search

msysgit / git

msysGit-based Git for Windows 1.x is now superseded by Git for Windows 2.x
http://github.com/git-for-windows/git
Other
1.01k stars 317 forks source link

sh.exe crash with error 0x40010006 #281

Closed navossoc closed 9 years ago

navossoc commented 10 years ago

Well, I'm using here:

Windows 8.1 Update 1 Git-1.9.4-preview20140929 (tested also on preview20140815)

Steps to reproduce my problem: sh.exe --login

It crash 6 times...

--- CRASH ---

Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64 Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\Rafael\AppData\Local\CrashDumps\sh.exe.3732.dmp] User Mini Dump File: Only registers, stack and portions of memory are available

***** Symbol Path validation summary ** Response Time (ms) Location Deferred SRV_C:\Users\Rafael\AppData\Local\Temp\SymbolCache_http://msdl.microsoft.com/download/symbols Symbol search path is: SRV_C:\Users\Rafael\AppData\Local\Temp\SymbolCache_http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Version 9600 MP (8 procs) Free x86 compatible Product: WinNt, suite: SingleUserTS Built by: 6.3.9600.17031 (winblue_gdr.140221-1952) Machine Name: Debug session time: Mon Nov 17 05:42:14.000 2014 (UTC - 2:00) System Uptime: not available Process Uptime: 0 days 0:00:01.000 ............ This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (e94.1358): Unknown exception - code 40010006 (first/second chance not available) eax=00000000 ebx=00000000 ecx=00000000 edx=0000004c esi=00000000 edi=003d0000 eip=7759aaac esp=0028a858 ebp=0028acb8 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 ntdll!NtWaitForMultipleObjects+0xc: 7759aaac c21400 ret 14h 0:000> !analyze -v

* ERROR: Symbol file could not be found. Defaulted to export symbols for msys-1.0.dll - * ERROR: Module load completed but symbols could not be loaded for sh.exe

FAULTING_IP: ntdll!vDbgPrintExWithPrefixInternal+33674 775fa792 eb07 jmp ntdll!vDbgPrintExWithPrefixInternal+0x3367d (775fa79b)

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 775fa792 (ntdll!vDbgPrintExWithPrefixInternal+0x00033674) ExceptionCode: 40010006 ExceptionFlags: 00000008 NumberParameters: 2 Parameter[0]: 0000004d Parameter[1]: 0028b280

CONTEXT: 00000000 -- (.cxr 0x0;r) eax=00000000 ebx=00000000 ecx=00000000 edx=0000004c esi=00000000 edi=003d0000 eip=7759aaac esp=0028a858 ebp=0028acb8 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 ntdll!NtWaitForMultipleObjects+0xc: 7759aaac c21400 ret 14h

PROCESS_NAME: sh.exe

ERROR_CODE: (NTSTATUS) 0x40010006 - Debugger printed exception on control C.

EXCEPTION_CODE: (NTSTATUS) 0x40010006 (1073807366) - Debugger printed exception on control C.

EXCEPTION_PARAMETER1: 0000004d

EXCEPTION_PARAMETER2: 0028b280

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

APP: sh.exe

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

FAULTING_THREAD: 00001358

BUGCHECK_STR: APPLICATION_FAULT_APPLICATION_FAULT_SEHOP

PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT_SEHOP

DEFAULT_BUCKET_ID: APPLICATION_FAULT_SEHOP

LAST_CONTROL_TRANSFER: from 775c7116 to 775fa792

STACK_TEXT:
0028b3b4 775c7116 00000003 772a41b0 0028b3dc ntdll!vDbgPrintExWithPrefixInternal+0x33674 0028b3d0 77225380 772a41b0 00579d30 0028b95c ntdll!DbgPrint+0x1e 0028b3f8 7722b9e0 00579d30 0000011c 00000118 kernel32!BaseCheckAppcompatCacheExWorker+0x81 0028b640 7722b80f 00000120 0028b7f4 0000011c kernel32!BasepCheckBadapp+0x130 0028b6d0 75a00f2f 00000120 0028b7f4 00000000 kernel32!BasepQueryAppCompat+0xb8 0028bcbc 75a0040e 00000000 0028e3cc 00000000 KERNELBASE!CreateProcessInternalW+0xb10 0028bcf4 6806c2fe 0028e3cc 00000000 680a6c14 KERNELBASE!CreateProcessW+0x2c WARNING: Stack unwind information not available. Following frames may be wrong. 0028e4b4 68058f34 0028f424 00000000 680a6c14 msys_1_0!uname+0x18da 0028f774 68059d3a 00000000 0a018218 0a0185f0 msys_1_0!pause+0x5620 0028f7b4 680104e5 00000000 00000003 0a018218 msys_1_0!cwait+0x14e 0028f7e4 6808444a 0a018218 0a0185f0 0a017f28 msys_1_0!cygwin_stackdump+0x2515 0028f804 004158a0 0a018218 0a0185f0 0a017f28 msys_1_0!execve+0x1a 0028f8c4 0041570b 0a018218 0a0185f0 0a017f28 sh+0x158a0 0028f920 00414755 0a0173d8 0a017140 0a0181d8 sh+0x1570b 0028f980 004112ce 0a0151d0 ffffffff ffffffff sh+0x14755 0028f9e0 00410c7b 0a0179d8 00000000 ffffffff sh+0x112ce 0028fa30 00412507 0a0179d8 0a017ed0 0028fa60 sh+0x10c7b 0028fa70 0041150f 0a017ed0 00000000 ffffffff sh+0x12507 0028fad0 00450ea3 0a017ed0 00000000 ffffffff sh+0x1150f 0028fb20 0045164a 0a015af0 0a0159f8 00000014 sh+0x50ea3 0028fcb0 004517c6 0a0159f8 00000009 0028fce0 sh+0x5164a 0028fce0 004020f4 00401fae 00000001 00000000 sh+0x517c6 0028fd10 00401896 00000004 680a1368 00000000 sh+0x20f4 0028fd50 68004b08 00000002 0a011810 0a0103e8 sh+0x1896 0028feec 68004c5f 00000000 00000000 0028ff2c msys_1_0!_assert+0x39bc 0028ff0c 68004c98 00401248 00000000 e7d65e80 msys_1_0!dll_crt0+0x133 0028ff2c 0048b9d8 00000000 00000000 fe68f7bf msys_1_0!dll_crt0__FP11per_process+0x34 0028ff5c 0040103d 00401248 ffffe001 00000001 sh+0x8b9d8 0028ff8c 7722919f 7ffde000 0028ffdc 775b0bbb sh+0x103d 0028ff98 775b0bbb 7ffde000 a0e35fde 00000000 kernel32!BaseThreadInitThunk+0xe 0028ffdc 775b0b91 ffffffff 7759c9c4 00000000 ntdll!__RtlUserThreadStart+0x20 0028ffec 00000000 00401000 7ffde000 00000000 ntdll!_RtlUserThreadStart+0x1b

