https://bugs.winehq.org/show_bug.cgi?id=44217
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |DUPLICATE Component|-unknown |ntdll
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
using pause/run/cancel during simulation (which takes some minutes to complete) allows to reproduce the problem more reliably. As already mentioned this Themida version doesn't like relay thunks so one has to limit the number of debug channels.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/DesignSoft/Tina 11 - Demo
$ WINEDEBUG=+seh,+loaddll,+process,+ntdll,+server wine ./tina.exe >>log.txt 2>&1 ... <pause/cancel the simulation> ... 0009:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b446a4a ip=7b446a4a tid=0009 0009:trace:seh:raise_exception info[0]=00e1a0c7 0009:trace:seh:raise_exception info[1]=265471a0 0009:trace:seh:raise_exception info[2]=00000000 0009:trace:seh:raise_exception info[3]=0469de48 0009:trace:seh:raise_exception info[4]=0469dd0c 0009:trace:seh:raise_exception info[5]=0469dbb4 0009:trace:seh:raise_exception info[6]=0469db9c 0009:trace:seh:raise_exception eax=7b4351ad ebx=00000000 ecx=00000000 edx=0469de48 esi=0469de48 edi=0469dd0c 0009:trace:seh:raise_exception ebp=0469db58 esp=0469daf4 cs=0023 ds=524f002b es=5753002b fs=57530063 gs=4354006b flags=00000212 0009:trace:seh:call_stack_handlers calling handler at 0xe1a0dd code=eedfade flags=1 0009:trace:seh:call_stack_handlers handler at 0xe1a0dd returned 1 0009:trace:seh:call_stack_handlers calling handler at 0xe1a366 code=eedfade flags=1 0009:trace:seh:call_stack_handlers handler at 0xe1a366 returned 1 0009:trace:seh:call_stack_handlers calling handler at 0xe1a6de code=eedfade flags=1 0009:trace:seh:call_stack_handlers handler at 0xe1a6de returned 1 0009:trace:seh:call_stack_handlers calling handler at 0xe24c17 code=eedfade flags=1 0009:trace:seh:__regs_RtlUnwind code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind eax=00000000 ebx=0469de2c ecx=0469db00 edx=00e1a0c7 esi=0469d6a0 edi=524f002b 0009:trace:seh:__regs_RtlUnwind ebp=0040b370 esp=0469d66c eip=7b520023 cs=0246 ds=002b fs=002b gs=0063 flags=0469d65c 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc911fd code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc911fd returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xe1a0dd code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xe1a366 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xe1a6de code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc9194b ip=7bc9194b tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=ffffffff 0009:trace:seh:raise_exception eax=0469cd20 ebx=0469d290 ecx=00000000 edx=00000000 esi=7b520023 edi=00000063 0009:trace:seh:raise_exception ebp=0469cf38 esp=0469cd10 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0009:trace:seh:call_stack_handlers calling handler at 0xe24c17 code=c0000005 flags=0 0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind eax=00000000 ebx=0469de2c ecx=0469ccb8 edx=7bc9194b esi=0469c840 edi=0000002b 0009:trace:seh:__regs_RtlUnwind ebp=0040b370 esp=0469c80c eip=00640023 cs=0246 ds=002b fs=002b gs=0063 flags=0469c7fc 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc911fd code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc911fd returned 1 0009:fixme:seh:set_cpu_context setting partial context (468c544) not supported ... 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xacf209 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xad0ecc code=eedfade flags=3 ... 