https://bugs.winehq.org/show_bug.cgi?id=53682
--- Comment #8 from Kevin Puetz PuetzKevinA@JohnDeere.com --- I can try to make something show it with TRACE, but to summarize:
The problem arises in __wine_syscall_dispatcher_return, which sets `$sp = &callback_frame`. Specifially, the path is that after it branches backwards `b 3b` (https://gitlab.winehq.org/wine/wine/-/blob/wine-7.17/dlls/ntdll/unix/signal_...) we reach the `mov sp, x10` (https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/ntdll/unix/signal_arm...); x10 at this point is the `arm64_thread_data()->syscall_frame` (https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/ntdll/unix/signal_arm...). Which is the pointer `arm64_thread_data()->syscall_frame = &callback_frame.frame;` assigned at https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/ntdll/unix/signal_arm....
So far, this seems quite intentional; the arguments are copied below it, etc. The problem is that the C compiler's prologue/epilogue for KeUserModeCallback spilled callee-save registers (lr,fp, and others), and has placed these below callback_frame on the stack. So when the longjmp in NtCallbackReturn brings control flow back into KeUserModeCallback, the code of User32LoadSysMenu (or whatever call was made in the meantime) has smashed them, and `return callback_frame.status` reloads wrong fp/lr values (and then things just go haywire).
I suppose different compilers might generate the prologue/epilogue of KeUserModeCallback; as far as I can tell what's saving it on x86/x86_64 is that the compiler did these things first, with `push`, so the spills end up safely above callback_frame, whereas aarch64 generated the stack space all the space with a preincrement store `stp x29, x30, [sp, #-size]!` which leaves the frame pointer at the bottom of the frame, below the C local variables (like callback_frame).
So if it works for you, all I can think is that your compiler built the stack frame differently. For the tests above I was using ubuntu 22.04's CC = gcc 11.2.0, and CROSSCC = clang 14.0.6-1~oibaf~j