Jesse D Zbikowski
2005-Mar-20 13:46 UTC
[Wine]Wine 20050310 / Linux 2.6.11 crashes on munmap()
I have an application ("The Rosetta Stone" 2.0.7a) which segfaults
during the startup splash screen. According to strace() it is trying
to munmap() an address (0x7a6b3000) which was never mmap()'d. I get
identical behavior with Wine 20050111 and kernels 2.6.9 / 2.6.10 (I
use gentoo-sources). I noticed some people had similar issues
upgrading from 2.6.9 to 2.6.10.
http://lkml.org/lkml/2004/12/4/62
http://www.winehq.org/hypermail/wine-users/2005/01/0241.html
Mike Hearn
2005-Mar-20 14:41 UTC
[Wine]Re: Wine 20050310 / Linux 2.6.11 crashes on munmap()
On Sun, 20 Mar 2005 14:46:48 -0500, Jesse D Zbikowski wrote:> The address 0x7a6b3000 we munmap() has was never returned by a mmap(), > but we do get it from a mmap() about 5000 lines later, after the crash > (coincidence?):
Jesse D Zbikowski
2005-Mar-20 19:13 UTC
[Wine]Re: Wine 20050310 / Linux 2.6.11 crashes on munmap()
Thanks for the feedback. Here is my winedbg session.
bash-2.05b$ winedbg TheRosettaStone.exe
WineDbg starting on pid 0xa
In 32 bit mode.
0x77b73043: jmp 0x77b73032
Wine-dbg>set +tid
No symbols found for first_dll
Wine-dbg>set +relay
No symbols found for first_dll
Wine-dbg>set +seh
No symbols found for first_dll
Wine-dbg>c
err:module:load_builtin_dll loaded .so for L"notepad.exe" but got
L"notepad.exe.exe" instead - probably 16-bit dll
err:module:load_builtin_dll loaded .so for L"regedit.exe" but got
L"regedit.exe.exe" instead - probably 16-bit dll
First chance exception: page fault on read access to 0x77ad71d8 in 32-bit
code (0x7feb03d3).
Register dump:
CS:0073 SS:007b DS:007b ES:007b FS:003b GS:0033
EIP:7feb03d3 ESP:77ace678 EBP:77aceaa4 EFLAGS:00010287( - 00 RISP1C)
EAX:000022d0 EBX:7fef2704 ECX:778aee20 EDX:00000000
ESI:7e222bf0 EDI:77acec20
Stack dump:
0x77ace678: 00000044 00000000 00000100 77ace698
0x77ace688: 00000400 00000000 00000100 00000001
0x77ace698: 00000000 00000080 00008000 00008080
0x77ace6a8: 00800000 00800080 00808000 00c0c0c0
0x77ace6b8: 00c0dcc0 00f0caa6 00f0fbff 00a4a0a0
0x77ace6c8: 00808080 000000ff 0000ff00 0000ffff
Backtrace:
=>1 0x7feb03d3 in x11drv (+0x103d3) (0x77aceaa4)
2 0x7feb78cb X11DRV_DIB_CreateDIBSection+0x1cb in x11drv (0x77aceb5c)
3 0x77874633 DIB_CreateDIBSection+0xa3 in gdi32 (0x77aceb90)
4 0x778746a8 CreateDIBSection+0x48 in gdi32 (0x77acebb8)
5 0x690323bb 1680+0xbbb in iml32 (0x7b1f54a4)
6 0x00000264 (0x00000010)
7 0x00000000 (0x00000000)
0x7feb03d3: movzbl 0xfffffbf4(%ebp,%eax,4),%eax
So now this looks more like a problem with the X11 driver. I run
xorg-x11-6.8.1.902 -3dfx -3dnow +bitmap-fonts +cjk -debug -dlloader
-dmx +doc +font-server -hardened -insecure-drivers -ipv6 -minimal +mmx
+nls +opengl +pam -sdk +sse -static +truetype-fonts +type1-fonts
(-uclibc) +xprint +xv.
I use a Trident Cyberblade/i1 (xorg "trident_drv.o" driver) at
1024x768@16bpp 85Hz. I could try an upgrade to xorg 6.8.2.
I rebuilt wine with USE=debug and got some extra information from
winedbg, though I'm not sure how useful it is.
bash-2.05b$ winedbg TheRosettaStone.exe
WineDbg starting on pid 0x16
In 32 bit mode.
0x77b53f7e: jmp 0x77b53f6d
Wine-dbg>set +tid
fixme:dbghelp:elf_load_debug_info_from_map Unsupported Dwarf2 information
for ximcp.so.2
fixme:dbghelp:elf_load_debug_info_from_map Unsupported Dwarf2 information
for xlcdef.so.2
fixme:dbghelp:elf_load_debug_info_from_map Unsupported Dwarf2 information
for libpthread.so.0
No symbols found for first_dll
Wine-dbg>set +relay
No symbols found for first_dll
Wine-dbg>set +seh
No symbols found for first_dll
Wine-dbg>c
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:ddraw:Main_DirectDraw_SetCooperativeLevel
(0x7ca50120)->(00000000,00000008)
fixme:ddraw:Main_DirectDraw_SetCooperativeLevel
(0x7ec114f0)->(00000000,00000008)
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeEndPeriod Stub; we set our timer resolution at minimum
fixme:ddraw:Main_DirectDraw_SetCooperativeLevel
(0x7ec11638)->(00000000,00000008)
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeEndPeriod Stub; we set our timer resolution at minimum
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmpD2F83.FOT","F:\\AAX8f16.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp32293.FOT","F:\\AAX9217.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp21593.FOT","F:\\AAX94f5.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp02893.FOT","F:\\AAX9801.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmpFEC93.FOT","F:\\AAX9cd8.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp940A3.FOT","F:\\AAXa039.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp943A3.FOT","F:\\AAXa324.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp7D6A3.FOT","F:\\AAXa6cc.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp9AAA3.FOT","F:\\AAXaa8e.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp43DA3.FOT","F:\\AAXad29.tmp",(null)):
stub
fixme:font:CreateScalableFontResourceA
(0,"c:\\Windows\\System\\tmp8D0B3.FOT","F:\\AAXb0ba.tmp",(null)):
stub
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x1b78,0,(nil)): almost empty stub!
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeBeginPeriod Stub; we set our timer resolution at minimum
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:mmtime:timeEndPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeEndPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeEndPeriod Stub; we set our timer resolution at minimum
fixme:mmtime:timeEndPeriod Stub; we set our timer resolution at minimum
fixme:dbghelp:SymLoadModule Should have successfully loaded debug
information for image C:\WINDOWS\SYSTEM\NOTEPAD.EXE.EXE
err:module:load_builtin_dll loaded .so for L"notepad.exe" but got
L"notepad.exe.exe" instead - probably 16-bit dll
fixme:dbghelp:SymLoadModule Should have successfully loaded debug
information for image C:\WINDOWS\SYSTEM\REGEDIT.EXE.EXE
err:module:load_builtin_dll loaded .so for L"regedit.exe" but got
L"regedit.exe.exe" instead - probably 16-bit dll
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:wininet:InternetGetConnectedState always returning LAN connection.
fixme:wininet:InternetGetConnectedState always returning LAN connection.
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:ole:CoCreateInstance no classfactory created for CLSID
{00021401-0000-0000-c000-000000000046}, hres is 0x80040154
fixme:font:GetKerningPairsW (0x56b0,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x56b0,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x56b0,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x56b0,0,(nil)): almost empty stub!
fixme:font:GetKerningPairsW (0x56b0,0,(nil)): almost empty stub!
First chance exception: page fault on read access to 0x77ab71cc in 32-bit
code (0x7fea0df3).
Register dump:
CS:0073 SS:007b DS:007b ES:007b FS:003b GS:0033
EIP:7fea0df3 ESP:77aae66c EBP:77aaea98 EFLAGS:00010287( - 00 RISP1C)
EAX:000022d0 EBX:7fef26e4 ECX:7786b4e0 EDX:00000000
ESI:7e12e930 EDI:77aaec20
Stack dump:
0x77aae66c: 00000044 00000000 00000100 77aae68c
0x77aae67c: 00000400 00000000 00000100 00000001
0x77aae68c: 00000000 00000080 00008000 00008080
0x77aae69c: 00800000 00800080 00808000 00c0c0c0
0x77aae6ac: 00c0dcc0 00f0caa6 00f0fbff 00a4a0a0
0x77aae6bc: 00808080 000000ff 0000ff00 0000ffff
Backtrace:
=>1 0x7fea0df3 in x11drv (+0x10df3) (0x77aaea98)
2 0x7fea9119 X11DRV_DIB_CreateDIBSection+0x229 in x11drv (0x77aaeb5c)
3 0x77824bd3 DIB_CreateDIBSection+0xa3 in gdi32 (0x77aaeb90)
4 0x77824c48 CreateDIBSection+0x48 in gdi32 (0x77aaebb8)
5 0x690323bb 1680+0xbbb in iml32 (0x7b3c4320)
6 0x00000264 (0x00000010)
7 0x00000000 (0x00000000)
0x7fea0df3: movzbl 0xfffffbf4(%ebp,%eax,4),%eax