[Bug 44897] New: Multiple applications using Crashpad/Chromium/ CEF in Win7+ mode crash on unimplemented function ntdll.RtlGetUnloadEventTraceEx (Steam client)
https://bugs.winehq.org/show_bug.cgi?id=44897
Bug ID: 44897 Summary: Multiple applications using Crashpad/Chromium/CEF in Win7+ mode crash on unimplemented function ntdll.RtlGetUnloadEventTraceEx (Steam client) Product: Wine Version: 3.5 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
related a bit to bug 44656 ("Multiple applications need ntdll.NtSuspendProcess and ntdll.NtResumeProcess implementation (Crashpad/Chromium/CEF, Oracle Data Visualization Desktop, cbwin)")
'steamwebhelper.exe' process crashes which triggers the crash reporting via 'Crashpad' (part of Chromium/CEF):
--- snip --- 00c9:trace:seh:raise_exception code=c0000005 flags=0 addr=0x18208dc ip=018208dc tid=00c9 00c9:trace:seh:raise_exception info[0]=00000000 00c9:trace:seh:raise_exception info[1]=0000002c 00c9:trace:seh:raise_exception eax=00000000 ebx=0000000c ecx=00000008 edx=00000000 esi=00000008 edi=00000008 00c9:trace:seh:raise_exception ebp=0033b7fc esp=0033b7f8 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210246 00c9:trace:seh:call_stack_handlers calling handler at 0x650a58 code=c0000005 flags=0 00c9:trace:seh:call_stack_handlers handler at 0x650a58 returned 1 00c9:trace:seh:call_stack_handlers calling handler at 0x650c98 code=c0000005 flags=0 00c9:trace:seh:call_stack_handlers handler at 0x650c98 returned 1 00c9:trace:seh:call_stack_handlers calling handler at 0x5953d0 code=c0000005 flags=0 00c9:trace:seh:call_stack_handlers handler at 0x5953d0 returned 1 00c9:trace:seh:call_stack_handlers calling handler at 0x7b48f4cc code=c0000005 flags=0 --- snip ---
Causing another crash in the crash reporting itself:
--- snip --- ... 0091:fixme:ntdll:NtSuspendProcess stub: 0xf0 [0402/195414.122:ERROR:scoped_process_suspend.cc(31)] NtSuspendProcess: <failed to retrieve error message (0x13d)> (0xc0000002) ... 0091:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=0091 0091:trace:seh:raise_exception info[0]=00000008 0091:trace:seh:raise_exception info[1]=00000000 0091:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=05acf7bc edx=ffffffff esi=05acfb08 edi=05acfb98 0091:trace:seh:raise_exception ebp=05acf7dc esp=05acf7cc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0091:trace:seh:call_stack_handlers calling handler at 0x7bcb17b2 code=c0000005 flags=0 wine: Unhandled page fault on execute access to 0x00000000 at address (nil) (thread 0091), starting debugger... --- snip ---
Disassembly of crash location:
--- snip --- ... 036C434D PUSH ESI 036C434E MOV ESI,libcef.04B7110C 036C4353 PUSH ESI 036C4354 CALL libcef.033EF85F 036C4359 CMP DWORD PTR DS:[4B7110C],-1 036C4360 POP ECX 036C4361 JNZ SHORT libcef.036C4341 036C4363 PUSH 1 036C4365 PUSH libcef.04611968 ; ASCII "::NtSuspendProcess" 036C436A PUSH libcef.048759CC ; UNICODE "ntdll.dll" 036C436F CALL libcef.02B21EEF 036C4374 PUSH ESI 036C4375 MOV DWORD PTR DS:[4B71108],EAX 036C437A CALL libcef.033EF820 036C437F ADD ESP,10 036C4382 JMP SHORT libcef.036C4341 036C4384 PUSH EBP 036C4385 MOV EBP,ESP 036C4387 MOV EAX,DWORD PTR FS:[2C] 036C438D MOV ECX,DWORD PTR DS:[4B6E5A4] 036C4393 MOV ECX,DWORD PTR DS:[EAX+ECX*4] 036C4396 MOV EAX,DWORD PTR DS:[4B7111C] 036C439B CMP EAX,DWORD PTR DS:[ECX+18] 036C43A1 JLE SHORT libcef.036C43A6 036C43A3 JMP SHORT libcef.036C43B7 036C43A5 POP ESI 036C43A6 PUSH DWORD PTR SS:[EBP+10] 036C43A9 PUSH DWORD PTR SS:[EBP+C] 036C43AC PUSH DWORD PTR SS:[EBP+8] 036C43AF CALL DWORD PTR DS:[4B71118] 036C43B5 POP EBP 036C43B6 RETN 036C43B7 PUSH ESI 036C43B8 MOV ESI,libcef.04B7111C 036C43BD PUSH ESI 036C43BE CALL libcef.033EF85F 036C43C3 CMP DWORD PTR DS:[4B7111C],-1 036C43CA POP ECX 036C43CB JNZ SHORT libcef.036C43A5 036C43CD PUSH 1 036C43CF PUSH libcef.04611990 ; ASCII "::RtlGetUnloadEventTraceEx" 036C43D4 PUSH libcef.048759CC ; UNICODE "ntdll.dll" 036C43D9 CALL libcef.02B21EEF 036C43DE PUSH ESI 036C43DF MOV DWORD PTR DS:[4B71118],EAX ... --- snip ---
Source code:
https://github.com/electron/crashpad/blob/HEAD/snapshot/win/process_snapshot...
