[Bug 46187] New: Windows PowerShell Core 6.2 Preview 2 for ARM32 crashes due to unhandled trap_no 0 (write watch access causes SIGSEGV)
https://bugs.winehq.org/show_bug.cgi?id=46187
Bug ID: 46187 Summary: Windows PowerShell Core 6.2 Preview 2 for ARM32 crashes due to unhandled trap_no 0 (write watch access causes SIGSEGV) Product: Wine Version: 3.21 Hardware: arm OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
now that I have a full multi-lib/bi-arch Wine on ARM64, revisiting the ARM32/aarch32 side of things ;-)
Download: https://github.com/PowerShell/PowerShell/releases
https://github.com/PowerShell/PowerShell/releases/download/v6.2.0-preview.2/...
--- snip --- $ WINEDEBUG=+seh,+loaddll,+process,+relay wine ./pwsh.exe >>log.txt 2>&1 ... 002b:Call KERNEL32.VirtualAlloc(00000000,000a0000,00202000,00000004) ret=f68e14f1 002b:Ret KERNEL32.VirtualAlloc() retval=f3970000 ret=f68e14f1 002b:Call KERNEL32.VirtualAlloc(f3970000,00010068,00001000,00000004) ret=f68e156d 002b:Ret KERNEL32.VirtualAlloc() retval=f3970000 ret=f68e156d 002b:err:seh:segv_handler Got unexpected trap 0 002b:trace:seh:raise_exception code=c000001d flags=0 addr=0xf68e160c pc=f68e160c tid=002b 002b:trace:seh:raise_exception r0=f3970020 r1=f6ffe904 r2=0000001e r3=f3a20000 r4=f703aa34 r5=00090068 002b:trace:seh:raise_exception r6=00000000 r7=f69da5e4 r8=f3970000 r9=f6b08500 r10=f69e1268 r11=f6ffeaa0 002b:trace:seh:raise_exception r12=f68e156d sp=f6ffea48 lr=f7838ccc pc=f68e160c cpsr=40000030 002b:trace:seh:call_vectored_handlers calling handler at 0xf6756221 code=c000001d flags=0 ... wine: Unhandled illegal instruction at address 0xf68e160c (thread 002b), starting debugger... Unhandled exception: illegal instruction in 32-bit code (0xf68e160c). Register dump: Thumb User Mode Pc:f68e160c Sp:f6ffea48 Lr:f7838ccc Cpsr:40000030(-Z--) r0:f3970020 r1:f6ffe904 r2:0000001e r3:f3a20000 r4:f703aa34 r5:00090068 r6:00000000 r7:f69da5e4 r8:f3970000 r9:f6b08500 r10:f69e1268 r11:f6ffeaa0 r12:f68e156d ... Backtrace: =>0 0xf68e160c in coreclr (+0x1d160c) (0xf6ffeaa0) 1 0xf7838ccc relay_trace_exit+0x1a3() [/home/focht/projects/wine/mainline-src/dlls/ntdll/relay.c:556] in ntdll (0xf6ffeaa0) 2 0xf7838ccc relay_trace_exit+0x1a3() [/home/focht/projects/wine/mainline-src/dlls/ntdll/relay.c:556] in ntdll (0xf6b00204) 3 0xf6ffec38 (0x00000000) 0xf68e160c: strd r6, r3, [r0, #-32] Modules: Module Address Debug info Name (63 modules) PE 400000- 439000 Deferred pwsh ELF 48c000- 49f000 Deferred <wine-loader> PE 10000000-10045000 Deferred hostfxr ELF f5d88000-f5dad000 Deferred imm32<elf> -PE f5d90000-f5dad000 \ imm32 ELF f5dad000-f5dd6000 Deferred libgcc_s.so.1 ELF f5dd6000-f5e0c000 Deferred libexpat.so.1 ELF f5e0c000-f5e4b000 Deferred libfontconfig.so.1 ELF f5e4b000-f5e6b000 Deferred libz.so.1 ELF f5e6b000-f5edf000 Deferred libfreetype.so.6 ELF f5ef8000-f5f0c000 Deferred api-ms-win-crt-time-l1-1-0<elf> -PE f5f00000-f5f0c000 \ api-ms-win-crt-time-l1-1-0 ELF f5f0c000-f5f20000 Deferred api-ms-win-crt-utility-l1-1-0<elf> -PE f5f10000-f5f20000 \ api-ms-win-crt-utility-l1-1-0 ELF f5f20000-f5f9c000 Deferred shlwapi<elf> -PE f5f30000-f5f9c000 \ shlwapi ELF f5f9c000-f60e2000 Deferred oleaut32<elf> -PE f5fb0000-f60e2000 \ oleaut32 ELF f60e2000-f617b000 Deferred rpcrt4<elf> -PE f60f0000-f617b000 \ rpcrt4 ELF f617b000-f6196000 Deferred version<elf> -PE f6180000-f6196000 \ version ELF f6196000-f62e6000 Deferred gdi32<elf> -PE f61a0000-f62e6000 \ gdi32 ELF f62e6000-f6515000 Deferred user32<elf> -PE f6300000-f6515000 \ user32 ELF f6515000-f668e000 Deferred ole32<elf> -PE f6530000-f668e000 \ ole32 ELF f668e000-f6710000 Deferred advapi32<elf> -PE f66a0000-f6710000 \ advapi32 PE f6710000-f6b3f000 Export coreclr PE f6b40000-f6ba6000 Deferred hostpolicy ... LF f7a03000-f7bb8000 Dwarf libwine.so.1 ELF f7bb8000-f7be1000 Deferred ld-linux-armhf.so.3 Threads: process tid prio (all id:s are in hex) ... 0000002a (D) Z:\home\focht\projects\woa-winrt\powershell620-arm32\pwsh.exe 0000002c 0 0000002b 0 <== System information: Wine build: wine-3.21-4-gfc4d5d49c6 Platform: arm Version: Windows 7 Host system: Linux Host version: 4.18.14-yocto-standard --- snip ---
Debugging session:
--- snip --- $ gdb wine GNU gdb (GDB) 8.2 ... Reading symbols from wine...done. (gdb) run pwsh.exe Starting program: /home/focht/projects/wine/mainline-install-arm/bin/wine pwsh.exe [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [Detaching after fork from child process 4337] [Detaching after fork from child process 4339] 0009:fixme:msvcrt:_configure_wide_argv (1) stub 0009:fixme:msvcrt:_initialize_wide_environment stub 0009:fixme:process:GetNumaHighestNodeNumber (0xf73ced14): semi-stub 0009:fixme:thread:SetThreadStackGuarantee (0xf73cec98): stub 0009:fixme:ntdll:EtwEventRegister ({e13c0d23-ccbc-4e12-931b-d9cc2eee27e4}, 0xf6aed7b1, 0xf6e6d920, 0xf6e6d920) stub. 0009:fixme:ntdll:EtwEventRegister ({763fd754-7086-4dfe-95eb-c01a46faf4ca}, 0xf6aed7b1, 0xf6e6d958, 0xf6e6d958) stub. 0009:fixme:ntdll:EtwEventRegister ({a669021c-c450-4609-a035-5af59af4df18}, 0xf6aed7b1, 0xf6e6d8e8, 0xf6e6d8e8) stub. 0009:fixme:wer:WerRegisterRuntimeExceptionModule (L"Z:\home\focht\projects\woa-winrt\powershell620-arm32\mscordaccore.dll", 0xf6a80000) stub! [New Thread 0xf5f23460 (LWP 4501)] 0009:fixme:msvcrt:_control87 not implemented
Thread 1 "pwsh.exe" received signal SIGSEGV, Segmentation fault. 0xf6c5160c in ?? () (gdb) info reg r0 0xf3ce0020 4090363936 r1 0xf73ce944 4147964228 r2 0x11000 69632 r3 0xf3d90000 4091084800 r4 0xf74baee0 4148932320 r5 0x90068 589928 r6 0x0 0 r7 0xf6d4a5e4 4141131236 r8 0xf3ce0000 4090363904 r9 0xf6e78500 4142368000 r10 0xf6d51268 4141159016 r11 0xf73ceaa0 4147964576 r12 0xaf 175 sp 0xf73cea48 0xf73cea48 lr 0xf7ddf7a9 -136448087 pc 0xf6c5160c 0xf6c5160c cpsr 0x600f0030 1611595824 Unable to fetch SVE register header: Invalid argument.
