[Bug 50801] New: Wine Mono crashes on macOS

https://bugs.winehq.org/show_bug.cgi?id=50801

Bug ID: 50801 Summary: Wine Mono crashes on macOS Product: Wine Version: 6.4 Hardware: x86-64 OS: Mac OS X Status: NEW Severity: normal Priority: P2 Component: mscoree Assignee: wine-bugs@winehq.org Reporter: madewokherd@gmail.com

Running the csc.exe shipped with Wine Mono on macOS 11.2.1 crashes with:

0024:err:virtual:virtual_setup_exception stack overflow 1456 bytes in thread 0024 addr 0x7bc2bd61 stack 0x130a50 (0x130000-0x131000-0x230000)

From a +relay,+seh log, trimmed by thread:

0024:Call msvcrt.memcpy(0022dec0,02950f35,00000010) ret=1801013e1 0024:Ret msvcrt.memcpy() retval=0022dec0 ret=1801013e1 0024:trace:seh:dispatch_exception code=c0000005 flags=0 addr=0000000002951170 ip=0000000002951170 tid=0024 0024:trace:seh:dispatch_exception info[0]=0000000000000001 0034:Call KERNEL32.HeapFree(00020000,00000000,000b96f0) ret=68765c83 0024:trace:seh:dispatch_exception info[1]=0000000000000498 0024:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c0000005) raised 0024:trace:seh:dispatch_exception rax=0000000000000498 rbx=0000000000000000 rcx=0000000000000001 rdx=0000000000000010 0024:trace:seh:dispatch_exception rsi=0000000000000010 rdi=0000000000a24dd0 rbp=000000000022e2c0 rsp=000000000022e270 0024:trace:seh:dispatch_exception r8=000000000022e5f0 r9=0000000002950f00 r10=000000000000000a r11=0000000002950f64 0024:trace:seh:dispatch_exception r12=0000000000a32e88 r13=000000000022e928 r14=000000000022e5f0 r15=0000000000000000 0024:trace:seh:call_vectored_handlers calling handler at 00000001801038F0 code=c0000005 flags=0

I haven't been able to get winedbg working well enough to give me any real information, but that memcpy call is from the end of mono_breakpoint_clean_code.

I also got this from WINE_MONO_VERBOSE=1:

Method (wrapper alloc) object object:AllocSmall (intptr,intptr) emitted at 0000000002951110 to 000000000295123b (code length 299) [csc.exe]

So we're crashing on access to JIT-compiled code. There's probably a way to tell from the +seh log whether that's on execute access, but I'm just going to assume it is.