[Bug 46187] New: Windows PowerShell Core 6.2 Preview 2 for ARM32 crashes due to unhandled trap_no 0 (write watch access causes SIGSEGV)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Nov 24 15:56:54 CST 2018
https://bugs.winehq.org/show_bug.cgi?id=46187
Bug ID: 46187
Summary: Windows PowerShell Core 6.2 Preview 2 for ARM32
crashes due to unhandled trap_no 0 (write watch access
causes SIGSEGV)
Product: Wine
Version: 3.21
Hardware: arm
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
now that I have a full multi-lib/bi-arch Wine on ARM64, revisiting the
ARM32/aarch32 side of things ;-)
Download: https://github.com/PowerShell/PowerShell/releases
https://github.com/PowerShell/PowerShell/releases/download/v6.2.0-preview.2/PowerShell-6.2.0-preview.2-win-arm32.zip
--- snip ---
$ WINEDEBUG=+seh,+loaddll,+process,+relay wine ./pwsh.exe >>log.txt 2>&1
...
002b:Call KERNEL32.VirtualAlloc(00000000,000a0000,00202000,00000004)
ret=f68e14f1
002b:Ret KERNEL32.VirtualAlloc() retval=f3970000 ret=f68e14f1
002b:Call KERNEL32.VirtualAlloc(f3970000,00010068,00001000,00000004)
ret=f68e156d
002b:Ret KERNEL32.VirtualAlloc() retval=f3970000 ret=f68e156d
002b:err:seh:segv_handler Got unexpected trap 0
002b:trace:seh:raise_exception code=c000001d flags=0 addr=0xf68e160c
pc=f68e160c tid=002b
002b:trace:seh:raise_exception r0=f3970020 r1=f6ffe904 r2=0000001e r3=f3a20000
r4=f703aa34 r5=00090068
002b:trace:seh:raise_exception r6=00000000 r7=f69da5e4 r8=f3970000 r9=f6b08500
r10=f69e1268 r11=f6ffeaa0
002b:trace:seh:raise_exception r12=f68e156d sp=f6ffea48 lr=f7838ccc
pc=f68e160c cpsr=40000030
002b:trace:seh:call_vectored_handlers calling handler at 0xf6756221
code=c000001d flags=0
...
wine: Unhandled illegal instruction at address 0xf68e160c (thread 002b),
starting debugger...
Unhandled exception: illegal instruction in 32-bit code (0xf68e160c).
Register dump:
Thumb User Mode
Pc:f68e160c Sp:f6ffea48 Lr:f7838ccc Cpsr:40000030(-Z--)
r0:f3970020 r1:f6ffe904 r2:0000001e r3:f3a20000
r4:f703aa34 r5:00090068 r6:00000000 r7:f69da5e4
r8:f3970000 r9:f6b08500 r10:f69e1268 r11:f6ffeaa0 r12:f68e156d
...
Backtrace:
=>0 0xf68e160c in coreclr (+0x1d160c) (0xf6ffeaa0)
1 0xf7838ccc relay_trace_exit+0x1a3()
[/home/focht/projects/wine/mainline-src/dlls/ntdll/relay.c:556] in ntdll
(0xf6ffeaa0)
2 0xf7838ccc relay_trace_exit+0x1a3()
[/home/focht/projects/wine/mainline-src/dlls/ntdll/relay.c:556] in ntdll
(0xf6b00204)
3 0xf6ffec38 (0x00000000)
0xf68e160c:
strd r6, r3, [r0, #-32]
Modules:
Module Address Debug info Name (63 modules)
PE 400000- 439000 Deferred pwsh
ELF 48c000- 49f000 Deferred <wine-loader>
PE 10000000-10045000 Deferred hostfxr
ELF f5d88000-f5dad000 Deferred imm32<elf>
\-PE f5d90000-f5dad000 \ imm32
ELF f5dad000-f5dd6000 Deferred libgcc_s.so.1
ELF f5dd6000-f5e0c000 Deferred libexpat.so.1
ELF f5e0c000-f5e4b000 Deferred libfontconfig.so.1
ELF f5e4b000-f5e6b000 Deferred libz.so.1
ELF f5e6b000-f5edf000 Deferred libfreetype.so.6
ELF f5ef8000-f5f0c000 Deferred api-ms-win-crt-time-l1-1-0<elf>
\-PE f5f00000-f5f0c000 \ api-ms-win-crt-time-l1-1-0
ELF f5f0c000-f5f20000 Deferred api-ms-win-crt-utility-l1-1-0<elf>
\-PE f5f10000-f5f20000 \ api-ms-win-crt-utility-l1-1-0
ELF f5f20000-f5f9c000 Deferred shlwapi<elf>
\-PE f5f30000-f5f9c000 \ shlwapi
ELF f5f9c000-f60e2000 Deferred oleaut32<elf>
\-PE f5fb0000-f60e2000 \ oleaut32
ELF f60e2000-f617b000 Deferred rpcrt4<elf>
\-PE f60f0000-f617b000 \ rpcrt4
ELF f617b000-f6196000 Deferred version<elf>
\-PE f6180000-f6196000 \ version
ELF f6196000-f62e6000 Deferred gdi32<elf>
\-PE f61a0000-f62e6000 \ gdi32
ELF f62e6000-f6515000 Deferred user32<elf>
\-PE f6300000-f6515000 \ user32
ELF f6515000-f668e000 Deferred ole32<elf>
\-PE f6530000-f668e000 \ ole32
ELF f668e000-f6710000 Deferred advapi32<elf>
\-PE f66a0000-f6710000 \ advapi32
PE f6710000-f6b3f000 Export coreclr
PE f6b40000-f6ba6000 Deferred hostpolicy
...
