looks like a JIT-Bug (or other JIT-related problem) over there.
I'd need at least +/-20 instructions, in case you get a rather long dump there.

Also, can you compile your own binary and see if it happens there? Maybe we can get a better backtrace with that.

#7 Updated by a.j.buxton over 11 years ago

I can compile my own binary and have done in the past, and it did still happen. I have no idea how to dump a code block though.

#8 Updated by BhaaL over 11 years ago

Try the "disassemble" command after switching to the correct thread/frame.

#9 Updated by a.j.buxton over 11 years ago

This is what I got with r5831 built in debug mode.

Just "disassemble" does not work, it says:

"No function contains program counter for selected frame."

So I dumped the memory range. Here's the trimmed output.

BTW this is with the JITIL recompiler.

(gdb) thread
Current thread is 11 (Thread 0x7fffc8361710 (LWP 21630)) bt
#0 0x0000000040cc0b9d in ?? ()
#1 0x0000000000000000 in ?? ()

0x0000000040cc0a8a: movl $0x80242d28,-0x402aa854(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040cc0a94: jmpq 0x41a00079
0x0000000040cc0a99: mov -0x402aaa7b(%rip),%ebp # 0xa16024 <_ZN7PowerPC8ppcStateE+612>
0x0000000040cc0a9f: lea 0x2(%rbp),%ecx
0x0000000040cc0aa2: test $0xc000000,%ecx
0x0000000040cc0aa8: je 0x40cc0ab5
0x0000000040cc0aaa: mov %ecx,%edi
0x0000000040cc0aac: callq 0x4020017a
0x0000000040cc0ab1: mov %eax,%ebp
0x0000000040cc0ab3: jmp 0x40cc0abf
0x0000000040cc0ab5: movzwl 0x0(%rbx,%rcx,1),%ebp
0x0000000040cc0aba: bswap %ebp
0x0000000040cc0abc: shr $0x10,%ebp
0x0000000040cc0abf: movswl %bp,%ebp
0x0000000040cc0ac2: mov %ebp,-0x402aab08(%rip) # 0xa15fc0 <_ZN7PowerPC8ppcStateE+512>
0x0000000040cc0ac8: cmp $0x29,%ebp
0x0000000040cc0ace: jl 0x40cc0ae4
0x0000000040cc0ad0: jg 0x40cc0adb
0x0000000040cc0ad2: mov $0x2,%r12d
0x0000000040cc0ad9: jmp 0x40cc0aeb
0x0000000040cc0adb: mov $0x4,%r12d
0x0000000040cc0ae2: jmp 0x40cc0aeb
0x0000000040cc0ae4: mov $0x8,%r12d
0x0000000040cc0aeb: mov %r12d,%ecx
0x0000000040cc0aee: mov %cl,-0x402aa8a8(%rip) # 0xa1624c <_ZN7PowerPC8ppcStateE+1164>
0x0000000040cc0af4: cmp $0x29,%ebp
0x0000000040cc0afa: jl 0x40cc0b12
0x0000000040cc0afc: subl $0x3,-0x403040df(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040cc0b03: movl $0x80242e44,-0x402aa8cd(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040cc0b0d: jmpq 0x41a00027
0x0000000040cc0b12: subl $0x3,-0x403040f5(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040cc0b19: jmpq 0x40cc0b40
0x0000000040cc0b1e: mov $0x80242d34,%edi
0x0000000040cc0b23: jmpq 0x41a00027
0x0000000040cc0b28: subl $0x3,-0x4030410b(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040cc0b2f: movl $0x80242e44,-0x402aa8f9(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040cc0b39: jmpq 0x41a00027
0x0000000040cc0b3e: ud2a

