https://bugs.winehq.org/show_bug.cgi?id=33275
--- Comment #14 from Sebastian Lackner sebastian@fds-team.de --- Ah, nice. Since it wasn't that expensive I just bought the GOG version, and I can indeed also reproduce the same issue. The big advantage of this version: No DRM and weird anti-debugging tricks, which (hopefully) allows to use some better tools to track this down.
When running without strace the crash happens on the thread termination (in the close syscall), as already mentioned in my previous message:
--- snip --- 003f:Starting thread proc 0x3650140a (arg=0x36661c) 003f:Call KERNEL32.GetPriorityClass(ffffffff) ret=365012ff 003f:Ret KERNEL32.GetPriorityClass() retval=00000020 ret=365012ff 003f:Call KERNEL32.GetThreadPriority(fffffffe) ret=36501311 003f:Ret KERNEL32.GetThreadPriority() retval=00000000 ret=36501311 [...] 003f:Call msvcr71.strncpy(00366694,0077e97c "AMD Phenom(tm) II X4 840 Processor",00000040) ret=36501c65 003f:Ret msvcr71.strncpy() retval=00366694 ret=36501c65 003f:Call msvcr71.strncat(00366694 "AMD Phenom(tm) II X4 840 Processor",3656a7f5 "",00000040) ret=36501c71 003f:Ret msvcr71.strncat() retval=00366694 ret=36501c71 [...] 003f:Call msvcr71._stricmp(0077e97c "AMD Phenom(tm) II X4 840 Processor",3656a608 "WinChip2") ret=36502180 003f:Ret msvcr71._stricmp() retval=ffffffea ret=36502180 [...] 003f:Call PE DLL (proc=0x7ed5c3c3,module=0x7ecb0000 L"user32.dll",reason=THREAD_DETACH,res=(nil)) 003f:Ret PE DLL (proc=0x7ed5c3c3,module=0x7ecb0000 L"user32.dll",reason=THREAD_DETACH,res=(nil)) retval=1 * crash * --- snip ---
When running with strace the crash happens earlier, shortly after the thread was created, but is very similar:
--- snip --- [pid 719] [f77e4d85] write(2, "003a:Starting thread proc 0x3650"..., 52003a:Starting thread proc 0x3650140a (arg=0x36661c) ) = 52 [pid 719] [f77e4d85] write(2, "003a:Call KERNEL32.GetPriorityCl"..., 59003a:Call KERNEL32.GetPriorityClass(ffffffff) ret=365012ff ) = 59 [pid 719] [f77e4d85] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- [pid 719] [7bc7d3a8] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- [pid 719] [????????????????] +++ killed by SIGSEGV (core dumped) +++ [????????????????] +++ killed by SIGSEGV (core dumped) +++ --- snip ---
Like in the case without running with strace there are two segment violations, the first one after the write syscall opcode, and the second address corresponds to the beginning of the segv_handler:
--- snip --- (gdb) bt #0 segv_handler (signal=11, siginfo=0x7ffd7c8c, sigcontext=0x7ffd7d0c) at signal_i386.c:1957 <---- second segfault #1 <signal handler called> #2 0xf77e4d85 in __kernel_vsyscall () <---- first segfault #3 0xf75d363b in write () from /usr/lib32/libpthread.so.0 #4 0x7bc39d60 in NTDLL_dbg_vprintf (format=0x7bca20ad ") ret=%08lx\n", args=0x77e884 "\377\022P6") at debugtools.c:147 #5 0xf760cd45 in wine_dbg_printf (format=0x7bca20ad ") ret=%08lx\n") at debug.c:223 #6 0x7bc67f95 in relay_trace_entry (descr=0x7b8bd5a0, idx=66091, stack=0x77e908) at relay.c:348 #7 0x7bc68180 in relay_call () at relay.c:378 #8 0x7b823119 in __wine_spec_relay_entry_points () from /home/sebastian/projects/wine/dlls/kernel32/kernel32.dll.so #9 0x365012ff in ?? () #10 0xffffffff in ?? () #11 0x0000000f in ?? () #12 0x0036661c in ?? () #13 0x3650169d in ?? () #14 0x0036671c in ?? () #15 0x7bc7e658 in call_thread_func_wrapper () at signal_i386.c:2578 #16 0x7bc7e69f in call_thread_func (entry=0x3650140a, arg=0x36661c, frame=0x77eb28) at signal_i386.c:2637 #17 0x7bc7e636 in call_thread_entry_point () at signal_i386.c:2578 #18 0x7bc85213 in start_thread (info=0x7ffd4fb8) at thread.c:429 #19 0xf75cc096 in start_thread () from /usr/lib32/libpthread.so.0 #20 0xf74eea7e in clone () from /usr/lib32/libc.so.6 --- snip ---
Please note that all registers (including segment registers) of the crashing thread seem to be set properly, so those instructions definitely shouldn't cause arbitrary segfaults. I guess it will be necessary to take a look at kernel code, to figure out under which situations close()/write() can cause such a critical segfault, and why strace modifies the behaviour.
This time tested with:
$ sha1sum ~/.wine-farcry-nodrm/drive_c/GOG\ Games/Far\ Cry/Bin32/FarCry.exe a227baecf56a75219511594048379cb11721749a /home/sebastian/.wine-farcry-nodrm/drive_c/GOG Games/Far Cry/Bin32/FarCry.exe
Since the kernel version could make a difference:
$ uname -a Linux dalek 3.16.2-1-ARCH #1 SMP PREEMPT Sat Sep 6 13:12:51 CEST 2014 x86_64 GNU/Linux