This is the mail archive of the
cygwin
mailing list for the Cygwin project.
[BUG] Nasty bug persists on x86-64
- From: Pavel Fedin <p dot fedin at samsung dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 01 Sep 2014 18:14:26 +0400
- Subject: [BUG] Nasty bug persists on x86-64
- Authentication-results: sourceware.org; auth=none
Hello! Another update has been published and i still experience random
crashes on x86-64.
At this point i managed to go a little bit farther in my research. The
problem reproduces best with 'sh --version' command. At first glance it
seems to work OK most of the time, but take a look at strace's output:
--- cut ---
1 1 [main] sh (3292)
**********************************************
102 103 [main] sh (3292) Program name: C:\cygwin64\bin\sh.exe (windows
pid 3292)
41 144 [main] sh (3292) OS version: Windows NT-6.1
37 181 [main] sh (3292)
**********************************************
110 291 [main] sh (3292) sigprocmask: 0 = sigprocmask (0, 0x0,
0x1802BED88)
400 691 [main] sh 3292 open_shared: name shared.5, n 5, shared
0x180030000 (wanted 0x180030000), h 0x70, *m 6
86 777 [main] sh 3292 user_heap_info::init: heap base 0x600000000,
heap top 0x600000000, heap size 0x20000000 (536870912)
58 835 [main] sh 3292 open_shared: name
S-1-5-21-1454471165-515967899-839522115-3227.1, n 1, shared 0x180020000
(wanted 0x180020000), h 0x6C, *m 6
41 876 [main] sh 3292 user_info::create: opening user shared for
'S-1-5-21-1454471165-515967899-839522115-3227' at 0x180020000
41 917 [main] sh 3292 user_info::create: user shared version AB1FCCE8
70 987 [main] sh 3292 fhandler_pipe::create: name
\\.\pipe\cygwin-e022582115c10879-3292-sigwait, size 11440, mode
PIPE_TYPE_MESSAGE
88 1075 [main] sh 3292 fhandler_pipe::create: pipe read handle 0x84
39 1114 [main] sh 3292 fhandler_pipe::create: CreateFile: name
\\.\pipe\cygwin-e022582115c10879-3292-sigwait
65 1179 [main] sh 3292 fhandler_pipe::create: pipe write handle 0x88
47 1226 [main] sh 3292 dll_crt0_0: finished dll_crt0_0 initialization
--- Process 3292, exception c0000005 at 0000000076F3E4E4
57849 59075 [sig] sh 3292 wait_sig: entering ReadFile loop, my_readsig
0x84, my_sendsig 0x88
149 59224 [main] sh 3292 mount_info::conv_to_posix_path:
conv_to_posix_path (C:\cygwin64\home\p.fedin, no-keep-rel, no-add-slash)
83 59307 [main] sh 3292 normalize_win32_path: C:\cygwin64\home\p.fedin
= normalize_win32_path (C:\cygwin64\home\p.fedin)
46 59353 [main] sh 3292 mount_info::conv_to_posix_path: /home/p.fedin =
conv_to_posix_path (C:\cygwin64\home\p.fedin)
85 59438 [main] sh 3292 sigprocmask: 0 = sigprocmask (0, 0x0,
0x600018128)
241 59679 [main] sh 3292 _cygwin_istext_for_stdio: fd 0: not open
43 59722 [main] sh 3292 _cygwin_istext_for_stdio: fd 1: not open
39 59761 [main] sh 3292 _cygwin_istext_for_stdio: fd 2: not open
141 59902 [main] sh (3292) open_shared: name cygpid.3292, n 3292, shared
0x180010000 (wanted 0x180010000), h 0x16C, *m 2
--- cut ---
Note the exception. This time i managed to catch it with gdb:
--- cut ---
$ gdb --args sh --version
GNU gdb (GDB) 7.8
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-cygwin".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from sh...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/sh --version
[New Thread 2716.0x650]
Program received signal SIGSEGV, Segmentation fault.