0x0000000040cc0b40: ja 0x40cc0b51
0x0000000040cc0b42: movl $0x80242d34,-0x402aa90c(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040cc0b4c: jmpq 0x41a00079
0x0000000040cc0b51: mov -0x402aab97(%rip),%ebp # 0xa15fc0 <_ZN7PowerPC8ppcStateE+512>
0x0000000040cc0b57: imul $0xb4,%ebp,%ebp
0x0000000040cc0b5d: mov -0x402aaba0(%rip),%r12d # 0xa15fc4 <_ZN7PowerPC8ppcStateE+516>
0x0000000040cc0b64: mov %r12d,%r13d
0x0000000040cc0b67: add $0x2c,%r13d
0x0000000040cc0b6b: mov %r13d,-0x402aaba2(%rip) # 0xa15fd0 <_ZN7PowerPC8ppcStateE+528>
0x0000000040cc0b72: mov %ebp,%r13d
0x0000000040cc0b75: add $0x23800000,%r13d
0x0000000040cc0b7c: mov %r13d,-0x402aabb7(%rip) # 0xa15fcc <_ZN7PowerPC8ppcStateE+524>
0x0000000040cc0b83: lea 0x23800000(%rbp),%ecx
0x0000000040cc0b89: test $0xc000000,%ecx
0x0000000040cc0b8f: je 0x40cc0b9d
0x0000000040cc0b91: mov %ecx,%edi
0x0000000040cc0b93: callq 0x40200162
0x0000000040cc0b98: mov %eax,%r13d
0x0000000040cc0b9b: jmp 0x40cc0ba5
=> 0x0000000040cc0b9d: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040cc0ba2: bswap %r13d
0x0000000040cc0ba5: movl $0x15,-0x402aabdb(%rip) # 0xa15fd4 <_ZN7PowerPC8ppcStateE+532>
0x0000000040cc0baf: lea 0x2c(%r12),%ecx
0x0000000040cc0bb4: mov %r13d,%eax
0x0000000040cc0bb7: test $0xc000000,%ecx
0x0000000040cc0bbd: je 0x40cc0bcc
0x0000000040cc0bbf: mov %rax,%rdi
0x0000000040cc0bc2: mov %rcx,%rsi
0x0000000040cc0bc5: callq 0x40500162
0x0000000040cc0bca: jmp 0x40cc0bd2
0x0000000040cc0bcc: bswap %eax
0x0000000040cc0bce: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040cc0bd2: lea 0x23800004(%rbp),%ecx
0x0000000040cc0bd8: test $0xc000000,%ecx
0x0000000040cc0bde: je 0x40cc0bec
0x0000000040cc0be0: mov %ecx,%edi
0x0000000040cc0be2: callq 0x40200162
0x0000000040cc0be7: mov %eax,%r13d
0x0000000040cc0bea: jmp 0x40cc0bf4
0x0000000040cc0bec: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040cc0bf1: bswap %r13d
0x0000000040cc0bf4: lea 0x30(%r12),%ecx
0x0000000040cc0bf9: mov %r13d,%eax
0x0000000040cc0bfc: test $0xc000000,%ecx
0x0000000040cc0c02: je 0x40cc0c11
0x0000000040cc0c04: mov %rax,%rdi
0x0000000040cc0c07: mov %rcx,%rsi
0x0000000040cc0c0a: callq 0x40500162
0x0000000040cc0c0f: jmp 0x40cc0c17
0x0000000040cc0c11: bswap %eax
0x0000000040cc0c13: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040cc0c17: lea 0x23800008(%rbp),%ecx
0x0000000040cc0c1d: test $0xc000000,%ecx
0x0000000040cc0c23: je 0x40cc0c31
0x0000000040cc0c25: mov %ecx,%edi
0x0000000040cc0c27: callq 0x40200162
0x0000000040cc0c2c: mov %eax,%r13d
0x0000000040cc0c2f: jmp 0x40cc0c39
0x0000000040cc0c31: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040cc0c36: bswap %r13d
0x0000000040cc0c39: lea 0x34(%r12),%ecx
0x0000000040cc0c3e: mov %r13d,%eax
0x0000000040cc0c41: test $0xc000000,%ecx
0x0000000040cc0c47: je 0x40cc0c56
0x0000000040cc0c49: mov %rax,%rdi
0x0000000040cc0c4c: mov %rcx,%rsi
0x0000000040cc0c4f: callq 0x40500162
0x0000000040cc0c54: jmp 0x40cc0c5c
0x0000000040cc0c56: bswap %eax
0x0000000040cc0c58: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040cc0c5c: lea 0x2380000c(%rbp),%ecx
0x0000000040cc0c62: test $0xc000000,%ecx
0x0000000040cc0c68: je 0x40cc0c76
0x0000000040cc0c6a: mov %ecx,%edi
0x0000000040cc0c6c: callq 0x40200162
0x0000000040cc0c71: mov %eax,%r13d
0x0000000040cc0c74: jmp 0x40cc0c7e
0x0000000040cc0c76: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040cc0c7b: bswap %r13d
0x0000000040cc0c7e: lea 0x38(%r12),%ecx
0x0000000040cc0c83: mov %r13d,%eax
0x0000000040cc0c86: test $0xc000000,%ecx
0x0000000040cc0c8c: je 0x40cc0c9b
0x0000000040cc0c8e: mov %rax,%rdi
0x0000000040cc0c91: mov %rcx,%rsi
0x0000000040cc0c94: callq 0x40500162
0x0000000040cc0c99: jmp 0x40cc0ca1
0x0000000040cc0c9b: bswap %eax
0x0000000040cc0c9d: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040cc0ca1: lea 0x23800010(%rbp),%ecx
0x0000000040cc0ca7: test $0xc000000,%ecx
0x0000000040cc0cad: je 0x40cc0cbb
0x0000000040cc0caf: mov %ecx,%edi
0x0000000040cc0cb1: callq 0x40200162
0x0000000040cc0cb6: mov %eax,%r13d
0x0000000040cc0cb9: jmp 0x40cc0cc3
0x0000000040cc0cbb: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040cc0cc0: bswap %r13d
0x0000000040cc0cc3: lea 0x3c(%r12),%ecx
0x0000000040cc0cc8: mov %r13d,%eax
0x0000000040cc0ccb: test $0xc000000,%ecx
0x0000000040cc0cd1: je 0x40cc0ce0
0x0000000040cc0cd3: mov %rax,%rdi
0x0000000040cc0cd6: mov %rcx,%rsi
0x0000000040cc0cd9: callq 0x40500162
0x0000000040cc0cde: jmp 0x40cc0ce6
0x0000000040cc0ce0: bswap %eax
0x0000000040cc0ce2: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040cc0ce6: lea 0x23800014(%rbp),%ecx
0x0000000040cc0cec: test $0xc000000,%ecx
0x0000000040cc0cf2: je 0x40cc0d00
0x0000000040cc0cf4: mov %ecx,%edi
0x0000000040cc0cf6: callq 0x40200162
0x0000000040cc0cfb: mov %eax,%r13d
0x0000000040cc0cfe: jmp 0x40cc0d08
0x0000000040cc0d00: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040cc0d05: bswap %r13d
0x0000000040cc0d08: lea 0x40(%r12),%ecx
0x0000000040cc0d0d: mov %r13d,%eax
0x0000000040cc0d10: test $0xc000000,%ecx
0x0000000040cc0d16: je 0x40cc0d25
End of assembler dump.
(gdb)
(gdb)

