[Bug 31308] New: Remote Tools for Visual Studio 2012 RC for Windows on ARM (WoA) crashes due to invalid user TLS register value access

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Jul 24 18:41:56 CDT 2012 

http://bugs.winehq.org/show_bug.cgi?id=31308

             Bug #: 31308
           Summary: Remote Tools for Visual Studio 2012 RC for Windows on
                    ARM (WoA) crashes due to invalid user TLS register
                    value access
           Product: Wine
           Version: 1.5.9
          Platform: arm
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello,

for André, some toy to play with ;-)

"Remote Tools for Visual Studio 2012 RC" for Windows on ARM (WoA) can be
downloaded here:

http://www.microsoft.com/visualstudio/11/en-us/downloads#remote-tools

It crashes on my quad Cortex-A9 based i.mx6 Sabre with Ubuntu Linux 12.04

--- snip ---
Unhandled exception: page fault on read access to 0xc2083992 in 32-bit code
(0x00419d44).
Register dump:
Thumb User Mode
 Pc:419d44 Sp:4134f720 Lr:418ed1 Cpsr:200f0030(--C-)
 r0:0208 r1:0001 r2:4134f7c8 r3:0208
 r4:c208398a r5:4134f7c8  r6:0000  r7:4134f728 r8:dddd
 r9:04e4 r10:0100 Fp:4134f758 Ip:4134f518
Stack dump:
0x4134f720:  00000000 00000000 4134f7c8 00000100
0x4134f730:  00000001 8161b1cd 4134f748 00000100
0x4134f740:  4134f7c8 00000001 4134fd38 00446530
0x4134f750:  000004e4 4006e000 4134f790 00418f91
0x4134f760:  4134fac8 000004e4 00000000 00000000
0x4134f770:  00446998 00446308 42164138 40a72801
Backtrace:
=>0 0x00419d44 in rtools_setup_arm (+0x19d44) (0x4134f758)
  1 0x00418ed1 in rtools_setup_arm (+0x18ed0) (0x4134f758)
0x00419d44: 
    ldr    r4, [r4, #8]
Modules:
Module    Address            Debug info    Name (77 modules)
ELF        8000-   12000    Deferred        <wine-loader>
PE      400000-  454000    Export          rtools_setup_arm
ELF    40031000-4003f000    Deferred        libsm.so.6
...
System information:
    Wine build: wine-1.5.9-186-g1f6febe
    Platform: arm
    Host system: Linux
    Host version: 3.2.0-1000-linaro-lt-mx6
--- snip ---

WINEDEBUG=+tid,+seh,+relay doesn't reveal much, might be app init/startup code:

--- snip ---
$ wine ./rtools_setup_arm.exe
...
0024:Call KERNEL32.GetLastError() ret=00416973
0024:Ret  KERNEL32.GetLastError() retval=00000000 ret=00416973
0024:Call KERNEL32.MultiByteToWideChar(000004e4,00000001,4130f7c8 "
\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f
!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94"...,00000100,00000000,00000000)
ret=00418e95
0024:Ret  KERNEL32.MultiByteToWideChar() retval=00000100 ret=00418e95
0024:trace:seh:raise_exception  info[0]=00000000
0024:trace:seh:raise_exception  info[1]=c2083992
0024:trace:seh:raise_exception  Pc:419d44 Sp:4130f720 Lr:418ed1 Cpsr:200f0030
r0:0208 r1:0001 r2:0100 r3:0208
0024:trace:seh:raise_exception  r4:c208398a r5:4130f7c8  r6:0000  r7:4130f728
r8:dddd r9:04e4 r10:0100 Fp:4130f758 Ip:4130f518
0024:trace:seh:call_stack_handlers calling handler at 0x403e3900 code=c0000005
flags=0
0024:Call KERNEL32.UnhandledExceptionFilter(4130f574) ret=403e3964
wine: Unhandled page fault on read access to 0xc2083992 at address 0x419d44
(thread 0024), starting debugger...
0024:trace:seh:start_debugger Starting debugger "winedbg --auto 35 68"
...
--- snip ---

Winedbg's builtin disassembler isn't really helpful, it's missing various
thumb(2) opcodes.

Fortunately there is a free IDA 6.2 demo version for Linux which also supports
ARM family for download:
http://www.hex-rays.com/products/ida/support/download_demo.shtml

This is an invaluable tool which can be used to improve winedbg's disassembler
and investigate other problems on ARM.

The code in question:

--- snip ---
...
.text:00419D40                 MRC             p15, 0, R4,c13,c0, 2
.text:00419D44                 LDR             R4, [R4,#8]
...
--- snip ---

ARM info center CP15 c13 register summary:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/CIHFGFGE.html

Another resource:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0360f/CACEAIHG.html

Opcode_2=3 register "TPIDRURO" is actually ARM HW TLS register, used by libc
(__get_tls()).

Opcode_2=2 register "TPIDRURW" is "Software Thread ID, User, R/W"

Not sure if this is a "free for use" register or if any user space threading
library code actually manages this register.
One would have to search eglibc sources for ARM and any userspace libraries
mapped into process address space, not part of Wine.
The values don't seem very random but they point to invalid (not mapped) memory
locations.
I couldn't find any MCR opcodes in application code, so it's probably written
elsewhere.

This linux kernel patch has a bit of information:
http://www.kernelhub.org/?p=2&msg=57979
It got committed to Linux 3.3.5:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5 (search for
TPIDRURW).
I'm running 3.2.0 so it's obviously not cleared by kernel side on context
switch.

Anyway, I fear this will be most likely upstream if the kernel deliberately
clears it on every context switch (starting with 3.3.5).

$ du -sh rtools_setup_arm.exe 
16M    rtools_setup_arm.exe

$ sha1sum rtools_setup_arm.exe 
6f75e6dad60b64e1f074884829b63ca00bcdb531  rtools_setup_arm.exe

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list