0x0000000076f3e4e4 in ntdll!RtlDeNormalizeProcessParams () from
/cygdrive/c/Windows/SYSTEM32/ntdll.dll
(gdb) where
#0 0x0000000076f3e4e4 in ntdll!RtlDeNormalizeProcessParams () from
/cygdrive/c/Windows/SYSTEM32/ntdll.dll
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)
--- cut ---
However, the problem apparently lies not in RtlDeNormalizeProcessParams(),
but in some another, unnamed function, which follows it. The following is a
complete disassembly up to the crash point:
--- cut ---
Dump of assembler code for function ntdll!RtlDeNormalizeProcessParams:
0x0000000076f3df40 <+0>: test %rcx,%rcx
0x0000000076f3df43 <+3>: je 0x76f57be2
<ntdll!RtlIsDosDeviceName_U+57794>
0x0000000076f3df49 <+9>: mov 0x8(%rcx),%edx
0x0000000076f3df4c <+12>: test $0x1,%dl
0x0000000076f3df4f <+15>: je 0x76f3dfed
<ntdll!RtlDeNormalizeProcessParams+173>
0x0000000076f3df55 <+21>: mov 0x40(%rcx),%rax
0x0000000076f3df59 <+25>: test %rax,%rax
0x0000000076f3df5c <+28>: je 0x76f3df65
<ntdll!RtlDeNormalizeProcessParams+37>
0x0000000076f3df5e <+30>: sub %rcx,%rax
0x0000000076f3df61 <+33>: mov %rax,0x40(%rcx)
0x0000000076f3df65 <+37>: mov 0x58(%rcx),%rax
0x0000000076f3df69 <+41>: test %rax,%rax
0x0000000076f3df6c <+44>: je 0x76f3df75
<ntdll!RtlDeNormalizeProcessParams+53>
0x0000000076f3df6e <+46>: sub %rcx,%rax
0x0000000076f3df71 <+49>: mov %rax,0x58(%rcx)
0x0000000076f3df75 <+53>: mov 0x68(%rcx),%rax
0x0000000076f3df79 <+57>: test %rax,%rax
0x0000000076f3df7c <+60>: je 0x76f3df85
<ntdll!RtlDeNormalizeProcessParams+69>
0x0000000076f3df7e <+62>: sub %rcx,%rax
0x0000000076f3df81 <+65>: mov %rax,0x68(%rcx)
0x0000000076f3df85 <+69>: mov 0x78(%rcx),%rax
0x0000000076f3df89 <+73>: test %rax,%rax
0x0000000076f3df8c <+76>: je 0x76f3df95
<ntdll!RtlDeNormalizeProcessParams+85>
0x0000000076f3df8e <+78>: sub %rcx,%rax
0x0000000076f3df91 <+81>: mov %rax,0x78(%rcx)
0x0000000076f3df95 <+85>: mov 0xb8(%rcx),%rax
0x0000000076f3df9c <+92>: test %rax,%rax
0x0000000076f3df9f <+95>: je 0x76f3dfab
<ntdll!RtlDeNormalizeProcessParams+107>
0x0000000076f3dfa1 <+97>: sub %rcx,%rax
0x0000000076f3dfa4 <+100>: mov %rax,0xb8(%rcx)
0x0000000076f3dfab <+107>: mov 0xc8(%rcx),%rax
0x0000000076f3dfb2 <+114>: test %rax,%rax
0x0000000076f3dfb5 <+117>: je 0x76f3dfc1
<ntdll!RtlDeNormalizeProcessParams+129>
0x0000000076f3dfb7 <+119>: sub %rcx,%rax
0x0000000076f3dfba <+122>: mov %rax,0xc8(%rcx)
0x0000000076f3dfc1 <+129>: mov 0xd8(%rcx),%rax
0x0000000076f3dfc8 <+136>: test %rax,%rax
0x0000000076f3dfcb <+139>: je 0x76f3dfd7
<ntdll!RtlDeNormalizeProcessParams+151>
0x0000000076f3dfcd <+141>: sub %rcx,%rax
0x0000000076f3dfd0 <+144>: mov %rax,0xd8(%rcx)
0x0000000076f3dfd7 <+151>: mov 0xe8(%rcx),%rax
0x0000000076f3dfde <+158>: test %rax,%rax
0x0000000076f3dfe1 <+161>: jne 0x76f57be5
<ntdll!RtlIsDosDeviceName_U+57797>
0x0000000076f3dfe7 <+167>: and $0xfffffffe,%edx
0x0000000076f3dfea <+170>: mov %edx,0x8(%rcx)
0x0000000076f3dfed <+173>: mov %rcx,%rax
0x0000000076f3dff0 <+176>: retq
0x0000000076f3dff1 <+177>: mov %r8d,%ecx