STACK_COMMAND: ~0s; .ecxr ; kb

FOLLOWUP_IP: msys_1_0!uname+18da 6806c2fe 8d65b8 lea esp,[ebp-48h]

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: msys_1_0!uname+18da

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: msys_1_0

IMAGE_NAME: msys-1.0.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4ff5adc7

FAILURE_BUCKET_ID: APPLICATION_FAULT_SEHOP_40010006_msys-1.0.dll!uname

BUCKET_ID: APPLICATION_FAULT_APPLICATION_FAULT_SEHOP_msys_1_0!uname+18da

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:application_fault_sehop_40010006_msys-1.0.dll!uname

FAILURE_ID_HASH: {1bb92b6a-84c1-a84a-545a-58f83af3c831}

Followup: MachineOwner

navossoc commented 10 years ago

I found more strange stuff with process monitor

Several calls to CreateFile with error NAME INVALID

C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe" C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe".exe C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe".exe C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe".exe C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git C:\Program Files (x86)\Git\bin\"C:\Program Files (x86) C:\Program Files (x86)\Git\bin\"C:\Program Files (x86) C:\Program Files (x86)\Git\bin\"C: C:\Program Files (x86)\Git\bin\"C: C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe" C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe" C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe" C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe".exe C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe".exe C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe".exe C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git C:\Program Files (x86)\Git\bin\"C:\Program Files (x86) C:\Program Files (x86)\Git\bin\"C:\Program Files (x86) C:\Program Files (x86)\Git\bin\"C: C:\Program Files (x86)\Git\bin\"C: C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe" C:\Program Files (x86)\Git\bin\"C:\Program Files (x86)\Git\bin\sh.exe"

navossoc commented 10 years ago

Not sure, but it seems related to the line on the file /etc/profile test -f /etc/motd && sed "s/\$MESSAGE/$MESSAGE/" < /etc/motd

sed seems to be the problem.

$MESSAGE is empty

sed "s/\$MESSAGE/$MESSAGE/" < /etc/motd

Typing that on bash, crash too...

kusma commented 10 years ago

I can't reproduce the problem here.

navossoc commented 10 years ago

There are PDBs available for this release?

linquize commented 10 years ago

msysgit is not built with MSVC, so they don't use PDB

navossoc commented 10 years ago

Ok, I didn't know that...

So any idea how can I trace further into this problem?

navossoc commented 10 years ago

Same issue as: https://github.com/msysgit/git/issues/248

But I'm not running inside a XenServer.

I'm still looking at it, if I found more information I keep you guys posted.

navossoc commented 10 years ago

Well... what can I say? I gave up a few days later.

But today! I went to do a test because could not stand it anymore and finally figured out what causes the problem.

I was developing a driver some time ago, for that, I made some adjustments in the registry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter (more info here: http://msdn.microsoft.com/en-us/library/windows/hardware/ff551519(v=vs.85).aspx)

Simply disable the delete key and be happy.

The problem can be easily reproduced with DebugView from SysInternals (no changes on the registry). http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

  1. Download, then run as administrator.
  2. Menu -> Capture -> Capture Kernel
  3. Menu -> Capture -> Enable Verbose Kernel Output (that's the problem)
  4. Run Git bash and wait...
  5. Look at the event viewer (Windows) applications error on sh.exe

It have the same effect as the messages are printed, probably any kernel debugger should cause the same issue too...

Someone with experience in this project (msys) should take a look. I can't figure how a DbgPrint message can crash this program...

dscho commented 9 years ago

I can't figure how a DbgPrint message can crash this program...

A git grep DbgPrint comes up empty here. As to crashing the program: if anything in DbgPrint handles data improperly, or if the data passed to said function is incorrect, that would do it. But also please note that the 40010006 exception is not really a crash: it is the DBG_PRINTEXCEPTION_C exception, basically saying that Ctrl+C was pressed.

Possibly related: https://lists.xenserver.org/sympa/arc/xs-devel/2014-07/msg00060.html.

dscho commented 9 years ago

So essentially the ticket is resolved.

As to the question how a DbgPrint can crash the program, I guess it could be related to Cygwin's Big List Of Dodgy Applications that lists software installing hooks that can interfere with Cygwin's (and therefore MSys2's and therefore Git for Windows') POSIX emulation layer.