search

ptitSeb / box64

Box64 - Linux Userspace x86_64 Emulator with a twist, targeted at ARM64 Linux devices
https://box86.org
MIT License
3.76k stars 268 forks source link

Crypt of the NecroDancer on Vision Five 2 segfaulted #701

Closed ksco closed 1 year ago

ksco commented 1 year ago

I'm able to run the game and see an empty window (also using gl4es), but it then segfaulted in luajit-5.1.so.2. How should I debug this? Cosim will not work as there're multi processes running.

[2023-04-14 16:50:46.501] [DiscordAPI] [info] Discord API init failed with error code 4
3617|SIGSEGV @0x39a4255c (???(0x39a4255c)) (x64pc=0x3fae6e2a22/lib/libluajit-5.1.so.2:"lib/libluajit-5.1.so.2 + 0x199f0", rsp=0x101ffea98, stack=0x101800000:0x102000000 own=(nil) fp=0x103c204a8), for accessing 0x173c708b0 (code=1/prot=0), db=0x38f13a88(0x39a424b8:0x39a428a0/0x3fae6e29f0:0x3fae6e2aa7/lib/libluajit-5.1.so.2 + 0x199f0:clean, hash:b9e0df71/b9e0df71) handler=0x723550
RAX:0x0000000173c708b0 RCX:0x0000000000000001 RDX:0x000000001c71c75c RBX:0x0000000000000000
RSP:0x0000000101ffea98 RBP:0x0000000000000003 RSI:0x0000000000000000 RDI:0x0000000101ffeb40
 R8:0x0000000000000005  R9:0x00000000ffffffff R10:0x0000000101ffeb40 R11:0x0000000000000004
R12:0x0000000004000025 R13:0x00000000409b8e7f R14:0x0000000000000409 R15:0x409b8e7fffffffd6
RSP-0x20:0x000000006000000e RSP-0x18:0x0000000000000000 RSP-0x10:0x0000000000000000 RSP-0x08:0x0000000000000003
RSP+0x00:0x0000003fae6e3ec0 RSP+0x08:0x0000000100000000 RSP+0x10:0x0000000303c21360 RSP+0x18:0x0000000103c204a8
NativeBT: NecroDancer.x64() [0x349b07c2]
NativeBT: linux-vdso.so.1(__vdso_rt_sigreturn+0) [0x3fb0911800]
NativeBT: /lib/riscv64-linux-gnu/libc.so.6(+0x6bbf8) [0x3fb0837bf8]
NativeBT: /lib/riscv64-linux-gnu/libc.so.6(gsignal+0x12) [0x3fb08023fe]
NativeBT: NecroDancer.x64() [0x34a0e586]
NativeBT: NecroDancer.x64() [0x34adb1ae]
NativeBT: NecroDancer.x64() [0x3499b5e8]
NativeBT: NecroDancer.x64() [0x349af63c]
NativeBT: NecroDancer.x64() [0x349afce6]
NativeBT: NecroDancer.x64() [0x349b058e]
NativeBT: linux-vdso.so.1(__vdso_rt_sigreturn+0) [0x3fb0911800]
NativeBT: [0x39a4255c]
3617|SIGSEGV @0x34a62764 (my_backtrace_ip (NecroDancer.x64)) (x64pc=0x1f01d3/???:"???", rsp=0x101ffe358, stack=0x101800000:0x102000000 own=(nil) fp=0x101ffe390), for accessing 0x3 (code=1/prot=0), db=(nil)((nil):(nil)/(nil):(nil)/???:clean, hash:0/0) handler=(nil)
RSP-0x20:0x000000003703d340 RSP-0x18:0x0000000101ffe3a0 RSP-0x10:0x000000003652bae0 RSP-0x08:0x0000000000000112
RSP+0x00:0x0000000000723669 RSP+0x08:0x0000000000000000 RSP+0x10:0x0000000000000000 RSP+0x18:0x0000000000000000
RAX:0x0000000000000000 RCX:0x0000000000000000 RDX:0x000000000000000f RBX:0x0000000000000000
RSP:0x0000000101ffe358 RBP:0x0000000101ffe390 RSI:0x0000000000000000 RDI:0x0000000000000006
 R8:0x0000003fad29f720  R9:0x0000000000f3e720 R10:0x0000003fad29f780 R11:0x0000003fae734ea0
R12:0x0000000000000000 R13:0x0000000101ffe3a0 R14:0x0000000000000003 R15:0x0000000000000002
Segmentation fault
ptitSeb commented 1 year ago