#10 Updated by BhaaL over 11 years ago

Uh, proves to be difficult...I do recognize some of the WriteExit patterns (the ones with CoreTiming::downcount) and the end-of-function ud2, but its hard to guess where the instruction pointer currently is.

Can you please recompile, and change "static const bool ImHereDebug = false;" (in JitIL.cpp) to true?
Run Dolphin in debug mode (switch -d) and watch the log window for "I'm here, PC=xxxx". You need to switch to log level debug (only available with flavor=debug(fast) builds) and maybe limit logging to DYNA_REC.

Things i need after that is again the dumped code it creates, the last few lines of I'm here debug, and the lines the debugger shows around address "xxxx" (from PC=xxxx in your last "I'm here" before it crashes) - most simple way is right-click, copy function (after symbols > generate symbol map).

#11 Updated by a.j.buxton over 11 years ago

Where do I right click?

Here is the output from the log and the GDB disassembly:

42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242c8c , LR = 80242c8c
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242ca4 , LR = 80242ca4
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 801f5e60 , LR = 80242cac
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242cac , LR = 80242cac
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242cc4 , LR = 80242cc4
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242ce0 , LR = 80242cc4
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242cf8 , LR = 80242cc4
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242d10 , LR = 80242cc4
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242d28 , LR = 80242cc4
42:20:413 Source/Core/Core/Src/PowerPC/Jit64IL/JitIL.cpp:285 D[JIT]: I'm here - PC = 80242d34 , LR = 80242cc4

(gdb)
(gdb) bt
#0 0x0000000040c581d2 in ?? ()
#1 0x0000000000000000 in ?? ()
(gdb) disassemble 0x40c580d2,0x40c582d2
Dump of assembler code from 0x40c580d2 to 0x40c582d2:
0x0000000040c580d2: add %al,(%rax)
0x0000000040c580d4: or $0x74,%al
0x0000000040c580d6: or -0x7f631707(%rbx),%ecx
0x0000000040c580dc: pop %rdx
0x0000000040c580dd: decl 0xf0aebe8(%rbx)
0x0000000040c580e3: mov $0x6c,%bh
0x0000000040c580e5: or (%rax),%eax
0x0000000040c580e7: bswap %ebp
0x0000000040c580e9: shr $0x10,%ebp
0x0000000040c580ec: movswl %bp,%ebp
0x0000000040c580ef: mov %ebp,-0x40242135(%rip) # 0xa15fc0 <_ZN7PowerPC8ppcStateE+512>
0x0000000040c580f5: cmp $0x29,%ebp
0x0000000040c580fb: jl 0x40c58111
0x0000000040c580fd: jg 0x40c58108
0x0000000040c580ff: mov $0x2,%r12d
0x0000000040c58106: jmp 0x40c58118
0x0000000040c58108: mov $0x4,%r12d
0x0000000040c5810f: jmp 0x40c58118
0x0000000040c58111: mov $0x8,%r12d
0x0000000040c58118: mov %r12d,%ecx
0x0000000040c5811b: mov %cl,-0x40241ed5(%rip) # 0xa1624c <_ZN7PowerPC8ppcStateE+1164>
0x0000000040c58121: cmp $0x29,%ebp
0x0000000040c58127: jl 0x40c5813f
0x0000000040c58129: subl $0x3,-0x4029b70c(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040c58130: movl $0x80242e44,-0x40241efa(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040c5813a: jmpq 0x41a00027
0x0000000040c5813f: subl $0x3,-0x4029b722(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040c58146: jmpq 0x40c58170
0x0000000040c5814b: mov $0x80242d34,%edi
0x0000000040c58150: jmpq 0x41a00027
0x0000000040c58155: subl $0x3,-0x4029b738(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040c5815c: movl $0x80242e44,-0x40241f26(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040c58166: jmpq 0x41a00027
0x0000000040c5816b: ud2a

