https://bugs.winehq.org/show_bug.cgi?id=52067
Bug ID: 52067 Summary: ntdll MEM_DECOMMIT change breaks d3d10_1:d3d10_1, d3d8:device, d3d8:visual, d3d9:device, d3d9:visual, ddraw:ddraw1, ddraw:dsurface and dxgi:dxgi Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: fgouget@codeweavers.com Distribution: ---
d3d10_1:d3d10_1, d3d8:device, d3d8:visual, d3d9:device, d3d9:visual, ddraw:ddraw1, ddraw:dsurface and dxgi:dxgi started crashing on 2021-11-19 on all Linux platforms (QEmu, cw-gtx560, cw-rx460, fg-deb64).
For instance in d3d10_1:d3d10_1:
Unhandled exception: page fault on read access to 0x013b002c in 32-bit code (0x7e6fe984). [...] Backtrace: =>0 0x7e6fe984 heap_free+0x3(mem=<internal error>) [Z:\home\winetest\winetest\src\include\wine\heap.h:46] in wined3d (0x0105fe48) 1 0x7e6fe984 wined3d_resource_free_sysmem+0x14(resource=0045D3C0) [Z:\home\winetest\winetest\src\dlls\wined3d\resource.c:369] in wined3d (0x0105fe48) 2 0x7e737e1e wined3d_texture_evict_sysmem+0xba(texture=<internal error>) [Z:\home\winetest\winetest\src\dlls\wined3d\texture.c:688] in wined3d (0x0105fe88)
https://test.winehq.org/data/patterns.html#d3d10_1:d3d10_1
And in ddraw:dsurface:
Unhandled exception: assertion failed in 32-bit code (0xf7fc3559). [...] Backtrace: =>0 0xf7fc3559 __kernel_vsyscall+0x9() in [vdso].so (0x0031e7ec) 1 0xf7d8fe02 gettext+0x73f2() in libc.so.6 (0x0031e7ec) 2 0xf7d78306 GLIBC_2+0x1d306() in libc.so.6 (0xf7f40000) 3 0xf7d781d1 GLIBC_2+0x1d1d1() in libc.so.6 (0xf7f40c80) 4 0xf7d87e29 __assert_fail+0x39() in libc.so.6 (0x7e3ef0f0) 5 0x7dfa6c69 XSetArcMode+0x1cef9() in libx11.so.6 (0x7e3ef0f0) 6 0x7def75fc XRenderCompositeString16+0x14ec() in libxrender.so.1 (0x7e3ef0f0) 7 0x7e16a483 get_xrender_picture+0x43(dev=005BF998, clip_rgn=00000000, clip_rect=0031F73C) [Z:\home\winetest\winetest\src\dlls\winex11.drv\xrender.c:492] in winex11 (0x0031eb98) 8 0x7e16caed xrender_put_image+0x1ad(src_pict=0x1000071, mask_pict=0, clip=<is not available>, dst_format=7E3F28C0, physdev=005BF998, drawable=0, src=0031F6E8, dst=0031F71C, use_repeat=0, src_pixmap=<has been optimized away by compiler>) [Z:\home\winetest\winetest\src\dlls\winex11.drv\xrender.c:1702] in winex11 (0x0031ebd8) 9 0x7e16ce31 xrenderdrv_PutImage+0x331(dev=<couldn't compute location>, clip=<couldn't compute location>, info=<couldn't compute location>, bits=<couldn't compute location>, src=<couldn't compute location>, dst=<couldn't compute location>, rop=<couldn't compute location>) [Z:\home\winetest\winetest\src\dlls\winex11.drv\xrender.c:1840] in winex11 (0x0031ec78) 10 0x7e9541d1 nulldrv_StretchBlt+0x141(dst_dev=<couldn't compute location>, dst=<couldn't compute location>, src_dev=<couldn't compute location>, src=<couldn't compute location>, rop=<couldn't compute location>) [Z:\home\winetest\winetest\src\dlls\win32u\bitblt.c:295] in win32u.so (0x0031f558)
https://test.winehq.org/data/patterns.html#ddraw:dsurface
See also the corresponding failure patterns for more complete backtraces and also for the crashes in the other tests.
A bisect shows that the crashes started with the commit below. With luck that means a single patch will fix all 8 tests; otherwise this commit may just have revealed preexisting issues and there is now 8 separate bugs to fix (and then this bug should be split):
commit 7d2a7b94aad8a776a2ee3031a18bb3b53d5925cd Author: Alexandre Julliard julliard@winehq.org Date: Fri Nov 19 11:04:30 2021 +0100
ntdll: Fix handling of zero size with MEM_DECOMMIT.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52023 Signed-off-by: Alexandre Julliard julliard@winehq.org