First thing is to know if it works without dynarec.

ksco commented 1 year ago

Just tried, and it works without Dynarec.

ksco commented 1 year ago

Actually, it doesn't work either but goes much further than Dynarec. It segfaulted when first screen appears.

5113|SIGSEGV @(nil) (???((nil))) (x64pc=0x3f8b6d5899/lib/libsfml-audio.so.2.5:"lib/libsfml-audio.so.2.5/_ZN12_GLOBAL__N_19streamEofEPK19FLAC__StreamDecoderPv + 9", rsp=0x101ffe9a0), for accessing (nil) (code=1)
RAX:0x0000000000000000 RCX:0x0000003f8b6d5850 RDX:0x0000003f8b6d5830 RBX:0x0000000000000000
RSP:0x0000000101ffe9a0 RBP:0x0000000101ffe9c0 RSI:0x0000000000000000 RDI:0x00000000366ba820
 R8:0x0000003f8b6d5870  R9:0x0000003f8b6d5890 R10:0x0000000101ffe7c0 R11:0xfffffffffffffff7
R12:0x0000003f8b9ccdd0 R13:0x000000000043e9a1 R14:0x0000000101ffea50 R15:0x00000000006360e0
NativeBT: NecroDancer.x64() [0x349ad020]
NativeBT: linux-vdso.so.1(__vdso_rt_sigreturn+0) [0x3f8c610800]
NativeBT: /lib/riscv64-linux-gnu/libc.so.6(+0x6bbf8) [0x3f8c536bf8]
NativeBT: /lib/riscv64-linux-gnu/libc.so.6(gsignal+0x12) [0x3f8c5013fe]
NativeBT: NecroDancer.x64() [0x34a0a234]
NativeBT: NecroDancer.x64() [0x34ad6b1a]
NativeBT: NecroDancer.x64() [0x34998474]
NativeBT: NecroDancer.x64() [0x349ac42c]
NativeBT: NecroDancer.x64() [0x349ac92c]
NativeBT: NecroDancer.x64() [0x349ad08a]
NativeBT: linux-vdso.so.1(__vdso_rt_sigreturn+0) [0x3f8c610800]
NativeBT: NecroDancer.x64() [0x34ad781a]
NativeBT: NecroDancer.x64() [0x34998474]
NativeBT: NecroDancer.x64() [0x3498d2fa]
NativeBT: NecroDancer.x64() [0x349b219a]
NativeBT: NecroDancer.x64() [0x34a2f71e]
NativeBT: /usr/lib/riscv64-linux-gnu/libFLAC.so.8(+0x27d1e) [0x3f887a3d1e]
EmulatedBT: ??? [0x1f01c0]
EmulatedBT: /root/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64(_ZN12_GLOBAL__N_117handleCrashSignalEi+119) [0x723669]
EmulatedBT: ??? [0x300c0]
EmulatedBT: lib/libsfml-audio.so.2.5(_ZN2sf4priv19SoundFileReaderFlac5checkERNS_11InputStreamE+9c) [0x3f8b6d613c]
EmulatedBT: lib/libsfml-audio.so.2.5(_ZN2sf16SoundFileFactory22createReaderFromMemoryEPKvm+7a) [0x3f8b6d4eca]
EmulatedBT: ??? [0x3f3fbc1010]
5113|SIGABRT @(nil) (???((nil))) (x64pc=0x1f01d3/???:"???", rsp=0x101ffe260), for accessing 0x13f9 (code=-6)
RAX:0x0000000000000000 RCX:0x0000000000000000 RDX:0x000000000000000f RBX:0x0000000000000000
RSP:0x0000000101ffe260 RBP:0x0000000101ffe298 RSI:0x0000000000000000 RDI:0x0000000000000006
 R8:0x0000003f88f96720  R9:0x0000000000f3e720 R10:0x0000003f88f96780 R11:0xfffffffffffffff7
R12:0x0000000000000000 R13:0x0000000101ffe2a8 R14:0x0000000101ffea50 R15:0x00000000006360e0
5113|Double SIGABRT (code=-6, pc=(nil), addr=0x13f9)!
Sigfault/Segbus while quitting, exiting silently
LIBGL: Shuting down
Sigfault/Segbus while quitting, exiting silently
ptitSeb commented 1 year ago