--- snip --- void ProcessSnapshotWin::InitializeUnloadedModules() { // As documented by https://msdn.microsoft.com/en-us/library/cc678403.aspx // we can retrieve the location for our unload events, and use that address in // the target process. Unfortunately, this of course only works for // 64-reading-64 and 32-reading-32, so at the moment, we simply do not // retrieve unloaded modules for 64-reading-32. See // https://crashpad.chromium.org/bug/89.
#if defined(ARCH_CPU_X86_64) if (!process_reader_.Is64Bit()) { LOG(ERROR) << "reading unloaded modules across bitness not currently supported"; return; } using Traits = process_types::internal::Traits64; #elif defined(ARCH_CPU_X86) using Traits = process_types::internal::Traits32; #else #error port #endif
ULONG* element_size; ULONG* element_count; void* event_trace_address; RtlGetUnloadEventTraceEx(&element_size, &element_count, &event_trace_address);
if (*element_size < sizeof(RTL_UNLOAD_EVENT_TRACE<Traits>)) { LOG(ERROR) << "unexpected unloaded module list element size"; return; } ... --- snip ---
Surprise surprise .. some Wine-Staging patchset exists:
https://github.com/wine-staging/wine-staging/tree/master/patches/ntdll-RtlGe...
There is a bit tracebility here:
https://dev.wine-staging.com/patches/88/
--- quote --- Adding a stub is a bit difficult as this function can not fail and chromium tries to access the address unless it encounters a suspicious element size. Setting the size to zero causes chromium to print a warning without accessing the memory address. --- quote ---
$ wine --version wine-3.5
Regards
https://bugs.winehq.org/show_bug.cgi?id=44897
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Staged patchset| |https://github.com/wine-sta | |ging/wine-staging/tree/mast | |er/patches/ntdll-RtlGetUnlo | |adEventTraceEx Status|NEW |STAGED See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=44656 Keywords| |source
https://bugs.winehq.org/show_bug.cgi?id=44897
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=44897
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://www.google.com/chro | |me/ Keywords| |download
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Encountered with Chrome v69 installer while looking at bug 45347
--- snip --- $ WINEDEBUG=+seh,+relay,+propsys wine ./ChromeStandaloneSetup.exe >>log.txt 2>&1 ... 00a1:Call KERNEL32.CreateProcessW(006c3c68 L"C:\users\focht\Temp\CR_81A1A.tmp\setup.exe",006c44d8 L"C:\users\focht\Temp\CR_81A1A.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\windows\temp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=v"...,00000000,00000000,00000001,00080000,00000000,00000000,0033f460,0033f5a8) ret=004585b1 ... 00a3:Call KERNEL32.__wine_kernel_init() ret=7bc6d5de 00a1:Ret KERNEL32.CreateProcessW() retval=00000001 ret=004585b1 ... 00a1:Call KERNEL32.CreateFileW(006c3f40 L"\\.\pipe\crashpad_160_XXAAXOAYFJLNINRO",c0000000,00000000,00000000,00000003,00110000,00000000) ret=00489842 00a1:Ret KERNEL32.CreateFileW() retval=00000074 ret=00489842 00a1:Call KERNEL32.SetNamedPipeHandleState(00000074,0033f35c,00000000,00000000) ret=004898c1 00a1:Ret KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=004898c1 00a1:Call KERNEL32.TransactNamedPipe(00000074,0033f4d8,00000024,0033f448,0000000c,0033f358,00000000) ret=004898e0 ... 00a3:Ret KERNEL32.CreateThread() retval=000000b0 ret=004a2638 00a3:Call KERNEL32.CreateNamedPipeW(006d1000 L"\\.\pipe\crashpad_160_XXAAXOAYFJLNINRO",00000003,00000006,00000002,00000200,00000200,00000000,00000000) ret=00489aad ... 00a1:Call KERNEL32.RaiseException(80000100,00000001,00000002,0033f170) ret=7d8be095 00a1:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b4473c3 ip=7b4473c3 tid=00a1 00a1:trace:seh:raise_exception info[0]=7d8be0c0 00a1:trace:seh:raise_exception info[1]=7d8be125 wine: Call from 0x7b4473c3 to unimplemented function propsys.dll.InitPropVariantFromCLSID, aborting 00a1:trace:seh:call_stack_handlers calling handler at 0x4f1a20 code=80000100 flags=1 00a1:Call KERNEL32.GetLastError() ret=005084b6 00a1:Ret KERNEL32.GetLastError() retval=00000042 ret=005084b6 00a1:trace:seh:call_stack_handlers handler at 0x4f1a20 returned 1 00a1:trace:seh:call_stack_handlers calling handler at 0x7b49040f code=80000100 flags=1 ... 00a1:Call KERNEL32.SetEvent(00000078) ret=00458f1a ... 