https://bugs.winehq.org/show_bug.cgi?id=45473
Andrew Eikum aeikum@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |aeikum@codeweavers.com
--- Comment #6 from Andrew Eikum aeikum@codeweavers.com --- I don't think the mixer thread is involved. Just glancing through the comments and the log, it looks like the object is being destroyed on thread 0074 while it is being used on thread 0070:
0070:trace:dsound:IDirectSoundBufferImpl_GetCurrentPosition playpos = 237256, writepos = 238136, buflen=705600 (0x16a950, time=40528520) 0074:trace:dsound:IDirectSoundNotifyImpl_Release (0x16a950) ref is now 0 0074:trace:dsound:DirectSoundDevice_RemoveBuffer (0x15c4b8, 0x16a950) 0074:trace:dsound:DirectSoundDevice_RemoveBuffer buffer count is now 0 0074:trace:dsound:secondarybuffer_destroy (0x16a950) released 0074:trace:dsound:IDirectSoundBufferImpl_Release (0x16a950) ref is now 0 wine: Unhandled page fault on read access to 0x00000024 at address 0x59729f (thread 0070), starting debugger... Backtrace: =>0 0x0059729f in rogue squadron (+0x19729f) (0x021efea0) 1 0x00597618 in rogue squadron (+0x197617) (0x021efed0) 2 0x00597869 in rogue squadron (+0x197868) (0x021efedc) 3 0x7bc88be8 call_thread_func_wrapper+0xb() in ntdll (0x021efeec) 4 0x7bc8bf99 call_thread_func+0xcb() [/home/alesliehughes/source/wine-alesliehughes/dlls/ntdll/signal_i386.c:2772] in ntdll (0x021effdc) 5 0x7bc88bda call_thread_entry+0x9() in ntdll (0x021effec)
Thread 0070 isn't the mixer thread, it's some game thread (the mixer thread is 006f). It looks like a use-after-free error in the game. Possibly we're missing a reference that we should be holding, or the game is looking for some notification of destruction that we're never sending. I'd write a test duplicating this behavior on native, checking refcount values and notify callback behavior.