So, you need to use BOX64_LOAD_ADDR=0x10000000 to fix address of loaded libs and a few other stuff, and

  1. Do a BOX64_DYNAREC_DUMP=2 dump
  2. Do a bisct search with BOX64_NODYNAREC=0xAAAA-0xBBBBB to find the block of dynarec that is causing the issue.

For the dump, it's much better to have a TRACE enable build, with libZydis.so availbale so x64 opcode are completly decoded. I can send you a build of that lib if you want (or build it yourself, but you need v2.3 iirc, as the current 3.x will not work anymore as the ABI changed, and of course 2.3 doen't build on rv64, you need to hack a .h file, to use arm64 path for example)

ksco commented 1 year ago

Ok, I'll try to debug it tomorrow, at least get to the point where the interpreter fails also. The BOX64_NODYNAREC option looks fancy, didn't know we have this one available!

I can send you a build of that lib if you want

Please send me a copy (via email?), that looks nontrivial to get one on my own. ;)

xctan commented 1 year ago

Probably this is not a dynarec issue? I tried to replace the vendor version of libluajit-5.1.so.2 with Arch Linux one (luajit 2.1.0.beta3.r471.g505e2c03-1), and the game successfully ran to the first screen and segfaulted while dynarec is on, and got similar result like @ksco when dynarec is off.

