https://bugs.winehq.org/show_bug.cgi?id=41618
--- Comment #5 from Kimmo Myllyvirta kimmo.myllyvirta@gmail.com --- Created attachment 56790 --> https://bugs.winehq.org/attachment.cgi?id=56790 debug log, backtrace
This seems to be the same issue as in bug #38668. Crashes at the same place, and backtraces are very similar.
Human readable log and backtrace attached (I hacked SetUnhandledExceptionFilter to just return the top_filter in order to get it, since the game doesn't generate minidumps or anything here, it just catches the exception and does nothing - just hangs there with a black screen.)
The crash happens here; =>0 0x000000003b3b1ca2 in xaudio2_7 (+0x71ca2) (0x00007fffff5dff08)
The native xaudio2_7 does some interesting bit shifting with pointers (the crash happens in some kind of list code, or when filling it, "SimpList" based on the OutputDebugString calls).
It basically does (pseudocode); val = (ptr << 21) + (someValue & 0x7FFFFF); then later it does; ptr2 = (val >> 21) & 0x7FFFFFFFFF8; and tries to access *ptr2
movq 0x0000000000000010(%r9),%r8 movq 0x0000000000000008(%r9),%rax movq %r8,%r10 shrq $0x15,%r10 andq %rsi,%r10 movq (%r10),%rdx <- crashes here movq 0x0000000000000010(%r9),%rcx shrq $0x15,%rdx andq %rsi,%rdx cmpq %rcx,%r8
Well, this works if you are lucky, but in this case; 0x7fffff5e1680 truncates to; 0x7ffff5e1680 ->page fault