0x0000000076f3dff4 <+180>: jmpq 0x76f3bdb6
<ntdll!LdrQueryImageFileExecutionOptionsEx+550>
0x0000000076f3dff9 <+185>: mov -0x8(%r13),%edi
0x0000000076f3dffd <+189>: jmpq 0x76f3bef5
<ntdll!LdrQueryImageFileExecutionOptionsEx+869>
0x0000000076f3e002 <+194>: mov $0x200,%eax
0x0000000076f3e007 <+199>: and $0xfffffff7,%esi
0x0000000076f3e00a <+202>: cmp %eax,%r9d
0x0000000076f3e00d <+205>: cmovg %eax,%r9d
0x0000000076f3e011 <+209>: jmpq 0x76f3bf23
<ntdll!LdrQueryImageFileExecutionOptionsEx+915>
0x0000000076f3e016 <+214>: add %r10d,%eax
---Type <return> to continue, or q <return> to quit---
0x0000000076f3e019 <+217>: jmpq 0x76f3bf68
<ntdll!LdrQueryImageFileExecutionOptionsEx+984>
0x0000000076f3e01e <+222>: lea 0x38(%rsp),%r9
0x0000000076f3e023 <+227>: mov %rbp,%r8
0x0000000076f3e026 <+230>: mov %r12d,%edx
0x0000000076f3e029 <+233>: mov $0x20,%cl
0x0000000076f3e02b <+235>: callq 0x76efed50
<ntdll!RtlIpv4StringToAddressExW+160>
0x0000000076f3e030 <+240>: nop
0x0000000076f3e031 <+241>: jmpq 0x76f3bfe1
<ntdll!LdrQueryImageFileExecutionOptionsEx+1105>
0x0000000076f3e036 <+246>: cmp $0x2a,%dil
0x0000000076f3e03a <+250>: je 0x76f5527e
<ntdll!RtlIsDosDeviceName_U+47198>
0x0000000076f3e040 <+256>: lea (%r9,%r9,4),%ecx
0x0000000076f3e044 <+260>: movsbl %dil,%eax
0x0000000076f3e048 <+264>: lea -0x30(%rax,%rcx,2),%r9d
0x0000000076f3e04d <+269>: mov %r9d,0x40(%rsp)
0x0000000076f3e052 <+274>: jmpq 0x76f3be08
<ntdll!LdrQueryImageFileExecutionOptionsEx+632>
0x0000000076f3e057 <+279>: mov %r8d,%r9d
0x0000000076f3e05a <+282>: mov %r8d,0x40(%rsp)
0x0000000076f3e05f <+287>: jmpq 0x76f3be08
<ntdll!LdrQueryImageFileExecutionOptionsEx+632>
0x0000000076f3e064 <+292>: mov $0x7,%eax
0x0000000076f3e069 <+297>: jmp 0x76f3e0a6
<ntdll!RtlDeNormalizeProcessParams+358>
0x0000000076f3e06b <+299>: sub $0x6e,%ecx
0x0000000076f3e06e <+302>: je 0x76f550e0
<ntdll!RtlIsDosDeviceName_U+46784>
0x0000000076f3e074 <+308>: sub $0x1,%ecx
0x0000000076f3e077 <+311>: je 0x76f55075
<ntdll!RtlIsDosDeviceName_U+46677>
0x0000000076f3e07d <+317>: sub $0x1,%ecx
0x0000000076f3e080 <+320>: je 0x76f55052
<ntdll!RtlIsDosDeviceName_U+46642>
0x0000000076f3e086 <+326>: sub $0x3,%ecx
0x0000000076f3e089 <+329>: je 0x76f54f72
<ntdll!RtlIsDosDeviceName_U+46418>
0x0000000076f3e08f <+335>: sub $0x2,%ecx
0x0000000076f3e092 <+338>: je 0x76f3bebb
<ntdll!LdrQueryImageFileExecutionOptionsEx+811>
0x0000000076f3e098 <+344>: cmp $0x3,%ecx
0x0000000076f3e09b <+347>: jne 0x76f3bf97
<ntdll!LdrQueryImageFileExecutionOptionsEx+1031>
0x0000000076f3e0a1 <+353>: lea 0x24(%rcx),%eax
0x0000000076f3e0a4 <+356>: jmp 0x76f3e0a6
<ntdll!RtlDeNormalizeProcessParams+358>
0x0000000076f3e0a6 <+358>: mov %eax,0x60(%rsp)
0x0000000076f3e0aa <+362>: mov $0x10,%r8d
0x0000000076f3e0b0 <+368>: test %sil,%sil
0x0000000076f3e0b3 <+371>: jns 0x76f3bec3
<ntdll!LdrQueryImageFileExecutionOptionsEx+819>
0x0000000076f3e0b9 <+377>: jmpq 0x76f55061
<ntdll!RtlIsDosDeviceName_U+46657>
0x0000000076f3e0be <+382>: xor %r8d,%r8d
0x0000000076f3e0c1 <+385>: mov %r11d,%edx