0x0000000040c5816d: int3

0x0000000040c5816e: int3

0x0000000040c5816f: int3

0x0000000040c58170: ja 0x40c58181
0x0000000040c58172: movl $0x80242d34,-0x40241f3c(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040c5817c: jmpq 0x41a00079
0x0000000040c58181: callq 0x56d8ac
0x0000000040c58186: mov -0x402421cc(%rip),%ebp # 0xa15fc0 <_ZN7PowerPC8ppcStateE+512>
0x0000000040c5818c: imul $0xb4,%ebp,%ebp
0x0000000040c58192: mov -0x402421d5(%rip),%r12d # 0xa15fc4 <_ZN7PowerPC8ppcStateE+516>
0x0000000040c58199: mov %r12d,%r13d
0x0000000040c5819c: add $0x2c,%r13d
0x0000000040c581a0: mov %r13d,-0x402421d7(%rip) # 0xa15fd0 <_ZN7PowerPC8ppcStateE+528>
0x0000000040c581a7: mov %ebp,%r13d
0x0000000040c581aa: add $0x23800000,%r13d
0x0000000040c581b1: mov %r13d,-0x402421ec(%rip) # 0xa15fcc <_ZN7PowerPC8ppcStateE+524>
0x0000000040c581b8: lea 0x23800000(%rbp),%ecx
0x0000000040c581be: test $0xc000000,%ecx
0x0000000040c581c4: je 0x40c581d2
0x0000000040c581c6: mov %ecx,%edi
0x0000000040c581c8: callq 0x40200162
0x0000000040c581cd: mov %eax,%r13d
0x0000000040c581d0: jmp 0x40c581da
=> 0x0000000040c581d2: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c581d7: bswap %r13d
0x0000000040c581da: movl $0x15,-0x40242210(%rip) # 0xa15fd4 <_ZN7PowerPC8ppcStateE+532>
0x0000000040c581e4: lea 0x2c(%r12),%ecx
0x0000000040c581e9: mov %r13d,%eax
0x0000000040c581ec: test $0xc000000,%ecx
0x0000000040c581f2: je 0x40c58201
0x0000000040c581f4: mov %rax,%rdi
0x0000000040c581f7: mov %rcx,%rsi
0x0000000040c581fa: callq 0x40500162
0x0000000040c581ff: jmp 0x40c58207
0x0000000040c58201: bswap %eax
0x0000000040c58203: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c58207: lea 0x23800004(%rbp),%ecx
0x0000000040c5820d: test $0xc000000,%ecx
0x0000000040c58213: je 0x40c58221
0x0000000040c58215: mov %ecx,%edi
0x0000000040c58217: callq 0x40200162
0x0000000040c5821c: mov %eax,%r13d
0x0000000040c5821f: jmp 0x40c58229
0x0000000040c58221: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c58226: bswap %r13d
0x0000000040c58229: lea 0x30(%r12),%ecx
0x0000000040c5822e: mov %r13d,%eax
0x0000000040c58231: test $0xc000000,%ecx
0x0000000040c58237: je 0x40c58246
0x0000000040c58239: mov %rax,%rdi
0x0000000040c5823c: mov %rcx,%rsi
0x0000000040c5823f: callq 0x40500162
0x0000000040c58244: jmp 0x40c5824c
0x0000000040c58246: bswap %eax
0x0000000040c58248: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c5824c: lea 0x23800008(%rbp),%ecx
0x0000000040c58252: test $0xc000000,%ecx
0x0000000040c58258: je 0x40c58266
0x0000000040c5825a: mov %ecx,%edi
0x0000000040c5825c: callq 0x40200162
0x0000000040c58261: mov %eax,%r13d
0x0000000040c58264: jmp 0x40c5826e
0x0000000040c58266: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c5826b: bswap %r13d
0x0000000040c5826e: lea 0x34(%r12),%ecx
0x0000000040c58273: mov %r13d,%eax
0x0000000040c58276: test $0xc000000,%ecx
0x0000000040c5827c: je 0x40c5828b
0x0000000040c5827e: mov %rax,%rdi
0x0000000040c58281: mov %rcx,%rsi
0x0000000040c58284: callq 0x40500162
0x0000000040c58289: jmp 0x40c58291
0x0000000040c5828b: bswap %eax
0x0000000040c5828d: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c58291: lea 0x2380000c(%rbp),%ecx
0x0000000040c58297: test $0xc000000,%ecx
0x0000000040c5829d: je 0x40c582ab
0x0000000040c5829f: mov %ecx,%edi
0x0000000040c582a1: callq 0x40200162
0x0000000040c582a6: mov %eax,%r13d
0x0000000040c582a9: jmp 0x40c582b3
0x0000000040c582ab: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c582b0: bswap %r13d
0x0000000040c582b3: lea 0x38(%r12),%ecx
0x0000000040c582b8: mov %r13d,%eax
0x0000000040c582bb: test $0xc000000,%ecx
0x0000000040c582c1: je 0x40c582d0
0x0000000040c582c3: mov %rax,%rdi
0x0000000040c582c6: mov %rcx,%rsi
0x0000000040c582c9: callq 0x40500162
0x0000000040c582ce: jmp 0x40c582d6
0x0000000040c582d0: bswap %eax
End of assembler dump.
(gdb)

