[Bug 31308] New: Remote Tools for Visual Studio 2012 RC for Windows on ARM (WoA) crashes due to invalid user TLS register value access
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Jul 24 18:41:56 CDT 2012
http://bugs.winehq.org/show_bug.cgi?id=31308
Bug #: 31308
Summary: Remote Tools for Visual Studio 2012 RC for Windows on
ARM (WoA) crashes due to invalid user TLS register
value access
Product: Wine
Version: 1.5.9
Platform: arm
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: -unknown
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Classification: Unclassified
Hello,
for André, some toy to play with ;-)
"Remote Tools for Visual Studio 2012 RC" for Windows on ARM (WoA) can be
downloaded here:
http://www.microsoft.com/visualstudio/11/en-us/downloads#remote-tools
It crashes on my quad Cortex-A9 based i.mx6 Sabre with Ubuntu Linux 12.04
--- snip ---
Unhandled exception: page fault on read access to 0xc2083992 in 32-bit code
(0x00419d44).
Register dump:
Thumb User Mode
Pc:419d44 Sp:4134f720 Lr:418ed1 Cpsr:200f0030(--C-)
r0:0208 r1:0001 r2:4134f7c8 r3:0208
r4:c208398a r5:4134f7c8 r6:0000 r7:4134f728 r8:dddd
r9:04e4 r10:0100 Fp:4134f758 Ip:4134f518
Stack dump:
0x4134f720: 00000000 00000000 4134f7c8 00000100
0x4134f730: 00000001 8161b1cd 4134f748 00000100
0x4134f740: 4134f7c8 00000001 4134fd38 00446530
0x4134f750: 000004e4 4006e000 4134f790 00418f91
0x4134f760: 4134fac8 000004e4 00000000 00000000
0x4134f770: 00446998 00446308 42164138 40a72801
Backtrace:
=>0 0x00419d44 in rtools_setup_arm (+0x19d44) (0x4134f758)
1 0x00418ed1 in rtools_setup_arm (+0x18ed0) (0x4134f758)
0x00419d44:
ldr r4, [r4, #8]
Modules:
Module Address Debug info Name (77 modules)
ELF 8000- 12000 Deferred <wine-loader>
PE 400000- 454000 Export rtools_setup_arm
ELF 40031000-4003f000 Deferred libsm.so.6
...
System information:
Wine build: wine-1.5.9-186-g1f6febe
Platform: arm
Host system: Linux
Host version: 3.2.0-1000-linaro-lt-mx6
--- snip ---
WINEDEBUG=+tid,+seh,+relay doesn't reveal much, might be app init/startup code:
--- snip ---
$ wine ./rtools_setup_arm.exe
...
0024:Call KERNEL32.GetLastError() ret=00416973
0024:Ret KERNEL32.GetLastError() retval=00000000 ret=00416973
0024:Call KERNEL32.MultiByteToWideChar(000004e4,00000001,4130f7c8 "
\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f
!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94"...,00000100,00000000,00000000)
ret=00418e95
0024:Ret KERNEL32.MultiByteToWideChar() retval=00000100 ret=00418e95
0024:trace:seh:raise_exception info[0]=00000000
0024:trace:seh:raise_exception info[1]=c2083992
0024:trace:seh:raise_exception Pc:419d44 Sp:4130f720 Lr:418ed1 Cpsr:200f0030
r0:0208 r1:0001 r2:0100 r3:0208
0024:trace:seh:raise_exception r4:c208398a r5:4130f7c8 r6:0000 r7:4130f728
r8:dddd r9:04e4 r10:0100 Fp:4130f758 Ip:4130f518
0024:trace:seh:call_stack_handlers calling handler at 0x403e3900 code=c0000005
flags=0
0024:Call KERNEL32.UnhandledExceptionFilter(4130f574) ret=403e3964
wine: Unhandled page fault on read access to 0xc2083992 at address 0x419d44
(thread 0024), starting debugger...
0024:trace:seh:start_debugger Starting debugger "winedbg --auto 35 68"
...
--- snip ---
Winedbg's builtin disassembler isn't really helpful, it's missing various
thumb(2) opcodes.
Fortunately there is a free IDA 6.2 demo version for Linux which also supports
ARM family for download:
http://www.hex-rays.com/products/ida/support/download_demo.shtml
This is an invaluable tool which can be used to improve winedbg's disassembler
and investigate other problems on ARM.
The code in question:
--- snip ---
...
.text:00419D40 MRC p15, 0, R4,c13,c0, 2
.text:00419D44 LDR R4, [R4,#8]
...
--- snip ---
ARM info center CP15 c13 register summary:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/CIHFGFGE.html
Another resource:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0360f/CACEAIHG.html
Opcode_2=3 register "TPIDRURO" is actually ARM HW TLS register, used by libc
(__get_tls()).
Opcode_2=2 register "TPIDRURW" is "Software Thread ID, User, R/W"
Not sure if this is a "free for use" register or if any user space threading
library code actually manages this register.
One would have to search eglibc sources for ARM and any userspace libraries
mapped into process address space, not part of Wine.
The values don't seem very random but they point to invalid (not mapped) memory
locations.
I couldn't find any MCR opcodes in application code, so it's probably written
elsewhere.
This linux kernel patch has a bit of information:
http://www.kernelhub.org/?p=2&msg=57979
It got committed to Linux 3.3.5:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5 (search for
TPIDRURW).
I'm running 3.2.0 so it's obviously not cleared by kernel side on context
switch.
Anyway, I fear this will be most likely upstream if the kernel deliberately
clears it on every context switch (starting with 3.3.5).
$ du -sh rtools_setup_arm.exe
16M rtools_setup_arm.exe
$ sha1sum rtools_setup_arm.exe
6f75e6dad60b64e1f074884829b63ca00bcdb531 rtools_setup_arm.exe
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list