[Bug 38908] New: PlanetSide 2 v5.2.4.x launcher process exit causes wineserver crash

https://bugs.winehq.org/show_bug.cgi?id=38908

Bug ID: 38908 Summary: PlanetSide 2 v5.2.4.x launcher process exit causes wineserver crash Product: Wine Version: 1.7.47 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: wineserver Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---

Hello folks,

found this by chance ...

--- snip --- (gdb) c Continuing.

Program received signal SIGSEGV, Segmentation fault. 0x000000000042733a in grab_object (ptr=0x0) at /home/focht/projects/wine/wine.repo/src/server/object.c:298 298 assert( obj->refcount < INT_MAX ); (gdb) bt #0 0x000000000042733a in grab_object (ptr=0x0) at /home/focht/projects/wine/wine.repo/src/server/object.c:298 #1 0x0000000000410da7 in add_irp_to_queue (file=0x2a8e9a0, irp=0x2a948f0) at /home/focht/projects/wine/wine.repo/src/server/device.c:347 #2 0x0000000000411189 in device_file_close_handle (obj=0x2a8e9a0, process=0x29e5a20, handle=104) at /home/focht/projects/wine/wine.repo/src/server/device.c:429 #3 0x000000000041c6fc in handle_table_destroy (obj=0x29e5ba0) at /home/focht/projects/wine/wine.repo/src/server/handle.c:175 #4 0x000000000042748a in release_object (ptr=0x29e5ba0) at /home/focht/projects/wine/wine.repo/src/server/object.c:313 #5 0x000000000041c7c7 in close_process_handles (process=0x29e5a20) at /home/focht/projects/wine/wine.repo/src/server/handle.c:194 #6 0x000000000042a132 in process_killed (process=0x29e5a20) at /home/focht/projects/wine/wine.repo/src/server/process.c:817 #7 0x000000000042a510 in remove_process_thread (process=0x29e5a20, thread=0x2a0c9e0) at /home/focht/projects/wine/wine.repo/src/server/process.c:883 #8 0x000000000044af03 in kill_thread (thread=0x2a0c9e0, violent_death=0) at /home/focht/projects/wine/wine.repo/src/server/thread.c:1107 #9 0x0000000000448836 in thread_poll_event (fd=0x2a0cc10, event=16) at /home/focht/projects/wine/wine.repo/src/server/thread.c:266 #10 0x0000000000415130 in fd_poll_event (fd=0x2a0cc10, event=16) at /home/focht/projects/wine/wine.repo/src/server/fd.c:446 #11 0x000000000041550a in main_loop_epoll () at /home/focht/projects/wine/wine.repo/src/server/fd.c:541 #12 0x0000000000415b1c in main_loop () at /home/focht/projects/wine/wine.repo/src/server/fd.c:886 #13 0x0000000000420fa5 in main (argc=1, argv=0x7ffdb89b57c8) at /home/focht/projects/wine/wine.repo/src/server/main.c:148

(gdb) frame 1

#1 0x0000000000410da7 in add_irp_to_queue (file=0x2a8e9a0, irp=0x2a948f0) at /home/focht/projects/wine/wine.repo/src/server/device.c:347 347 irp->thread = (struct thread *)grab_object( current );

(gdb) p *file

$1 = {obj = {refcount = 2, handle_count = 1, ops = 0x4741e0 <device_file_ops>, wait_queue = {next = 0x2a8e9b0, prev = 0x2a8e9b0}, name = 0x0, sd = 0x0, obj_list = {next = 0x2a8eb30, prev = 0x2a8ea50}}, device = 0x29b18b0, fd = 0x2a8ea20, user_ptr = 1121136, entry = {next = 0x29b1918, prev = 0x29b1918}, requests = {next = 0x2a8ea08, prev = 0x2a8ea08}}

(gdb) p *irp

$2 = {obj = {refcount = 2, handle_count = 0, ops = 0x474060 <irp_call_ops>, wait_queue = {next = 0x2a94900, prev = 0x2a94900}, name = 0x0, sd = 0x0, obj_list = {next = 0x2a8f8d0, prev = 0x699580 <object_list>}}, dev_entry = {next = 0x5555555555555555, prev = 0x5555555555555555}, mgr_entry = { next = 0x5555555555555555, prev = 0x5555555555555555}, file = 0x2a8e9a0, thread = 0x5555555555555555, user_arg = 6148914691236517205, async = 0x0, status = 259, params = {major = 2, create = {major = 2, access = 13, sharing = 1121136, options = 0, device = 43932192}, close = {major = 2, __pad = 13, file = 1121136}, read = {major = 2, key = 13, file = 1121136, pos = 43932192}, write = {major = 2, key = 13, file = 1121136, pos = 43932192}, flush = { major = 2, __pad = 13, file = 1121136}, ioctl = {major = 2, code = 13, file = 1121136}}, result = 0, in_size = 0, in_data = 0x0, out_size = 0, out_data = 0x0}

$ (gdb) frame 2

#2 0x0000000000411189 in device_file_close_handle (obj=0x2a8e9a0, process=0x29e5a20, handle=104) at /home/focht/projects/wine/wine.repo/src/server/device.c:429 429 add_irp_to_queue( file, irp );

(gdb) p *obj

$5 = {refcount = 2, handle_count = 1, ops = 0x4741e0 <device_file_ops>, wait_queue = {next = 0x2a8e9b0, prev = 0x2a8e9b0}, name = 0x0, sd = 0x0, obj_list = { next = 0x2a8eb30, prev = 0x2a8ea50}}

(gdb) p *process

$4 = {obj = {refcount = 57, handle_count = 0, ops = 0x477080 <process_ops>, wait_queue = {next = 0x29e5a30, prev = 0x29e5a30}, name = 0x0, sd = 0x0, obj_list = {next = 0x2a07fe0, prev = 0x29fb160}}, entry = {next = 0x2a13e90, prev = 0x6995a0 <process_list>}, parent = 0x0, thread_list = { next = 0x29e5a78, prev = 0x29e5a78}, debugger = 0x0, handles = 0x0, msg_fd = 0x29fb130, id = 8, group_id = 8, sigkill_timeout = 0x0, cpu = CPU_x86, unix_pid = 1166, exit_code = 0, running_threads = 0, start_time = 130812070795368620, end_time = 130812071183535560, affinity = 15, priority = 2, suspend = 0, is_system = 0, debug_children = 0, is_terminating = 1, job = 0x0, job_entry = {next = 0x5555555555555555, prev = 0x5555555555555555}, locks = { next = 0x29e5b00, prev = 0x29e5b00}, classes = {next = 0x2a94200, prev = 0x2a8e770}, console = 0x2a10100, startup_state = STARTUP_DONE, startup_info = 0x0, idle_event = 0x2a6e170, winstation = 0, desktop = 0, token = 0x2a08770, dlls = {next = 0x2a6e5b0, prev = 0x2a94850}, peb = 2147348480, ldt_copy = 4151760128, trace_data = 0, rawinput_devices = {next = 0x29e5b78, prev = 0x29e5b78}, rawinput_mouse = 0x0, rawinput_kbd = 0x0}

--- snip ---

$ wine --version wine-1.7.47

Regards