https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #2 from Giovanni Mascellani <gmascellani(a)codeweavers.com> --- Created attachment 71275 --> https://bugs.winehq.org/attachment.cgi?id=71275 Trace with the debugging patch -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 Giovanni Mascellani <gmascellani(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmascellani(a)codeweavers.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 Giovanni Mascellani <gmascellani(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #71275|0 |1 is obsolete| | --- Comment #5 from Giovanni Mascellani <gmascellani(a)codeweavers.com> --- Created attachment 71293 --> https://bugs.winehq.org/attachment.cgi?id=71293 Trace for amd64 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #7 from Giovanni Mascellani <gmascellani(a)codeweavers.com> --- I updated the debugging patch so that the crash is displayed in a minimal example, without involving winegstreamer which is not the real problem here. The crash seems to happen because pthread_exit() is called inside a signal handler (which is executed in an alternate stack). Basically, the only thing pthread_exit() is supposed to do is to launch an internal exception to unwind the stack, and it might be unable to properly handle being on an alternate stack. The new debugging patch has a sleep() call before exit(), because otherwise the exit_group() call might arrive before SIGSEGV is delivered and the segmentation fault might be hidden. With this sleep() call the crash is consistently reproducible on my system. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #8 from Giovanni Mascellani <gmascellani(a)codeweavers.com> --- Created attachment 71295 --> https://bugs.winehq.org/attachment.cgi?id=71295 Crash demonstration on a pure-Linux program Compile with -pthreads. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #10 from Giovanni Mascellani <gmascellani(a)codeweavers.com> --- I tried to reproduce the same crash in a pure C program (without all the Wine instrumentation) and it doesn't happen: the program creates a thread, installs an alternate signal stack, waits on a variable condition, is killed with SIGQUIT and calls pthread_exit, and all of this seems to work properly. So it seems that there is something Wine-specific leading to the crash. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #11 from Giovanni Mascellani <gmascellani(a)codeweavers.com> --- I think I'm getting an idea of what is happening here: when a thread is started, its stack pointer is stored in amd64_thread_data()->exit_frame by signal_start_thread() and syscall_frame is used whenever the execution flow is in a UNIX library. When exiting a thread, signal_exit_thread() resets the stack to the exit_frame and then calls pthread_exit(). The problem is that pthread_exit() doesn't like this arrangement: basically the only thing pthread_exit() does is unwinding the thread's stack, so that all cleanup procedures, registered for example with pthread_cleanup_push(), are executed. But since we already unwound the stack under its feet (and possibly rewrote a part of it inside the SIGQUIT handler), this doesn't work anymore. In the particular case on my test program, inside pthread_cond_wait() a cleanup procedure is established (to properly abort the wait if the stack is unwound), and since its address is overwritten inside the SIGQUIT handler, a segmentation fault happens. I am not sure of what is the correct way to fix this problem. I'd be tempted to say that we can do away with exit_frame and just let pthread unwind the stack, but I am not sure what exit_frame is supposed to help with. Why aren't we using the stack allocated by pthread, instead of transitioning to our own syscall stack? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fgouget(a)codeweavers.com --- Comment #13 from Alexandre Julliard <julliard(a)winehq.org> --- *** Bug 55283 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #15 from Zeb Figura <z.figura12(a)gmail.com> --- *** Bug 54095 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 --- Comment #17 from Michael Stefaniuc <mstefani(a)winehq.org> --- Oh, and I experience the crashes in current devel (for a couple of versions now) but not in 8.0.x. Is there any value in running a regression test for that? This bug pre-dates 8.0. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 Zeb Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthew.mcallister.0(a)gmail. | |com --- Comment #19 from Zeb Figura <z.figura12(a)gmail.com> --- *** Bug 55641 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |source, testcase -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 Julian Rüger <jr98(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jr98(a)gmx.net -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=52213 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #22 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 9.4. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.