[Bug 38810] 64-bit Unity3D v5.1.1f1 chromium helper process crashes on startup (stack pointer (RSP) must be 16-byte aligned when making a call to Win64 API)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Jun 24 16:11:08 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38810
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |download, win64
Status|UNCONFIRMED |RESOLVED
URL| |http://netstorage.unity3d.c
| |om/unity/2046fc06d4d8/Windo
| |ws64EditorInstaller/UnitySe
| |tup64-5.1.1f1.exe
CC| |focht at gmx.net
Resolution|--- |DUPLICATE
Summary|Unable to run Unity3D |64-bit Unity3D v5.1.1f1
|v5.1.1f1 |chromium helper process
| |crashes on startup (stack
| |pointer (RSP) must be
| |16-byte aligned when making
| |a call to Win64 API)
--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
The 64-bit libcef (Chromium Embedded Framework) is broken, dupe of bug 27680
CEF release: cef_2062_1930 x64
--- snip ---
Unhandled exception: page fault in 64-bit code (0x00007ff53330fe80).
Register dump:
rip:00007ff53330fe80 rsp:000000000023db08 rbp:000000000023dd88 eflags:00010202
( R- -- I - - - )
rax:000000007b86f2a8 rbx:000000000000f000 rcx:ffffffffffffffff
rdx:000000000023ddc8
rsi:000002fdb0601080 rdi:0000000000000000 r8:0000000000000000
r9:000000000023ddf8 r10:0000000182e06ab0
r11:000000000023df30 r12:000000000023f300 r13:0000000000000000
r14:0000000000000000 r15:0000000182e082d0
Stack dump:
0x000000000023db08: 0000000180137955 0000000000000000
0x000000000023db18: 0000000000000000 0000000000000000
0x000000000023db28: ff00ffff00000000 0000000000620180
0x000000000023db38: 0000000180134923 0000000000620180
0x000000000023db48: 0000000182de9cb0 000000000023dd30
0x000000000023db58: 000000018012dca9 000000000023dd30
0x000000000023db68: 0000000180b45614 000000000023dd30
0x000000000023db78: 0000000000000004 0000000000000030
0x000000000023db88: 000000018012ce27 000000000001462f
0x000000000023db98: 00000000005c1300 00000000005c1000
0x000000000023dba8: 00000000005c1000 000000000295c000
0x000000000023dbb8: 000000018012ff04 00000000005c1000
Backtrace:
=>0 0x00007ff53330fe80 NtAllocateVirtualMemory+0xd(process=0x180b9e3ac,
ret=0x182654288, zero_bits=0x6ae000, size_ptr=0x18263ff00, type=0x1000,
protect=0x4)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/virtual.c:1905] in ntdll
(0x000000000023dd88)
1 0x000000007b8ef06a VirtualAllocEx+0x51(hProcess=0xffffffffffffffff,
addr=0x2fdb0610000, size=0xf000, type=0x1000, protect=0x4)
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/virtual.c:95] in
kernel32 (0x000000000023ddd8)
2 0x000000007b8ef016 VirtualAlloc+0x42(addr=0x2fdb0610000, size=0xf000,
type=0x1000, protect=0x4)
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/virtual.c:68] in
kernel32 (0x000000000023de18)
3 0x00000001809fd7a6 in libcef (+0x9fd7a5) (0x0000000182e06ab0)
4 0x00000001809f89fe in libcef (+0x9f89fd) (0x0000000182e06ab0)
5 0x00000001809ebb52 in libcef (+0x9ebb51) (0x0000000000000000)
6 0x0000000180ec3fcd in libcef (+0xec3fcc) (0x0000000000000000)
7 0x0000000181685904 in libcef (+0x1685903) (0x0000000000000000)
8 0x00000001821de276 in libcef (+0x21de275) (0x0000000000000000)
9 0x00000001821de7b5 in libcef (+0x21de7b4) (0x000000000023e140)
10 0x0000000180039805 in libcef (+0x39804) (0x000000000023e140)
0x00007ff53330fe80 NtAllocateVirtualMemory+0xd
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/virtual.c:1905] in ntdll:
1905 {
Modules:
Module Address Debug info Name (129 modules)
PE 1a00000- 2469000 Deferred pdf
PE 2770000- 2915000 Deferred ffmpegsumo
ELF 7b800000- 7bcda000 Dwarf kernel32<elf>
\-PE 7b860000- 7bcda000 \ kernel32
ELF 7be00000- 7c103000 Deferred <wine-loader>
PE 140000000- 14004d000 Deferred unityhelper
PE 180000000- 1831c3000 Export libcef
...