0x0000000076f3e0c4 <+388>: mov %r10,%rcx
0x0000000076f3e0c7 <+391>: movl $0x1,0x0(%r13)
0x0000000076f3e0cf <+399>: mov %ebp,0x20(%rsp)
0x0000000076f3e0d3 <+403>: callq 0x76f44ce0
<ntdll!RtlMultiByteToUnicodeN>
0x0000000076f3e0d8 <+408>: mov 0x68(%rsp),%rbp
0x0000000076f3e0dd <+413>: add $0x30,%rsp
0x0000000076f3e0e1 <+417>: pop %r14
0x0000000076f3e0e3 <+419>: pop %r13
0x0000000076f3e0e5 <+421>: pop %r12
0x0000000076f3e0e7 <+423>: retq
0x0000000076f3e0e8 <+424>: mov 0x30(%rcx),%rax
0x0000000076f3e0ec <+428>: mov %rax,0xd0(%rdi)
0x0000000076f3e0f3 <+435>: jmpq 0x76f3390d
<ntdll!RtlInitCodePageTable+2429>
0x0000000076f3e0f8 <+440>: test $0x2,%al
0x0000000076f3e0fa <+442>: jne 0x76f9083e <ntdll!MD5Final+62094>
0x0000000076f3e100 <+448>: mov $0x1,%ecx
0x0000000076f3e105 <+453>: jmpq 0x76f3c62f <ntdll!iswdigit+879>
---Type <return> to continue, or q <return> to quit---
0x0000000076f3e10a <+458>: cmp %r10,%r9
0x0000000076f3e10d <+461>: jae 0x76f1d337
<ntdll!RtlPrefixUnicodeString+87>
0x0000000076f3e113 <+467>: sub %r9,%r11
0x0000000076f3e116 <+470>: movzwl (%r11,%r9,1),%eax
0x0000000076f3e11b <+475>: cmp %ax,(%r9)
0x0000000076f3e11f <+479>: jne 0x76f1d362
<ntdll!RtlPrefixUnicodeString+130>
0x0000000076f3e125 <+485>: add $0x2,%r9
0x0000000076f3e129 <+489>: cmp %r10,%r9
0x0000000076f3e12c <+492>: jb 0x76f3e116
<ntdll!RtlDeNormalizeProcessParams+470>
0x0000000076f3e12e <+494>: jmpq 0x76f53f54
<ntdll!RtlIsDosDeviceName_U+42292>
0x0000000076f3e133 <+499>: test %r8,%r8
0x0000000076f3e136 <+502>: jne 0x76f69afd
<ntdll!RtlIsDosDeviceName_U+131293>
0x0000000076f3e13c <+508>: lea 0x2f8(%rdx),%r15
0x0000000076f3e143 <+515>: lea 0x300(%rdx),%rsi
0x0000000076f3e14a <+522>: mov (%r15),%rax
0x0000000076f3e14d <+525>: test %rax,%rax
0x0000000076f3e150 <+528>: je 0x76f3d4c6 <ntdll!iswdigit+4614>
0x0000000076f3e156 <+534>: mov 0x18(%rax),%ebp
0x0000000076f3e159 <+537>: add %rax,%rbp
0x0000000076f3e15c <+540>: cmp %r9,(%rsi)
0x0000000076f3e15f <+543>: jne 0x76f3d457 <ntdll!iswdigit+4503>
0x0000000076f3e165 <+549>: mov 0x20(%rdx),%rcx
0x0000000076f3e169 <+553>: lea 0x50(%rsp),%rdx
0x0000000076f3e16e <+558>: mov 0x60(%rcx),%rax
0x0000000076f3e172 <+562>: mov %rax,(%rdx)
0x0000000076f3e175 <+565>: mov 0x68(%rcx),%rax
0x0000000076f3e179 <+569>: mov %rax,0x8(%rdx)
0x0000000076f3e17d <+573>: movzwl 0x50(%rsp),%ebx
0x0000000076f3e182 <+578>: lea 0xe(%rbx),%rcx
0x0000000076f3e186 <+582>: cmp $0x208,%rcx
0x0000000076f3e18d <+589>: ja 0x76f69b0b
<ntdll!RtlIsDosDeviceName_U+131307>
0x0000000076f3e193 <+595>: lea 0x60(%rsp),%rdi
0x0000000076f3e198 <+600>: mov $0x208,%edx
0x0000000076f3e19d <+605>: mov %rdi,0x48(%rsp)
0x0000000076f3e1a2 <+610>: mov %dx,0x42(%rsp)
0x0000000076f3e1a7 <+615>: mov 0x58(%rsp),%rdx
0x0000000076f3e1ac <+620>: mov %rbx,%r8
0x0000000076f3e1af <+623>: mov %rdi,%rcx
0x0000000076f3e1b2 <+626>: callq 0x76f3e6f0 <ntdll!memmove>
0x0000000076f3e1b7 <+631>: mov 0xceb2(%rip),%rax # 0x76f4b070
<ntdll!RtlIsDosDeviceName_U+5712>
0x0000000076f3e1be <+638>: shr %rbx
