https://bugs.winehq.org/show_bug.cgi?id=51683
Bug ID: 51683 Summary: RtlCreateTimer crash Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: deltaconnected@gmail.com Distribution: ---
dlls/ntdll/threadpool.c
In RtlCreateTimer, NewTimer is being set after RtlLeaveCriticalSection, which seems to allow callbacks created with DueTime == 0 to execute and finish and delete an invalid timer before the scheduling thread is switched back.
https://bugs.winehq.org/show_bug.cgi?id=51683
--- Comment #1 from deltaconnected@gmail.com --- Created attachment 70552 --> https://bugs.winehq.org/attachment.cgi?id=70552 Proposed change
https://bugs.winehq.org/show_bug.cgi?id=51683
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #2 from Zebediah Figura z.figura12@gmail.com --- The only way I can imagine that would change anything is if "NewTimer" points to some memory address that is also used by the callback (or by other concurrent code). Does Windows really offer such guarantees in this case? Is there a known application that depends on this behaviour?
https://bugs.winehq.org/show_bug.cgi?id=51683
--- Comment #3 from deltaconnected@gmail.com --- https://www.deltaconnected.com/arcdps/
I put data I read out of the main game thread into a timerqueue to process to avoid stalling the main game thread (and causing stuttering) -- CreateTimerQueueTimer(&ev->timer, 0, (WAITORTIMERCALLBACK)procengineevent, ev, 0, 0, WT_EXECUTEDEFAULT). In the callback -- DeleteTimerQueueTimer(0, ev->timer, 0). Changing DueTime from 0 to 10 in CreateTimerQueueTimer in a DLL I gave my Wine users seems to have entirely eliminated the crashing with RtlDeleteTimer in the stack trace. Windows doesn't experience this behaviour.
https://bugs.winehq.org/show_bug.cgi?id=51683
Dmitry Skvortsov (Iglu47) lvb.crd@protonmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lvb.crd@protonmail.com
https://bugs.winehq.org/show_bug.cgi?id=51683
--- Comment #4 from Dmitry Skvortsov (Iglu47) lvb.crd@protonmail.com --- Presently there is a issue with frequent crashes of Guild wars 2 with Arcdps (probably Bug 50612 is a variation of this problem and one of these reports will be a duplicate of the other). But I still cannot find clear steps or conditions for reproducing the problem (for my system, crashes occur more often if I additionally load the system with playing any video).
I also tried that test build of Arcdps and on it I have not yet encountered crashes inside DeleteTimerQueueEx and DeleteTimerQueueTimer on the Wine side, which currently often happen on public version of Arcdps (due to the lack of steps to reproduce, I would continue testing further, although perhaps this is and is not required if it is known that this does not completely solve the problem).