Threads:
process tid prio (all id:s are in hex)
...
00000045 (D) C:\Program Files\Unity\Editor\UnityHelper.exe
0000004d 0
0000004c 0
0000004b 0
0000004a 0
00000049 0
00000048 0
00000009 0
0000000b 0
00000046 0 <==
--- snip ---
Unaligned memory access with SSE instruction from code at 0007F7ADCD6FE80
Source: dlls/ntdll/virtual.c:1905
NtAllocateVirtualMemory:
--- snip ---
00007F7ADCD6FE73 55 push rbp
00007F7ADCD6FE74 48 89 E5 mov rbp,rsp
00007F7ADCD6FE77 57 push rdi
00007F7ADCD6FE78 56 push rsi
00007F7ADCD6FE79 48 81 EC 70 02 00 00 sub rsp,270
00007F7ADCD6FE80 0F 29 B5 50 FF FF FF movaps dqword ptr ss:[rbp-B0],xmm6
00007F7ADCD6FE87 0F 29 BD 60 FF FF FF movaps dqword ptr ss:[rbp-A0],xmm7
00007F7ADCD6FE8E 44 0F 29 85 70 FF FF FF movaps dqword ptr ss:[rbp-90],xmm8
00007F7ADCD6FE96 44 0F 29 4D 80 movaps dqword ptr ss:[rbp-80],xmm9
00007F7ADCD6FE9B 44 0F 29 55 90 movaps dqword ptr ss:[rbp-70],xmm10
00007F7ADCD6FEA0 44 0F 29 5D A0 movaps dqword ptr ss:[rbp-60],xmm11
00007F7ADCD6FEA5 44 0F 29 65 B0 movaps dqword ptr ss:[rbp-50],xmm12
00007F7ADCD6FEAA 44 0F 29 6D C0 movaps dqword ptr ss:[rbp-40],xmm13
00007F7ADCD6FEAF 44 0F 29 75 D0 movaps dqword ptr ss:[rbp-30],xmm14
00007F7ADCD6FEB4 44 0F 29 7D E0 movaps dqword ptr ss:[rbp-20],xmm15
00007F7ADCD6FEB9 48 89 4D 10 mov qword ptr ss:[rbp+10],rcx
00007F7ADCD6FEBD 48 89 55 18 mov qword ptr ss:[rbp+18],rdx
00007F7ADCD6FEC1 44 89 45 20 mov dword ptr ss:[rbp+20],r8d
00007F7ADCD6FEC5 4C 89 4D 28 mov qword ptr ss:[rbp+28],r9
00007F7ADCD6FEC9 48 8B 45 28 mov rax,qword ptr ss:[rbp+28]
00007F7ADCD6FECD 48 8B 00 mov rax,qword ptr ds:[rax]
00007F7ADCD6FED0 48 89 85 40 FF FF FF mov qword ptr ss:[rbp-C0],rax
00007F7ADCD6FED7 8B 45 20 mov eax,dword ptr ss:[rbp+20]
00007F7ADCD6FEDA 89 C7 mov edi,eax
00007F7ADCD6FEDC 48 B8 7D A8 D6 DC 7A 7F . mov rax,<get_mask>
00007F7ADCD6FEE6 FF D0 call rax
...
--- snip ---
To check that Wine isn't at fault here we traverse the caller chain back.
Just in case someone notices on the prolog code (unrelated to this bug): I'm
running '-fno-PIC' Wine builds for some time now with good results.
Source: dlls/kernel32/virtual.c:91
VirtualAllocEx:
--- snip ---
000000007B8EF018 55 push rbp
000000007B8EF019 48 89 E5 mov rbp,rsp
000000007B8EF01C 48 83 EC 40 sub rsp,40
000000007B8EF020 48 89 4D 10 mov qword ptr ss:[rbp+10],rcx
000000007B8EF024 48 89 55 18 mov qword ptr ss:[rbp+18],rdx
000000007B8EF028 4C 89 45 20 mov qword ptr ss:[rbp+20],r8
000000007B8EF02C 44 89 4D 28 mov dword ptr ss:[rbp+28],r9d
000000007B8EF030 48 8B 45 18 mov rax,qword ptr ss:[rbp+18]
000000007B8EF034 48 89 45 F0 mov qword ptr ss:[rbp-10],rax
000000007B8EF038 48 8D 4D 20 lea rcx,qword ptr ss:[rbp+20]
000000007B8EF03C 48 8D 45 F0 lea rax,qword ptr ss:[rbp-10]
000000007B8EF040 8B 55 30 mov edx,dword ptr ss:[rbp+30]
000000007B8EF043 89 54 24 28 mov dword ptr ss:[rsp+28],edx
000000007B8EF047 8B 55 28 mov edx,dword ptr ss:[rbp+28]
000000007B8EF04A 89 54 24 20 mov dword ptr ss:[rsp+20],edx|
000000007B8EF04E 49 89 C9 mov r9,rcx
000000007B8EF051 41 B8 00 00 00 00 mov r8d,0
000000007B8EF057 48 89 C2 mov rdx,rax
000000007B8EF05A 48 8B 4D 10 mov rcx,qword ptr ss:[rbp+10]
000000007B8EF05E 48 B8 A8 F2 86 7B 00 00 . mov rax,<NtAllocateVirtualMemory>
000000007B8EF068 FF D0 call rax
...