0x0000000076f3e1c1 <+641>: mov %rax,(%rdi,%rbx,2)
0x0000000076f3e1c5 <+645>: mov 0xcead(%rip),%eax # 0x76f4b078
<ntdll!RtlIsDosDeviceName_U+5720>
0x0000000076f3e1cb <+651>: mov %eax,0x8(%rdi,%rbx,2)
0x0000000076f3e1cf <+655>: movzwl 0xcea6(%rip),%eax # 0x76f4b07c
<ntdll!RtlIsDosDeviceName_U+5724>
0x0000000076f3e1d6 <+662>: mov %ax,0xc(%rdi,%rbx,2)
0x0000000076f3e1db <+667>: movzwl 0x50(%rsp),%eax
0x0000000076f3e1e0 <+672>: add $0xc,%ax
0x0000000076f3e1e4 <+676>: mov %ax,0x40(%rsp)
0x0000000076f3e1e9 <+681>: jmpq 0x76f3d457 <ntdll!iswdigit+4503>
0x0000000076f3e1ee <+686>: mov %gs:0x30,%rax
0x0000000076f3e1f7 <+695>: mov 0x48(%rax),%rdx
0x0000000076f3e1fb <+699>: cmp %rdx,0x10(%rcx)
0x0000000076f3e1ff <+703>: jne 0x76f3e37d
<ntdll!RtlDeNormalizeProcessParams+1085>
0x0000000076f3e205 <+709>: incl 0xc(%rcx)
0x0000000076f3e208 <+712>: xor %eax,%eax
0x0000000076f3e20a <+714>: add $0x20,%rsp
0x0000000076f3e20e <+718>: pop %rbx
---Type <return> to continue, or q <return> to quit---
0x0000000076f3e20f <+719>: retq
0x0000000076f3e210 <+720>: incl 0x14(%rdi)
0x0000000076f3e213 <+723>: jmpq 0x76f43d95
<ntdll!RtlAllocateHeap+2613>
0x0000000076f3e218 <+728>: decl 0x14(%r8)
0x0000000076f3e21c <+732>: jmpq 0x76f438af
<ntdll!RtlAllocateHeap+1359>
0x0000000076f3e221 <+737>: mov (%r10),%rax
0x0000000076f3e224 <+740>: cmp 0x20(%r8),%rax
0x0000000076f3e228 <+744>: je 0x76f3e2f9
<ntdll!RtlDeNormalizeProcessParams+953>
0x0000000076f3e22e <+750>: mov %rax,(%r14,%r15,8)
0x0000000076f3e232 <+754>: mov 0x38(%rsp),%r15d
0x0000000076f3e237 <+759>: jmpq 0x76f4395a
<ntdll!RtlAllocateHeap+1530>
0x0000000076f3e23c <+764>: decl 0x14(%r8)
0x0000000076f3e240 <+768>: jmpq 0x76f4436b
<ntdll!RtlAllocateHeap+4107>
0x0000000076f3e245 <+773>: mov (%r10),%rax
0x0000000076f3e248 <+776>: cmp 0x20(%r8),%rax
0x0000000076f3e24c <+780>: je 0x76f3e32b
<ntdll!RtlDeNormalizeProcessParams+1003>
0x0000000076f3e252 <+786>: mov %rax,(%r14,%r15,8)
0x0000000076f3e256 <+790>: mov 0x40(%rsp),%r14b
0x0000000076f3e25b <+795>: jmpq 0x76f4440f
<ntdll!RtlAllocateHeap+4271>
0x0000000076f3e260 <+800>: mov 0xc8(%rbx),%rax
0x0000000076f3e267 <+807>: lea (%rax,%r8,1),%rcx
0x0000000076f3e26b <+811>: cmp 0xc0(%rbx),%rcx
0x0000000076f3e272 <+818>: jb 0x76f444b8
<ntdll!RtlAllocateHeap+4440>
0x0000000076f3e278 <+824>: xor %r9d,%r9d
0x0000000076f3e27b <+827>: mov %rsi,%rdx
0x0000000076f3e27e <+830>: mov %rbx,%rcx
0x0000000076f3e281 <+833>: callq 0x76f15970
<ntdll!RtlAcquireSRWLockShared+1120>
0x0000000076f3e286 <+838>: jmpq 0x76f44814
<ntdll!RtlAllocateHeap+5300>
0x0000000076f3e28b <+843>: mov $0x20,%r11d
0x0000000076f3e291 <+849>: add $0xffffffe0,%edx
0x0000000076f3e294 <+852>: sub $0x40,%r8
0x0000000076f3e298 <+856>: sub %r11,%r9
0x0000000076f3e29b <+859>: jmpq 0x76f44d2f
<ntdll!RtlMultiByteToUnicodeN+79>
0x0000000076f3e2a0 <+864>: cmpl $0x0,0x7c(%rbx)
0x0000000076f3e2a4 <+868>: je 0x76f519a9
<ntdll!RtlIsDosDeviceName_U+32649>
0x0000000076f3e2aa <+874>: mov -0x8(%rdx),%eax
0x0000000076f3e2ad <+877>: mov %eax,0x208(%rsp)
