Kingdom Hearts Birth By Sleep (Final Mix+ only?) crash(es)

[VIRGINKLM]

The game seems to always crash the emulator when an FMV cutscene is about to load. (example: Blank Points)
Console doesn't seem to show anything wrong.

[VIRGINKLM]

Also I'm a bit reluctant at discussing about this but I noticed that there were people on the forums that kept reporting every now and then that the emulator crashes randomly while on a non-FMV cutscene, usually the ones on the very beginning of the game or the very end. I didn't really experience such issue but I guess that was because I played so many times the game that I know all the dialogs and the cutscenes by heart and I was simply skipping them. Now that I play it once again and I watch the cutscenes, I experienced those random crashes aswell. I can't seem to find a way to reproduce them though, they are somekind of random.

[solarmystic]

As I've already mentioned in my ppsspp.org forum post in the game thread, we need further details, else the devs can't do anything:-

1. First build to have those crashes. Last working build without crashes. If the crashes are present in all existing builds, state so.
2. Savestate/savefile before crashes occurs (if possible). Very important, since if devs can't reproduce this it'll never be fixed. So if you were crashing before the FMV cutscene at Black Points (wherever that is), upload a savestate at that point. Alternatively;
3. Stacktrace of the crash taken from a compiler when it crashes. @VIRGINKLM You have a compiler don't you?

I'd really like to help out, but I can't reproduce those crashes on my system, and I've tried playing the game from the very beginning without skipping any cutscenes. I just unthrottled the speed to speed up the process..

My system:-

[vsub]

I cleared both games(all characters)without any problems but I didn't use the latest beta(I used much older than the latest and I didn't tried the latest)

Does it crash if you disable the frame skipping and FrameSkipUnthrottle(some games don't like frame skipping very much).
Are you using multi threading,I\O thread,fast memory,prevent exceeding 60fps

What are your settings(the default now are different than the default before)?

[mckimiaklopa]

^also happens to me.it happens less iften if multithreading ,io and fast mem are off
Happens less often on my 768 mb ram phone than on my 512 mb one

[VIRGINKLM]

It happens on both Android ARM/Android x86 and Windows x64 builds (so my specs don't matter, it's universal) with default settings on. I can't detect the last working build, it was working up to a time but that must have been a long time (in revision timeline) before.

[VIRGINKLM]

Oh dear just dumped the first Japanese Release of BBS and it doesn't crash on Blank Points but it crashes on Final Mix+. If anyone's tests come from any other than the Final Mix+ version I apologize but it seems that it doesn't work only on the Final Mix+ version.

[vsub]

It's definitely long time ago...I just checked the save states I have for the games and it looks like I used 0.9.1-969 for both games

[daniel229]

Just finished the final mix on 0.9.8-238 today,about 10 hours game play,from Castle of Dream to the end,I did not skip any cut scenes,and did not meet any bug.

[VIRGINKLM]

You will not meet the Blank Points FMV in the normal gameplay, it's part of the secret episode so my report is still valid. Just go to Trinity Report -> Theater -> Blanck Points and try to play the video. It will show the heart on the bottom right as it loads and then the emulator will crash.

[thedax]

Can you upload an in-game save so it's easier to test?

[VIRGINKLM]

Savestate or a save (you'll need my game data too)

[VIRGINKLM]

Here's my savegame, better not to use savestates.
http://www.mediafire.com/download/r79fpgj2ss66w8n/SAVEDATA.7z

[daniel229]

Yes,it crashes on the new build,I tried 0.9.1,it does not crash.

[VIRGINKLM]

Thanx, for a moment I thought I was crazy. There are more crashes happening that I can trigger but this one is the easiest one to trigger. I believe if somebody finds what happened here the rest will be fixed aswell, if not I will report them.

[daniel229]

32bit build does not crash, 64bit crashes only.
For the video crashes,the last working is 0.9.5-1039-gbe777fc,0.9.5-1044-geb249bd starts crashing.

stack trace

[VIRGINKLM]

It crashes on Android too.

