summary refs log tree commit diff stats
path: root/results/scraper/box64/1996
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/box64/1996')
-rw-r--r--results/scraper/box64/199658
1 files changed, 58 insertions, 0 deletions
diff --git a/results/scraper/box64/1996 b/results/scraper/box64/1996
new file mode 100644
index 000000000..10de4acd6
--- /dev/null
+++ b/results/scraper/box64/1996
@@ -0,0 +1,58 @@
+Current versions of VRChat crash shortly after startup
+More recent version of VRChat crash shortly after startup. Somewhat older versions (I tried a few from around mid August) didn't crash, so it doesn't look like this is a regression in box64.  

+I haven't narrowed down the exact update this issue started at yet, but can do so if that might help.

+

+The game starts to render and then crashes with a segfault after generally a few frames, I couldn't find anything helpful in the game logs so far (some end after `Camera Stack has been initialized`, some end a few seconds later after printing out volume settings). The Unity crash handler creates minidumps, but they haven't been very useful so far (`minidump-stackwalk` fails with `The thread list stream was not found`, and all I've gotten from `winedbg` is that it crashed with a segfault).

+

+The box64 output, including last wrapped calls and BTs:

+```

+Last calls

+4980|0x3f0002fa05: Calling pthread_mutex_lock(0x3F000E8860, 0x3F000E88A0, 0x2FFAE8C0, ...) => return 0x0

+4980|0x3f0004c3e8: Calling pthread_sigmask(0x0, 0x3F000E88A0, 0x2FFAE740, ...) => return 0x0

+4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x3F000E88A0, 0x2FFAE740, ...) => return 0x7FF30000

+4980|0x3f0004c2f0: Calling write(45, 0x2ffae940, 64) => return 0x40

+4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x40, 0x40, ...) => return 0x7FF30000

+4980|0x3f0004bb8b: Calling read(41, 0x2ffae940, 64) => return 0x40[02 00 00 C0 00 00 00 00 00 00 ...] 

+4980|0x3f0004c402: Calling pthread_sigmask(0x2, 0x2FFAE740, 0x0, ...) => return 0x0

+4980|0x3f0004c4e1: Calling pthread_mutex_unlock(0x3F000E8860, 0x2FFAE8C0, 0x0, ...) => return 0x0

+4980|0x3f0002fb38: Calling pthread_sigmask(0x2, 0x2FFAE8C0, 0x0, ...) => return 0x0

+4980|0x3f0004ed35: Calling pthread_sigmask(0x0, 0x3F000E88A0, 0x2FFAF490, ...) => return 0x0

+4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x2FFAF588, 0x2FFAF370, ...) => return 0x7FF30000

+4980|0x3f0004c28d: Calling writev(0x2D, 0x2FFAF350, 0x3, ...) => return 0x70

+4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x40, 0x70, ...) => return 0x7FF30000

+4980|0x3f0004bb8b: Calling read(41, 0x2ffaf510, 64) => return 0x40[00 00 00 00 00 00 00 00 00 00 ...] 

+4980|0x3f0004efda: Calling pthread_sigmask(0x2, 0x2FFAF490, 0x0, ...) => return 0x0

+4980|0x3f0001ecfb: Calling malloc(0x28, 0x1000, 0x0, ...) => return 0x7F6C03A0B0

+NativeBT: VRChat.exe() [0x34a56a94]

+NativeBT: linux-vdso.so.1(__kernel_rt_sigreturn+0) [0x7fa54867a0]

+NativeBT: [0x7f920c6c30]

+EmulatedBT: ??? [0x220cf156]

+5056|SIGSEGV @0x7f920c6c30 (???(0x7f920c6c30)) (x64pc=0x220cf156/"???", rsp=0x5f65fe68, stack=0x5f560000:0x5f760000 own=(nil) fp=0x181c995d0), for accessing 0x59010000 (code=2/prot=1), db=0x7f9200eb40(0x7f920c6bd0:0x7f920c6d70/0x220cf110:0x220cf1b5/???:clean, hash:76fe66cc/76fe66cc) handler=0x3f000522a0

+RAX:0x000000005900ac7c RCX:0x000000005900ff80 RDX:0x000000005900ff88 RBX:0x000000002bb2efd0 

+RSP:0x000000005f65fe68 RBP:0x0000000000000001 RSI:0x0000000000000001 RDI:0x00000001152458d8 

+ R8:0xfffffffffffface0  R9:0xfffffffffffffffc R10:0x0000000021870000 R11:0x0000000000000080 

+R12:0x0000000000000000 R13:0x000000002afeb550 R14:0x00000001152458d0 R15:0x000000005e819de0 

+ES:0x002b CS:0x0033 SS:0x002b DS:0x002b FS:0x0043 GS:0x0053 

+RSP-0x20:0x000000004023d6b0 RSP-0x18:0x00000000329bd690 RSP-0x10:0x0000000000000250 RSP-0x08:0x00000001152458d8

+RSP+0x00:0x000000002207f218 RSP+0x08:0x0000000000000000 RSP+0x10:0x0000000000000001 RSP+0x18:0x0000000000000001 x64opcode=C5 FD E7 89 80 00 00 00 (opcode=3d802161)

+```

+

+I also took a look with GDB, and the code it's crashing inside looks like a memcpy. It's crashing in a loop that copies 256 bytes at a time, but the last 8 bytes of the current block cannot be accessed. The register counting the number of bytes left had the value `ffffffffffb84fe0`, which to me looks like it underflowed and should've returned much earlier. I'll have to see if I can get more information on the surrounding code or the values it starts with (the code in question doesn't have any proper code before it in memory, and I also couldn't find anything proper further up the stack).

+

+Box64 params used:

+```

+Apply RC params for VRChat.exe

+Applying BOX64_ROLLING_LOG=1

+Applying BOX64_NOSIGSEGV=1

+Applying BOX64_SHOWSEGV=1

+Applying BOX64_SHOWBT=1

+Applying BOX64_JITGDB=2

+Applying BOX64_DYNAREC_BIGBLOCK=0

+Applying BOX64_DYNAREC_STRONGMEM=2

+Applying BOX64_DYNAREC_X87DOUBLE=1

+Applying BOX64_DYNAREC_FASTNAN=0

+Applying BOX64_DYNAREC_FASTROUND=0

+Applying BOX64_DYNAREC_SAFEFLAGS=2

+Applying BOX64_DYNAREC_CALLRET=0

+```

+Not all of these were required for previous versions, but the additional ones also didn't help here.
\ No newline at end of file