http://bugs.winehq.org/show_bug.cgi?id=23222

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download

http://bugs.winehq.org/show_bug.cgi?id=23222

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net

--- Comment #2 from Anastasius Focht focht@gmx.net 2010-06-16 16:48:50 --- Hello,

--- quote --- Could you upgrade to current git? The app starts fine here on a clean .wine --- quote ---

ditto, can't reproduce with -rc3 or GIT.

The executable seems to be packed with some custom PE compressor. Your crash location is in the SFX part, at the point where the real PE .text section is uncompressed from section at 0x4B8000 with length 0x7B000 to 0x401000 with final length 0xB7000. Access to range < 0x400000 (outside of PE) should never happen - in your case the address gets somehow miscalculated (0x003fff0a).

I suspect your PE might be somehow corrupted either on disk or in memory. Can you do md5sum on your "DiE.exe"?

--- snip --- $ md5sum DiE.exe f92f73c8c3280e6bccbcc56173f01c23 DiE.exe --- snip ---

Regards

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #4 from Anastasius Focht focht@gmx.net 2010-06-18 04:13:04 --- Hello,

please attach +tid,+seh,+relay log.

Make sure you don't have some lingering processes before you run the app with trace logging (wineserver -k).

Regards

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #6 from Anastasius Focht focht@gmx.net 2010-06-19 03:24:18 --- Hello,

looks like Wine doesn't process the trace/breakpoint trap signal correctly on your Linux distro (openSUSE xx?).

"bad" sequence (your system):

--- snip --- 0009:Starting process L"Z:\home\ole\Desktop\die\DiE.exe" (entryproc=0x535e0c) 0009:Call KERNEL32.GetProcAddress(51fc92b3,004003df "") ret=00535e6a 0009:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00535e6a 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc7134a ip=7bc7134a tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=00536000 0009:trace:seh:raise_exception eax=0033fa70 ebx=7bca7ff4 ecx=00536000 edx=0033fe9c esi=0033fe44 edi=0033fb78 0009:trace:seh:raise_exception ebp=0033feb8 esp=0033fa40 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210246 0009:trace:seh:call_vectored_handlers calling handler at 0x7e2c13b0 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7e2c13b0 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x7bc88440 code=c0000005 flags=0 0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc71040 code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc71040 returned 1 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x536000 ip=00536000 tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=00536000 0009:trace:seh:raise_exception eax=004b8001 ebx=ce6f3711 ecx=00000000 edx=000000b2 esi=7ffdf000 edi=00535e0c 0009:trace:seh:raise_exception ebp=0033feb8 esp=0033fe9c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210286 0009:trace:seh:call_vectored_handlers calling handler at 0x7e2c13b0 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7e2c13b0 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x535023 code=c0000005 flags=0 0009:Call KERNEL32.GetProcAddress(3dbe146c,00400775 "\xc8\xfcH\x0c\x8dg\x06\x0f\xb6\xe1\x15Y\xeb\x18\xca\xeb\x14$&\x06\x98\x01?\x05@;\x0f\x85Y\xf42\r\x0f\x1e\x14l\x10\x8b\x90\x86\x8b\xda\x8e\x81\x02\xef\xde\x81\xfe~") ret=00535044 0009:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00535044 --- snip ---

The first exception after GetProcAddress() should be a single step exception because an "int 1" instruction is encountered. The app installed an SEH at 0x535023 that should get called at this point.

With your system, either in ntdll's raise_trap_exception(), raise_exception() or surrounding code, Wine itself causes a page fault, swallowing the single step exception internally. Because the app's SEH is never called, the execution resumes at next instruction causing "runaway" execution. The app code following after "int 1" is meaningless, it should never been reached. Execution reaches unmapped area, causing another page fault (0x536000) where it goes completely out of hands (due to false assumptions).

"good" sequence (my system, Fedora 12):

--- snip --- 003b:Starting process L"C:\die\die.exe" (entryproc=0x535e0c) 003b:Call KERNEL32.GetProcAddress(51fc92b3,004003df "") ret=00535e6a 003b:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00535e6a 003b:trace:seh:raise_exception code=80000004 flags=0 addr=0x535f9f ip=00535f9f tid=003b 003b:trace:seh:raise_exception eax=004b8001 ebx=ce672411 ecx=00000000 edx=000000b2 esi=7ffdf000 edi=00535e0c 003b:trace:seh:raise_exception ebp=0032fea8 esp=0032fe8c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000206 003b:trace:seh:call_vectored_handlers calling handler at 0x798370f0 code=80000004 flags=0 003b:trace:seh:call_vectored_handlers handler at 0x798370f0 returned 0 003b:trace:seh:call_stack_handlers calling handler at 0x535023 code=80000004 flags=0 003b:Call KERNEL32.GetProcAddress(3dbe146c,00400775 "\xc8\xfcH\x0c\x8dg\x06\x0f\xb6\xe1\x15Y\xeb\x18\xca\xeb\x14$&\x06\x98\x01?\x05@;\x0f\x85Y\xf42\r\x0f\x1e\x14l\x10\x8b\x90\x86\x8b\xda\x8e\x81\x02\xef\xde\x81\xfe~") ret=00535044 003b:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00535044 003b:trace:seh:raise_exception code=80000004 flags=0 addr=0x5350b2 ip=005350b2 tid=003b 003b:trace:seh:raise_exception eax=00000386 ebx=7bc90286 ecx=005350d2 edx=c0000135 esi=0032fe34 edi=0032fe8c 003b:trace:seh:raise_exception ebp=0032fa48 esp=0032fe8c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000213 003b:trace:seh:call_vectored_handlers calling handler at 0x798370f0 code=80000004 flags=0 003b:trace:seh:call_vectored_handlers handler at 0x798370f0 returned 0 003b:trace:seh:call_stack_handlers calling handler at 0x5350d2 code=80000004 flags=0 ... --- snip ---

Maybe another Wine user with openSUSE could confirm this problem, specifying exact Kernel, Glibc, Gcc version and compile flags used to build Wine (if any special for distro).