0009:trace:ntdll:NtWriteFile (0x1ac,(nil),(nil),(nil),0x469e450,0x27f97ee8,0x00000700,(nil),(nil))! 0009:trace:ntdll:NtWriteFile = SUCCESS (1792) 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 ... 0009: set_thread_context( handle=fffffffe, suspend=1, context={cpu=x86,ds=ed5e90,es=2239002b,fs=469002b,gs=7e620063,dr0=7e685bf8,dr1=7ffd8000,dr2=7e688bb0,dr3=223993b8,dr6=0469e6b0,dr7=00000000,fp.ctrl=0469e6a8,fp.status=7bc4d26b,fp.tag=7e685bf8,fp.err_off=ffffffff,fp.err_sel=0469e6d8,fp.data_off=7bc4dd69,fp.data_sel=7e685bf8,fp.cr0npx=0013006b,fp.reg0=-nan,fp.reg1=-nan,fp.reg2=8.98966e-4933,fp.reg3=2.21202e-4592,fp.reg4=-nan,fp.reg5=nan,fp.reg6=-nan,fp.reg7=1.5086e-4926,extended={...}} ) 0009: *signal* signal=19 0009: set_thread_context() = 0 { self=1 } ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc9194b ip=7bc9194b tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=ffffffff 0009:trace:seh:raise_exception eax=0469e020 ebx=0469e590 ecx=00000000 edx=00000000 esi=22000023 edi=00000063 0009:trace:seh:raise_exception ebp=0469e238 esp=0469e010 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0009:trace:seh:call_stack_handlers calling handler at 0xad0ee3 code=c0000005 flags=0 ... 0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind eax=00000000 ebx=0469f200 ecx=0469dfb8 edx=7bc9194b esi=0469db40 edi=00ad0efc 0009:trace:seh:__regs_RtlUnwind ebp=0040b4f8 esp=0469db08 eip=00790023 cs=0202 ds=2760 fs=002b gs=0063 flags=0469daf8 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc911fd code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc911fd returned 1 0009:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b446a4a ip=7b446a4a tid=0009 0009:trace:seh:raise_exception info[0]=004d349d 0009:trace:seh:raise_exception info[1]=265f5630 0009:trace:seh:raise_exception info[2]=27a0bbd0 0009:trace:seh:raise_exception info[3]=2659ae3c 0009:trace:seh:raise_exception info[4]=27a0bbd0 0009:trace:seh:raise_exception info[5]=0469d908 0009:trace:seh:raise_exception info[6]=0469d8d0 0009:trace:seh:raise_exception eax=7b4351ad ebx=27a0bbd0 ecx=00000000 edx=2659ae3c esi=2659ae3c edi=27a0bbd0 0009:trace:seh:raise_exception ebp=0469d898 esp=0469d834 cs=7bc40023 ds=469002b es=ffff002b fs=1f6b0063 gs=7bc4006b flags=00000212 0009:trace:seh:call_stack_handlers calling handler at 0x54e4da code=eedfade flags=1 0009:trace:seh:call_stack_handlers handler at 0x54e4da returned 1 0009:trace:seh:call_stack_handlers calling handler at 0x5de78c code=eedfade flags=1 ... 0009:trace:seh:call_stack_handlers handler at 0x554067 returned 1 0009:trace:seh:call_stack_handlers calling handler at 0x554078 code=eedfade flags=1 0009:trace:seh:__regs_RtlUnwind code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind eax=00000000 ebx=0469f694 ecx=0469d840 edx=004d349d esi=0469d3e0 edi=0469002b 0009:trace:seh:__regs_RtlUnwind ebp=0040b370 esp=0469d3ac eip=00000023 cs=0246 ds=002b fs=002b gs=0063 flags=0469d39c 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc911fd code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc911fd returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0x54e4da code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0x5de78c code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xe0b98e code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xe0be6a code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0x40b524 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b624 returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xad1295 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xb5b9fa code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0xb59bf5 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0x111c4c0 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0x554067 code=eedfade flags=3 0009:trace:seh:__regs_RtlUnwind handler at 0x40b5cc returned 1 0009: set_thread_context( handle=fffffffe, suspend=1, context={cpu=x86,ds=ffff002b,es=469002b,fs=61002b,gs=4690063,eax=00000000,ebx=0469f694,ecx=0469d840,edx=004d349d,esi=0469d3e0,edi=0469002b,dr0=00000000,dr1=7bcc4a14,dr2=00000021,dr3=0469d720,dr6=0039002e,dr7=0469f6b8,fp.ctrl=7bcc4a2e,fp.status=0469d730,fp.tag=00430043,fp.err_off=0469d118,fp.err_sel=7e62f8a4,fp.data_off=223abbb0,fp.data_sel=00000048,fp.cr0npx=280d006b,fp.reg0=-nan,fp.reg1=2.08243e-4592,fp.reg2=-nan,fp.reg3=7.94645e+4807,fp.reg4=-nan,fp.reg5=6.96496e+4808,fp.reg6=nan,fp.reg7=4.04053e-4913,extended={...} ) 0009: *signal* signal=19 0009: set_thread_context() = INVALID_PARAMETER { self=1 } ... 0009: set_window_text( handle=000105ac, text=L"Access violation at address 7BC9194B in module 'ntdll.dll'. Read of address FFFFFFFF." ) --- snip ---
Disassembly pointed to inlined ntdll 'restore_fpux':
--- snip --- 7BC918FB 55 PUSH EBP 7BC918FC 89E5 MOV EBP,ESP 7BC918FE 81EC 28020000 SUB ESP,228 7BC91904 8D85 E4FDFFFF LEA EAX,[EBP-21C] 7BC9190A 83C0 0F ADD EAX,0F 7BC9190D 83E0 F0 AND EAX,FFFFFFF0 7BC91910 8945 F4 MOV DWORD PTR SS:[EBP-0C],EAX 7BC91913 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 7BC91916 05 CC000000 ADD EAX,0CC 7BC9191B 83EC 04 SUB ESP,4 7BC9191E 68 00020000 PUSH 200 7BC91923 50 PUSH EAX 7BC91924 FF75 F4 PUSH DWORD PTR SS:[EBP-0C] 7BC91927 E8 6416F47B CALL F7BD2F90 ; memcpy 7BC9192C 83C4 10 ADD ESP,10 7BC9192F 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0C] 7BC91932 0FB750 02 MOVZX EDX,WORD PTR DS:[EAX+2] 7BC91936 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0C] 7BC91939 0FB700 MOVZX EAX,WORD PTR DS:[EAX] 7BC9193C 83C8 80 OR EAX,FFFFFF80 7BC9193F 21C2 AND EDX,EAX 7BC91941 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0C] 7BC91944 66:8950 02 MOV WORD PTR DS:[EAX+2],DX 7BC91948 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0C] 7BC9194B 0FAE08 FXRSTOR DS:[EAX] ; *boom* 7BC9194E 90 NOP 7BC9194F C9 LEAVE 7BC91950 C3 RETN --- snip ---
--> RtlUnwind --> RtlCaptureContext --> __regs_RtlUnwind --> NtSetContextThread --> set_cpu_context (self) --> restore_fpux (inlined)
This gave some hints to make a guess which pointed to this:
https://source.winehq.org/git/wine.git/commitdiff/342e2cabd21c5a836683ac30e2...
--- quote --- ntdll: Avoid pushl %esp instruction in RtlUnwind prolog. author Alexandre Julliard julliard@winehq.org Fri, 9 Mar 2018 19:47:01 +0000 (13:47 -0600) committer Alexandre Julliard julliard@winehq.org Fri, 9 Mar 2018 19:47:01 +0000 (13:47 -0600) commit 342e2cabd21c5a836683ac30e260ec4944eeac6b --- quote ---
Indeed, reverting the commit on master HEAD (Wine 3.8) made the issue immediately reappear.
There is bug 44647 which has the same "fixed by commit sha1" and had a proper regression commit bisected (https://source.winehq.org/git/wine.git/commitdiff/dc63fbf98d1af6396533a9af2c...).
Although this ticket is older, bug 44647 has already been resolved for Wine 3.4 and selected for 3.x stable.
Resolving as duplicate of bug 44647 here and refining its summary.
$ sha1sum Tina110en.exe f6dc4047c61e9f12f7e5d1afae3b63c32c471103 Tina110en.exe
$ du -sh Tina110en.exe 230M Tina110en.exe
$ wine --version wine-3.8
Regards
*** This bug has been marked as a duplicate of bug 44647 ***