http://bugs.winehq.org/show_bug.cgi?id=7286
------- Additional Comments From mk144210@bcm.tmc.edu 2007-31-01 00:14 ------- Here is the deep problem. Now I need to figure out how to solve it:
The problem is that a thread cannot be sent an APC from within an end_wait for it's timeout. The reason is that the end_wait function, while it is destroying objects, does not in any way remove these objects from its own wait queue (which took me a while to figure out, it removes each wait object's "entry" from the "entries", but in the entries at the end of the thread_wait structure all the objects stay put and the count does too until the very end of the function). When the first end_wait is called as a timeout, it starts freeing objects that I guess the thread was waiting for, and the directory object, in its removal function, sends APCs to its change queue (still not really sure what this is, but maybe processes that are waiting for it to change? Seems kind of a duplicate of the initial wait in this case though), which ends up seeing no other APCs queued for that thread, and la ti da let's wake it up. end_wait is called, sees that it has a count of 1 to free up, and again calls the free function for that one object.