crash:
{
!!!unknown-module!!!: 00007FFC409CAFD0
EXCEPTION_ACCESS_VIOLATION(execute): 00007FFC409CAFD0
IGO64: 000000000003591A
}
cpu: "Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz"
ram: 32 // GB
callstack:
{
KERNELBASE: 00000000000EBDD0
ntdll: 00000000000A3167
ntdll: 000000000008B5E6
ntdll: 000000000009F7DD
ntdll: 000000000000D856
ntdll: 000000000009E70E
!!!unknown-module!!!: 00007FFC409CAFD0
}
registers:
{
rax = 0x00007FFC809D0040
rbx = 0x0000025CEDEE8380
rcx = 0x0000025CEDEE8380
rdx = 0
rsp = 0x000000DA1B7AF6D8
rbp = 0
rsi = 0
rdi = 0
r8 = 0
r9 = 0xFFFFFFF1A407E333
r10 = 0x81010101010100FC
r11 = 0x0000025CD45BBC80
r12 = 0
r13 = 0
r14 = 0x00007FF7A476EF10
r15 = 0x00007FF7CB18C700
rip = 0x00007FFC409CAFD0
xmm0 = [ [1.758934e+22, 0.00092466804, 3.6145664e-09, 800051.13], [0x646E6148, 0x3A72656C, 0x31786420, 0x49435332] ]
xmm1 = [ [1.1822762e+22, 7.6533413e+11, 1.6374902e+13, 6.8901967e-10], [0x64203A72, 0x53323178, 0x556E4943, 0x303D6573] ]
xmm2 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm3 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm4 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm5 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm6 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm7 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm8 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm9 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm10 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm11 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm12 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm13 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm14 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm15 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
}
build_id: 1553899726
EA Staff (Retired)@Benef1cient - Thanks for your feedback. I went back through this whole thread and didn't see any apex_crash.txt from you, so I don't know whether you're getting one of the crashes I've already commented on. But I can tell from our source code history that this one function that is reporting these crashes has not changed since before Apex Legends first shipped. If you'd be willing to post an apex_crash.txt, I can tell whether you are getting this or another crash.
@Falkentyne - Thanks for those suggestions. I looked into them. Unfortunately, you cannot write code to generate a "CPU Parity Error", because this is an error reported by the CPU itself to indicate that it is malfunctioning. Similarly, WHEA is Windows Hardware Error Architecture - it exists to report hardware errors (your machine itself), not software errors (the programs you run on the machine). The best we can do is try to get the compiler to generate a different set of instructions that achieves the same computation while luckily managing to avoid the hardware errors. This is very hard to do when we can't repro the errors internally. It would be like the movie where a blind guy keeps turning one face of a Rubik's cube and then asking his friend, "is this it?"
Regarding your AVX suggestion, Apex doesn't use AVX on PC, since our min-spec CPU doesn't include AVX. However, AVX and SSE often use the same hardware. It actually looks like AVX was designed so you could implement it in a CPU by reusing SSE execution units and registers, and just changing the instruction decode part of the chip! (You can treat one AVX register as two SSE registers put together, and an AVX instruction as running the equivalent SSE instruction sequentially on both SSE register pieces.) CPU hardware is allowed to have completely separate execution units for SSE and AVX, but given how CPU designs always want to minimize chip size and power usage, I would expect AVX and SSE to share execution units on all existing CPUs.
@2Cavalier - Thanks for your feedback. Your crash is the less common one that looks like stack corruption. I'm still trying to see how this might be possible based on source code and disassembly.
@JorPorCorTTV - Thanks for those logs. Three out of 4 of your crashes are the "02F2DCA" crash, where the CPU is saying that the instruction "test r15, r15" is really the instruction "int 3". apexcrash_2.txt is the less common "02F2E2A" crash, which looks like stack corruption. It's helpful to have as many of these dumps as possible as I try to look for clues.
@novemb9r - Thanks for the two logs. Your first log is the less common version of the "02F2DCA" crash, where the CPU is saying that the instruction "test r15, r15" tried to write to memory address "1". But this instruction does not write to any address! If you look at the Intel specifications of the "test" instruction's behavior, the only exceptions it is allowed to throw on the CPU are related to memory read accesses or to incorrectly using a "lock" prefix. We don't have a "lock" prefix, and the instruction is the register/register form so it doesn't read memory. This means this instruction should never be able to throw any exceptions according to Intel's specifications. Furthermore, this instruction does not write to memory according to Intel's specifications. So the most logical explanation is a malfunctioning CPU.
Your second log is the more common "02F2DCA" crash, where "test r15, r15" is treated as "int 3".
@MagiTwit - Thanks for the log. Your crash is actually different than all the others! Based on a google search, I'm guessing that "IGO64.dll" is Origin's in-game overlay. It looks like it tried to call a function that didn't exist any more. Based on the address it tried to call, it looks like this is probably because the DLL that had that function got unloaded, so it may not even be the in-game overlay's fault (i.e., it may be that the DLL got unloaded when it shouldn't have). I'm going to see if we can forward this to EA's Origin team. Do you happen to remember what you were doing at the time of this crash?
Here it is - it's the 02F2DCA crash.
I'm wondering that most of people here that are reporting this issue have high end PCs with 7700k, 8700k, etc. and 1080Tis or better.
Can this be somehow related to those high end CPUs or their architecture?
I can't believe we all have faulty CPUs out of a sudden?
EA Staff (Retired)Thanks @Benef1cient.
These crashes are a real mystery to me.
They are definitely real, since we have a bunch of consistent crash logs from numerous independent people.
The hardware registers in all these logs are in line with what you'd expect for the instruction that is reported as crashing.
