I was reproducing the crash loop randomly on start of Summoners War: RUSH. The core problem is not particularly specific to this game, the game just hits conditions which make reproduction likely.
The problems happen when usr1_handler is invoked while in Unix called dispatcher. The faults happen if unix_syscall_dispatcher was called on nested syscall frame inside user mode callback and there was no normal syscall in this callback execution. Those conditions are more likely met with various logging enabled as that results in many Unix calls for debug output. xsave and xstate area are not properly initialized in this case. usr1_handler gets the context from invalid syscall frame data and then sets it back, bow triggering the restore of it. That first crashes on xrstor in wine_syscall_dispatcher_return. When FP and xstate data are fixed up it then may crash on 'iretq' due to invalid segment registers (on x64, on i386 those are saved in unix_call_dispatcher) and / or eflags.
When these specific conditions are not met, the crash doesn't happen because the float save, xstate and eflags are left initialized after previous normal system call to the valid state. However, there is still a problem: if, e. g, the app changes x87 FP mode between normal syscall and Unix call, and USR1 happens inside the Unix call, that will restore the stale state from the last syscall.
The general idea is to detect that we have invalid state usr1_handler and fix up the missing parts from the current Unix-side context. That should work because our general assumption is that if some context part is not saved in unix_call_dispatcher it is either volatile or is not supposed to be changed by the Unix side (otherwise we would have issues by normal return from unix_call_dispatcher without usr1 involved). I added eflags save to unix_call_dispatcher instead of fixing up from Unix contents because there are non-volatile parts (e. g., direction flag), which, however, may be temporarily changed during execution. Looks like all the other non-volatile state is already saved.