--- snip ---
Source: dlls/kernel32/virtual.c:67
VirtualAlloc:
--- snip ---
000000007B8EEFD3 55 push rbp
000000007B8EEFD4 48 89 E5 mov rbp,rsp
000000007B8EEFD7 48 83 EC 30 sub rsp,30
000000007B8EEFDB 48 89 4D 10 mov qword ptr ss:[rbp+10],rcx
000000007B8EEFDF 48 89 55 18 mov qword ptr ss:[rbp+18],rdx
000000007B8EEFE3 44 89 45 20 mov dword ptr ss:[rbp+20],r8d
000000007B8EEFE7 44 89 4D 28 mov dword ptr ss:[rbp+28],r9d
000000007B8EEFEB 8B 4D 20 mov ecx,dword ptr ss:[rbp+20]
000000007B8EEFEE 48 8B 55 18 mov rdx,qword ptr ss:[rbp+18]
000000007B8EEFF2 8B 45 28 mov eax,dword ptr ss:[rbp+28]
000000007B8EEFF5 89 44 24 20 mov dword ptr ss:[rsp+20],eax
000000007B8EEFF9 41 89 C9 mov r9d,ecx
000000007B8EEFFC 49 89 D0 mov r8,rdx
000000007B8EEFFF 48 8B 55 10 mov rdx,qword ptr ss:[rbp+10]
000000007B8EF003 48 C7 C1 FF FF FF FF mov rcx,FFFFFFFFFFFFFFFF
000000007B8EF00A 48 B8 18 F0 8E 7B 00 00 . mov rax,<VirtualAllocEx>
000000007B8EF014 FF D0 call rax
000000007B8EF016 C9 leave
000000007B8EF017 C3 ret
--- snip ---
The caller (libcef):
--- snip ---
00000001809FD790 48 83 EC 28 sub rsp,28
00000001809FD794 41 B9 04 00 00 00 mov r9d,4
00000001809FD79A 41 B8 00 10 00 00 mov r8d,1000
00000001809FD7A0 FF 15 9A B6 AD 01 call qword ptr ds:[<&VirtualAlloc>]
00000001809FD7A6 48 85 C0 test rax,rax
00000001809FD7A9 75 07 jnz 1809FD7B2
00000001809FD7AB 48 83 C4 28 add rsp,28
00000001809FD7AF 48 FF E0 jmp rax
00000001809FD7B2 48 83 C4 28 add rsp,28
00000001809FD7B6 C3 ret
--- snip ---
rbp from the backtrace fault context = 0x23dd88
rbp-0xb0 = 0x23dcd8 -> memory address not 16-byte aligned for SSE instructions
Using the disassembly of prolog code we can calculate the original stack
pointer values backwards up to caller:
frame 0: 0x23dd88 + 8 (rbp) + 8 (rip, ret_addr) = 0x23dd98
frame 1: 0x23dd98 + 0x40 (stack vars) + 8 (rbp) + 8 (rip, ret_addr) = 0x23dde8
frame 2: 0x23dde8 + 0x30 (stack vars) + 8 (rbp) + 8 (rip, ret_addr) = 0x23de28
At time of performing the call instruction the stack has to be 16-byte aligned.
$ sha1sum UnitySetup64-5.1.1f1.exe
0cec27b0aa84bea4f8bb100051a6205f06abb638 UnitySetup64-5.1.1f1.exe
$ du -sh UnitySetup64-5.1.1f1.exe
1.3G UnitySetup64-5.1.1f1.exe
$ wine --version
wine-1.7.45-213-g4f3acf3
Regards
*** This bug has been marked as a duplicate of bug 27680 ***
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list