Emulator Issues #287
closed
Memory access violation
0%
Description
observed in WW crash. I know it's a bit light for a report. I will add info
soon.
Unhandled exception at 0x07f50c78 in DolphinWxDF.exe: 0xC0000005: Access
violation reading location 0x1001a8f8.
07F50C78 F3 0F 7E 80 F5 A8 01 10 movq xmm0,mmword ptr [eax+1001A8F5h]
with: EAX = 00000003
Updated by memberTwo.mb2 over 15 years ago
ZWW, DC mode. I'll test SC mode for this crash.
Unhandled exception at 0x078bb361 in DolphinWxDF.exe: 0xC0000005: Access violation
reading location 0x1001a8f8.¶
078BB300 E9 06 4D 20 00 jmp 07AC000B
078BB305 CC int 3
078BB306 CC int 3
078BB307 CC int 3
078BB308 77 0F ja 078BB319
078BB30A C7 05 C0 3F 77 00 E4 EA 00 80 mov dword ptr ds:[773FC0h],8000EAE4h
078BB314 E9 58 4D 20 00 jmp 07AC0071
078BB319 F7 05 CC 3F 77 00 00 20 00 00 test dword ptr ds:[773FCCh],2000h
078BB323 75 0F jne 078BB334
078BB325 C7 05 C0 3F 77 00 E4 EA 00 80 mov dword ptr ds:[773FC0h],8000EAE4h
078BB32F E9 14 4D 20 00 jmp 07AC0048
078BB334 C7 05 4C 3D 77 00 01 00 00 00 mov dword ptr ds:[773D4Ch],1
078BB33E 68 48 00 E1 E3 push 0E3E10048h
078BB343 E8 E8 49 BC F8 call Interpreter::psq_l (47FD30h)
078BB348 83 C4 04 add esp,4
078BB34B 8B 0D B8 3D 77 00 mov ecx,dword ptr ds:[773DB8h]
078BB351 66 0F 28 15 50 3F 77 00 movapd xmm2,xmmword ptr ds:[773F50h]
078BB359 8B C1 mov eax,ecx
078BB35B 81 E0 FF FF FF 3F and eax,3FFFFFFFh
Breaapoint:
078BB361 F3 0F 7E 80 F5 A8 01 10 movq xmm0,mmword ptr [eax+1001A8F5h]
078BB369 66 0F 38 00 05 00 81 68 00 pshufb xmm0,xmmword ptr ds:[688100h]
078BB372 F2 0F 10 D0 movsd xmm2,xmm0
078BB376 8B 0D B8 3D 77 00 mov ecx,dword ptr ds:[773DB8h]
078BB37C 81 E1 FF FF FF 3F and ecx,3FFFFFFFh
078BB382 8B 81 F5 A8 01 10 mov eax,dword ptr [ecx+1001A8F5h]
078BB388 0F C8 bswap eax
078BB38A 89 05 F0 60 78 00 mov dword ptr ds:[7860F0h],eax
078BB390 F3 0F 5A 15 F0 60 78 00 cvtss2sd xmm2,dword ptr ds:[7860F0h]
078BB398 F2 0F 12 D2 movddup xmm2,xmm2
078BB39C 8B 0D 84 3D 77 00 mov ecx,dword ptr ds:[773D84h]
078BB3A2 81 E1 FF FF FF 3F and ecx,3FFFFFFFh
078BB3A8 8B 81 CD F9 01 10 mov eax,dword ptr [ecx+1001F9CDh]
078BB3AE 0F C8 bswap eax
078BB3B0 89 05 F0 60 78 00 mov dword ptr ds:[7860F0h],eax
078BB3B6 F3 0F 5A 15 F0 60 78 00 cvtss2sd xmm2,dword ptr ds:[7860F0h]
078BB3BE F2 0F 12 D2 movddup xmm2,xmm2
078BB3C2 8B 0D 44 3D 77 00 mov ecx,dword ptr ds:[773D44h]
078BB3C8 81 C1 54 00 00 00 add ecx,54h
078BB3CE F7 C1 00 00 00 0C test ecx,0C000000h
078BB3D4 75 10 jne 078BB3E6 ¶
EAX = 00000003 EBX = 10020000 ECX = 00000003 EDX = 00000000 ESI = 00000000 EDI =
00000003
EIP = 078BB361 ESP = 091DFF9C EBP = 00000003 EFL = 00000206
1001A8F8 = ????????????????
Updated by memberTwo.mb2 over 15 years ago
happens in SC mode too.
This crash can be easily reproduced:
on the first island at the very beginning of the game,
- save the game (I can't crash ww that way if I don't save so far)
- walk/swim around the merchant boat or enter/leave it.
I'm wondering if it's a i266 related issue.
Updated by hrydgard over 15 years ago
Interesting, I wasn't aware movq requires alignment. What CPU did you test this on?
Updated by memberTwo.mb2 over 15 years ago
These kind of bugs are ector's magnet, right? :)
Well, no, you're right. It's me. I wasn't aware movq doesn't require alignment :p
Anyway, I checked and it's a bad memory address issue. Something went wrong after saving?
Happens on XP ("/3GB" in boot.ini) with a Q6600. I wonder if it's happens in 64b too.
Btw, about qmov, TOCHECK(mb2): are those following tricks valid on C2Ds?
http://software.intel.com/en-us/articles/optimizing-for-the-intel-pentiumr-4-processor-using-assembly-language
Updated by memberTwo.mb2 about 15 years ago
Still happening on r1983 (winxp, 32b, Q6600) and still only after saving.
Here is an other fresh example (lfd):
0A3D801E mov ecx,dword ptr ds:[7F4778h]
0A3D8024 movapd xmm3,xmmword ptr ds:[7F4910h]
0A3D802C and ecx,3FFFFFFFh
0A3D8032 movq xmm0,mmword ptr [ecx+1017A8F5h] <--------- BP
0A3D803A pshufb xmm0,xmmword ptr ds:[6FDD40h]
0A3D8043 movsd xmm3,xmm0
ecx+1017A8F5h is below Memory::base.
The positive thing: no more crashes if I enable unlimited jit cache...
Too long jited code in block in the saveToMCard phase?
CacheCode clearing issue?
Why always on movq?
Updated by
Updated by XTra.KrazzY almost 15 years ago
zelda doesn't crash randomly for me, since I fixed savestates, that is.
Updated by XTra.KrazzY almost 15 years ago
- Status changed from New to Fixed
Fixed until anyone says otherwise.
Updated by federelli almost 15 years ago
It's been incredibly stable regarding random crashes. I only experience game hangs
after scripted events are triggered, which is mostly related to the 0x21 issue. I'll
have to test newer revs.
Updated by XTra.KrazzY almost 15 years ago
The crashes were caused by the item hang fix, which is now disabled... This 0x21
issue calls for more testing on your side as I fixed the hang by correctly stopping
the sound. However, not all 0x21 sounds play right.