LF f7a03000-f7bb8000 Dwarf libwine.so.1
ELF f7bb8000-f7be1000 Deferred ld-linux-armhf.so.3
Threads:
process tid prio (all id:s are in hex)
...
0000002a (D) Z:\home\focht\projects\woa-winrt\powershell620-arm32\pwsh.exe
0000002c 0
0000002b 0 <==
System information:
Wine build: wine-3.21-4-gfc4d5d49c6
Platform: arm
Version: Windows 7
Host system: Linux
Host version: 4.18.14-yocto-standard
--- snip ---
Debugging session:
--- snip ---
$ gdb wine
GNU gdb (GDB) 8.2
...
Reading symbols from wine...done.
(gdb) run pwsh.exe
Starting program: /home/focht/projects/wine/mainline-install-arm/bin/wine
pwsh.exe
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[Detaching after fork from child process 4337]
[Detaching after fork from child process 4339]
0009:fixme:msvcrt:_configure_wide_argv (1) stub
0009:fixme:msvcrt:_initialize_wide_environment stub
0009:fixme:process:GetNumaHighestNodeNumber (0xf73ced14): semi-stub
0009:fixme:thread:SetThreadStackGuarantee (0xf73cec98): stub
0009:fixme:ntdll:EtwEventRegister ({e13c0d23-ccbc-4e12-931b-d9cc2eee27e4},
0xf6aed7b1, 0xf6e6d920, 0xf6e6d920) stub.
0009:fixme:ntdll:EtwEventRegister ({763fd754-7086-4dfe-95eb-c01a46faf4ca},
0xf6aed7b1, 0xf6e6d958, 0xf6e6d958) stub.
0009:fixme:ntdll:EtwEventRegister ({a669021c-c450-4609-a035-5af59af4df18},
0xf6aed7b1, 0xf6e6d8e8, 0xf6e6d8e8) stub.
0009:fixme:wer:WerRegisterRuntimeExceptionModule
(L"Z:\\home\\focht\\projects\\woa-winrt\\powershell620-arm32\\mscordaccore.dll",
0xf6a80000) stub!
[New Thread 0xf5f23460 (LWP 4501)]
0009:fixme:msvcrt:_control87 not implemented
Thread 1 "pwsh.exe" received signal SIGSEGV, Segmentation fault.
0xf6c5160c in ?? ()
(gdb) info reg
r0 0xf3ce0020 4090363936
r1 0xf73ce944 4147964228
r2 0x11000 69632
r3 0xf3d90000 4091084800
r4 0xf74baee0 4148932320
r5 0x90068 589928
r6 0x0 0
r7 0xf6d4a5e4 4141131236
r8 0xf3ce0000 4090363904
r9 0xf6e78500 4142368000
r10 0xf6d51268 4141159016
r11 0xf73ceaa0 4147964576
r12 0xaf 175
sp 0xf73cea48 0xf73cea48
lr 0xf7ddf7a9 -136448087
pc 0xf6c5160c 0xf6c5160c
cpsr 0x600f0030 1611595824
Unable to fetch SVE register header: Invalid argument.
