[Bug 27620] New: RIFT 1.3 hotfix 2 hangs, weird behavior with vectored exception handlers
http://bugs.winehq.org/show_bug.cgi?id=27620
Summary: RIFT 1.3 hotfix 2 hangs, weird behavior with vectored exception handlers Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: jeff@licquia.org
Created an attachment (id=35305) --> (http://bugs.winehq.org/attachment.cgi?id=35305) Trace with unchanged wine 1.3.23, +process,+seh,+tid
The game RIFT hangs as of 1.3 hotfix 2; after logging in, the game window appears and the startup music plays, but does not display the progress display for loading characters.
This is being reported widely on a number of configurations, but I'm on Ubuntu 11.04, NVidia GeForce GT 430 w/ 270.41.06 drivers as shipped by Ubuntu. Tested on everything from the C-Korn PulseAudio-patched PPA Wine (1.3.22) to current git HEAD (tagged as wine-1.3.23).
I've been trying to figure this out on my own, and have made some progress. The problem is in the vectored exception handlers; one of the threads tries to set a name for itself via the 406d1388 exception trick. Unfortunately, the top vectored exception handler list entry appears to be garbage, and its handler function almost immediately throws an c0000005 exception. This re-calls the garbage handler, which trips, causing another call, and so on. Eventually the thread runs out of stack and is forcibly aborted. Since the other threads are waiting on this thread to do something interesting, the game hangs.
I've patched ntdll to include some extra tracing information and debug hooks, including a complete dump of the vectored handler list on every exception and every call to RtlAddVectoredExceptionHandler. In this trace, all calls to RtlAddVectoredExceptionHandler appear to make sense; the call is made, and the resulting list reflects the current call and all known preceding calls. But then, when the exception to add the thread name is hit, a new exception handler appears to have been added before the others without calling RtlAddVectoredExceptionHandler.
I was able to set a watch on the list, with a condition that basically meant "don't trip if we're in RtlAddVectoredExceptionHandler". As far as I can tell, we're inside the RIFT executable at that point, so I'm at the end of my abilities here.
Will attach traces with unpatched and patched Wine, plus a debug transcript for setting the watchpoint.
http://bugs.winehq.org/show_bug.cgi?id=27620
--- Comment #1 from Jeff Licquia jeff@licquia.org 2011-06-27 10:12:37 CDT --- Created an attachment (id=35306) --> (http://bugs.winehq.org/attachment.cgi?id=35306) Trace with patched wine 1.3.23, +process,+seh,+tid
http://bugs.winehq.org/show_bug.cgi?id=27620
--- Comment #2 from Jeff Licquia jeff@licquia.org 2011-06-27 10:13:39 CDT --- Created an attachment (id=35307) --> (http://bugs.winehq.org/attachment.cgi?id=35307) Trace and debug hook patch
http://bugs.winehq.org/show_bug.cgi?id=27620
--- Comment #3 from Jeff Licquia jeff@licquia.org 2011-06-27 10:15:53 CDT --- Created an attachment (id=35308) --> (http://bugs.winehq.org/attachment.cgi?id=35308) winedbg session with watch on vectored_handlers
http://bugs.winehq.org/show_bug.cgi?id=27620
mickski56@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #4 from mickski56@hotmail.com 2011-06-27 13:34:49 CDT --- *** This bug has been confirmed by popular vote. ***
http://bugs.winehq.org/show_bug.cgi?id=27620
--- Comment #5 from Jeff Licquia jeff@licquia.org 2011-06-27 22:21:17 CDT --- FWIW, Trion has put some time into this bug, and apparently a patch is on its way.
http://forums.riftgame.com/showthread.php?215541-pm-patch-6-24&p=2700410...
Rumor has it the hotfix may land Wednesday.
http://bugs.winehq.org/show_bug.cgi?id=27620
--- Comment #6 from Jeff Licquia jeff@licquia.org 2011-06-29 09:33:47 CDT --- A fix appears to also have been committed to git that reportedly fixes the problem (30cb179fe2b9291de7ce9e8784768b70a82f593d). Will test when I have a chance.
http://bugs.winehq.org/show_bug.cgi?id=27620
mickski56@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mickski56@hotmail.com
--- Comment #7 from mickski56@hotmail.com 2011-06-29 10:02:35 CDT --- (In reply to comment #6)
A fix appears to also have been committed to git that reportedly fixes the problem (30cb179fe2b9291de7ce9e8784768b70a82f593d). Will test when I have a chance.
Works for me. Thanks to the wine team & I believe codeweavers.
http://bugs.winehq.org/show_bug.cgi?id=27620
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #8 from Alexandre Julliard julliard@winehq.org 2011-06-29 10:16:02 CDT --- Fixed.
http://bugs.winehq.org/show_bug.cgi?id=27620
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Alexandre Julliard julliard@winehq.org 2011-07-08 13:48:26 CDT --- Closing bugs fixed in 1.3.24.
-
wine-bugs@winehq.org