https://bugs.winehq.org/show_bug.cgi?id=43946
Bug ID: 43946 Summary: wineboot crashes with stack smashing on aarch64 Product: Wine Version: 2.19 Hardware: aarch64 OS: Linux Status: NEW Keywords: download, regression, source Severity: normal Priority: P2 Component: loader Assignee: nerv@dawncrow.de Reporter: austinenglish@gmail.com Regression SHA1: 27e92e550c2b86d5ebd4966926c1fcde03838dcc Distribution: Ubuntu
austin@gcc116:~/wine-git$ rm -rf ~/.wine ; ./wine wineboot wine: created the configuration directory '/home/austin/.wine' *** stack smashing detected ***: C:\windows\system32\rundll32.exe terminated wine: Assertion failed at address 0x7f966f6af8 (thread 0010), starting debugger... err:seh:start_debugger Couldn't start debugger ("winedbg --auto 15 100") (2) Read the Wine Developers Guide on how to set up winedbg or another debugger fixme:seh:RtlUnwind Not implemented on ARM64 err:winediag:nodrv_CreateWindow Application tried to create a window, but no driver could be loaded. err:winediag:nodrv_CreateWindow Make sure that your X server is running and that $DISPLAY is set correctly. *** stack smashing detected ***: C:\windows\syswow64\rundll32.exe terminated wine: Assertion failed at address 0x7fa289caf8 (thread 0016), starting debugger... err:seh:start_debugger Couldn't start debugger ("winedbg --auto 21 56") (2) Read the Wine Developers Guide on how to set up winedbg or another debugger fixme:seh:RtlUnwind Not implemented on ARM64 wine: configuration in '/home/austin/.wine' has been updated.
Noticed on GCC Compiler farm machine.
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #1 from André H. nerv@dawncrow.de --- Maybe valgrind can help find the issue?
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #2 from André H. nerv@dawncrow.de --- Created attachment 59620 --> https://bugs.winehq.org/attachment.cgi?id=59620 relay + rundll32
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #3 from André H. nerv@dawncrow.de --- can meanwhile reproduce it:
0010:Call ntdll.NtAllocateVirtualMemory(ffffffffffffffff,7fb0f33718,00000000,7fb0f33720,00001000,00000004) ret=7fb0ee5538 *** stack smashing detected ***: C:\windows\system32\rundll32.exe terminated 0010:Call KERNEL32.UnhandledExceptionFilter(0023b698) ret=7bcb2970 0010:Call ntdll.NtCurrentTeb() ret=7b45d5f8 0010:Ret ntdll.NtCurrentTeb() retval=7ffd8000 ret=7b45d5f8 0010:Call ntdll.NtCreateEvent(0023b3b8,001f0003,0023b3f0,00000000,00000000) ret=7b45d77c 0010:Ret ntdll.NtCreateEvent() retval=00000000 ret=7b45d77c 0010:Call ntdll.NtCurrentTeb() ret=7b494efc 0010:Ret ntdll.NtCurrentTeb() retval=7ffd8000 ret=7b494efc wine: Assertion failed at address 0x7fb20fb528 (thread 0010), starting debugger...
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #4 from André H. nerv@dawncrow.de --- I should be able to find at least the assertion by disassembling rundll32.exe:
0010:Starting process L"C:\windows\system32\rundll32.exe" (entryproc=0x7fb1a66618) ... wine: Assertion failed at address 0x7fb20fb528 (thread 0010), starting debugger...
0017:Starting process L"C:\windows\system32\rundll32.exe" (entryproc=0x7f942c6618) ... wine: Assertion failed at address 0x7f9495b528 (thread 0017), starting debugger...
