Search Unity

IL2CPP tries to access random memory and crashes (2019.3.3f1 & 2019.1.0b1)

Discussion in 'Windows' started by TinyLabProd, Jan 30, 2019.

  1. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    It dies with: 
    Read from location 00000137C11C3000 caused an access violation.


    And the stack trace is very unhelpful:

    Code (CSharp):
    1. Stack Trace of Crashed Thread 5080:
    2. 0x00007FFF27B258BE (UnityPlayer) PAL_Timer_WaitForAtLeast
    3. 0x00007FFF26C16E30 (UnityPlayer) UnityMain
    4. ERROR: SymGetSymFromAddr64, GetLastError: 'Attempt to access invalid address.' (Address: 00007FFF2601D396)
    5. 0x00007FFF2601D396 (UnityPlayer) (function-name not available)
    6. 0x00007FFF26EEA5FF (UnityPlayer) UnityMain
    7. ERROR: SymGetSymFromAddr64, GetLastError: 'Attempt to access invalid address.' (Address: 00007FFF260AE9B6)
    8. 0x00007FFF260AE9B6 (UnityPlayer) (function-name not available)
    9. 0x00007FFF26EFA7E8 (UnityPlayer) UnityMain
    10. ERROR: SymGetSymFromAddr64, GetLastError: 'Attempt to access invalid address.' (Address: 00007FFF260AE9B6)
    11. 0x00007FFF260AE9B6 (UnityPlayer) (function-name not available)
    12. 0x00007FFF26EFA7E8 (UnityPlayer) UnityMain
    13. ERROR: SymGetSymFromAddr64, GetLastError: 'Attempt to access invalid address.' (Address: 00007FFF260AE9B6)
    14. 0x00007FFF260AE9B6 (UnityPlayer) (function-name not available)
    15. 0x00007FFF26EFA7E8 (UnityPlayer) UnityMain
    16. ERROR: SymGetSymFromAddr64, GetLastError: 'Attempt to access invalid address.' (Address: 00007FFF260AE9B6)
    17. 0x00007FFF260AE9B6 (UnityPlayer) (function-name not available)
    18. 0x00007FFF26EFA7E8 (UnityPlayer) UnityMain
    19. ERROR: SymGetSymFromAddr64, GetLastError: 'Attempt to access invalid address.' (Address: 00007FFF260AE9B6)
    20. 0x00007FFF260AE9B6 (UnityPlayer) (function-name not available)
    21. 0x00007FFF26EFA7E8 (UnityPlayer) UnityMain
    22. 0x00007FFF26EEEC0F (UnityPlayer) UnityMain
    23. 0x00007FFF26EEED92 (UnityPlayer) UnityMain
    24. 0x00007FFF26EFEFDD (UnityPlayer) UnityMain
    25. 0x00007FFF26ED9289 (UnityPlayer) UnityMain
    26. 0x00007FFF26F1A099 (UnityPlayer) UnityMain
    27. 0x00007FFF26F0BE0E (UnityPlayer) UnityMain
    28. 0x00007FFF26F0A1AD (UnityPlayer) UnityMain
    29. 0x00007FFF26BE0ED9 (UnityPlayer) UnityMain
    30. 0x00007FFF26BE1A2D (UnityPlayer) UnityMain
    31. 0x00007FFF26BE1E0E (UnityPlayer) UnityMain
    32. 0x00007FFF26CA6374 (UnityPlayer) UnityMain
    33. 0x00007FFFB4803034 (KERNEL32) BaseThreadInitThunk
    34. 0x00007FFFB7053691 (ntdll) RtlUserThreadStart
    Tried windows x86, x64, turning off stripping via link.xml.

    I have no idea where to look next. Any tips?

    Attaching the crash logs.
     

    Attached Files:

    TinyLabProd, Jan 30, 2019
    #1

  2. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    6,938
    I'm not quite sure about the cause of this issue. It looks like it might be a bug though. Can you submit a project that causes this with a bug report?
     
    JoshPeterson, Jan 30, 2019
    #2

  3. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    The stack trace you posted is incorrect. Here's the correct stacktrace (from the .dmp file):

    Code (csharp):
    1. UnityPlayer.dll!memcpy_repmovs()
    2. UnityPlayer.dll!CachedReader::Read(void * data, unsigned __int64 size)
    3. [Inline Frame] UnityPlayer.dll!StreamedBinaryRead::TransferSTLStyleArray(core::basic_string<char,core::StringStorageDefault<char> > &)
    4. [Inline Frame] UnityPlayer.dll!SerializeTraitsForStringTypes<core::basic_string<char,core::StringStorageDefault<char> > >::Transfer(core::basic_string<char,core::StringStorageDefault<char> > &)
    5. UnityPlayer.dll!StreamedBinaryRead::Transfer<core::basic_string<char,core::StringStorageDefault<char> > >(core::basic_string<char,core::StringStorageDefault<char> > & data, const char * __formal, TransferMetaFlags metaFlag)
    6. UnityPlayer.dll!TransferField_NonArray<StreamedBinaryRead,Converter_String>(const StaticTransferFieldInfo & staticInfo, RuntimeSerializationCommandInfo & runtimeInfo, Converter_String & converter)
    7. [Inline Frame] UnityPlayer.dll!SerializationCommand::Execute(RuntimeSerializationCommandInfo &)
    8. UnityPlayer.dll!ExecuteSerializationCommands<JSONRead>(SerializationCommandProvider & commandProvider, JSONRead & transfer, const GeneralMonoObject & instance)
    9. [Inline Frame] UnityPlayer.dll!SerializeTraits<ManagedObjectTransferer>::Transfer(ManagedObjectTransferer &)
    10. [Inline Frame] UnityPlayer.dll!StreamedBinaryRead::TransferWithTypeString(ManagedObjectTransferer &)
    11. UnityPlayer.dll!Transfer_ManagedObject<StreamedBinaryRead,0>(const SerializationCommandArguments & args, RuntimeSerializationCommandInfo & runtimeInfo)
    12. [Inline Frame] UnityPlayer.dll!SerializationCommand::Execute(RuntimeSerializationCommandInfo &)
    13. UnityPlayer.dll!ExecuteSerializationCommands<JSONRead>(SerializationCommandProvider & commandProvider, JSONRead & transfer, const GeneralMonoObject & instance)
    14. [Inline Frame] UnityPlayer.dll!SerializeTraits<ManagedObjectTransferer>::Transfer(ManagedObjectTransferer &)
    15. [Inline Frame] UnityPlayer.dll!StreamedBinaryRead::TransferWithTypeString(ManagedObjectTransferer &)
    16. UnityPlayer.dll!Transfer_ManagedObject<StreamedBinaryRead,0>(const SerializationCommandArguments & args, RuntimeSerializationCommandInfo & runtimeInfo)
    17. [Inline Frame] UnityPlayer.dll!SerializationCommand::Execute(RuntimeSerializationCommandInfo &)
    18. UnityPlayer.dll!ExecuteSerializationCommands<JSONRead>(SerializationCommandProvider & commandProvider, JSONRead & transfer, const GeneralMonoObject & instance)
    19. [Inline Frame] UnityPlayer.dll!SerializeTraits<ManagedObjectTransferer>::Transfer(ManagedObjectTransferer &)
    20. [Inline Frame] UnityPlayer.dll!StreamedBinaryRead::TransferWithTypeString(ManagedObjectTransferer &)
    21. UnityPlayer.dll!Transfer_ManagedObject<StreamedBinaryRead,0>(const SerializationCommandArguments & args, RuntimeSerializationCommandInfo & runtimeInfo)
    22. [Inline Frame] UnityPlayer.dll!SerializationCommand::Execute(RuntimeSerializationCommandInfo &)
    23. UnityPlayer.dll!ExecuteSerializationCommands<JSONRead>(SerializationCommandProvider & commandProvider, JSONRead & transfer, const GeneralMonoObject & instance)
    24. [Inline Frame] UnityPlayer.dll!SerializeTraits<ManagedObjectTransferer>::Transfer(ManagedObjectTransferer &)
    25. [Inline Frame] UnityPlayer.dll!StreamedBinaryRead::TransferWithTypeString(ManagedObjectTransferer &)
    26. UnityPlayer.dll!Transfer_ManagedObject<StreamedBinaryRead,0>(const SerializationCommandArguments & args, RuntimeSerializationCommandInfo & runtimeInfo)
    27. [Inline Frame] UnityPlayer.dll!SerializationCommand::Execute(RuntimeSerializationCommandInfo &)
    28. UnityPlayer.dll!ExecuteSerializationCommands<JSONRead>(SerializationCommandProvider & commandProvider, JSONRead & transfer, const GeneralMonoObject & instance)
    29. [Inline Frame] UnityPlayer.dll!SerializeTraits<ManagedObjectTransferer>::Transfer(ManagedObjectTransferer &)
    30. [Inline Frame] UnityPlayer.dll!StreamedBinaryRead::TransferWithTypeString(ManagedObjectTransferer &)
    31. UnityPlayer.dll!Transfer_ManagedObject<StreamedBinaryRead,0>(const SerializationCommandArguments & args, RuntimeSerializationCommandInfo & runtimeInfo)
    32. [Inline Frame] UnityPlayer.dll!SerializationCommand::Execute(RuntimeSerializationCommandInfo &)
    33. [Inline Frame] UnityPlayer.dll!ExecuteSerializationCommands(SerializationCommandProvider &)
    34. [Inline Frame] UnityPlayer.dll!ExecuteSerializationCommands(const dynamic_array<SerializationCommand,0> &)
    35. UnityPlayer.dll!TransferScriptingObject<StreamedBinaryRead>(StreamedBinaryRead & transfer, ScriptingObjectPtr instance, ScriptingClassPtr klass, SerializationCache::Data * & serializationData)
    36. UnityPlayer.dll!TransferScriptingObject<StreamedBinaryRead>(StreamedBinaryRead & transfer, ScriptingObjectPtr instance, ScriptingClassPtr klass, const MonoScriptCache * scriptCache)
    37. UnityPlayer.dll!SerializableManagedRefTransfer::TransferEngineAndMonoInstance<StreamedBinaryRead>(Object * hostObj, SerializableManagedRef & source, StreamedBinaryRead & transfer, bool transferEngineData)
    38. [Inline Frame] UnityPlayer.dll!MonoBehaviour::Transfer(StreamedBinaryRead &)
    39. [Inline Frame] UnityPlayer.dll!ManagedObjectHostTransferRedirect<MonoBehaviour>::TransferEngineAndMonoInstance(MonoBehaviour &)
    40. [Inline Frame] UnityPlayer.dll!ManagedObjectHostTransferRedirect<MonoBehaviour>::Transfer(MonoBehaviour &)
    41. UnityPlayer.dll!MonoBehaviour::VirtualRedirectTransfer(StreamedBinaryRead & transfer)
    42. UnityPlayer.dll!SerializedFile::ReadObject(__int64 fileID, ObjectCreationMode mode, bool isPersistent, const TypeTree * * oldTypeTree, bool * safeLoaded, Object & object)
    43. UnityPlayer.dll!PersistentManager::ReadAndActivateObjectThreaded(int instanceID, const SerializedObjectIdentifier & identifier, SerializedFile * stream, bool isPersistent, bool validateLoadingFromSceneFile, PersistentManager::LockFlags lockedFlags)
    44. UnityPlayer.dll!PersistentManager::LoadFileCompletelyThreaded(const core::basic_string<char,core::StringStorageDefault<char> > & pathname, __int64 * fileIDs, int * instanceIDs, int size, PersistentManager::LoadFlags flags, LoadProgress & loadProgress, PersistentManager::LockFlags lockedFlags)
    45. UnityPlayer.dll!LoadSceneOperation::Perform()
    46. UnityPlayer.dll!PreloadManager::ProcessSingleOperation()
    47. [Inline Frame] UnityPlayer.dll!PreloadManager::Run()
    48. UnityPlayer.dll!PreloadManager::Run(void * managerPtr)
    49. UnityPlayer.dll!Thread::RunThreadWrapper(void * ptr)
    50. kernel32.dll!BaseThreadInitThunk()
    51. ntdll.dll!RtlUserThreadStart()
    Looks like a crash in serialization. This is probably a bug in Unity, so as Josh asked, please submit a bug report.

    In the meantime, can you generate a full crash dump and send that to me? I might be able to narrow down which MonoBehaviour is responsible. Here are the instructions (set DumpType to "2" - Full): https://docs.microsoft.com/en-us/windows/desktop/wer/collecting-user-mode-dumps
     
    Tautvydas-Zilys, Jan 30, 2019
    #3

  4. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    TinyLabProd, Jan 31, 2019
    #4

  5. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    TinyLabProd, Jan 31, 2019
    #5
    JoshPeterson likes this.

  6. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    @JoshPeterson @Tautvydas-Zilys - if you have a workaround, it would be very appreciated, we need that build to work desperately and mono is not performant enough.
     
    TinyLabProd, Jan 31, 2019
    #6

  7. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    It crashes while deserializing object called "Game Config". There's a script called "GameConfigAsset" on it. Specifically, one of its fields somewhere inside (might be nested inside other fields) has a type "Quantum.PolygonColliderLink", and that has a field named "Guid" which is a System.String. Reading that string fails. For some reason, it tries reading it from the wrong place in the stream and reads invalid size, causing it to read out of bounds. It likely got invalid after reading fields that came before this specific fields. Unfortunately, I don't know which one right now. I'd try doing a binary search on that MonoBehaviour fields to find the culprit until we can look into it properly.

    By the way, there aren't any warnings in the editor log regarding serialization when you build the project, are there?
     
    Tautvydas-Zilys, Jan 31, 2019
    #7

  8. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    TinyLabProd, Feb 1, 2019
    #8

  9. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    This conversation might be helpful:

    There's an asset deserialization bug on il2cpp+mobile in 2018.3.x btw nesting serializable classes with custom structs inside of them will not load properly. found it on mobile IL2CPP build.
    basically if you have this:
    Code (CSharp):
    1.   [Serializable]
    2.   public struct Baz {
    3.    public Int32 SomeData;
    4.   }
    5.   [Serializable]
    6.   public class Foo {
    7.    public Baz Baz;
    8.   }
    9.   [Serializable]
    10.   public class Bar  {
    11.    public Foo Foo;
    12.   }
    and try to serialize Bar as a member of a serializable object it will not load properly this only happens on 2018.3.x, not on 2018.2.x
    Bar.Foo.Baz where Bar and Foo are classes, and Baz is a struct. fix is to convert Foo into a struct we found this on an internal struct in our code. where it would just return 0 value on 2018.3.x and like six hours of digging later we realized that yeah... it wont load it properly and just returns default values for all things in the inner nested struct​
     
    TinyLabProd, Feb 1, 2019
    #9

  10. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    This sounds serious - thanks for the bug report, we'll take a look.
     
    Tautvydas-Zilys, Feb 1, 2019
    #10

  11. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    Tested on 2018.3.4f1, still crashes.
     
    TinyLabProd, Feb 2, 2019
    #11

  12. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    Any light on this?
     
    TinyLabProd, Feb 4, 2019
    #12

  13. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    It's still going through the pipeline.
     
    Tautvydas-Zilys, Feb 4, 2019
    #13

  14. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    Could you share more information? Did you manage to reproduce it? Maybe you need something from us to help track this down?
     
    TinyLabProd, Feb 8, 2019
    #14

  15. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    Yeah, QA just reproduced it.
     
    Tautvydas-Zilys, Feb 11, 2019
    #15

  16. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    Hi, sorry this was taking a while. I sent you a workaround as a reply to that bug report.
     
    Tautvydas-Zilys, Feb 15, 2019
    #16

  17. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    For those in vein. maybe this will help you.

    The workaround is to turn off code stripping.

    Assets/link.xml

    Code (CSharp):
    1. <linker>
    2.   <assembly fullname="Assembly-CSharp" preserve="all"/>
    3.   <assembly fullname="Assembly-CSharp-firstpass" preserve="all"/>
    4.   <assembly fullname="tlplib" preserve="all"/>
    5.   <!-- other assembly names here -->
    6. </linker>
     
    TinyLabProd, Feb 18, 2019
    #17

  18. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    Note that Assembly-CSharp.dll and Assembly-CSharp-firstpass.dll (and any other DLLs that get compiled by Unity from your C# code in the Unity Project) don't get stripped anyway. The things that get stripped are system DLLs (like mscorlib.dll and friends) and precompiled DLLs in your project. In OPs case, turning stripping off for precompiled DLLs in his project was enough for it to work.
     
    Tautvydas-Zilys, Feb 19, 2019
    #18

  19. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    Any news on this?
     
    TinyLabProd, Feb 27, 2019
    #19

  20. TinyLabProd

    TinyLabProd

    Joined:
    Aug 30, 2013
    Posts:
    17
    1.5 months has passed, no responses. Neat :)
     
    TinyLabProd, Mar 18, 2019
    #20

  21. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    It is assigned to a dev and is being investigated. That's all the info I have to share for now.
     
    Tautvydas-Zilys, Mar 19, 2019
    #21

  22. Immu

    Immu

    Joined:
    Jun 18, 2013
    Posts:
    240
    Hi. Any news ? It's been 5 months.
     
    Immu, Jun 15, 2019
    #22

  23. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,680
    It's been fixed a while ago (shortly after my last reply). The fix landed to 2019.1.0b9 and and 2018.3.10f1.
     
    Tautvydas-Zilys, Jun 15, 2019
    #23

  24. mseithe

    mseithe

    Joined:
    Feb 17, 2017
    Posts:
    19
    I'm on 2018.3.12f1 and seem to have a similar/related issue (TransferEngineAndMonoInstance → TransferScriptingObject → TransferField_NonArray). It only affects some players so I cannot provide reproduction code unfortunately.

    The code of the error in the cloud diagnostics is this in case it helps: 29cbf347-5178-46bb-b294-65e95dcce563

    Thanks!


    Code (CSharp):
    1.  
    2. Thread 51 (crashed)
    3. 0   ntdll                              0x00007ff85f5802b4 ZwWaitForMultipleObjects
    4. 1   KERNELBASE                         0x00007ff85b88cc7e WaitForMultipleObjectsEx
    5. 2   KERNELBASE                         0x00007ff85b88cb6e WaitForMultipleObjects
    6. 3   UnityPlayer                        0x00007ff81297195d ?HandleCrash@CrashHandlerInternal@winutils@@QEAAXKKPEBDPEAU_CONTEXT@@PEAU_EXCEPTION_RECORD@@_N@Z
    7. 4   UnityPlayer                        0x00007ff812971a0e ?HandleCrash@ExternalCrashHandler@winutils@@YAXKKPEAU_EXCEPTION_POINTERS@@@Z
    8. 5   UnityPlayer                        0x00007ff812980da8 ?ProcessInternalCrash@winutils@@YAHPEAU_EXCEPTION_POINTERS@@_N@Z
    9. 6   SogouPy                            0x00007ff81485ad3a <system symbols missing>
    10. 7   KERNELBASE                         0x00007ff85b8b6b2c UnhandledExceptionFilter
    11. 8   ntdll                              0x00007ff85f5881cb RtlUserThreadStart$filt$0
    12. 9   ntdll                              0x00007ff85f56fd56 _C_specific_handler
    13. 10  ntdll                              0x00007ff85f58477f RtlpExecuteHandlerForException
    14. 11  ntdll                              0x00007ff85f4e4bef RtlDispatchException
    15. 12  ntdll                              0x00007ff85f5834ee KiUserExceptionDispatch
    16. 13  UnityPlayer                        0x00007ff812cc7104 ??$TransferField_NonArray@VStreamedBinaryRead@@UConverter_String@@@@YAXAEBUStaticTransferFieldInfo@@AEAURuntimeSerializationCommandInfo@@AEAUConverter_String@@@Z
    17. 14  UnityPlayer                        0x00007ff812ccad8d ??$TransferScriptingObject@VStreamedBinaryRead@@@@YAXAEAVStreamedBinaryRead@@VScriptingObjectPtr@@VScriptingClassPtr@@PEBUMonoScriptCache@@@Z
    18. 15  UnityPlayer                        0x00007ff812cd6bae ??$TransferEngineAndMonoInstance@VStreamedBinaryRead@@@SerializableManagedRefTransfer@@CAXPEAVObject@@AEAVSerializableManagedRef@@AEAVStreamedBinaryRead@@_N@Z
    19. 16  UnityPlayer                        0x00007ff812ce7c32 ?ReadObject@SerializedFile@@QEAAX_JW4ObjectCreationMode@@_NPEAPEBVTypeTree@@PEA_NAEAVObject@@@Z
    20. 17  UnityPlayer                        0x00007ff812ce746d ?ReadAndActivateObjectThreaded@PersistentManager@@AEAAPEAVObject@@HAEBUSerializedObjectIdentifier@@PEAVSerializedFile@@_N2W4LockFlags@1@@Z
    21. 18  UnityPlayer                        0x00007ff812ce4f54 ?LoadFileCompletelyThreaded@PersistentManager@@QEAAHAEBV?$basic_string@DV?$StringStorageDefault@D@core@@@core@@PEA_JPEAHHW4LoadFlags@1@AEAVLoadProgress@@W4LockFlags@1@@Z
    22. 19  UnityPlayer                        0x00007ff812bd8e5e ?Perform@LoadSceneOperation@@UEAAXXZ
    23. 20  UnityPlayer                        0x00007ff812bd97e8 ?ProcessSingleOperation@PreloadManager@@AEAAXXZ
    24. 21  UnityPlayer                        0x00007ff812bd9b1c ?Run@PreloadManager@@AEAAXXZ
    25. 22  UnityPlayer                        0x00007ff812bd9b79 ?Run@PreloadManager@@CAPEAXPEAX@Z
    26. 23  UnityPlayer                        0x00007ff812c21b81 ?RunThreadWrapper@Thread@@CAKPEAX@Z
    27. 24  KERNEL32                           0x00007ff85f157974 BaseThreadInitThunk
    28. 25  ntdll                              0x00007ff85f54a271 RtlUserThreadStart
    29. 26  ntdll                              0x00007ff85f54a271 RtlUserThreadStart
     
    mseithe, Jul 31, 2019
    #24