[unknownbrackets]

I wonder if it's mirror related:
v0.9.5-1039-gbe777fc...v0.9.5-1044-geb249bd

Does it help to use PSP-1000 instead of PSP-2000?

-[Unknown]

[VIRGINKLM]

@unknownbrackets nope, same result.

[unknownbrackets]

Does it work if you revert 5b0ece8? Non Final Mix at least doesn't use sceFont I'm pretty sure...

-[Unknown]

[vsub]

0.9.8-222,crashed only once but after I disabled the frame skipping and then start the game,then no matter what I tried,ppsspp didn't crash when I was trying to play that scene(tried it at least 10 times)

Fast Memory,I\O Thread,Multi Threading are off and PSP model is 1000

[VIRGINKLM]

Give me a full list of settings to test because reverting to default settings doesn't fix the issue here, whatever combination of settings I use it will always lead to a crash.

[vsub]

This is how I set everything when I run ppsspp without settings

[General]
FirstRun = False
RunCount = 1
Enable Logging = False
AutoRun = True
Browse = False
IgnoreBadMemAccess = True
CurrentDirectory =
ShowDebuggerOnLoad = False
CheckForNewVersion = False
Language = en_US
NumWorkerThreads = 2
EnableAutoLoad = False
EnableCheats = False
ScreenshotsAsPNG = False
StateSlot = 0
RewindFlipFrequency = 0
GridView1 = True
GridView2 = True
GridView3 = False
ReportingHost = default
AutoSaveSymbolMap = False
TopMost = False
WindowX = 28
WindowY = 85
WindowWidth = 968
WindowHeight = 597
PauseOnLostFocus = False
DumpDecryptedEboots = False
[CPU]
Jit = True
SeparateCPUThread = False
AtomicAudioLocks = False
SeparateIOThread = False
FastMemoryAccess = False
CPUSpeed = 0
[Graphics]
ShowFPSCounter = 3
RenderingMode = 1
SoftwareRendering = False
HardwareTransform = True
SoftwareSkinning = True
TextureFiltering = 1
InternalResolution = 2
FrameSkip = 0
AutoFrameSkip = False
FrameRate = 60
FrameSkipUnthrottle = False
ForceMaxEmulatedFPS = 0
AnisotropyLevel = 0
VertexCache = True
TextureBackoffCache = False
TextureSecondaryCache = False
FullScreen = False
PartialStretch = False
StretchToDisplay = False
SmallDisplay = False
ImmersiveMode = False
TrueColor = True
MipMap = True
TexScalingLevel = 1
TexScalingType = 0
TexDeposterize = False
VSyncInterval = False
DisableStencilTest = False
AlwaysDepthWrite = False
TimerHack = False
AlphaMaskHack = False
LowQualitySplineBezier = False
PostShader = Off
[Sound]
Enable = True
VolumeBGM = 8
VolumeSFX = 8
LowLatency = False
[Control]
HapticFeedback = True
ShowTouchCross = True
ShowTouchCircle = True
ShowTouchSquare = True
ShowTouchTriangle = True
ShowTouchStart = True
ShowTouchSelect = True
ShowTouchLTrigger = True
ShowTouchRTrigger = True
ShowAnalogStick = True
ShowTouchDpad = True
ShowTouchUnthrottle = True
ShowTouchPause = False
IgnoreWindowsKey = False
ShowTouchControls = False
DisableDpadDiagonals = False
TouchButtonStyle = 1
TouchButtonOpacity = 65
ActionButtonSpacing2 = 1.000000
ActionButtonCenterX = -1.000000
ActionButtonCenterY = -1.000000
ActionButtonScale = 1.150000
DPadX = -1.000000
DPadY = -1.000000
DPadScale = 1.150000
DPadSpacing = 1.000000
StartKeyX = -1.000000
StartKeyY = -1.000000
StartKeyScale = 1.150000
SelectKeyX = -1.000000
SelectKeyY = -1.000000
SelectKeyScale = 1.150000
UnthrottleKeyX = -1.000000
UnthrottleKeyY = -1.000000
UnthrottleKeyScale = 1.150000
LKeyX = -1.000000
LKeyY = -1.000000
LKeyScale = 1.150000
RKeyX = -1.000000
RKeyY = -1.000000
RKeyScale = 1.150000
AnalogStickX = -1.000000
AnalogStickY = -1.000000
AnalogStickScale = 1.150000
[Network]
EnableWlan = False
[SystemParam]
PSPModel = 0
PSPFirmwareVersion = 150
NickName = PPSSPP
proAdhocServer = localhost
MacAddress = 01:02:03:04:05:06
Language = 1
TimeFormat = 2
DateFormat = 3
TimeZone = 0
DayLightSavings = True
ButtonPreference = 1
LockParentalLevel = 0
WlanAdhocChannel = 0
BypassOSKWithKeyboard = False
WlanPowerSave = False
EncryptSave = True
[Debugger]
DisasmWindowX = 32
DisasmWindowY = 63
DisasmWindowW = 773
DisasmWindowH = 701
GEWindowX = 32
GEWindowY = 87
GEWindowW = 768
GEWindowH = 687
ConsoleWindowX = -1
ConsoleWindowY = -1
FontWidth = 8
FontHeight = 12
DisplayStatusBar = True
ShowBottomTabTitles = True
ShowDeveloperMenu = False
SkipDeadbeefFilling = False
FuncHashMap = False
[SpeedHacks]
PrescaleUV = False
DisableAlphaTest = False
[JIT]
[Upgrade]
UpgradeMessage =
UpgradeVersion =
DismissedVersion =
[Recent]
MaxRecent = 30
[PinnedPaths]