(gdb) set arm fallback-mode thumb
(gdb) x/10i 0xf6c5160c => 0xf6c5160c: strd r6, r3, [r0, #-32] 0xf6c51610: ldr r3, [sp, #36] ; 0x24 0xf6c51612: ldr r4, [sp, #44] ; 0x2c 0xf6c51614: str.w r3, [r0, #-24] 0xf6c51618: ldr r3, [sp, #40] ; 0x28 0xf6c5161a: add.w r3, r0, r3, lsl #2 0xf6c5161e: str.w r3, [r0, #-20] 0xf6c51622: strd r5, r6, [r0, #-8] 0xf6c51626: ldr.w r3, [r0, #-20] 0xf6c5162a: add.w r3, r3, r4, lsl #1
(gdb) x/10x ($r0-0x20) 0xf3ce0000: 0x00000000 0x00000000 0x00000000 0x00000000 0xf3ce0010: 0x00000000 0x00000000 0x00000000 0x00000000 0xf3ce0020: 0x00000000 0x00000000
(gdb) bt #0 segv_handler (signal=0xb, info=0xf73ce6d8, ucontext=0xf73ce758) at /home/focht/projects/wine/mainline-src/dlls/ntdll/signal_arm.c:732 #1 <signal handler called> #2 0xf6c5160c in ?? () #3 0xf7ddf7a8 in pthread_sigmask (how=0x90068, newmask=<optimized out>, oldmask=0xf74baee0 <VirtualAlloc>) at ../sysdeps/unix/sysv/linux/pthread_sigmask.c:45 #4 0x000e0280 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) set output-radix 16
(gdb) p *context $3 = {uc_flags = 0x0, uc_link = 0x0, uc_stack = {ss_sp = 0x0, ss_flags = 0x0, ss_size = 0x0}, uc_mcontext = {trap_no = 0x0, error_code = 0x800, oldmask = 0x0, arm_r0 = 0xf3ce0020, arm_r1 = 0xf73ce944, arm_r2 = 0x11000, arm_r3 = 0xf3d90000, arm_r4 = 0xf74baee0, arm_r5 = 0x90068, arm_r6 = 0x0, arm_r7 = 0xf6d4a5e4, arm_r8 = 0xf3ce0000, arm_r9 = 0xf6e78500, arm_r10 = 0xf6d51268, arm_fp = 0xf73ceaa0, arm_ip = 0xaf, arm_sp = 0xf73cea48, arm_lr = 0xf7ddf7a9, arm_pc = 0xf6c5160c, arm_cpsr = 0x602f0030, fault_address = 0xf3ce0000}, uc_sigmask = {__val = {0x0, 0x0, 0xf3ce0000, 0xf7ccdd34, 0xa0000, 0xffffffff, 0xf6d4a5e4, 0xf7ddf7a9, 0xf73ce82c, 0xf7c7f6c0, 0x0, 0x1, 0x11000, 0xf3ce0000, 0x43, 0x1, 0xf73ce834, 0xf7c7fd20, 0xffffffff, 0xa5e4, 0x11000, 0xf3ce0000, 0xb0000, 0x1, 0x1, 0xf3ce0000, 0x11, 0x11, 0xffffffff, 0xf7cbb180, 0x2300ffff, 0xf73ce84c}}, uc_regspace = {0x56465001, 0x120, 0x80005, 0x0, 0xa0a0a0a, 0xa0a0a0a, 0x10000, 0x10000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8040201, 