#12 Updated by BhaaL over 11 years ago

Over in the "Code" panel. Enter the last value for "PC" in the box at the top.

#13 Updated by BhaaL over 11 years ago

If i got that right, it should be a block that starts with "mullwx" (thats the first mov/imul combination after the ImHere call)

#14 Updated by a.j.buxton over 11 years ago

After the crash the whole GUI is unresponsive so I cannot access the code tab.

If I go to the code tab before the crash then right clicking anywhere has no effect.

I assume you mean to put the address into the box next to "Set PC." This also has no effect.

#15 Updated by BhaaL over 11 years ago

Select "Boot to pause" and start F-Zero (which version is it, btw? my NTSC version has no code at 80242d34). Switch to the code tab, and enter the PC in the box. It should jump to that location. Select generate symbol map to get some coloring, then right-click the block and select "copy function".

#16 Updated by a.j.buxton over 11 years ago

"Boot to pause" is selected.

I double click F-Zero X in the list of games.

I switch to the code tab.

I paste "80242d34" or "0x80242d34" into the box. Nothing happens.

I select "Generate symbol map" and some function names appear but no disassembly.

I now see this: http://imagebin.org/104006

I am using the EU version of F Zero X, I can try the US version instead if you want.

#17 Updated by BhaaL over 11 years ago

Uh, this looks like the code view is broken on linux. Can you #define JIT_LOG_X86 1 in JitIL.cpp? It should print the code thats generated to the log. Logging to file might help here.

#18 Updated by a.j.buxton over 11 years ago

(gdb) bt
#0 0x0000000040c57eca in ?? ()
#1 0x0000000000000000 in ?? ()
(gdb) disassemble 0x0000000040c57dca, 0x0000000040c57fca
Dump of assembler code from 0x40c57dca to 0x40c57fca:
0x0000000040c57dca: add %al,(%rax)
0x0000000040c57dcc: or $0x74,%al
0x0000000040c57dce: or -0x7c5b1707(%rbx),%ecx
0x0000000040c57dd4: pop %rdx
0x0000000040c57dd5: decl 0xf0aebe8(%rbx)
0x0000000040c57ddb: mov $0x6c,%bh
0x0000000040c57ddd: or (%rax),%eax
0x0000000040c57ddf: bswap %ebp
0x0000000040c57de1: shr $0x10,%ebp
0x0000000040c57de4: movswl %bp,%ebp
0x0000000040c57de7: mov %ebp,-0x40241e2d(%rip) # 0xa15fc0 <_ZN7PowerPC8ppcStateE+512>
0x0000000040c57ded: cmp $0x29,%ebp
0x0000000040c57df3: jl 0x40c57e09
0x0000000040c57df5: jg 0x40c57e00
0x0000000040c57df7: mov $0x2,%r12d
0x0000000040c57dfe: jmp 0x40c57e10
0x0000000040c57e00: mov $0x4,%r12d
0x0000000040c57e07: jmp 0x40c57e10
0x0000000040c57e09: mov $0x8,%r12d
0x0000000040c57e10: mov %r12d,%ecx
0x0000000040c57e13: mov %cl,-0x40241bcd(%rip) # 0xa1624c <_ZN7Powe---Type to continue, or q to quit---
rPC8ppcStateE+1164>
0x0000000040c57e19: cmp $0x29,%ebp
0x0000000040c57e1f: jl 0x40c57e37
0x0000000040c57e21: subl $0x3,-0x4029b404(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040c57e28: movl $0x80242e44,-0x40241bf2(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040c57e32: jmpq 0x41a00027
0x0000000040c57e37: subl $0x3,-0x4029b41a(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040c57e3e: jmpq 0x40c57e68
0x0000000040c57e43: mov $0x80242d34,%edi
0x0000000040c57e48: jmpq 0x41a00027
0x0000000040c57e4d: subl $0x3,-0x4029b430(%rip) # 0x9bca24 <_ZN10CoreTiming9downcountE>
0x0000000040c57e54: movl $0x80242e44,-0x40241c1e(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040c57e5e: jmpq 0x41a00027
0x0000000040c57e63: ud2a