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #5 from Austin English austinenglish@gmail.com --- Created attachment 59621 --> https://bugs.winehq.org/attachment.cgi?id=59621 valgrind log
==13157== at 0x4030804: _vgnU_freeres (vg_preloaded.c:82) ==13157== by 0x7BC9B2C3: terminate_thread (thread.c:412) ==13157== by 0x7BC93703: quit_handler (signal_arm64.c:973) ==13157== by 0x58057573: ??? (in /home/austin/src/valgrind/memcheck/memcheck-arm64-linux) ==13157== Address 0x566be68 is on thread 6's stack ==13157== in frame #0, created by _vgnU_freeres (vg_preloaded.c:59) ==13157==
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #6 from Austin English austinenglish@gmail.com --- (In reply to Austin English from comment #5)
Created attachment 59621 [details] valgrind log
==13157== at 0x4030804: _vgnU_freeres (vg_preloaded.c:82) ==13157== by 0x7BC9B2C3: terminate_thread (thread.c:412) ==13157== by 0x7BC93703: quit_handler (signal_arm64.c:973) ==13157== by 0x58057573: ??? (in /home/austin/src/valgrind/memcheck/memcheck-arm64-linux) ==13157== Address 0x566be68 is on thread 6's stack ==13157== in frame #0, created by _vgnU_freeres (vg_preloaded.c:59) ==13157==
Make that: ==13174== Thread 5: ==13174== Invalid write of size 8 ==13174== at 0x40307C8: _vgnU_freeres (vg_preloaded.c:59) ==13174== by 0x7B47B547: exec_loader (process.c:1958) ==13174== by 0x7B47CCAB: create_process (process.c:2141) ==13174== by 0x7B47DD0B: create_process_impl (process.c:2424) ==13174== by 0x4EF3447: service_start_process.constprop.12 (services.c:947) ==13174== by 0x4EF3BC7: service_start (services.c:1049) ==13174== by 0x4EF3AFB: service_start_process.constprop.12 (services.c:875) ==13174== by 0x4EF3BC7: service_start (services.c:1049) ==13174== by 0x4EF0633: svcctl_StartServiceW (rpc.c:1127) ==13174== by 0x4EF86D7: svcctl_svcctl_StartServiceW (svcctl_s.c:13458) ==13174== by 0x507B6EB: process_request_packet (rpc_server.c:439) ==13174== by 0x507C3DF: RPCRT4_worker_thread (rpc_server.c:517) ==13174== by 0x7BC9C923: process_rtl_work_item (threadpool.c:349) ==13174== by 0x7BC9E01B: threadpool_worker_proc (threadpool.c:2117) ==13174== by 0x7BC94A13: call_thread_entry_point (signal_arm64.c:950) ==13174== by 0x7BC9A8DF: start_thread (thread.c:498) ==13174== by 0x4229E47: start_thread (pthread_create.c:314) ==13174== by 0x431560F: clone (clone.S:96) ==13174== Address 0x556c7d0 is on thread 5's stack ==13174== in frame #1, created by exec_loader (process.c:1891) ==13174==
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #7 from André H. nerv@dawncrow.de --- https://source.winehq.org/patches/data/138485
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #8 from Austin English austinenglish@gmail.com --- (In reply to André H. from comment #7)
Works for me on aarch64 (and doesn't break arm(32)), thanks!
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #9 from André H. nerv@dawncrow.de --- patch was rejected for good reasons i think... debugging it shows that the stack smashing happens in map_view()
it seems it's because the process stack is where it should not be in my understanding:
00140000-00142000 ---p 00000000 00:00 0 00142000-00241000 rw-p 00000000 00:00 0 [stack:4583] 00241000-00250000 ---p 00000000 00:00 0
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #10 from André H. nerv@dawncrow.de --- well, one has to move the main loader out of the way... https://source.winehq.org/patches/data/138609
https://bugs.winehq.org/show_bug.cgi?id=43946
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |444550020af97935bbf220f5c5e | |9fd75cae29ee7 Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #11 from André H. nerv@dawncrow.de --- should be fixed by 444550020af97935bbf220f5c5e9fd75cae29ee7
https://bugs.winehq.org/show_bug.cgi?id=43946
--- Comment #12 from Austin English austinenglish@gmail.com --- (In reply to André H. from comment #11)
should be fixed by 444550020af97935bbf220f5c5e9fd75cae29ee7
Confirmed, thanks!
https://bugs.winehq.org/show_bug.cgi?id=43946
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 2.22.
-
wine-bugs@winehq.org