[VIRGINKLM]

Still crashing here...

[vsub]

Just for a test,try 0.9.8-222 or\and 0.9.1-969 x86
Are you trying the original FM image or english patched(I'm trying the English patched)

[VIRGINKLM]

OK it crashes only on x64 builds (it still crashes though on Androidx86, shouldn't that be weird?)

[solarmystic]

@VIRGINKLM Thanks for the savedata, this is exactly what was needed to diagnose the issue, as I stated earlier on in my comment (#5800 (comment)), which led @daniel229 to produce the stack trace and identify the first responsible build thanks to the successful reproduction.

@unknownbrackets Reverting 5b0ece8 fixes the issue. The Blank Points video plays successfully and the emulator/game does not crash:-

[unknownbrackets]

What if you keep the changes in Core/MemMapFunctions.cpp, but revert the rest?

Maybe somewhere is using m_pRAM between 31 MB barriers and expecting it to be contiguous...

-[Unknown]

[unknownbrackets]

Is anything improved by replacing this, in sceMpeg.cpp:

    // Kinda destructive, no?
    AnalyzeMpeg(Memory::GetPointer(bufferAddr), ctx);

With:

    // Kinda destructive, no?
    AnalyzeMpeg(Memory::GetPointerUnchecked(bufferAddr), ctx);

Not saying this is a correct change, just trying to understand what causes it.

-[Unknown]

[unknownbrackets]

Yeah, so it just happens that you've got valid memory on your PC after that, unless addsize is different in a debug build stack trace.

-[Unknown]

[VIRGINKLM]

Sounds like a tough thing to debug

[VIRGINKLM]

Still crashing in v0.9.9.1 -1442
I guess it's a really tough bug.

[Gtavo21]

help plz dont know what to do, i have tried with many other versions and the game keep crashing

[Masamune3210]

can you try another of the versions and post a picture of the log, please? Right now, it is saying that there is a file missing in the iso

[VIRGINKLM]

Those exa files are event files, more specificaly they are cutscenes and in the above case it's a cutscene in Disney Island. These are part of the inner structure of the game's data and not a file you will find directly by extracting the game's iso, so I doubt that the file is indeed missing so what PPSSPP is reporting is for sure a false alarm. I believe that for some reason PPSSPP fails to find the file inside one of those encrypted binaries of the game's iso.