0x0000000040c57e65: int3

0x0000000040c57e66: int3

0x0000000040c57e67: int3

0x0000000040c57e68: ja 0x40c57e79
---Type to continue, or q to quit---
0x0000000040c57e6a: movl $0x80242d34,-0x40241c34(%rip) # 0xa16240 <_ZN7PowerPC8ppcStateE+1152>
0x0000000040c57e74: jmpq 0x41a00079
0x0000000040c57e79: callq 0x56d8ac
0x0000000040c57e7e: mov -0x40241ec4(%rip),%ebp # 0xa15fc0 <_ZN7PowerPC8ppcStateE+512>
0x0000000040c57e84: imul $0xb4,%ebp,%ebp
0x0000000040c57e8a: mov -0x40241ecd(%rip),%r12d # 0xa15fc4 <_ZN7PowerPC8ppcStateE+516>
0x0000000040c57e91: mov %r12d,%r13d
0x0000000040c57e94: add $0x2c,%r13d
0x0000000040c57e98: mov %r13d,-0x40241ecf(%rip) # 0xa15fd0 <_ZN7PowerPC8ppcStateE+528>
0x0000000040c57e9f: mov %ebp,%r13d
0x0000000040c57ea2: add $0x23800000,%r13d
0x0000000040c57ea9: mov %r13d,-0x40241ee4(%rip) # 0xa15fcc <_ZN7PowerPC8ppcStateE+524>
0x0000000040c57eb0: lea 0x23800000(%rbp),%ecx
0x0000000040c57eb6: test $0xc000000,%ecx
0x0000000040c57ebc: je 0x40c57eca
0x0000000040c57ebe: mov %ecx,%edi
0x0000000040c57ec0: callq 0x40200162
0x0000000040c57ec5: mov %eax,%r13d
0x0000000040c57ec8: jmp 0x40c57ed2
=> 0x0000000040c57eca: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c57ecf: bswap %r13d
0x0000000040c57ed2: movl $0x15,-0x40241f08(%rip) # 0xa15fd4 <_ZN7PowerPC8ppcStateE+532>
0x0000000040c57edc: lea 0x2c(%r12),%ecx
0x0000000040c57ee1: mov %r13d,%eax
0x0000000040c57ee4: test $0xc000000,%ecx
0x0000000040c57eea: je 0x40c57ef9
0x0000000040c57eec: mov %rax,%rdi
0x0000000040c57eef: mov %rcx,%rsi
0x0000000040c57ef2: callq 0x40500162
0x0000000040c57ef7: jmp 0x40c57eff
0x0000000040c57ef9: bswap %eax
0x0000000040c57efb: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c57eff: lea 0x23800004(%rbp),%ecx
0x0000000040c57f05: test $0xc000000,%ecx
0x0000000040c57f0b: je 0x40c57f19
0x0000000040c57f0d: mov %ecx,%edi
0x0000000040c57f0f: callq 0x40200162
0x0000000040c57f14: mov %eax,%r13d
0x0000000040c57f17: jmp 0x40c57f21
0x0000000040c57f19: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c57f1e: bswap %r13d
0x0000000040c57f21: lea 0x30(%r12),%ecx
0x0000000040c57f26: mov %r13d,%eax
0x0000000040c57f29: test $0xc000000,%ecx
0x0000000040c57f2f: je 0x40c57f3e
0x0000000040c57f31: mov %rax,%rdi
0x0000000040c57f34: mov %rcx,%rsi
0x0000000040c57f37: callq 0x40500162
0x0000000040c57f3c: jmp 0x40c57f44
0x0000000040c57f3e: bswap %eax
0x0000000040c57f40: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c57f44: lea 0x23800008(%rbp),%ecx
0x0000000040c57f4a: test $0xc000000,%ecx
0x0000000040c57f50: je 0x40c57f5e
0x0000000040c57f52: mov %ecx,%edi
0x0000000040c57f54: callq 0x40200162
0x0000000040c57f59: mov %eax,%r13d
0x0000000040c57f5c: jmp 0x40c57f66
0x0000000040c57f5e: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c57f63: bswap %r13d
0x0000000040c57f66: lea 0x34(%r12),%ecx
0x0000000040c57f6b: mov %r13d,%eax
0x0000000040c57f6e: test $0xc000000,%ecx
0x0000000040c57f74: je 0x40c57f83
0x0000000040c57f76: mov %rax,%rdi
0x0000000040c57f79: mov %rcx,%rsi
0x0000000040c57f7c: callq 0x40500162
0x0000000040c57f81: jmp 0x40c57f89
0x0000000040c57f83: bswap %eax
0x0000000040c57f85: mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c57f89: lea 0x2380000c(%rbp),%ecx
0x0000000040c57f8f: test $0xc000000,%ecx
0x0000000040c57f95: je 0x40c57fa3
0x0000000040c57f97: mov %ecx,%edi
0x0000000040c57f99: callq 0x40200162
0x0000000040c57f9e: mov %eax,%r13d
0x0000000040c57fa1: jmp 0x40c57fab
0x0000000040c57fa3: mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c57fa8: bswap %r13d
0x0000000040c57fab: lea 0x38(%r12),%ecx
0x0000000040c57fb0: mov %r13d,%eax
0x0000000040c57fb3: test $0xc000000,%ecx
0x0000000040c57fb9: je 0x40c57fc8
0x0000000040c57fbb: mov %rax,%rdi
0x0000000040c57fbe: mov %rcx,%rsi
0x0000000040c57fc1: callq 0x40500162
0x0000000040c57fc6: jmp 0x40c57fce
0x0000000040c57fc8: bswap %eax
End of assembler dump.

