1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
Current versions of VRChat crash shortly after startup
More recent version of VRChat crash shortly after startup. Somewhat older versions (I tried a few from around mid August) didn't crash, so it doesn't look like this is a regression in box64.
I haven't narrowed down the exact update this issue started at yet, but can do so if that might help.
The game starts to render and then crashes with a segfault after generally a few frames, I couldn't find anything helpful in the game logs so far (some end after `Camera Stack has been initialized`, some end a few seconds later after printing out volume settings). The Unity crash handler creates minidumps, but they haven't been very useful so far (`minidump-stackwalk` fails with `The thread list stream was not found`, and all I've gotten from `winedbg` is that it crashed with a segfault).
The box64 output, including last wrapped calls and BTs:
```
Last calls
4980|0x3f0002fa05: Calling pthread_mutex_lock(0x3F000E8860, 0x3F000E88A0, 0x2FFAE8C0, ...) => return 0x0
4980|0x3f0004c3e8: Calling pthread_sigmask(0x0, 0x3F000E88A0, 0x2FFAE740, ...) => return 0x0
4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x3F000E88A0, 0x2FFAE740, ...) => return 0x7FF30000
4980|0x3f0004c2f0: Calling write(45, 0x2ffae940, 64) => return 0x40
4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x40, 0x40, ...) => return 0x7FF30000
4980|0x3f0004bb8b: Calling read(41, 0x2ffae940, 64) => return 0x40[02 00 00 C0 00 00 00 00 00 00 ...]
4980|0x3f0004c402: Calling pthread_sigmask(0x2, 0x2FFAE740, 0x0, ...) => return 0x0
4980|0x3f0004c4e1: Calling pthread_mutex_unlock(0x3F000E8860, 0x2FFAE8C0, 0x0, ...) => return 0x0
4980|0x3f0002fb38: Calling pthread_sigmask(0x2, 0x2FFAE8C0, 0x0, ...) => return 0x0
4980|0x3f0004ed35: Calling pthread_sigmask(0x0, 0x3F000E88A0, 0x2FFAF490, ...) => return 0x0
4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x2FFAF588, 0x2FFAF370, ...) => return 0x7FF30000
4980|0x3f0004c28d: Calling writev(0x2D, 0x2FFAF350, 0x3, ...) => return 0x70
4980|0x3f00072d7b: Calling pthread_getspecific(0x3, 0x40, 0x70, ...) => return 0x7FF30000
4980|0x3f0004bb8b: Calling read(41, 0x2ffaf510, 64) => return 0x40[00 00 00 00 00 00 00 00 00 00 ...]
4980|0x3f0004efda: Calling pthread_sigmask(0x2, 0x2FFAF490, 0x0, ...) => return 0x0
4980|0x3f0001ecfb: Calling malloc(0x28, 0x1000, 0x0, ...) => return 0x7F6C03A0B0
NativeBT: VRChat.exe() [0x34a56a94]
NativeBT: linux-vdso.so.1(__kernel_rt_sigreturn+0) [0x7fa54867a0]
NativeBT: [0x7f920c6c30]
EmulatedBT: ??? [0x220cf156]
5056|SIGSEGV @0x7f920c6c30 (???(0x7f920c6c30)) (x64pc=0x220cf156/"???", rsp=0x5f65fe68, stack=0x5f560000:0x5f760000 own=(nil) fp=0x181c995d0), for accessing 0x59010000 (code=2/prot=1), db=0x7f9200eb40(0x7f920c6bd0:0x7f920c6d70/0x220cf110:0x220cf1b5/???:clean, hash:76fe66cc/76fe66cc) handler=0x3f000522a0
RAX:0x000000005900ac7c RCX:0x000000005900ff80 RDX:0x000000005900ff88 RBX:0x000000002bb2efd0
RSP:0x000000005f65fe68 RBP:0x0000000000000001 RSI:0x0000000000000001 RDI:0x00000001152458d8
R8:0xfffffffffffface0 R9:0xfffffffffffffffc R10:0x0000000021870000 R11:0x0000000000000080
R12:0x0000000000000000 R13:0x000000002afeb550 R14:0x00000001152458d0 R15:0x000000005e819de0
ES:0x002b CS:0x0033 SS:0x002b DS:0x002b FS:0x0043 GS:0x0053
RSP-0x20:0x000000004023d6b0 RSP-0x18:0x00000000329bd690 RSP-0x10:0x0000000000000250 RSP-0x08:0x00000001152458d8
RSP+0x00:0x000000002207f218 RSP+0x08:0x0000000000000000 RSP+0x10:0x0000000000000001 RSP+0x18:0x0000000000000001 x64opcode=C5 FD E7 89 80 00 00 00 (opcode=3d802161)
```
I also took a look with GDB, and the code it's crashing inside looks like a memcpy. It's crashing in a loop that copies 256 bytes at a time, but the last 8 bytes of the current block cannot be accessed. The register counting the number of bytes left had the value `ffffffffffb84fe0`, which to me looks like it underflowed and should've returned much earlier. I'll have to see if I can get more information on the surrounding code or the values it starts with (the code in question doesn't have any proper code before it in memory, and I also couldn't find anything proper further up the stack).
Box64 params used:
```
Apply RC params for VRChat.exe
Applying BOX64_ROLLING_LOG=1
Applying BOX64_NOSIGSEGV=1
Applying BOX64_SHOWSEGV=1
Applying BOX64_SHOWBT=1
Applying BOX64_JITGDB=2
Applying BOX64_DYNAREC_BIGBLOCK=0
Applying BOX64_DYNAREC_STRONGMEM=2
Applying BOX64_DYNAREC_X87DOUBLE=1
Applying BOX64_DYNAREC_FASTNAN=0
Applying BOX64_DYNAREC_FASTROUND=0
Applying BOX64_DYNAREC_SAFEFLAGS=2
Applying BOX64_DYNAREC_CALLRET=0
```
Not all of these were required for previous versions, but the additional ones also didn't help here.
|