It looks that the first exception is the No-exec, then there is one more lonely one (at 0x6d4db3ef) and the third one (at 0x6d4d5d7b) is the first invocation of the looping one - this one repeats in the log at the same address forever.
Sounds like the whole code section is non-executable. Check where this section comes from using +module and/or winedump.
Hi Alexandre! By making +seh,+module dump and then grepping for 6d4, I've found the following interesting excerpts:
At first:
trace:module:load_native_dll Trying native dll L"Z:\home\tv\il2sturmovikfb\bin\hotspot\jvm.dll" trace:module:map_image mapped PE file at 0x6d420000-0x6d4ef000 trace:module:map_image mapping section .text at 0x6d421000 off 1000 size 94000 virt 93dd0 flags 60000020 trace:module:map_image mapping section .rdata at 0x6d4b5000 off 95000 size 9000 virt 8ca7 flags 40000040 trace:module:map_image mapping section .data at 0x6d4be000 off 9e000 size 11000 virt 24638 flags c0000040 trace:module:map_image mapping section .reloc at 0x6d4e3000 off af000 size c000 virt bf20 flags 42000040
It looks, from this one, that 0x6d4dxxxx belongs to .data section of jvm.dll. And next:
trace:seh:raise_exception code=c0000005 flags=0 addr=0x6d4d08b0 trace:seh:raise_exception info[0]=00000008 trace:seh:raise_exception info[1]=6d4d08b0 trace:seh:raise_exception eax=00000001 ebx=7fe02cf0 ecx=7fe02cf0 edx=00000003 esi=7fe02cf0 edi=6d4e0e90 trace:seh:raise_exception ebp=7fb2fd70 esp=7fb2fd68 cs=0023 ds=002b es=002b fs=006b gs=0063 flags=00010293 trace:seh:call_stack_handlers calling handler at 0x401f00 code=c0000005 flags=0 trace:seh:_except_handler3 exception c0000005 flags=0 at 0x6d4d08b0 handler=0x401f00 0x7fb2fa44 0x7fb2f984 semi-stub trace:seh:_except_handler3 filter = 0x401e62 trace:seh:_XcptFilter (-1073741819,0x7fb2f8c0) trace:seh:_except_handler3 filter returned CONTINUE_SEARCH trace:seh:_except_handler3 reached TRYLEVEL_END, returning ExceptionContinueSearch trace:seh:call_stack_handlers handler at 0x401f00 returned 1 trace:seh:call_stack_handlers calling handler at 0x7b82be80 code=c0000005 flags=0 fixme:seh:check_no_exec No-exec fault triggered at 0x6d4d08b0, enabling work-around trace:seh:call_stack_handlers handler at 0x7b82be80 returned 0
We already know this one. It's the first attempt to access this address range. Workaround has been tried to activate. And now:
trace:module:MODULE_InitDLL (0x6d420000 L"jvm.dll",THREAD_ATTACH,(nil)) - CALL trace:module:MODULE_InitDLL (0x6d420000,THREAD_ATTACH,(nil)) - RETURN 1 trace:seh:raise_exception code=c0000005 flags=0 addr=0x6d4db3ef trace:seh:raise_exception info[0]=00000008 trace:seh:raise_exception info[1]=6d4db3ef trace:seh:raise_exception eax=7fb2fb28 ebx=797f2e80 ecx=7fb2fbec edx=7fb2fcb0 esi=7fe02cf0 edi=6d4db3ef trace:seh:raise_exception ebp=7fb2fb74 esp=7fb2faf8 cs=0023 ds=002b es=002b fs=006b gs=0063 flags=00010246 trace:seh:call_stack_handlers calling handler at 0x6d4b4bba code=c0000005 flags=0 trace:seh:_except_handler3 exception c0000005 flags=0 at 0x6d4db3ef handler=0x6d4b4bba 0x7fb2f7d4 0x7fb2f714 semi-stub trace:seh:_except_handler3 filter = 0x6d469332 trace:seh:_except_handler3 filter returned CONTINUE_EXECUTION trace:seh:call_stack_handlers handler at 0x6d4b4bba returned 0 trace:seh:raise_exception code=c0000005 flags=0 addr=0x6d4d5d7b trace:seh:raise_exception info[0]=00000008 trace:seh:raise_exception info[1]=6d4d5d7b trace:seh:raise_exception eax=7fb2fb28 ebx=797f2e80 ecx=7fb2fbec edx=7fb2fcb0 esi=7fe02cf0 edi=6d4db3ef trace:seh:raise_exception ebp=7fb2fb74 esp=7fb2faf8 cs=0023 ds=002b es=002b fs=006b gs=0063 flags=00010246 trace:seh:call_stack_handlers calling handler at 0x6d4b4bba code=c0000005 flags=0 trace:seh:_except_handler3 exception c0000005 flags=0 at 0x6d4d5d7b handler=0x6d4b4bba 0x7fb2f7d4 0x7fb2f714 semi-stub trace:seh:_except_handler3 filter = 0x6d469332 trace:seh:_except_handler3 filter returned CONTINUE_EXECUTION trace:seh:call_stack_handlers handler at 0x6d4b4bba returned 0
Now we see another access to this area. According to /proc/<pid>/maps:
root@co:/proc/28433# cat maps |grep 6d4 6d420000-6d421000 r--p 00000000 09:00 20202255 /home/tv/il2sturmovikfb/bin/hotspot/jvm.dll 6d421000-6d4b5000 r-xp 00001000 09:00 20202255 /home/tv/il2sturmovikfb/bin/hotspot/jvm.dll 6d4b5000-6d4be000 r--p 00095000 09:00 20202255 /home/tv/il2sturmovikfb/bin/hotspot/jvm.dll 6d4be000-6d4cf000 rw-p 0009e000 09:00 20202255 /home/tv/il2sturmovikfb/bin/hotspot/jvm.dll 6d4cf000-6d4d0000 rw-p 6d4cf000 00:00 0 6d4d0000-6d4d1000 rwxp 6d4d0000 00:00 0 6d4d1000-6d4e3000 rw-p 6d4d1000 00:00 0 6d4e3000-6d4ef000 r--p 000af000 09:00 20202255 /home/tv/il2sturmovikfb/bin/hotspot/jvm.dll
This page really is NOT executable. So, why the workaround has been activated just for one page (6d4d0000 - 6d4d1000) and not for the other ones, where it also should be ? Why this new page has not been worked-around ?
With regards, Pavel Troller