(gdb) set arm fallback-mode thumb
(gdb) x/10i 0xf6c5160c
=> 0xf6c5160c: strd r6, r3, [r0, #-32]
0xf6c51610: ldr r3, [sp, #36] ; 0x24
0xf6c51612: ldr r4, [sp, #44] ; 0x2c
0xf6c51614: str.w r3, [r0, #-24]
0xf6c51618: ldr r3, [sp, #40] ; 0x28
0xf6c5161a: add.w r3, r0, r3, lsl #2
0xf6c5161e: str.w r3, [r0, #-20]
0xf6c51622: strd r5, r6, [r0, #-8]
0xf6c51626: ldr.w r3, [r0, #-20]
0xf6c5162a: add.w r3, r3, r4, lsl #1
(gdb) x/10x ($r0-0x20)
0xf3ce0000: 0x00000000 0x00000000 0x00000000 0x00000000
0xf3ce0010: 0x00000000 0x00000000 0x00000000 0x00000000
0xf3ce0020: 0x00000000 0x00000000
(gdb) bt
#0 segv_handler (signal=0xb, info=0xf73ce6d8, ucontext=0xf73ce758) at
/home/focht/projects/wine/mainline-src/dlls/ntdll/signal_arm.c:732
#1 <signal handler called>
#2 0xf6c5160c in ?? ()
#3 0xf7ddf7a8 in pthread_sigmask (how=0x90068, newmask=<optimized out>,
oldmask=0xf74baee0 <VirtualAlloc>) at
../sysdeps/unix/sysv/linux/pthread_sigmask.c:45
#4 0x000e0280 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) set output-radix 16
(gdb) p *context
$3 = {uc_flags = 0x0, uc_link = 0x0, uc_stack = {ss_sp = 0x0, ss_flags = 0x0,
ss_size = 0x0}, uc_mcontext = {trap_no = 0x0, error_code = 0x800, oldmask =
0x0, arm_r0 = 0xf3ce0020,
arm_r1 = 0xf73ce944, arm_r2 = 0x11000, arm_r3 = 0xf3d90000, arm_r4 =
0xf74baee0, arm_r5 = 0x90068, arm_r6 = 0x0, arm_r7 = 0xf6d4a5e4, arm_r8 =
0xf3ce0000, arm_r9 = 0xf6e78500,
arm_r10 = 0xf6d51268, arm_fp = 0xf73ceaa0, arm_ip = 0xaf, arm_sp =
0xf73cea48, arm_lr = 0xf7ddf7a9, arm_pc = 0xf6c5160c, arm_cpsr = 0x602f0030,
fault_address = 0xf3ce0000},
uc_sigmask = {__val = {0x0, 0x0, 0xf3ce0000, 0xf7ccdd34, 0xa0000, 0xffffffff,
0xf6d4a5e4, 0xf7ddf7a9, 0xf73ce82c, 0xf7c7f6c0, 0x0, 0x1, 0x11000, 0xf3ce0000,
0x43, 0x1, 0xf73ce834,
0xf7c7fd20, 0xffffffff, 0xa5e4, 0x11000, 0xf3ce0000, 0xb0000, 0x1, 0x1,
0xf3ce0000, 0x11, 0x11, 0xffffffff, 0xf7cbb180, 0x2300ffff, 0xf73ce84c}},
uc_regspace = {0x56465001, 0x120,
0x80005, 0x0, 0xa0a0a0a, 0xa0a0a0a, 0x10000, 0x10000, 0x0, 0x0, 0x1, 0x0,
0x0, 0x0, 0x8040201, 0x80402010, 0x8040201, 0x80402010, 0x0 <repeats 18 times>,
0x594e9a4,
0x0 <repeats 29 times>, 0x20000010, 0xf7810088, 0x40000000, 0x0, 0x0, 0x1,
0x0, 0x0, 0xf6b36fff, 0x0, 0xe8f86fff, 0x0, 0xf6b37000, 0x0, 0xe8f87000, 0x0,
0xfffeefff, 0x0, 0xfffdefff,
0x0, 0x0, 0x0, 0x2, 0xf73ce9b4, 0xf73ce9d4, 0xf7810064, 0xf73ce9d4,
0xf7c02a14, 0x2, 0xf7810060, 0xe0268, 0xf7941508, 0x43, 0xf783fd98, 0xf73cea1c,
0xf7c1e7c8, 0xf6ac0c51, 0x6,
0xf73cea0c, 0xffff, 0x0, 0x0, 0x11000, 0xf3ce0000, 0xf73cea24, 0xf74baf74,
0x1000, 0x4, 0x1000, 0x11000, 0xf3ce0000, 0xffffffff, 0xf3ce0000, 0x0,
0xf73cea44, 0xf74baf18, 0x4, 0x40,
0x4, 0x1000, 0x10068, 0xf3ce0000}}
--- snip ---
trap_no = 0
error_code = 0x800 (write access)
fault_address = 0xf3ce0000
Using +virtual debug channel reveals it:
--- snip ---
0009:trace:virtual:NtAllocateVirtualMemory 0xffffffff (nil) 000a0000 202000
00000004
0009:trace:virtual:map_view got mem with anon mmap 0xf3ce0000-0xf3d80000
0009:trace:virtual:VIRTUAL_DumpView View: 0xf3ce0000 - 0xf3d7ffff (valloc)
0009:trace:virtual:VIRTUAL_DumpView 0xf3ce0000 - 0xf3d7ffff -Hrw-
0009:trace:virtual:NtAllocateVirtualMemory 0xffffffff 0xf3ce0000 00010068 1000
00000004