#19 Updated by BhaaL over 11 years ago

Looks like one of the lwz is going haywire, probably due to missing/failing ops right before (mr/mtctr are not named the same as in the jit tables apparently, and highly suspicious).
Gonna see what i can do.

Can you remove the attachment again, to free some space?
And btw, did you try plain JIT, and not JITIL?

#20 Updated by a.j.buxton over 11 years ago

Yes, plain JIT has the same result. Interpreter can get to the title screen, same as initial reporter.

#21 Updated by BhaaL over 11 years ago

Interresting, I'm getting this one:

27:15:550 Source/Plugins/Plugin_DSP_HLE/Src/UCodes/UCode_AX.cpp:242 N[DSPHLE]: DSP IROM - Reset!
27:15:844 Source/Core/Core/Src/PowerPC/Interpreter/Interpreter_SystemRegisters.cpp:344 N[PowerPC]: Flush Instruction Cache! ICE=1
27:15:846 Source/Core/Core/Src/PowerPC/Interpreter/Interpreter_SystemRegisters.cpp:344 N[PowerPC]: Flush Instruction Cache! ICE=1
27:15:952 Source/Core/Core/Src/HW/ProcessorInterface.cpp:190 N[PI]: Write 00000007 to PI_RESET_CODE
27:15:956 Source/Core/Core/Src/PowerPC/Interpreter/Interpreter_SystemRegisters.cpp:344 N[PowerPC]: Flush Instruction Cache! ICE=1
27:15:990 Source/Core/Core/Src/PowerPC/Interpreter/Interpreter_SystemRegisters.cpp:344 N[PowerPC]: Flush Instruction Cache! ICE=1

After that, the game reboots and starts over from the first screen. I had no saved game, so it asked whether it could create one. When "advancing to profile creation", it reboots.

ector, shuffle, any idea? That write to PI_RESET_CODE looks a bit strange, and doesnt happen on win32 for me. Same disc image, so I guess its not broken.

#22 Updated by Anonymous over 11 years ago

I have some ideas, however on a tangent:
perhaps the PI_RESET_CODE is used in order to manage streaming audio state.
Typically values of 1 and 5 are used to reset the dvd drive, and I've always seen 7 used before a full "hot reset". So, perhaps the flags just reset different sections of the streaming audio pipeline (and therefor somewhat of a red herring in the quest to fix multi-dol games).
seeing the dsp reset is what brought me to this guess.

anyways, as a bit of a hack you could try:
ejecting memcards
making the console id the retail one instead of the devkit ID (see bs2 emu)
this is another guess based off the fact that ikaruga breaks when using the retail id - so perhaps this game is the inverse? :)

otherwise, it looks to be a horrible jit error which I couldn't debug unless it were in front of me :p

#23 Updated by Anonymous over 11 years ago

ps bhaal:
assuming that log is from jit, and the game is meant to reset there (it's not recovering from an error):
finding the OSDoReset (or whatever the symbol is; the func which writes to PI_RESET_CODE) and following execution from there in interpreter will lead you to where the ppc should be hot resetting to. From what I can see in this issue, it seems the the typical "jit hates multiple dols" problem...but like I said, I would need the game...etc to know for sure :)

#24 Updated by BhaaL over 11 years ago

I'm more surprised it works fine on win32. There isnt much #ifdef'ing around that would change parts on linux.
Also, it exhibits different behavior for different people; mine simply resets while his goes up in flames.

Gonna try the console id thing tomorrow, got some other stuff to do right now.