0x80402010, 0x8040201, 0x80402010, 0x0 <repeats 18 times>, 0x594e9a4, 0x0 <repeats 29 times>, 0x20000010, 0xf7810088, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0xf6b36fff, 0x0, 0xe8f86fff, 0x0, 0xf6b37000, 0x0, 0xe8f87000, 0x0, 0xfffeefff, 0x0, 0xfffdefff, 0x0, 0x0, 0x0, 0x2, 0xf73ce9b4, 0xf73ce9d4, 0xf7810064, 0xf73ce9d4, 0xf7c02a14, 0x2, 0xf7810060, 0xe0268, 0xf7941508, 0x43, 0xf783fd98, 0xf73cea1c, 0xf7c1e7c8, 0xf6ac0c51, 0x6, 0xf73cea0c, 0xffff, 0x0, 0x0, 0x11000, 0xf3ce0000, 0xf73cea24, 0xf74baf74, 0x1000, 0x4, 0x1000, 0x11000, 0xf3ce0000, 0xffffffff, 0xf3ce0000, 0x0, 0xf73cea44, 0xf74baf18, 0x4, 0x40, 0x4, 0x1000, 0x10068, 0xf3ce0000}} --- snip ---
trap_no = 0 error_code = 0x800 (write access) fault_address = 0xf3ce0000
Using +virtual debug channel reveals it:
--- snip --- 0009:trace:virtual:NtAllocateVirtualMemory 0xffffffff (nil) 000a0000 202000 00000004 0009:trace:virtual:map_view got mem with anon mmap 0xf3ce0000-0xf3d80000 0009:trace:virtual:VIRTUAL_DumpView View: 0xf3ce0000 - 0xf3d7ffff (valloc) 0009:trace:virtual:VIRTUAL_DumpView 0xf3ce0000 - 0xf3d7ffff -Hrw- 0009:trace:virtual:NtAllocateVirtualMemory 0xffffffff 0xf3ce0000 00010068 1000 00000004 0009:trace:virtual:VIRTUAL_DumpView View: 0xf3ce0000 - 0xf3d7ffff (valloc) 0009:trace:virtual:VIRTUAL_DumpView 0xf3ce0000 - 0xf3cf0fff cHrw- 0009:trace:virtual:VIRTUAL_DumpView 0xf3cf1000 - 0xf3d7ffff -Hrw- --- snip ---
VPROT_COMMITTED + VPROT_WRITEWATCH + VPROT_READ + VPROT_WRITE
A write watch should get triggered here. Wine has no trap number mapping and defaults to "illegal instruction" where things go haywire.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/signal_arm.c#l1...
--- snip --- 117 enum arm_trap_code 118 { 119 TRAP_ARM_UNKNOWN = -1, /* Unknown fault (TRAP_sig not defined) */ 120 TRAP_ARM_PRIVINFLT = 6, /* Invalid opcode exception */ 121 TRAP_ARM_PAGEFLT = 14, /* Page fault */ 122 TRAP_ARM_ALIGNFLT = 17, /* Alignment check exception */ 123 }; --- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/signal_arm.c#l7...