0009:trace:virtual:VIRTUAL_DumpView View: 0xf3ce0000 - 0xf3d7ffff (valloc)
0009:trace:virtual:VIRTUAL_DumpView 0xf3ce0000 - 0xf3cf0fff cHrw-
0009:trace:virtual:VIRTUAL_DumpView 0xf3cf1000 - 0xf3d7ffff -Hrw-
--- snip ---
VPROT_COMMITTED + VPROT_WRITEWATCH + VPROT_READ + VPROT_WRITE
A write watch should get triggered here. Wine has no trap number mapping and
defaults to "illegal instruction" where things go haywire.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/signal_arm.c#l117
--- snip ---
117 enum arm_trap_code
118 {
119 TRAP_ARM_UNKNOWN = -1, /* Unknown fault (TRAP_sig not defined) */
120 TRAP_ARM_PRIVINFLT = 6, /* Invalid opcode exception */
121 TRAP_ARM_PAGEFLT = 14, /* Page fault */
122 TRAP_ARM_ALIGNFLT = 17, /* Alignment check exception */
123 };
--- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/signal_arm.c#l712
--- snip ---
712 static void segv_handler( int signal, siginfo_t *info, void *ucontext )
713 {
714 EXCEPTION_RECORD *rec;
715 ucontext_t *context = ucontext;
716
717 /* check for page fault inside the thread stack */
718 if (get_trap_code(context) == TRAP_ARM_PAGEFLT &&
719 (char *)info->si_addr >= (char *)NtCurrentTeb()->DeallocationStack
&&
720 (char *)info->si_addr < (char *)NtCurrentTeb()->Tib.StackBase &&
721 virtual_handle_stack_fault( info->si_addr ))
722 {
723 /* check if this was the last guard page */
724 if ((char *)info->si_addr < (char
*)NtCurrentTeb()->DeallocationStack + 2*4096)
725 {
726 rec = setup_exception( context, raise_segv_exception );
727 rec->ExceptionCode = EXCEPTION_STACK_OVERFLOW;
728 }
729 return;
730 }
731
732 rec = setup_exception( context, raise_segv_exception );
733 if (rec->ExceptionCode == EXCEPTION_STACK_OVERFLOW) return;
734
735 switch(get_trap_code(context))
736 {
737 case TRAP_ARM_PRIVINFLT: /* Invalid opcode exception */
738 rec->ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION;
739 break;
740 case TRAP_ARM_PAGEFLT: /* Page fault */
741 rec->ExceptionCode = EXCEPTION_ACCESS_VIOLATION;
742 rec->NumberParameters = 2;
743 rec->ExceptionInformation[0] = (get_error_code(context) & 0x800)
!= 0;
744 rec->ExceptionInformation[1] = (ULONG_PTR)info->si_addr;
745 break;
746 case TRAP_ARM_ALIGNFLT: /* Alignment check exception */
747 rec->ExceptionCode = EXCEPTION_DATATYPE_MISALIGNMENT;
748 break;
749 case TRAP_ARM_UNKNOWN: /* Unknown fault code */
750 rec->ExceptionCode = EXCEPTION_ACCESS_VIOLATION;
751 rec->NumberParameters = 2;
752 rec->ExceptionInformation[0] = 0;
753 rec->ExceptionInformation[1] = 0xffffffff;
754 break;
755 default:
756 ERR("Got unexpected trap %d\n", get_trap_code(context));
757 rec->ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION;
758 break;
759 }
760 }
--- snip ---
Since 'TRAP_ARM_PAGEFLT' identifier has already been used for trap_no 14
(arch/arm/mm/fault.c:__do_user_fault) I guess you have to invent another
identifier for essentially the same thing.
With that part fixed it runs a bit further - into next Wine ARM32 bug ;-)
$ sha1sum PowerShell-6.2.0-preview.2-win-arm32.zip
b77b87906514e802c03c84fcb72ce39f925c3b41
PowerShell-6.2.0-preview.2-win-arm32.zip
$ du -sh PowerShell-6.2.0-preview.2-win-arm32.zip
40M PowerShell-6.2.0-preview.2-win-arm32.zip
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list