#25 Updated by a.j.buxton over 11 years ago

Mine doesn't crash until after profile creation, directly before the main title screen appears. Same result whether I make a save or skip it. Profile creation works fine.

#26 Updated by BhaaL over 11 years ago

I can reproduce this after ejecting all Memory Cards (I'm not sure if changing the BS2 to use the retail id really made a difference).

Apparently, it is a lwz that causes it:
8023dc28 lwz r0, 0 (r6)

This is going to be nice to debug, that code is loaded/generated/whatever afterwards. On windows, it looks like this (linux code view seems to be broken):
zz_023d9ac_
[...]
8023db90: li r0, 2
8023db94: mr r7, r4
8023db98: addis r3, r3, 9088
8023db9c: li r5, 0
8023dba0: mr r6, r3
8023dba4: mtctr r0
8023dba8: lwz r0, 0 (r6) <-- this one breaks
8023dbac: addi r5, r5, 21
8023dbb0: stw r0, 0 (r7)
8023dbb4: lwz r0, 0x0004 (r6)
8023dbb8: stw r0, 0x0004 (r7)
8023dbbc: lwz r0, 0x0008 (r6)

#27 Updated by anusko over 11 years ago

Using openSUSE 11.3 64bit I get this

JIT64

0x0000000040c0db37 mov 0x0(%rbx,%rdi,1),%eax
0x0000000040c0db3b bswap %eax
0x0000000040c0db3d mov %eax,%r9d
0x0000000040c0db40 mov %r14d,%edx
0x0000000040c0db43 mov %r9d,%ecx
0x0000000040c0db46 test $0xc000000,%edx
0x0000000040c0db4c jne 0x40c0db56
0x0000000040c0db4e bswap %ecx
0x0000000040c0db50 mov %ecx,0x0(%rbx,%rdx,1)
0x0000000040c0db54 jmp 0x40c0db61
0x0000000040c0db56 mov %rcx,%rdi
0x0000000040c0db59 mov %rdx,%rsi
0x0000000040c0db5c callq 0x40500162
0x0000000040c0db61 mov %r8d,%edi
0x0000000040c0db64 add $0x4,%edi
0x0000000040c0db6a test $0xc000000,%edi
0x0000000040c0db70 je 0x40c0db79
0x0000000040c0db72 callq 0x4050017a
0x0000000040c0db77 jmp 0x40c0db7f
0x0000000040c0db79 mov 0x0(%rbx,%rdi,1),%eax
0x0000000040c0db7d bswap %eax
0x0000000040c0db7f mov %eax,%r9d
0x0000000040c0db82 mov %r14d,%edx
0x0000000040c0db85 mov %r9d,%ecx
0x0000000040c0db88 add $0x4,%edx
0x0000000040c0db8e test $0xc000000,%edx
0x0000000040c0db94 jne 0x40c0db9e
0x0000000040c0db96 bswap %ecx
0x0000000040c0db98 mov %ecx,0x0(%rbx,%rdx,1)

JILIL

0x0000000040c493cd mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c493d2 bswap %r13d
0x0000000040c493d5 movl $0x15,-0x4024b70b(%rip) # 0x9fdcd4 <_ZN7PowerPC8ppcStateE+532>
0x0000000040c493df lea 0x2c(%r12),%ecx
0x0000000040c493e4 mov %r13d,%eax
0x0000000040c493e7 test $0xc000000,%ecx
0x0000000040c493ed je 0x40c493fc
0x0000000040c493ef mov %rax,%rdi
0x0000000040c493f2 mov %rcx,%rsi
0x0000000040c493f5 callq 0x40500162
0x0000000040c493fa jmp 0x40c49402
0x0000000040c493fc bswap %eax
0x0000000040c493fe mov %eax,0x0(%rbx,%rcx,1)
0x0000000040c49402 lea 0x23800004(%rbp),%ecx
0x0000000040c49408 test $0xc000000,%ecx
0x0000000040c4940e je 0x40c4941c
0x0000000040c49410 mov %ecx,%edi
0x0000000040c49412 callq 0x40200162
0x0000000040c49417 mov %eax,%r13d
0x0000000040c4941a jmp 0x40c49424
0x0000000040c4941c mov 0x0(%rbx,%rcx,1),%r13d
0x0000000040c49421 bswap %r13d
0x0000000040c49424 lea 0x30(%r12),%ecx
0x0000000040c49429 mov %r13d,%eax
0x0000000040c4942c test $0xc000000,%ecx

Seg. fault at the first instruction of each block.
Without being sure, they seem representations of the same guest bb.

I'm using the NTSC/USA version.

#28 Updated by skidau over 11 years ago

  • Status changed from Accepted to Fixed

Anusko reported that r6040 has fixed this issue.

Also available in: Atom PDF