The instruction that is crashing should NOT be able to crash in ANY way. The instruction is "test r15, r15". According to Intel's x64 instruction specs, that instruction shouldn't be able to crash since it doesn't have a "lock" prefix and it doesn't touch memory. (The lock prefix is for synchronizing threads and only allowed on certain instructions.)
So, something is broken. Maybe Windows' crash handler is misreporting the crashes? But then why do all the registers match what you'd expect for a crash at the indicated instruction, and why do the crash reports work flawlessly for every other crash?
So, the most likely explanation is still that the CPU is really crashing, that the OS is reporting the crash correctly, and that we have a malfunctioning CPU. But why? Intel is really good at making CPUs. I don't like assuming their CPUs are broken, because usually I'd be wrong. I much prefer believing that our source code has a bug, but I just can't find any way that I could cause these crashes if I wanted to, even writing malicious assembly code by hand. Which is why I went with assuming that it was an overclocking or overheating issue - that let the CPUs that Intel shipped still work properly out of the factory while explaining why they were malfunctioning in this code.
But then, @Benef1cient and @2Cavalier have both reported good experimental evidence that it isn't overclocking/overheating.
Which leaves us with a malfunctioning CPU as the best explanation. But again, Intel is really good at making CPUs, and I've never come across a hardware bug in their chips before, so I really don't like that explanation. But there's no valid explanation in the code either. And by "code" I mean the instructions that our game actually executes after it's compiled, not just the source code. I have found and worked around several compiler bugs in my career, so I know that the disassembly the CPU executes is authoritative, not the source code we write, even though they're supposed to be equivalent. But the instruction causing all the grief in this crash is "test r15, r15", which cannot cause a crash according to Intel's specs, even though it does.
I guess the "good" news is I could probably work around the most common EXCEPTION_BREAKPOINT version of this crash. When that happens, I could look at the instruction that caused this crash, and if it isn't a breakpoint instruction, I can tell the OS to go back and try to run that instruction again. This will just cause a delay of a few thousand cycles that you'd probably not even notice. I'd also need to keep track of when I do this using RDTSC so that I don't get into an infinite loop and cause the game to freeze instead of crash, if the CPU really does insist that the instruction is a breakpoint.
Here is another crash log. I have also attached the event viewer error details if that gives any additional information.
Crashed back to back games. This crash did not give a crash log. Not sure why. Here is the event viewer information.
EA Staff (Retired)Thanks for the additional information @JorPorCorTTV.
It was a good idea to look at the Windows Event Viewer logs. Unfortunately, those logs basically say "I can't tell you where it crashed". I suspect that's because our anti-cheat is interfering with it.
I looked at your latest apex_crash.txt. It's saying the instruction "test r15, r15" was trying to write memory location 5. That's not a memory location we're allowed to write to, so it crashed. But the "test" instruction is asking "what bits are set", not writing memory... and there's no register that has the value 5, so I don't see any reason for it to complain about that address. It also looks like it's just done this instruction 137 times without crashing, since the loop counter is 137 (and starts at 0).
Yet again, it looks like the game is crashing because the CPU did something it wasn't asked to do. =/
I've got to believe there's some explanation for this, but right now it's a big mystery.
crash:
{
nvwgf2umx: 0000000000B16F81
EXCEPTION_ACCESS_VIOLATION(write): 00007FF8D03B6EC8
}
cpu: "Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz"
ram: 16 // GB
callstack:
{
KERNELBASE: 00000000000FFB5A
ntdll: 00000000000A4AB2
ntdll: 000000000008C676
ntdll: 00000000000A119F
ntdll: 000000000006A229
ntdll: 000000000009FE0E
nvwgf2umx: 0000000000B16F81
nvwgf2umx: 0000000000DBC8D6
nvwgf2umx: 00000000003A9634
nvwgf2umx: 000000000039A200
nvwgf2umx: 00000000003A2AFD
nvwgf2umx: 00000000003A29A9
nvwgf2umx: 0000000000399CED
nvwgf2umx: 0000000000BFA46A
nvwgf2umx: 00000000012A552C
KERNEL32: 0000000000017BD4
ntdll: 000000000006CE71
}
registers:
{
rax = 0x0000023959CCC260
rbx = 0x0000023A6446DA10
rcx = 0x00007FF8D03B6BF0
rdx = 0x0000023959CCBFC0
rsp = 0x0000009CC70BF5A0
rbp = 0
rsi = 0
rdi = 0x00000238CD910990
r8 = 11
r9 = 0x00000238A373F5E0
r10 = 0
r11 = 0
r12 = 0xFFFFFFFE
r13 = 0
r14 = 1
r15 = 0
rip = 0x00007FF898606F81
xmm0 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm1 = [ [6.4571833e-42, 0, 1.4012985e-45, 1.4012985e-45], [4608, 0, 1, 1] ]
xmm2 = [ [0.0015138, 0, 0, 0], [0x3AC66AB3, 0x00000000, 0x00000000, 0x00000000] ]
xmm3 = [ [136, 0, 0, 0], [0x43080000, 0x00000000, 0x00000000, 0x00000000] ]
xmm4 = [ [1, 0, 0, 0], [0x3F800000, 0x00000000, 0x00000000, 0x00000000] ]
xmm5 = [ [16, 0, 0, 0], [0x41800000, 0x00000000, 0x00000000, 0x00000000] ]
xmm6 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm7 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm8 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm9 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm10 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm11 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm12 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm13 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm14 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
xmm15 = [ [0, 0, 0, 0], [0, 0, 0, 0] ]
}
build_id: 1562876448
Community Manager
