https://bugs.winehq.org/show_bug.cgi?id=35432
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |focht@gmx.net Version|1.4-rc3 |1.4.1 Summary|config wine |Wine builtin 'services.exe' | |crashes during prefix | |startup (service timeout, | |APC corrupts stack) Ever confirmed|0 |1
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
crashes in Wine builtins should be taken seriously - even with old Wine versions :)
With little information given in the bug, following deduction...
Faulting thread 0xf -> service program main thread (#1)
'service_start+0x29f()' is probably inlined 'service_start_process()' and leafs code (function is static).
http://source.winehq.org/git/wine.git/blob/154aef98d88f16acbcc029d298cc21227...
The value 0x8000000a in EAX translates to 'STATUS_HANDLES_CLOSED'. Wineserver 'free_async_queue' for example sets this code.
Speculation: a service/control pipe timeout causes I/O cancellation/teardown which queues APC. It's likely that the queued APC is executed on the main thread (in alertable wait). The APC is somehow messing up the stack, causing the crash.
--- snip --- Unhandled exception: page fault on execute access to 0x8000000a in 32-bit code (0x8000000a). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:8000000a ESP:0033fce4 EBP:0033fcf8 EFLAGS:00010246( R- -- I Z- -P- ) EAX:00000001 EBX:7ed66000 ECX:00000000 EDX:00000000 ESI:bfd99e24 EDI:00000000 Stack dump: 0x0033fce4: 00000000 00000000 000000b4 7ed66000 0x0033fcf4: 7ed66000 0033fd58 7ed53f70 00110dc8 0x0033fd04: 000000c4 0033fdb8 00000001 00000100 0x0033fd14: 00000100 00002710 00000000 00110944 0x0033fd24: 00000080 000000c4 0000041d 00113330 0x0033fd34: 7ed66000 0033fd58 7ed530e3 00110cac Backtrace: =>0 0x8000000a (0x0033fcf8) 1 0x7ed53f70 service_start+0x29f() in services (0x0033fd58) 2 0x7ed524e0 in services (+0x124df) (0x0033fdc8) 3 0x7ed542af main+0xb0() in services (0x0033fe08) ... 17 0x7bf011c6 main+0x13d() in <wine-loader> (0xbfd9b228) 18 0xb7462905 __libc_start_main+0xf4(main=0x7bf01088, argc=0x2, ubp_av=0xbfd9b2c4, init=0x7bf011f0, fini=0x7bf01260, rtld_fini=0xb77895f0, stack_end=0xbfd9b2bc) [/build/buildd/eglibc-2.17/csu/libc-start.c:260] in libc.so.6 (0x00000000) 0x8000000a: addb %al,0x0(%eax) Modules: Module Address Debug info Name (25 modules) ELF 7b800000-7ba43000 Dwarf kernel32<elf> -PE 7b810000-7ba43000 \ kernel32 ... ELF 7ed3a000-7ed67000 Dwarf services<elf> -PE 7ed40000-7ed67000 \ services ... Threads: process tid prio (all id:s are in hex) ... 0000000e (D) C:\windows\system32\services.exe 0000001e 0 0000001d 0 00000010 0 0000000f 0 <== --- snip ---
I found a similar case here: https://forum.winehq.org/viewtopic.php?f=8&t=19255
--- snip --- err:service:service_send_start_message service L"DigiRefresh" failed to start wine: Unhandled page fault on execute access to 0x8000000a at address 0x8000000a (thread 000f), starting debugger... --- snip ---
Regards