[unknownbrackets]

It's common that games will check to see if files exist in paths for debugging before going into an archive. In many games, file not found errors are completely normal.

-[Unknown]

[daniel229]

FIxed by #8725

[unknownbrackets]

Hmm, that's slightly concerning. Aside from the reverted vmmul change, the only change there that ought to affect non-IR is the one in Core/CoreTiming.cpp.

If you change it back to:

    // This will cause us to check for new events immediately.
    currentMIPS->downcount = 0;
    // But let's not eat a bunch more time in Advance() because of this.
    slicelength = 0;

Does it not work again? If not... could you check which commit caused it, if you have time? Just want to make sure we don't accidentially undo the fix.

-[Unknown]

[daniel229]

Sound like it just randomly working even in old version v1.1.1。

[edelgard]

is there any solution for this in android? i dont understand a single thing, pls help, im dying
i've played it at 1.1.1, 0.9.9, and 1.2.2 still no changes and crashes at the new cutscenes starts

[ProjectXsent]

Same problem here. After I defeat Terra-Xehanort ppsspp crashes.

[ProjectXsent]

On the Android version

[e88z4]

I play BBS final mix and encouter this bug as well on final episode after fighting Terra-Xehanort. I compiled your source code with the following commit 562c5f6

The segmentation fault is caused by memcpy on BufferQueue.h
if (end + addsize <= bufQueueSize) {
memcpy(bufQueue + end, buf, addsize);
end += addsize;

bufQueue address was 0x7ff7b6ce4550
end was 0
buf address was 0x2309ffed50
addsize was 8192

rep movsb %ds:(%rsi),%es:(%rdi) ! 0x00007ff808578e5f

I hope this bug can be fixed soon.

[AkiraJkr]

Can confirm this happens on both Windows x64 and Android in specific, can't reproduce it on Theater Mode

Basically, Fight Terra-Xehanort(Final Episode), and on the second cutscene after defeat, as soon as it ends, the game crashes. I'm surprised this crash exists for soo long.

By the way, there's no such thing like a Final Mix+ version of the game. There's only the Original and Final Mix.

[e88z4]

I forgot to attach my stack. The buf address is always 0x2309ffed50.

BufferQueue::push BufferQueue.h:71
MediaEngine::loadStream MediaEngine.cpp:374
AnalyzeMpeg sceMpeg.cpp:336
sceMpegQueryStreamOffset sceMpeg.cpp:604
WrapI_UUU<sceMpegQueryStreamOffset> FunctionWrappers.h:206
<function called from gdb> 0x00007fa75fffe4ff
WrapI_UUU<sceMpegQueryStreamOffset> FunctionWrappers.h:206
CallSyscallWithoutFlags HLE.cpp:469
<unknown> 0x00000000408720b3
<unknown> 0x0000000000000000

[unknownbrackets]

One thing we can try - but probably is the wrong fix, and might just cause it to fail to play the video - is adding a check. Find this in Core/HLE/sceMpeg.cpp:

static int sceMpegQueryStreamOffset(u32 mpeg, u32 bufferAddr, u32 offsetAddr)
{
	if (!Memory::IsValidAddress(bufferAddr) || !Memory::IsValidAddress(offsetAddr)) {
		ERROR_LOG(ME, "sceMpegQueryStreamOffset(%08x, %08x, %08x): invalid addresses", mpeg, bufferAddr, offsetAddr);
		return -1;
	}

Add after that code:

	if (!Memory::IsValidRange(bufferAddr, 8192)) {
		return hleLogError(ME, -1, "invalid buffer address");
	}

This should cause it to fail here, but the game might get even more confused if this fails.