--- snip --- 712 static void segv_handler( int signal, siginfo_t *info, void *ucontext ) 713 { 714 EXCEPTION_RECORD *rec; 715 ucontext_t *context = ucontext; 716 717 /* check for page fault inside the thread stack */ 718 if (get_trap_code(context) == TRAP_ARM_PAGEFLT && 719 (char *)info->si_addr >= (char *)NtCurrentTeb()->DeallocationStack && 720 (char *)info->si_addr < (char *)NtCurrentTeb()->Tib.StackBase && 721 virtual_handle_stack_fault( info->si_addr )) 722 { 723 /* check if this was the last guard page */ 724 if ((char *)info->si_addr < (char *)NtCurrentTeb()->DeallocationStack + 2*4096) 725 { 726 rec = setup_exception( context, raise_segv_exception ); 727 rec->ExceptionCode = EXCEPTION_STACK_OVERFLOW; 728 } 729 return; 730 } 731 732 rec = setup_exception( context, raise_segv_exception ); 733 if (rec->ExceptionCode == EXCEPTION_STACK_OVERFLOW) return; 734 735 switch(get_trap_code(context)) 736 { 737 case TRAP_ARM_PRIVINFLT: /* Invalid opcode exception */ 738 rec->ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION; 739 break; 740 case TRAP_ARM_PAGEFLT: /* Page fault */ 741 rec->ExceptionCode = EXCEPTION_ACCESS_VIOLATION; 742 rec->NumberParameters = 2; 743 rec->ExceptionInformation[0] = (get_error_code(context) & 0x800) != 0; 744 rec->ExceptionInformation[1] = (ULONG_PTR)info->si_addr; 745 break; 746 case TRAP_ARM_ALIGNFLT: /* Alignment check exception */ 747 rec->ExceptionCode = EXCEPTION_DATATYPE_MISALIGNMENT; 748 break; 749 case TRAP_ARM_UNKNOWN: /* Unknown fault code */ 750 rec->ExceptionCode = EXCEPTION_ACCESS_VIOLATION; 751 rec->NumberParameters = 2; 752 rec->ExceptionInformation[0] = 0; 753 rec->ExceptionInformation[1] = 0xffffffff; 754 break; 755 default: 756 ERR("Got unexpected trap %d\n", get_trap_code(context)); 757 rec->ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION; 758 break; 759 } 760 } --- snip ---
Since 'TRAP_ARM_PAGEFLT' identifier has already been used for trap_no 14 (arch/arm/mm/fault.c:__do_user_fault) I guess you have to invent another identifier for essentially the same thing.
With that part fixed it runs a bit further - into next Wine ARM32 bug ;-)
$ sha1sum PowerShell-6.2.0-preview.2-win-arm32.zip b77b87906514e802c03c84fcb72ce39f925c3b41 PowerShell-6.2.0-preview.2-win-arm32.zip
$ du -sh PowerShell-6.2.0-preview.2-win-arm32.zip 40M PowerShell-6.2.0-preview.2-win-arm32.zip
Regards
https://bugs.winehq.org/show_bug.cgi?id=46187
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://github.com/PowerShe | |ll/PowerShell/releases/down | |load/v6.2.0-preview.2/Power | |Shell-6.2.0-preview.2-win-a | |rm32.zip Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=46187
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
for completeness here is the corresponding change for Linux kernel arch arm64, AArch32 mode:
https://github.com/torvalds/linux/commit/9141300a5884b57cea6d32c4e3fd16a337c...
v3.16-rc1+
--- snip --- arm64: Provide read/write fault information in compat signal handlers
For AArch32, bit 11 (WnR) of the FSR/ESR register is set when the fault was caused by a write access and applications like Qemu rely on such information being provided in sigcontext. This patch introduces the ESR_EL1 tracking for the arm64 kernel faults and sets bit 11 accordingly in compat sigcontext.
Signed-off-by: Catalin Marinas catalin.marinas@arm.com --- snip ---
https://github.com/torvalds/linux/blob/9141300a5884b57cea6d32c4e3fd16a337cfc...
--- snip --- #define FSR_WRITE_SHIFT (11)
...
static int compat_setup_sigframe(struct compat_sigframe __user *sf, struct pt_regs *regs, sigset_t *set) { struct compat_aux_sigframe __user *aux; int err = 0;
__put_user_error(regs->regs[0], &sf->uc.uc_mcontext.arm_r0, err); __put_user_error(regs->regs[1], &sf->uc.uc_mcontext.arm_r1, err); __put_user_error(regs->regs[2], &sf->uc.uc_mcontext.arm_r2, err); __put_user_error(regs->regs[3], &sf->uc.uc_mcontext.arm_r3, err); __put_user_error(regs->regs[4], &sf->uc.uc_mcontext.arm_r4, err); __put_user_error(regs->regs[5], &sf->uc.uc_mcontext.arm_r5, err); __put_user_error(regs->regs[6], &sf->uc.uc_mcontext.arm_r6, err); __put_user_error(regs->regs[7], &sf->uc.uc_mcontext.arm_r7, err); __put_user_error(regs->regs[8], &sf->uc.uc_mcontext.arm_r8, err); __put_user_error(regs->regs[9], &sf->uc.uc_mcontext.arm_r9, err); __put_user_error(regs->regs[10], &sf->uc.uc_mcontext.arm_r10, err); __put_user_error(regs->regs[11], &sf->uc.uc_mcontext.arm_fp, err); __put_user_error(regs->regs[12], &sf->uc.uc_mcontext.arm_ip, err); __put_user_error(regs->compat_sp, &sf->uc.uc_mcontext.arm_sp, err); __put_user_error(regs->compat_lr, &sf->uc.uc_mcontext.arm_lr, err); __put_user_error(regs->pc, &sf->uc.uc_mcontext.arm_pc, err); __put_user_error(regs->pstate, &sf->uc.uc_mcontext.arm_cpsr, err);
__put_user_error((compat_ulong_t)0, &sf->uc.uc_mcontext.trap_no, err); /* set the compat FSR WnR */ __put_user_error(!!(current->thread.fault_code & ESR_EL1_WRITE) << FSR_WRITE_SHIFT, &sf->uc.uc_mcontext.error_code, err); __put_user_error(current->thread.fault_address, &sf->uc.uc_mcontext.fault_address, err); __put_user_error(set->sig[0], &sf->uc.uc_mcontext.oldmask, err);
err |= put_sigset_t(&sf->uc.uc_sigmask, set);
aux = (struct compat_aux_sigframe __user *) sf->uc.uc_regspace;
if (err == 0) err |= compat_preserve_vfp_context(&aux->vfp); __put_user_error(0, &aux->end_magic, err);
return err; } --- snip ---
Regards
https://bugs.winehq.org/show_bug.cgi?id=46187
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de
https://bugs.winehq.org/show_bug.cgi?id=46187
--- Comment #2 from André H. nerv@dawncrow.de --- Created attachment 62969 --> https://bugs.winehq.org/attachment.cgi?id=62969 ntdll: Handle trap code 0 on ARM
Does that fix the issue?
https://bugs.winehq.org/show_bug.cgi?id=46187
--- Comment #3 from André H. nerv@dawncrow.de --- patch sent: https://source.winehq.org/patches/data/161704
https://bugs.winehq.org/show_bug.cgi?id=46187
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Fixed by SHA1| |4bfc2c32ffcf861fc1804c1e350 | |152b9bef5b07c
--- Comment #4 from André H. nerv@dawncrow.de --- fixed by 4bfc2c32ffcf861fc1804c1e350152b9bef5b07c
https://bugs.winehq.org/show_bug.cgi?id=46187
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.6.
https://bugs.winehq.org/show_bug.cgi?id=46187
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.0.x
https://bugs.winehq.org/show_bug.cgi?id=46187
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|4.0.x |---
--- Comment #6 from Michael Stefaniuc mstefani@winehq.org --- Removing the 4.0.x milestone from bug fixes included in 4.0.2.
https://bugs.winehq.org/show_bug.cgi?id=46187
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://github.com/PowerShe |https://web.archive.org/web |ll/PowerShell/releases/down |/20210319092139/https://git |load/v6.2.0-preview.2/Power |hub.com/PowerShell/PowerShe |Shell-6.2.0-preview.2-win-a |ll/releases/download/v6.2.0 |rm32.zip |-preview.2/PowerShell-6.2.0 | |-preview.2-win-arm32.zip
-
wine-bugs@winehq.org -
WineHQ Bugzilla