[Bug 45473] New: Rogue Squadron 3D crashes on startup
https://bugs.winehq.org/show_bug.cgi?id=45473 Bug ID: 45473 Summary: Rogue Squadron 3D crashes on startup Product: Wine Version: 3.12 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: directx-dsound Assignee: wine-bugs(a)winehq.org Reporter: leslie_alistair(a)hotmail.com Distribution: --- Created attachment 61818 --> https://bugs.winehq.org/attachment.cgi?id=61818 Dont destroy secondarybuffer in IDirectSoundNotify Rogue Squadron 3D crashes on startup unless native dsound is used -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch --- Comment #1 from Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> --- The attached patch stop the buffer from being destroyed in the IDirectSoundNotify, which doesn't make sense. However this patches keeps a extra numIfaces incremented so what warnings do appear in the log file but secondarybuffer_destroy is called once the primary buffer is deleted. The basic code Create IDirectSoundBuffer IDirectSoundBuffer->QI (IDirectSoundNotify ) Set SetNotificationPositions ... Play something. On final Notification Release IDirectSoundNotify. At which point the secondary buffer is destroyed and which crashes the mixer thread. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Michael Stefaniuc <mstefani(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mstefani(a)winehq.org --- Comment #2 from Michael Stefaniuc <mstefani(a)winehq.org> --- Created attachment 61822 --> https://bugs.winehq.org/attachment.cgi?id=61822 Don't destroy primary buffer in IDirectSoundNotify_Release() If the mixer dies that means the primary buffer was destroyed. It looks like IDirectSoundNotify_Release() was missed in commit f0be44c82dca8760c787576e1bdf76383bac3ee7. Please try this patch to confirm my assumption. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 --- Comment #3 from Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> --- (In reply to Michael Stefaniuc from comment #2)
Created attachment 61822 [details] Don't destroy primary buffer in IDirectSoundNotify_Release()
If the mixer dies that means the primary buffer was destroyed. It looks like IDirectSoundNotify_Release() was missed in commit f0be44c82dca8760c787576e1bdf76383bac3ee7. Please try this patch to confirm my assumption.
No, with this patch, it still crashes. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 --- Comment #4 from Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> --- Created attachment 61825 --> https://bugs.winehq.org/attachment.cgi?id=61825 +dsound log -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 --- Comment #5 from Michael Stefaniuc <mstefani(a)winehq.org> --- Interesting, it really is a secondary buffer. And the AddRef and Release calls are balanced. The secondary buffer count though drops to 0. I wonder if we have an assumption that we always have a secondary buffer attached to the mixer. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Andrew Eikum <aeikum(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aeikum(a)codeweavers.com --- Comment #6 from Andrew Eikum <aeikum(a)codeweavers.com> --- I don't think the mixer thread is involved. Just glancing through the comments and the log, it looks like the object is being destroyed on thread 0074 while it is being used on thread 0070: 0070:trace:dsound:IDirectSoundBufferImpl_GetCurrentPosition playpos = 237256, writepos = 238136, buflen=705600 (0x16a950, time=40528520) 0074:trace:dsound:IDirectSoundNotifyImpl_Release (0x16a950) ref is now 0 0074:trace:dsound:DirectSoundDevice_RemoveBuffer (0x15c4b8, 0x16a950) 0074:trace:dsound:DirectSoundDevice_RemoveBuffer buffer count is now 0 0074:trace:dsound:secondarybuffer_destroy (0x16a950) released 0074:trace:dsound:IDirectSoundBufferImpl_Release (0x16a950) ref is now 0 wine: Unhandled page fault on read access to 0x00000024 at address 0x59729f (thread 0070), starting debugger... Backtrace: =>0 0x0059729f in rogue squadron (+0x19729f) (0x021efea0) 1 0x00597618 in rogue squadron (+0x197617) (0x021efed0) 2 0x00597869 in rogue squadron (+0x197868) (0x021efedc) 3 0x7bc88be8 call_thread_func_wrapper+0xb() in ntdll (0x021efeec) 4 0x7bc8bf99 call_thread_func+0xcb() [/home/alesliehughes/source/wine-alesliehughes/dlls/ntdll/signal_i386.c:2772] in ntdll (0x021effdc) 5 0x7bc88bda call_thread_entry+0x9() in ntdll (0x021effec) Thread 0070 isn't the mixer thread, it's some game thread (the mixer thread is 006f). It looks like a use-after-free error in the game. Possibly we're missing a reference that we should be holding, or the game is looking for some notification of destruction that we're never sending. I'd write a test duplicating this behavior on native, checking refcount values and notify callback behavior. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Michael Stefaniuc <mstefani(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #61822|0 |1 is obsolete| | --- Comment #7 from Michael Stefaniuc <mstefani(a)winehq.org> --- Comment on attachment 61822 --> https://bugs.winehq.org/attachment.cgi?id=61822 Don't destroy primary buffer in IDirectSoundNotify_Release() Patch is wrong as a primary buffer doesn't supports IDirectSoundNotify interface. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |9a258c5dd7e45fb37e15a6ba697 | |34544318303f2 Resolution|--- |FIXED --- Comment #8 from Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> --- Fixed by https://source.winehq.org/git/wine.git/?a=commit;h=9a258c5dd7e45fb37e15a6ba6... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #9 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 4.2. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Michael Stefaniuc <mstefani(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.0.x -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45473 Michael Stefaniuc <mstefani(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|4.0.x |--- --- Comment #10 from Michael Stefaniuc <mstefani(a)winehq.org> --- Removing the 4.0.x milestone from bug fixes included in 4.0.1. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org