0x0000000076f3e2b4 <+884>: test %eax,0x7c(%rbx)
0x0000000076f3e2b7 <+887>: je 0x76f3e2c6
<ntdll!RtlDeNormalizeProcessParams+902>
0x0000000076f3e2b9 <+889>: xor 0x88(%rbx),%eax
0x0000000076f3e2bf <+895>: mov %eax,0x208(%rsp)
0x0000000076f3e2c6 <+902>: movzwl 0x208(%rsp),%eax
0x0000000076f3e2ce <+910>: mov %ax,0x7a(%rsp)
0x0000000076f3e2d3 <+915>: mov 0x350(%rsp),%rsi
0x0000000076f3e2db <+923>: movzwl 0x8(%rsi),%ecx
0x0000000076f3e2df <+927>: movzwl %ax,%eax
0x0000000076f3e2e2 <+930>: sub %eax,%ecx
0x0000000076f3e2e4 <+932>: test %ecx,%ecx
0x0000000076f3e2e6 <+934>: jle 0x76f447bb
<ntdll!RtlAllocateHeap+5211>
0x0000000076f3e2ec <+940>: jmpq 0x76f447c3
<ntdll!RtlAllocateHeap+5219>
0x0000000076f3e2f1 <+945>: incl 0x14(%rdi)
0x0000000076f3e2f4 <+948>: jmpq 0x76f447b2
<ntdll!RtlAllocateHeap+5202>
0x0000000076f3e2f9 <+953>: movq $0x0,(%r14,%r15,8)
0x0000000076f3e301 <+961>: mov %r9d,%eax
0x0000000076f3e304 <+964>: shr $0x5,%eax
0x0000000076f3e307 <+967>: and $0x1f,%r9d
0x0000000076f3e30b <+971>: mov $0x1,%edx
0x0000000076f3e310 <+976>: movzbl %r9b,%ecx
---Type <return> to continue, or q <return> to quit---
0x0000000076f3e314 <+980>: shl %cl,%edx
0x0000000076f3e316 <+982>: mov %eax,%ecx
0x0000000076f3e318 <+984>: mov 0x28(%r8),%rax
0x0000000076f3e31c <+988>: not %edx
0x0000000076f3e31e <+990>: and %edx,(%rax,%rcx,4)
0x0000000076f3e321 <+993>: mov 0x38(%rsp),%r15d
0x0000000076f3e326 <+998>: jmpq 0x76f4395a
<ntdll!RtlAllocateHeap+1530>
0x0000000076f3e32b <+1003>: movq $0x0,(%r14,%r15,8)
0x0000000076f3e333 <+1011>: mov %r9d,%eax
0x0000000076f3e336 <+1014>: shr $0x5,%eax
0x0000000076f3e339 <+1017>: and $0x1f,%r9d
0x0000000076f3e33d <+1021>: mov $0x1,%edx
0x0000000076f3e342 <+1026>: movzbl %r9b,%ecx
0x0000000076f3e346 <+1030>: shl %cl,%edx
0x0000000076f3e348 <+1032>: mov %eax,%ecx
0x0000000076f3e34a <+1034>: mov 0x28(%r8),%rax
0x0000000076f3e34e <+1038>: not %edx
0x0000000076f3e350 <+1040>: and %edx,(%rax,%rcx,4)
0x0000000076f3e353 <+1043>: mov 0x40(%rsp),%r14b
0x0000000076f3e358 <+1048>: jmpq 0x76f4440f
<ntdll!RtlAllocateHeap+4271>
0x0000000076f3e35d <+1053>: mov %r12,%r8
0x0000000076f3e360 <+1056>: mov %r12,0xa0(%rsp)
0x0000000076f3e368 <+1064>: jmpq 0x76f43cad
<ntdll!RtlAllocateHeap+2381>
0x0000000076f3e36d <+1069>: mov %r11,%r8
0x0000000076f3e370 <+1072>: mov %r11,0x80(%rsp)
0x0000000076f3e378 <+1080>: jmpq 0x76f446c5
<ntdll!RtlAllocateHeap+4965>
0x0000000076f3e37d <+1085>: mov 0x20(%rcx),%rax
0x0000000076f3e381 <+1089>: mov %rbp,0x30(%rsp)
0x0000000076f3e386 <+1094>: mov %rsi,0x38(%rsp)
0x0000000076f3e38b <+1099>: bt $0x1a,%rax
0x0000000076f3e390 <+1104>: mov %rdi,0x40(%rsp)
0x0000000076f3e395 <+1109>: mov $0xff000000,%ebp
0x0000000076f3e39a <+1114>: jb 0x76eff25c
<ntdll!RtlGetElementGenericTable+300>
0x0000000076f3e3a0 <+1120>: mov $0x1,%esi
0x0000000076f3e3a5 <+1125>: lea 0x3(%rsi),%edi
0x0000000076f3e3a8 <+1128>: mov 0x20(%rbx),%r8
0x0000000076f3e3ac <+1132>: mov %r8,%rdx
0x0000000076f3e3af <+1135>: and %rbp,%r8
0x0000000076f3e3b2 <+1138>: and $0xffffff,%edx
