https://bugs.winehq.org/show_bug.cgi?id=56334
Bug ID: 56334 Summary: Page fault when querying dinput8_a_EnumDevices Product: Wine Version: 9.2 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: dinput Assignee: wine-bugs@winehq.org Reporter: leonicolas@gmail.com Distribution: ---
Created attachment 76066 --> https://bugs.winehq.org/attachment.cgi?id=76066 Unhandled exception: page fault on read access to 0x00000006 in wow64 32-bit code (0x7bd37250).
This error happens when I try to run a game I'm developing on the MMBasic For Windows environment over Wine. I have tried different Wine versions, including the last dev version (9.2). The error only happens if I have the gamepad connected to the computer.
This is the MMBasic For Windows interpreter I'm using: https://www.thebackshed.com/forum/uploads/matherp/2023-12-24_033644_MMBasic....
This is the game repo: https://github.com/leonicolas/knightmare-cmm2/
To run the interpreter environment: wine MMBasic_input.exe &> /dev/null
To run the game:
chdir"the/game/path" Usually the root folder is your Documents folder run"km.bas"
Wine crashes with the attached backtrace after running the run"km.bas" command.
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #1 from Andrew Nguyen arethusa26@gmail.com --- Created attachment 76068 --> https://bugs.winehq.org/attachment.cgi?id=76068 WINEDEBUG=warn+heap,+dinput,+wbemprox,+tid trace
I can confirm the issue in wine-9.2-162-g90103fa07e5 with a virtual Xbox 360 controller attached when running MMBasic as described.
The crash doesn't consistently occur on every run, but it is reliably triggered if heap validation is enabled with WINEDEBUG=warn+heap.
When MMBasic is running, a thread periodically polls for gamepad devices by calling IDirectInput8::EnumDevices. For each device, it queries WMI for information from the Win32_PnPEntity concerning the enumerated device.
When the run command is executed in MMBasic, another thread is spawned which seems to execute the same duplicate logic as the initial polling thread with its own instances of the relevant DirectInput and WMI interfaces.
When the two threads query WMI concurrently, it's possible for the internal data structures in Wine's WMI implementation to be unsafely modified concurrently, as the current implementation doesn't seem to properly support queries issued from two independent IWbemServices instances. This results in the crash on HeapFree that is observed.
Practically speaking, I wonder if the duplicate thread spawn is something MMBasic really needs to do. It may not really be necessary for gamepad support, and avoiding the concurrent WMI querying would work around this bug in Wine.
https://bugs.winehq.org/show_bug.cgi?id=56334
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Component|dinput |wmi&wbemprox URL| |https://www.thebackshed.com | |/forum/uploads/matherp/2023 | |-12-24_033644_MMBasic.zip Ever confirmed|0 |1
--- Comment #2 from Andrew Nguyen arethusa26@gmail.com --- Confirming the bug.
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #3 from Hans Leidekker hans@meelstraat.net --- Created attachment 76078 --> https://bugs.winehq.org/attachment.cgi?id=76078 wbemprox: Protect tables with a critical section.
Can you try this patch?
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #4 from Leonardo Berardino leonicolas@gmail.com --- Yes, I can try it today. I will add a new comment as soon as I complete the tests. Thank you for the patch.
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #5 from Leonardo Berardino leonicolas@gmail.com --- Hans
I applied your patch to the code from the master branch. I tested MMBasic with an Xbox GamePad, and it worked fine, with no crashes.
Thank you very much Leo
https://bugs.winehq.org/show_bug.cgi?id=56334
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |9015eebf87e3de8f9c541299e52 | |9c9667cc4847b Resolution|--- |FIXED
--- Comment #6 from Andrew Nguyen arethusa26@gmail.com --- I can confirm that the crash no longer occurs in wine-9.3. Resolving fixed.
https://bugs.winehq.org/show_bug.cgi?id=56334
JK_STAR 398063392@qq.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |398063392@qq.com
--- Comment #7 from JK_STAR 398063392@qq.com --- After this submission, many of my .NET 6 programs that call WMI interfaces cannot exit.