Regards

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #8 from Ole Rasmussen olerass@gmail.com 2010-06-19 05:00:15 --- So this could be caused by a bad compile? I'm not using the openSUSE distro, only their build of wine on Arch Linux x64. As I stated earlier I also tried installing Arch's own build and encountered the same problem. Perhaps that build was just a move suse build... Would it be helpful if I tried building Wine myself? Perhaps that will be the closest to your wine builds I can get.

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #10 from Ole Rasmussen olerass@gmail.com 2010-06-20 06:47:51 --- (In reply to comment #9)

Try 2.6.34 kernel.

Can you elaborate on why that should fix the problem? I'm asking because upgrading the kernel is not just something I do like upgrading my other packages.

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #12 from Ole Rasmussen olerass@gmail.com 2010-06-20 07:04:48 --- (In reply to comment #11)

Linus committed a signal fix (this patch is attached to bug 20380) and it's in 2.6.34 now:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.34.y.git;a=blobdi...

I see. Thanks for the info (slapping myself for being lazy to read..). I'll be back later with .34 results.

To comment #9: Just ignore my comment #10, I should have read bug 20380 more carefully as it states exactly why upgrading to .34 kernel would solve the problem.

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #14 from Anastasius Focht focht@gmx.net 2010-06-21 15:31:15 --- Hello,

well you could provide some info using winedbg in gdb proxy mode (winedbg alone doesn't work well within signal handlers). Make sure you compiled Wine with symbols. Start the executable as follows:

--- snip --- $ winedbg --gdb ./DiE.exe 0041:0047: create process 'C:\Program Files\die\DiE.exe'/0x110698 @0x535e0c (0<0>) ... 00000041:00000047: exception code=0xc0000005 create_alpha_bitmap ... --- snip ---

It should break at first chance exception from shell32's icon cache init. This is expected and harmless. Now instruct gdb to pass those exceptions to app handler:

--- snip --- $ handle SIGSEGV pass nostop noprint --- snip ---

Press continue "c" to pass it, you'll see output like this:

--- snip --- Wine-gdb> c Continuing. trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet trying to process a verbose packet

Program received signal SIGTRAP, Trace/breakpoint trap. start_process (peb=0x7ffdf000) at ../../../wine-git/dlls/kernel32/process.c:996 --- snip ---

The debugger stops at program entry point (as expected). Because you will most likely hit a bug/encounter erroneous SIGSEGVs we revert the SIGSEGV handling behaviour back to defaults:

--- snip --- Wine-gdb> handle SIGSEGV pass stop print Signal Stop Print Pass to program Description SIGSEGV Yes Yes Yes Segmentation fault --- snip ---

Do another continue "c". If everything works you should see the single step trap like this:

--- snip --- Wine-gdb> c Continuing. trying to process a verbose packet

Program received signal SIGTRAP, Trace/breakpoint trap. 0x00535f9f in ?? () --- snip ---

This is the single step instruction within app code and this needs to be specially handled.

If you don't see the SIGTRAP after continuing from program entry point (for example you get a SIGSEGV instead of SIGTRAP), please do a backtrace "bt" and "info reg" command at this point and attach the complete output of debugging session.

Otherwise (good case) you need to instruct gdb to pass this special one to signal handler like this:

--- snip --- $ handle SIGTRAP pass nostop --- snip ---

The debugger will ask you a question, answer with "yes"

--- snip --- SIGTRAP is used by the debugger. Are you sure you want to change it? (y or n) y Signal Stop Print Pass to program Description SIGTRAP No Yes Yes Trace/breakpoint trap --- snip ---

Continue "c". The debugger should now stop at SIGSEGV due to explicit icon load from app (would not been seen if we didn't revert the SIGSEGV back to defaults):

--- snip --- Wine-gdb> c Continuing. trying to process a verbose packet

Program received signal SIGTRAP, Trace/breakpoint trap. trying to process a verbose packet

Program received signal SIGSEGV, Segmentation fault. 0x685c9dcd in create_alpha_bitmap (color=<value optimized out>, mask=<value optimized out>, src_info=0x128f98, color_bits=0x68676330) --- snip ---

Continue "c" and the app GUI should be shown.

Regards

http://bugs.winehq.org/show_bug.cgi?id=23222

--- Comment #16 from Alexandre Julliard julliard@winehq.org 2010-06-29 14:40:28 --- That's a recent kernel regression, it's also causing bug 23323.

http://bugs.winehq.org/show_bug.cgi?id=23222

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |DUPLICATE Summary|DiE (Detect it Easy) |DiE (Detect it Easy) |crashes with unhandled page |crashes with unhandled page |fault |fault (Linux kernel bug, | |icebp (opcode 0xf1) no | |longer causes SIGTRAP)

--- Comment #18 from Anastasius Focht focht@gmx.net 2010-08-18 04:54:50 --- Hello,

marking this one as a dupe of bug 23323 Adjusting summary accordingly.

You could try a recent .35+ kernel if your distro provides it or check your distro kernel changelog if the icebp patch got backported to some earlier kernel version.

Regards

*** This bug has been marked as a duplicate of bug 23323 ***