-[Unknown]

[e88z4]

I added the if statement. The stack trace went into your new code and exit the function but it seems the program is doing an infinite loop like below.

34:56:060 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:327 0=sceUtilityUnloadModule(00000303)
34:56:545 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:306 0=sceUtilityLoadModule(00000303)
34:56:578 user_main    I[ME]: HLE/sceMpeg.cpp:428 sceMpegInit()
34:56:578 user_main    I[ME]: HLE/sceMpeg.cpp:542 094615c0=sceMpegCreate(09268d50, 09461590, 65536, 09268d54, 512, 0, 0)
34:56:594 user_main    E[ME]: HLE/sceMpeg.cpp:595 ffffffff=sceMpegQueryStreamOffset(09268d50, 09ffed50, 09268f0c): invalid buffer address
34:56:627 user_main    I[ME]: HLE/sceMpeg.cpp:1618 sceMpegFinish(...)
34:56:627 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:327 0=sceUtilityUnloadModule(00000303)
34:57:113 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:306 0=sceUtilityLoadModule(00000303)
34:57:145 user_main    I[ME]: HLE/sceMpeg.cpp:428 sceMpegInit()
34:57:146 user_main    I[ME]: HLE/sceMpeg.cpp:542 094615c0=sceMpegCreate(09268d50, 09461590, 65536, 09268d54, 512, 0, 0)
34:57:161 user_main    E[ME]: HLE/sceMpeg.cpp:595 ffffffff=sceMpegQueryStreamOffset(09268d50, 09ffed50, 09268f0c): invalid buffer address
34:57:194 user_main    I[ME]: HLE/sceMpeg.cpp:1618 sceMpegFinish(...)
34:57:194 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:327 0=sceUtilityUnloadModule(00000303)
34:57:680 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:306 0=sceUtilityLoadModule(00000303)
34:57:713 user_main    I[ME]: HLE/sceMpeg.cpp:428 sceMpegInit()
34:57:713 user_main    I[ME]: HLE/sceMpeg.cpp:542 094615c0=sceMpegCreate(09268d50, 09461590, 65536, 09268d54, 512, 0, 0)
34:57:728 user_main    E[ME]: HLE/sceMpeg.cpp:595 ffffffff=sceMpegQueryStreamOffset(09268d50, 09ffed50, 09268f0c): invalid buffer address
34:57:762 user_main    I[ME]: HLE/sceMpeg.cpp:1618 sceMpegFinish(...)
34:57:762 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:327 0=sceUtilityUnloadModule(00000303)
34:58:247 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:306 0=sceUtilityLoadModule(00000303)
34:58:280 user_main    I[ME]: HLE/sceMpeg.cpp:428 sceMpegInit()
34:58:280 user_main    I[ME]: HLE/sceMpeg.cpp:542 094615c0=sceMpegCreate(09268d50, 09461590, 65536, 09268d54, 512, 0, 0)
34:58:295 user_main    E[ME]: HLE/sceMpeg.cpp:595 ffffffff=sceMpegQueryStreamOffset(09268d50, 09ffed50, 09268f0c): invalid buffer address
34:58:329 user_main    I[ME]: HLE/sceMpeg.cpp:1618 sceMpegFinish(...)
34:58:329 user_main    I[SCEUTIL]: HLE/sceUtility.cpp:327 0=sceUtilityUnloadModule(00000303)

[unknownbrackets]

Do the changes in #11371 help?

-[Unknown]

[e88z4]

Yes, your pull request #11371 resolves the issue. I was able to save at the end of the final episode chapter. I didn't play the blank point chapter yet but looking at the stack trace from solarmystic a few years ago, I think it was the issue reading unavailable bytes.

[ProjectXsent]

Base on the issue #2395, the temporary fix for the game to play "Where the Heart Goes" and "Blank Points" is to change the Rendering Solution to 4x or 5x before opening the game.

Edit: I don't know if it is only having issues on OpenGL or also in Vulkan.