00a7:Call KERNEL32.LoadLibraryW(005226a2 L"ntdll.dll") ret=0048a0fc 00a7:Ret KERNEL32.LoadLibraryW() retval=7bc30000 ret=0048a0fc 00a7:Call KERNEL32.GetProcAddress(7bc30000,0052739c "NtSuspendProcess") ret=0048a125 00a7:Ret KERNEL32.GetProcAddress() retval=7bc377ac ret=0048a125 00a7:Call ntdll.RtlWakeAllConditionVariable(005454e4) ret=004ee016 00a7:Ret ntdll.RtlWakeAllConditionVariable() retval=00000000 ret=004ee016 00a7:Call ntdll.NtSuspendProcess(00000084) ret=0048cefb 00a7:fixme:ntdll:NtSuspendProcess stub: 0x84 00a7:Ret ntdll.NtSuspendProcess() retval=c0000002 ret=0048cefb ... 00a7:Call KERNEL32.LoadLibraryW(005226a2 L"ntdll.dll") ret=0048a0fc 00a7:Ret KERNEL32.LoadLibraryW() retval=7bc30000 ret=0048a0fc 00a7:Call KERNEL32.GetProcAddress(7bc30000,005273c1 "RtlGetUnloadEventTraceEx") ret=0048a125 00a7:Ret KERNEL32.GetProcAddress() retval=00000000 ret=0048a125 00a7:Call ntdll.RtlWakeAllConditionVariable(005454e4) ret=004ee016 00a7:Ret ntdll.RtlWakeAllConditionVariable() retval=00000000 ret=004ee016 00a7:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=00a7 00a7:trace:seh:raise_exception info[0]=00000008 00a7:trace:seh:raise_exception info[1]=00000000 00a7:trace:seh:raise_exception eax=00000000 ebx=00cff884 ecx=7bc39bdc edx=ffffffff esi=00cff88c edi=00cff888 00a7:trace:seh:raise_exception ebp=00cff85c esp=00cff840 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010216 00a7:trace:seh:call_stack_handlers calling handler at 0x7bcb3cc3 code=c0000005 flags=0 ... wine: Unhandled page fault on execute access to 0x00000000 at address (nil) (thread 00a7), starting debugger... 00a7:trace:seh:start_debugger Starting debugger "winedbg --auto 162 212" --- snip ---
The parent process (crashpad server) crashes while trying to handle the first crash caused by unimplemented 'propsys.dll.InitPropVariantFromCLSID' stub (bug 45347).
NOTE: Once bug 45347 is fixed you need to revert the commit to reproduce the problem here.
$ sha1sum ChromeStandaloneSetup.exe f0b092d7ac2cd461486837013bb343fb1a18aaa4 ChromeStandaloneSetup.exe
$ du -sh ChromeStandaloneSetup.exe 51M ChromeStandaloneSetup.exe
$ wine --version wine-3.16
Regards
https://bugs.winehq.org/show_bug.cgi?id=44897
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jg@jguk.org
--- Comment #2 from Anastasius Focht focht@gmx.net --- *** Bug 39961 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=44897
jg@jguk.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|jg@jguk.org |
https://bugs.winehq.org/show_bug.cgi?id=44897
ahyattdev ahyattdev@icloud.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ahyattdev@icloud.com
https://bugs.winehq.org/show_bug.cgi?id=44897
Alex Henrie alexhenrie24@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alexhenrie24@gmail.com Resolution|--- |FIXED Status|STAGED |RESOLVED Fixed by SHA1| |33b566c3d5350aa1ec80207dcf1 | |7e78d6c06cc8a
--- Comment #3 from Alex Henrie alexhenrie24@gmail.com --- Fixed by https://source.winehq.org/git/wine.git/commitdiff/33b566c3d5350aa1ec80207dcf...
https://bugs.winehq.org/show_bug.cgi?id=44897
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.0-rc1.
https://bugs.winehq.org/show_bug.cgi?id=44897
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://www.google.com/chro |https://web.archive.org/web |me/ |/20180929104502/https://dl. | |google.com/chrome/install/s | |tandalonesetup.exe
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
adding stable download link via Internet Archive for documentation.
Google Chrome 69.0.3497.100
https://web.archive.org/web/20180929104502/https://dl.google.com/chrome/inst...
https://www.virustotal.com/gui/file/38cb1c4577beca2adfc2bffe95aedf31013761db...
$ sha1sum standalonesetup.exe 639a350228845e00ed97ed9c506f2f006202d115 standalonesetup.exe
$ du -sh standalonesetup.exe 51M standalonesetup.exe
This is an untagged standalone installer, it requires some magic to run. See https://bugs.winehq.org/show_bug.cgi?id=25918#c15 for details :)
--- snip --- $ wine ./standalonesetup.exe /installsource nomitag /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={C3EB1856-4FB5-6D2F-DF46-BA3BAA23BC5A}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers" /silent --- snip ---
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla