http://bugs.winehq.org/show_bug.cgi?id=25600
Summary: Skype crashes after login. Product: Wine Version: 1.3.9 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: igor.demyanov@gmail.com
Run skype. Login form. Click "Log in". Segmentation fault.
See attached log.
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #1 from Igor Demyanov igor.demyanov@gmail.com 2010-12-23 12:40:06 CST --- Created an attachment (id=32599) --> (http://bugs.winehq.org/attachment.cgi?id=32599) wine1.3.9
http://bugs.winehq.org/show_bug.cgi?id=25600
Ken Sharp kennybobs@o2.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |kennybobs@o2.co.uk
--- Comment #2 from Ken Sharp kennybobs@o2.co.uk 2011-10-02 18:33:05 CDT --- What version of Skype?
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #3 from Igor Demyanov igor.demyanov@gmail.com 2011-11-13 02:45:17 CST --- 5.0.x
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #4 from Artem S. Tashkinov t.artem@mailcity.com 2012-02-02 17:48:41 CST --- You can get this Skype here: http://www.filehippo.com/download_skype/download/49df352bfbf7a632ed1f3c6e0d6...
With default Wine 1.4-rc2 settings it just segfaults on login without producing any backtrace even when I run it under winedbg:
Process of pid=0021 has terminated (some fixme's before that) Wine-dbg> (nothing, we have exited)
If I set Skype.exe to Win2K I finally get quite useless bt:
Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x00587314). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:00587314 ESP:0307e898 EBP:00000000 EFLAGS:00010283( R- -- I S - - -C) EAX:00000097 EBX:00000000 ECX:0307e8b0 EDX:0307e89c ESI:00f33a80 EDI:00000000 Stack dump: 0x0307e898: 00585914 0000000b 0000b170 000007c8 0x0307e8a8: 0307e8b0 7f970000 0307e90c 7bc485f9 0x0307e8b8: 7b895068 0307e9ac 7b8432af 00110000 0x0307e8c8: 00000000 056fdfe0 00000000 00000000 0x0307e8d8: 00000000 00000000 00000000 0307ea70 0x0307e8e8: 7b87c4e0 00000000 7b895068 056fdfe0 Backtrace: =>0 0x00587314 in skype (+0x187314) (0x00000000) 0x00587314: int $0x2e
No version of Skype works under Wine. It's really bad and sad since the Linux version of Skype is not actively maintained (it's hard to say it's maintained at all considering its annual releases) and has a lot less features than Windows and MacOS versions.
Skype 3.x (with winver set to win98) seemingly tries to work and connect but it seems like Skype login servers no longer support this version of the application. It never connects.
Skype 4.x crashes on showing the login window.
Skype 5.5 and higher have their login window broken beyond repair. I tried installing IE8 and that fixed the login window background (with gecko it's all white) but all relevant controls disappeared without a trace, so you just cannot enter your user name and password.
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #5 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-03 00:05:13 CST --- (In reply to comment #4)
Backtrace: =>0 0x00587314 in skype (+0x187314) (0x00000000) 0x00587314: int $0x2e
This is a direct NT syscall, this can't work in Wine.
http://bugs.winehq.org/show_bug.cgi?id=25600
Martin Lindhe martin@startwars.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |martin@startwars.org
--- Comment #6 from Martin Lindhe martin@startwars.org 2012-05-14 09:56:26 CDT --- Skype 5.8 with Wine 1.5.4 (configured as Windows XP) crashes in the same way:
wine: Unhandled page fault on read access to 0xffffffff at address 0x5e4bc4 (thread 003a), starting debugger... Unhandled exception: page fault on read access to 0xffffffff in 32-bit code (0x005e4bc4). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:005e4bc4 ESP:037be694 EBP:000007c8 EFLAGS:00210246( R- -- I Z- -P- ) EAX:000000ad EBX:037be6d8 ECX:0000000b EDX:037be698 ESI:c000001d EDI:7bc35120 Stack dump: 0x037be694: 005e4df9 0000000b 0000c370 000007c8 0x037be6a4: 037be6d8 011507a0 037be834 00000000 0x037be6b4: 00000006 037bea40 00000000 005cd8a4 0x037be6c4: 0000000b 0000c370 000007c8 037be6d8 0x037be6d4: 00000000 00110200 7b810000 7ffa4c00 0x037be6e4: 00000010 7bc4b51b 7b89bff4 00000002 000c: sel=0067 base=00000000 limit=00000000 16-bit --x Backtrace: =>0 0x005e4bc4 in skype (+0x1e4bc4) (0x000007c8) 0x005e4bc4: int $0x2e
http://bugs.winehq.org/show_bug.cgi?id=25600
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |t.artem@mailcity.com
--- Comment #7 from Jerome Leclanche adys.wh@gmail.com 2012-05-14 12:44:42 CDT --- *** Bug 29946 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #8 from Artem S. Tashkinov t.artem@mailcity.com 2012-05-14 14:04:11 CDT --- (In reply to comment #7)
*** Bug 29946 has been marked as a duplicate of this bug. ***
I'd made this bug a duplicate of 29946 since my bug report at least contains some meaningful crash information.
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #9 from Ken Sharp kennybobs@o2.co.uk 2013-07-15 19:20:00 CDT --- (In reply to comment #5)
(In reply to comment #4)
Backtrace: =>0 0x00587314 in skype (+0x187314) (0x00000000) 0x00587314: int $0x2e
This is a direct NT syscall, this can't work in Wine.
WONTFIX?
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #10 from Artem S. Tashkinov t.artem@mailcity.com 2013-07-16 04:29:09 CDT --- Created attachment 45295 --> http://bugs.winehq.org/attachment.cgi?id=45295 SkypeSetup_5.10.0.116.msi/Wine 1.6-rc5 run log
(In reply to comment #9)
(In reply to comment #5)
(In reply to comment #4)
Backtrace: =>0 0x00587314 in skype (+0x187314) (0x00000000) 0x00587314: int $0x2e
This is a direct NT syscall, this can't work in Wine.
WONTFIX?
That was when Wine's version was set to Win2K.
Right now it produces segfault (probably in Wine's code).
http://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #11 from Artem S. Tashkinov t.artem@mailcity.com 2013-07-16 04:34:09 CDT --- Under winedbg it produces a slightly different output:
Thread ID=0033 renamed using MS VC6 extension (name=="auf::Syst") Thread ID=0034 renamed using MS VC6 extension (name=="aresolv") fixme:process:SetProcessDEPPolicy (1): stub fixme:ole:RemUnknown_QueryInterface No interface for iid {00000019-0000-0000-c000-000000000046} fixme:ole:CoResumeClassObjects stub Thread ID=003a renamed using MS VC6 extension (name=="Setup") Thread ID=003d renamed using MS VC6 extension (name=="IPChangeM") Thread ID=0040 renamed using MS VC6 extension (name=="æ░") Thread ID=003b renamed using MS VC6 extension (name=="AsyncIOMo") Thread ID=003f renamed using MS VC6 extension (name=="Backbone") Thread ID=0041 renamed using MS VC6 extension (name=="CommLayer") Thread ID=003c renamed using MS VC6 extension (name=="ò£") Thread ID=003e renamed using MS VC6 extension (name=="PowerEven") Thread ID=0042 renamed using MS VC6 extension (name=="FallbackC") Thread ID=0043 renamed using MS VC6 extension (name=="LVAP0 thr") Thread ID=0044 renamed using MS VC6 extension (name=="RVAP0 thr") Thread ID=0045 renamed using MS VC6 extension (name=="Stats2Thr") fixme:wlanapi:WlanOpenHandle (1, (nil), 0x37fe49c, 0x1c0d98) stub fixme:winsock:WSAIoctl -> SIO_ADDRESS_LIST_CHANGE request: stub Thread ID=0046 renamed using MS VC6 extension (name=="dyncon-wo") fixme:ntdll:NtPowerInformation semi-stub: SystemPowerCapabilities *** glibc detected *** Skype.exe: double free or corruption (!prev): 0x7c95e9f0 ***
then goes a useless BT/memmap followed by
0xb77d6424 __kernel_vsyscall+0x10 in [vdso].so: popl %ebp
https://bugs.winehq.org/show_bug.cgi?id=25600
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |wylda@volny.cz Ever confirmed|0 |1
--- Comment #12 from Wylda wylda@volny.cz ---
Skype-5.0.0.156.exe still Seg Fault in wine-1.7.29.
$ sha1sum -b Skype-5.0.0.156.exe e2c9656d04d1e4ade90307376b5925c148dab143 *Skype-5.0.0.156.exe
https://bugs.winehq.org/show_bug.cgi?id=25600
Michael Müller michael@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |michael@fds-team.de
--- Comment #13 from Michael Müller michael@fds-team.de --- Hi,
today I spent some time to figure out why Skype causes a segmentation fault on some systems. The root of this issue is not an invalid memory access but instead Skype tries to execute a syscall using SYSENTER (I am on an intel system).
The problem is now that the linux kernel does not understand the syscall and returns with an error. The way how the return address is specified for such a syscall differs between windows and linux - and instead of going back to the program code of Skype, the kernel returns to the __kernel_vsyscall function inside of glibc. The next problem is that the Linux kernel changed the stack pointer during the syscall, but did not reset it back to the one specified by Skype, since this also works different between Windows and Linux. The stack pointer is now invalid and the __kernel_vsyscall function tries to pop a value from the stack causing a segmentation fault.
This segmentation fault is now handled by Wine. To do this wine calls the function setup_exception_record() and checks the stack pointer. The invalid stack is now detected, but the code only prints a warning and continues anyway:
---- snip ---- if (stack - 1 > stack || /* check for overflow in subtraction */ (char *)stack <= (char *)NtCurrentTeb()->DeallocationStack || (char *)stack > (char *)NtCurrentTeb()->Tib.StackBase) { WARN( "exception outside of stack limits in thread %04x eip %08x esp %08x stack %p-%p\n", GetCurrentThreadId(), (unsigned int) EIP_sig(sigcontext), (unsigned int) ESP_sig(sigcontext), NtCurrentTeb()->Tib.StackLimit, NtCurrentTeb()->Tib.StackBase ); } ---- snip ----
Wine is now going to deference the invalid pointer:
---- snip ---- stack->ret_addr = (void *)0xdeadbabe; ---- snip ----
This results in a second segmentation fault inside the signal handler for the original segmentation fault causing the kernel to kill the process.
However, we can not really fix this problem since it is impossible for us to detect whether this is a regular linux syscall or a windows syscall. Moreover some of the information which would be necessary to emulate such a syscall are destroyed by the linux kernel. Setting the windows version to windows 2000 forces Skype to use interrupts instead, which would be much easier to emulate.
For those who are interested in which syscall Skype tries to execute, I decoded the necessary information. The syscall number is 0xad which is NtQuerySystemInformation on Windows XP and the parameters are: 0xb, 0x5ac0, 0x7c8, 0x2e5e848. The value 0xb specifies the information class SystemModuleInformation. So what Skype is trying to execute using syscalls / interrupts is: NtQuerySystemInformation(SystemModuleInformation, 0x5ac0, 0x7c8, 0x2e5e848); The Linux kernel btw. interprets the same syscall as sys_rt_sigreturn.
As I already mentioned above, there is not much we can do about this since we can not catch such wrong syscalls before they reach the linux kernel and this is most probably WON'T FIX - at least the code path for > Win2000, interrupt emulation is easy compared to that.
Regards, Michael
https://bugs.winehq.org/show_bug.cgi?id=25600
Michael Müller michael@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
https://bugs.winehq.org/show_bug.cgi?id=25600
--- Comment #14 from Artem S. Tashkinov t.artem@mailcity.com --- (In reply to Michael Müller from comment #13)
Hi,
Skype versions below 6.14 no longer work and cannot log into the Skype network. Probably this bug report should be closed as WONTFIX.
https://bugs.winehq.org/show_bug.cgi?id=25600
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX
--- Comment #15 from Ken Sharp imwellcushtymelike@gmail.com --- Comment #13 says it all I think.
https://bugs.winehq.org/show_bug.cgi?id=25600
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #16 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org