316796|SIGSEGV @0x3d7f88f0 (???(0x3d7f88f0)) (x64pc=0x400150f899/lib/libsfml-audio.so.2.5:"lib/libsfml-audio.so.2.5/_ZN12_GLOBAL__N_19streamEofEPK19FLAC__StreamDecoderPv", rsp=0x101ffe510, stack=0x101800000:0x102000000 own=(nil) fp=0x101ffe530), for accessing 0x246 (code=1/prot=0), db=0x411c53c018(0x3d7f88d8:0x3d7f89a0/0x400150f890:0x400150f8a2/lib/libsfml-audio.so.2.5/_ZN12_GLOBAL__N_19streamEofEPK19FLAC__StreamDecoderPv:clean, hash:af2d0f5b/af2d0f5b) handler=0x723550
RAX:0x0000000000000000 RCX:0x000000400150f850 RDX:0x000000400150f830 RBX:0x0000000000000246 
RSP:0x0000000101ffe510 RBP:0x0000000101ffe530 RSI:0x0000000000000246 RDI:0x0000000037aaa2a0 
 R8:0x000000400150f870  R9:0x000000400150f890 R10:0x0000000101ffe330 R11:0xfffffffffffffff7 
R12:0x0000004001806dd0 R13:0x000000000043e9a1 R14:0x0000000101ffe5c0 R15:0x00000000006360e0 
RSP-0x20:0x0000004001f62250 RSP-0x18:0x0000000101ffe5a0 RSP-0x10:0x0000000101ffe560 RSP-0x08:0x00000000369fc290
RSP+0x00:0x000000000000017e RSP+0x08:0x0000000037aaa2a0 RSP+0x10:0x0000000101ffe530 RSP+0x18:0x00000000000300c0
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x349b09a2]
NativeBT: [0x4000823000]
NativeBT: /usr/lib/libc.so.6(+0x6abee) [0x400089bbee]
NativeBT: /usr/lib/libc.so.6(gsignal+0x12) [0x4000866d66]
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x34a0e766]
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x34adb46a]
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x3499b7c8]
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x349af81c]
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x349afec6]
NativeBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64() [0x349b076e]
NativeBT: [0x4000823000]
NativeBT: [0x3d7f88f0]
EmulatedBT: ??? [0x1f0ae0]
EmulatedBT: /home/xctan/GOG Games/Crypt of the NecroDancer/game/NecroDancer64/NecroDancer.x64(_ZN12_GLOBAL__N_117handleCrashSignalEi+119) [0x723669]
EmulatedBT: ??? [0x300c0]
EmulatedBT: lib/libsfml-audio.so.2.5(_ZN2sf4priv19SoundFileReaderFlac5checkERNS_11InputStreamE+9c) [0x400151013c]
EmulatedBT: lib/libsfml-audio.so.2.5(_ZN2sf16SoundFileFactory22createReaderFromMemoryEPKvm+7a) [0x400150eeca]
EmulatedBT: ??? [0x411c727010]
316796|SIGABRT @0x400089bbee (???(/usr/lib/libc.so.6+0x400089bbee)) (x64pc=0x1f0af3/???:"???", rsp=0x101ffddd0, stack=0x101800000:0x102000000 own=(nil) fp=0x101ffde08), for accessing 0x3e80004d57c (code=-6/prot=0), db=(nil)((nil):(nil)/(nil):(nil)/???:clean, hash:0/0) handler=0x723550
RSP-0x20:0x0000000036fdcb50 RSP-0x18:0x0000000101ffde18 RSP-0x10:0x000000003652a540 RSP-0x08:0x0000000000000112
RSP+0x00:0x0000000000723669 RSP+0x08:0x0000000000000000 RSP+0x10:0x0000000000000000 RSP+0x18:0x0000000000000000
RAX:0x0000000000000000 RCX:0x0000000000000000 RDX:0x000000000000000f RBX:0x0000000000000000 
RSP:0x0000000101ffddd0 RBP:0x0000000101ffde08 RSI:0x0000000000000000 RDI:0x0000000000000006 
 R8:0x00000040037b4720  R9:0x0000000000f3e720 R10:0x00000040037b4780 R11:0xfffffffffffffff7 
R12:0x0000000000000000 R13:0x0000000101ffde18 R14:0x0000000101ffe5c0 R15:0x00000000006360e0 
316796|Double SIGABRT (code=-6, pc=0x400089bbee, addr=0x3e80004d57c)!
Sigfault/Segbus while quitting, exiting silently
Sigfault/Segbus while quitting, exiting silently
xctan commented 1 year ago

I have successfully run the game with BOX64_EMULATED_LIBS=libFLAC.so.8, where libFLAC.so.8 is a symbol link to x86_64 libFLAC.so.12. This trick doesn't work with wrapped riscv64 libFLAC.

ksco commented 1 year ago

Yay!

ptitSeb commented 1 year ago

Mmm, that means there is a badly wrapped function in libFLAC. If you can reproduce the crash with BOX64_ROLLING_LOG=1 that should gives the last 16 functions call at the crash, it might help isolate the bad wrapper.

xctan commented 1 year ago

The stock libluajit-5.1.so.2 still crashes while dynarec is on. I'll investigate this problem first.

ksco commented 1 year ago

libFLAC issue is fixed in above PR.

ksco commented 1 year ago

Crypt of the NecroDancer runs pretty slow on VF2, about 0.3 FPS. I'll try to add missing opcodes for it to see if it helps.