0x0000000076f3e3b8 <+1144>: test %rdx,%rdx
0x0000000076f3e3bb <+1147>: jne 0x76f13c0c <ntdll!LdrUnloadDll+252>
0x0000000076f3e3c1 <+1153>: mov 0x8(%rbx),%eax
0x0000000076f3e3c4 <+1156>: test $0x1,%al
0x0000000076f3e3c6 <+1158>: je 0x76f3e3f6
<ntdll!RtlDeNormalizeProcessParams+1206>
0x0000000076f3e3c8 <+1160>: mov %eax,%ecx
0x0000000076f3e3ca <+1162>: xor %esi,%ecx
0x0000000076f3e3cc <+1164>: lock cmpxchg %ecx,0x8(%rbx)
0x0000000076f3e3d1 <+1169>: jne 0x76f3e3f2
<ntdll!RtlDeNormalizeProcessParams+1202>
0x0000000076f3e3d3 <+1171>: bt $0x19,%r8
0x0000000076f3e3d8 <+1176>: jb 0x76ef8631 <wcscspn+425>
0x0000000076f3e3de <+1182>: mov 0x40(%rsp),%rdi
0x0000000076f3e3e3 <+1187>: mov 0x38(%rsp),%rsi
0x0000000076f3e3e8 <+1192>: mov 0x30(%rsp),%rbp
0x0000000076f3e3ed <+1197>: jmpq 0x76f42f95
<ntdll!RtlEnterCriticalSection+21>
0x0000000076f3e3f2 <+1202>: test $0x1,%al
0x0000000076f3e3f4 <+1204>: jne 0x76f3e3c8
<ntdll!RtlDeNormalizeProcessParams+1160>
0x0000000076f3e3f6 <+1206>: bt $0x19,%r8
0x0000000076f3e3fb <+1211>: jb 0x76ef23bb
<ntdll!RtlImpersonateSelfEx+987>
---Type <return> to continue, or q <return> to quit---
0x0000000076f3e401 <+1217>: mov %edi,%edx
0x0000000076f3e403 <+1219>: mov %rbx,%rcx
0x0000000076f3e406 <+1222>: callq 0x76f3e430
<ntdll!RtlDeNormalizeProcessParams+1264>
0x0000000076f3e40b <+1227>: cmp $0x1,%eax
0x0000000076f3e40e <+1230>: je 0x76f3e3de
<ntdll!RtlDeNormalizeProcessParams+1182>
0x0000000076f3e410 <+1232>: cmp $0x2,%eax
0x0000000076f3e413 <+1235>: jne 0x76f3e3a8
<ntdll!RtlDeNormalizeProcessParams+1128>
0x0000000076f3e415 <+1237>: lea 0x1(%rax),%esi
0x0000000076f3e418 <+1240>: mov %eax,%edi
0x0000000076f3e41a <+1242>: jmp 0x76f3e3a8
<ntdll!RtlDeNormalizeProcessParams+1128>
0x0000000076f3e41c <+1244>: nop
0x0000000076f3e41d <+1245>: nop
0x0000000076f3e41e <+1246>: nop
0x0000000076f3e41f <+1247>: nop
0x0000000076f3e420 <+1248>: nop
0x0000000076f3e421 <+1249>: nop
0x0000000076f3e422 <+1250>: nop
0x0000000076f3e423 <+1251>: nop
0x0000000076f3e424 <+1252>: nop
0x0000000076f3e425 <+1253>: nop
0x0000000076f3e426 <+1254>: nop
0x0000000076f3e427 <+1255>: nop
0x0000000076f3e428 <+1256>: nop
0x0000000076f3e429 <+1257>: nop
0x0000000076f3e42a <+1258>: nop
0x0000000076f3e42b <+1259>: nop
0x0000000076f3e42c <+1260>: nop
0x0000000076f3e42d <+1261>: nop
0x0000000076f3e42e <+1262>: nop
0x0000000076f3e42f <+1263>: nop
0x0000000076f3e430 <+1264>: mov %rbx,0x20(%rsp)
0x0000000076f3e435 <+1269>: push %rbp
0x0000000076f3e436 <+1270>: push %rsi
0x0000000076f3e437 <+1271>: push %rdi
0x0000000076f3e438 <+1272>: push %r14
0x0000000076f3e43a <+1274>: push %r15
0x0000000076f3e43c <+1276>: sub $0x80,%rsp
0x0000000076f3e443 <+1283>: lea 0xe9046(%rip),%rax #
0x77027490 <ntdll!_fltused+1144>
0x0000000076f3e44a <+1290>: xor %r15d,%r15d
0x0000000076f3e44d <+1293>: mov %edx,%ebp
0x0000000076f3e44f <+1295>: mov %rcx,%rbx
0x0000000076f3e452 <+1298>: cmp %rax,%rcx
0x0000000076f3e455 <+1301>: je 0x76f1c939 <strchr+25>
0x0000000076f3e45b <+1307>: xor %edi,%edi
0x0000000076f3e45d <+1309>: mov %edi,0xb0(%rsp)
