I was playing with wine yesterday and I noticed that whenever I pressed a
certain button in a certain app under wine, I would get a pair of OOPS'es
and wine would die. Absolutely reliable, it happened each time I tried it. :)
The instructions generating the problems were absolutely inoffensive, but
one of them was a pop, so I thought I might have screwed up the stack (I
was running a kernel with 1024 fd's per process). I compiled a vanilla
2.0.28 - the oopses kept popping up; I even booted to 2.1.25 - the oopses
were still there.
Out of curiosity, I straced wine and I noticed that the problems appear
after wine calls modify_ldt (after which die_if_kernel kills it on the
spot with a SEGV). It always happens in ret_from_sys_call, and it looks
like the second one is generated in the process of taking care of the
first one.
Now.. I know, it's a Windows app, it's supposed to crash. :-) Sure. It
shouldn't take the whole kernel with it though (well, it doesn't, but..).
I know almost nothing about descriptor tables on x86, how they should be
set up and what a user space app is allowed to modify, so someone else
(more knowledgeable) will have to look into this.
Here come the oopses (on 2.0.28)..
Ionut
--
It is better to keep your mouth shut and be thought a fool,
than to open it and remove all doubt.
general protection: 0874
CPU: 0
EIP: 0010:[ret_from_sys_call+128/144]
EFLAGS: 00010202
eax: 00000000 ebx: 00000001 ecx: 405d0c78 edx: 00000010
esi: 405d0cb0 edi: 0000010e ebp: 405d0c88 esp: 00bfefe4
ds: 002b es: 002b fs: 0847 gs: 0877 ss: 0018
Process wine (pid: 16792, process nr: 35, stackpage=00bfe000)
Stack: 00000877 0000007b 08083aa4 00000023 00000206 405d0c68 0000002b
Call Trace:
Code: 0f a9 83 c4 04 cf 8d 76 00 8d b4 26 00 00 00 00 89 e1 51 f7
general protection: 0874
CPU: 0
EIP: 0010:[ret_from_sys_call+128/144]
EFLAGS: 00010246
eax: 00105021 ebx: 0000000e ecx: 408f1000 edx: 00000105
esi: 0186738c edi: 00998408 ebp: 000ac000 esp: 00bfeef0
ds: 0018 es: 0018 fs: 002b gs: 0877 ss: 0018
Process wine (pid: 16792, process nr: 35, stackpage=00bfe000)
Stack: 00000877 fffffff4 00118908 00000010 00000206 00f34058 0268c598 02fffed8
00bfefa8 00105000 000f1000 408f1000 00998408 0011a83b 0268c598 408ac000
00045000 00f34058 0268c598 00000014 00bff000 00115a5f 0268c598 0000002b
Call Trace: [zap_page_range+220/424] [exit_mmap+131/172] [do_exit+163/472] [die_if_kernel+699/708] [<04000000>] [<03800000>] [do_general_protection+40/84]
[do_general_protection+0/84] [error_code+64/80] [ret_from_sys_call+128/144]
Code: 0f a9 83 c4 04 cf 8d 76 00 8d b4 26 00 00 00 00 89 e1 51 f7
--- and a more weird one (while I was stracing wine)---
invalid TSS: 0874
CPU: 0
EIP: 0010:[schedule+560/648]
EFLAGS: 00000246
eax: 00000008 ebx: 01457c0c ecx: 00000008 edx: 0018a828
esi: 015a4018 edi: 015a4018 ebp: 01227fac esp: 01227f84
ds: 0018 es: 0018 fs: 002b gs: 0877 ss: 0018
Process wine (pid: 288, process nr: 52, stackpage=01227000)
Stack: 01457c0c 405d0cb0 0000010e 00000000 015a4018 001152a1 015a412c 00000011
015a4018 00000001 405d0c88 0010ebdf 01457c0c 0010a65e 00000001 405d0c78
00000010 405d0cb0 0000010e 405d0c88 00000000 0000002b 0000002b 00000847
Call Trace: [notify_parent+61/68] [syscall_trace+51/96] [system_call+126/128]
Code: 39 1d 10 ac 18 00 75 02 0f 06 83 7b 38 00 74 1e 8b 53 1c 0f
... followed by another one identical to the second oops above.