0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec) 0024:fixme:ntdll:EtwEventSetInformation (deadbeef, 2, 00007F511C68C3B8, 64) stub 0024:fixme:win:UnregisterPowerSettingNotification (00000000DEADBEEF): stub 0024:fixme:wtsapi:WTSUnRegisterSessionNotification Stub 00000000000C006A 0024:fixme:dwmapi:DwmDetachMilContent (0000000000010068) stub 0130:fixme:thread:NtQueryInformationThread ThreadIsIoPending info class not supported yet 0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec)
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #8 from Hans Leidekker hans@meelstraat.net --- (In reply to JK_STAR from comment #7)
After this submission, many of my .NET 6 programs that call WMI interfaces cannot exit.
0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec) 0024:fixme:ntdll:EtwEventSetInformation (deadbeef, 2, 00007F511C68C3B8, 64) stub 0024:fixme:win:UnregisterPowerSettingNotification (00000000DEADBEEF): stub 0024:fixme:wtsapi:WTSUnRegisterSessionNotification Stub 00000000000C006A 0024:fixme:dwmapi:DwmDetachMilContent (0000000000010068) stub 0130:fixme:thread:NtQueryInformationThread ThreadIsIoPending info class not supported yet 0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec)
This deserves a new bug report. Can you point to an example program that shows the problem?
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #9 from JK_STAR 398063392@qq.com --- download https://winrobot-pub-a-cos.winrobot360.com/client/install/ShadowBot-5.14.38-... and install it,and run "C:\Program Files (x86)\ShadowBot\shadowbot-5.14.38\ShadowBot.Shell.LicenseTool.exe" in it, will shows the problem. and the main app "ShadowBot.Shell.exe" can not exit also. (In reply to Hans Leidekker from comment #8)
(In reply to JK_STAR from comment #7)
After this submission, many of my .NET 6 programs that call WMI interfaces cannot exit.
0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec) 0024:fixme:ntdll:EtwEventSetInformation (deadbeef, 2, 00007F511C68C3B8, 64) stub 0024:fixme:win:UnregisterPowerSettingNotification (00000000DEADBEEF): stub 0024:fixme:wtsapi:WTSUnRegisterSessionNotification Stub 00000000000C006A 0024:fixme:dwmapi:DwmDetachMilContent (0000000000010068) stub 0130:fixme:thread:NtQueryInformationThread ThreadIsIoPending info class not supported yet 0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec)
This deserves a new bug report. Can you point to an example program that shows the problem?
https://bugs.winehq.org/show_bug.cgi?id=56334
--- Comment #10 from JK_STAR 398063392@qq.com --- (In reply to JK_STAR from comment #9)
download https://winrobot-pub-a-cos.winrobot360.com/client/install/ShadowBot-5.14.38- x64.exe and install it,and run "C:\Program Files (x86)\ShadowBot\shadowbot-5.14.38\ShadowBot.Shell.LicenseTool.exe" in it, will shows the problem. and the main app "ShadowBot.Shell.exe" can not exit also. (In reply to Hans Leidekker from comment #8)
(In reply to JK_STAR from comment #7)
After this submission, many of my .NET 6 programs that call WMI interfaces cannot exit.
0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec) 0024:fixme:ntdll:EtwEventSetInformation (deadbeef, 2, 00007F511C68C3B8, 64) stub 0024:fixme:win:UnregisterPowerSettingNotification (00000000DEADBEEF): stub 0024:fixme:wtsapi:WTSUnRegisterSessionNotification Stub 00000000000C006A 0024:fixme:dwmapi:DwmDetachMilContent (0000000000010068) stub 0130:fixme:thread:NtQueryInformationThread ThreadIsIoPending info class not supported yet 0134:err:sync:RtlpWaitForCriticalSection section 00006FFFF9830F00 "../wine/dlls/wbemprox/table.c: table_cs" wait timed out in thread 0134, blocked by 0024, retrying (60 sec)
This deserves a new bug report. Can you point to an example program that shows the problem?
It looks like this issue has been fixed in the latest e7ff2688c8042fb6d7af163480b1d2ec849d0dee commit, thanks.
https://bugs.winehq.org/show_bug.cgi?id=56334
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #11 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 9.4.
https://bugs.winehq.org/show_bug.cgi?id=56334
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |9.0.x
-
WineHQ Bugzilla