0x0000000076f3e464 <+1316>: mov %gs:0x30,%r14
0x0000000076f3e46d <+1325>: test %edi,%edi
0x0000000076f3e46f <+1327>: jne 0x76f1c94a <strchr+42>
0x0000000076f3e475 <+1333>: cmp %r15b,0xe420c(%rip) #
0x77022688 <ntdll!NlsAnsiCodePage+1006>
0x0000000076f3e47c <+1340>: jne 0x76f5a294
<ntdll!RtlIsDosDeviceName_U+67700>
0x0000000076f3e482 <+1346>: cmp %r15d,0xe3e83(%rip) #
0x7702230c <ntdll!NlsAnsiCodePage+114>
0x0000000076f3e489 <+1353>: jne 0x76f5a26f
<ntdll!RtlIsDosDeviceName_U+67663>
0x0000000076f3e48f <+1359>: mov %r12,0xb8(%rsp)
0x0000000076f3e497 <+1367>: cmp %r15b,0xe3df3(%rip) #
0x77022291 <ntdll!NlsMbOemCodePageTag+5>
0x0000000076f3e49e <+1374>: je 0x76f5a2a8
<ntdll!RtlIsDosDeviceName_U+67720>
0x0000000076f3e4a4 <+1380>: xor %r12d,%r12d
0x0000000076f3e4a7 <+1383>: mov 0x18(%rbx),%rsi
0x0000000076f3e4ab <+1387>: test %rsi,%rsi
---Type <return> to continue, or q <return> to quit---
0x0000000076f3e4ae <+1390>: je 0x76f23ed6
<ntdll!RtlpGetSystemDefaultUILanguage+118>
0x0000000076f3e4b4 <+1396>: mov 0x8(%rbx),%eax
0x0000000076f3e4b7 <+1399>: test $0x1,%al
0x0000000076f3e4b9 <+1401>: jne 0x76f12c74
<ntdll!RtlUnicodeToUTF8N+932>
0x0000000076f3e4bf <+1407>: mov %eax,%ecx
0x0000000076f3e4c1 <+1409>: sub %ebp,%ecx
0x0000000076f3e4c3 <+1411>: lock cmpxchg %ecx,0x8(%rbx)
0x0000000076f3e4c8 <+1416>: jne 0x76f12c69
<ntdll!RtlUnicodeToUTF8N+921>
0x0000000076f3e4ce <+1422>: mov (%rbx),%rax
0x0000000076f3e4d1 <+1425>: mov %r13,0xc0(%rsp)
0x0000000076f3e4d9 <+1433>: xor %ebp,%ebp
0x0000000076f3e4db <+1435>: xor %r13d,%r13d
0x0000000076f3e4de <+1438>: cmp $0xffffffffffffffff,%rax
0x0000000076f3e4e2 <+1442>: je 0x76f3e4e7
<ntdll!RtlDeNormalizeProcessParams+1447>
=> 0x0000000076f3e4e4 <+1444>: incl 0x24(%rax)
0x0000000076f3e4e7 <+1447>: mov $0x1722,%edx
0x0000000076f3e4ec <+1452>: lea 0xe8f9d(%rip),%rdi #
0x77027490 <ntdll!_fltused+1144>
--- cut ---
And rax == 0 in my case. I've attempted to trace its origin in this code.
Looks like the real entry to this function is 0x0000000076f3e430, and first
argument is a pointer to a structure, whose first element goes to RAX. The
code expects it to be something valid or 0xffffffffffffffff
(INVALID_HANDLE_VALUE ?), but it is NULL instead, causing crash.
I have set breakpoint at 0x0000000076f3e430 and discovered that is is
called from 0x0000000076f3e406 (also present in the disassembly, there is a
callq there). A possible way to get there is (in backwards order):
0x0000000076f3e406 - reached from 0x0000000076f3e3f2 by normal execution
0x0000000076f3e3d1 <+1169>: jne 0x76f3e3f2
0x0000000076f3e3d1 - reached from 0x0000000076f3e37d by normal execution
I have proven this flow control by setting breakpoints at these addresses,
but here i stopped. Looks like i am jumping to 0x0000000076f3e3d1 from
somewhere else, and this is not call, so backtrace doesn't help.
I hope this analysis will give some clues to what happens, in the meanwhile
i'll try to continue it.
Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple