X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type:content-transfer-encoding; q=dns; s=default; b=SfE Vtyb9IAfmDor/Rcn99JIZ9JCCzQXoKpG6zWz3zcYKJf5wLuxBiBwm+L1AZ9WPPu0 sPiLrPeFri5roBq3NSr43+fDEuLbTlImjmEQ6OKHq9N+0edQUJ47h/oiCfrH56M1 nV7/TQKZyB/um8pRcit2XX7XWER7XNaFMx7ozM5U= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type:content-transfer-encoding; s=default; bh=N7xg1Ha/L eYoxV+GFVvx0Evs6n0=; b=ir1QWtU6P1+09acmDbhPAOFmIEe+7Yzb0QMw/T+Ej tt3yMBuYaIjqk5wthBADGTWJChDrzZfTdlLrtcu0FnT5tc1JMiyHRffSussm4lm4 dKxO9f1bCg+mOUASmdId3KbMbAVzCBRR1KMUYqOLuUH3S8AOeGlv4SFDyj9Bj3nF 00= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD,SPF_HELO_PASS,T_MANY_HDRS_LCASE autolearn=ham version=3.3.2 X-HELO: mailout2.w1.samsung.com From: Pavel Fedin

To: cygwin AT cygwin DOT com Subject: [BUG] Nasty bug persists on x86-64 Date: Mon, 01 Sep 2014 18:14:26 +0400 Message-id: <007601cfc5ef$09e5bb60$1db13220$%fedin@samsung.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-IsSubscribed: yes Hello! Another update has been published and i still experience random crashes on x86-64. At this point i managed to go a little bit farther in my research. The problem reproduces best with 'sh --version' command. At first glance it seems to work OK most of the time, but take a look at strace's output: --- cut --- 1 1 [main] sh (3292) ********************************************** 102 103 [main] sh (3292) Program name: C:\cygwin64\bin\sh.exe (windows pid 3292) 41 144 [main] sh (3292) OS version: Windows NT-6.1 37 181 [main] sh (3292) ********************************************** 110 291 [main] sh (3292) sigprocmask: 0 = sigprocmask (0, 0x0, 0x1802BED88) 400 691 [main] sh 3292 open_shared: name shared.5, n 5, shared 0x180030000 (wanted 0x180030000), h 0x70, *m 6 86 777 [main] sh 3292 user_heap_info::init: heap base 0x600000000, heap top 0x600000000, heap size 0x20000000 (536870912) 58 835 [main] sh 3292 open_shared: name S-1-5-21-1454471165-515967899-839522115-3227.1, n 1, shared 0x180020000 (wanted 0x180020000), h 0x6C, *m 6 41 876 [main] sh 3292 user_info::create: opening user shared for 'S-1-5-21-1454471165-515967899-839522115-3227' at 0x180020000 41 917 [main] sh 3292 user_info::create: user shared version AB1FCCE8 70 987 [main] sh 3292 fhandler_pipe::create: name \\.\pipe\cygwin-e022582115c10879-3292-sigwait, size 11440, mode PIPE_TYPE_MESSAGE 88 1075 [main] sh 3292 fhandler_pipe::create: pipe read handle 0x84 39 1114 [main] sh 3292 fhandler_pipe::create: CreateFile: name \\.\pipe\cygwin-e022582115c10879-3292-sigwait 65 1179 [main] sh 3292 fhandler_pipe::create: pipe write handle 0x88 47 1226 [main] sh 3292 dll_crt0_0: finished dll_crt0_0 initialization --- Process 3292, exception c0000005 at 0000000076F3E4E4 57849 59075 [sig] sh 3292 wait_sig: entering ReadFile loop, my_readsig 0x84, my_sendsig 0x88 149 59224 [main] sh 3292 mount_info::conv_to_posix_path: conv_to_posix_path (C:\cygwin64\home\p.fedin, no-keep-rel, no-add-slash) 83 59307 [main] sh 3292 normalize_win32_path: C:\cygwin64\home\p.fedin = normalize_win32_path (C:\cygwin64\home\p.fedin) 46 59353 [main] sh 3292 mount_info::conv_to_posix_path: /home/p.fedin = conv_to_posix_path (C:\cygwin64\home\p.fedin) 85 59438 [main] sh 3292 sigprocmask: 0 = sigprocmask (0, 0x0, 0x600018128) 241 59679 [main] sh 3292 _cygwin_istext_for_stdio: fd 0: not open 43 59722 [main] sh 3292 _cygwin_istext_for_stdio: fd 1: not open 39 59761 [main] sh 3292 _cygwin_istext_for_stdio: fd 2: not open 141 59902 [main] sh (3292) open_shared: name cygpid.3292, n 3292, shared 0x180010000 (wanted 0x180010000), h 0x16C, *m 2 --- cut --- Note the exception. This time i managed to catch it with gdb: --- cut --- $ gdb --args sh --version GNU gdb (GDB) 7.8 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-cygwin". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from sh...(no debugging symbols found)...done. (gdb) run Starting program: /usr/bin/sh --version [New Thread 2716.0x650] Program received signal SIGSEGV, Segmentation fault. 0x0000000076f3e4e4 in ntdll!RtlDeNormalizeProcessParams () from /cygdrive/c/Windows/SYSTEM32/ntdll.dll (gdb) where #0 0x0000000076f3e4e4 in ntdll!RtlDeNormalizeProcessParams () from /cygdrive/c/Windows/SYSTEM32/ntdll.dll Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) --- cut --- However, the problem apparently lies not in RtlDeNormalizeProcessParams(), but in some another, unnamed function, which follows it. The following is a complete disassembly up to the crash point: --- cut --- Dump of assembler code for function ntdll!RtlDeNormalizeProcessParams: 0x0000000076f3df40 <+0>: test %rcx,%rcx 0x0000000076f3df43 <+3>: je 0x76f57be2 0x0000000076f3df49 <+9>: mov 0x8(%rcx),%edx 0x0000000076f3df4c <+12>: test $0x1,%dl 0x0000000076f3df4f <+15>: je 0x76f3dfed 0x0000000076f3df55 <+21>: mov 0x40(%rcx),%rax 0x0000000076f3df59 <+25>: test %rax,%rax 0x0000000076f3df5c <+28>: je 0x76f3df65 0x0000000076f3df5e <+30>: sub %rcx,%rax 0x0000000076f3df61 <+33>: mov %rax,0x40(%rcx) 0x0000000076f3df65 <+37>: mov 0x58(%rcx),%rax 0x0000000076f3df69 <+41>: test %rax,%rax 0x0000000076f3df6c <+44>: je 0x76f3df75 0x0000000076f3df6e <+46>: sub %rcx,%rax 0x0000000076f3df71 <+49>: mov %rax,0x58(%rcx) 0x0000000076f3df75 <+53>: mov 0x68(%rcx),%rax 0x0000000076f3df79 <+57>: test %rax,%rax 0x0000000076f3df7c <+60>: je 0x76f3df85 0x0000000076f3df7e <+62>: sub %rcx,%rax 0x0000000076f3df81 <+65>: mov %rax,0x68(%rcx) 0x0000000076f3df85 <+69>: mov 0x78(%rcx),%rax 0x0000000076f3df89 <+73>: test %rax,%rax 0x0000000076f3df8c <+76>: je 0x76f3df95 0x0000000076f3df8e <+78>: sub %rcx,%rax 0x0000000076f3df91 <+81>: mov %rax,0x78(%rcx) 0x0000000076f3df95 <+85>: mov 0xb8(%rcx),%rax 0x0000000076f3df9c <+92>: test %rax,%rax 0x0000000076f3df9f <+95>: je 0x76f3dfab 0x0000000076f3dfa1 <+97>: sub %rcx,%rax 0x0000000076f3dfa4 <+100>: mov %rax,0xb8(%rcx) 0x0000000076f3dfab <+107>: mov 0xc8(%rcx),%rax 0x0000000076f3dfb2 <+114>: test %rax,%rax 0x0000000076f3dfb5 <+117>: je 0x76f3dfc1 0x0000000076f3dfb7 <+119>: sub %rcx,%rax 0x0000000076f3dfba <+122>: mov %rax,0xc8(%rcx) 0x0000000076f3dfc1 <+129>: mov 0xd8(%rcx),%rax 0x0000000076f3dfc8 <+136>: test %rax,%rax 0x0000000076f3dfcb <+139>: je 0x76f3dfd7 0x0000000076f3dfcd <+141>: sub %rcx,%rax 0x0000000076f3dfd0 <+144>: mov %rax,0xd8(%rcx) 0x0000000076f3dfd7 <+151>: mov 0xe8(%rcx),%rax 0x0000000076f3dfde <+158>: test %rax,%rax 0x0000000076f3dfe1 <+161>: jne 0x76f57be5 0x0000000076f3dfe7 <+167>: and $0xfffffffe,%edx 0x0000000076f3dfea <+170>: mov %edx,0x8(%rcx) 0x0000000076f3dfed <+173>: mov %rcx,%rax 0x0000000076f3dff0 <+176>: retq 0x0000000076f3dff1 <+177>: mov %r8d,%ecx 0x0000000076f3dff4 <+180>: jmpq 0x76f3bdb6 0x0000000076f3dff9 <+185>: mov -0x8(%r13),%edi 0x0000000076f3dffd <+189>: jmpq 0x76f3bef5 0x0000000076f3e002 <+194>: mov $0x200,%eax 0x0000000076f3e007 <+199>: and $0xfffffff7,%esi 0x0000000076f3e00a <+202>: cmp %eax,%r9d 0x0000000076f3e00d <+205>: cmovg %eax,%r9d 0x0000000076f3e011 <+209>: jmpq 0x76f3bf23 0x0000000076f3e016 <+214>: add %r10d,%eax ---Type to continue, or q to quit--- 0x0000000076f3e019 <+217>: jmpq 0x76f3bf68 0x0000000076f3e01e <+222>: lea 0x38(%rsp),%r9 0x0000000076f3e023 <+227>: mov %rbp,%r8 0x0000000076f3e026 <+230>: mov %r12d,%edx 0x0000000076f3e029 <+233>: mov $0x20,%cl 0x0000000076f3e02b <+235>: callq 0x76efed50 0x0000000076f3e030 <+240>: nop 0x0000000076f3e031 <+241>: jmpq 0x76f3bfe1 0x0000000076f3e036 <+246>: cmp $0x2a,%dil 0x0000000076f3e03a <+250>: je 0x76f5527e 0x0000000076f3e040 <+256>: lea (%r9,%r9,4),%ecx 0x0000000076f3e044 <+260>: movsbl %dil,%eax 0x0000000076f3e048 <+264>: lea -0x30(%rax,%rcx,2),%r9d 0x0000000076f3e04d <+269>: mov %r9d,0x40(%rsp) 0x0000000076f3e052 <+274>: jmpq 0x76f3be08 0x0000000076f3e057 <+279>: mov %r8d,%r9d 0x0000000076f3e05a <+282>: mov %r8d,0x40(%rsp) 0x0000000076f3e05f <+287>: jmpq 0x76f3be08 0x0000000076f3e064 <+292>: mov $0x7,%eax 0x0000000076f3e069 <+297>: jmp 0x76f3e0a6 0x0000000076f3e06b <+299>: sub $0x6e,%ecx 0x0000000076f3e06e <+302>: je 0x76f550e0 0x0000000076f3e074 <+308>: sub $0x1,%ecx 0x0000000076f3e077 <+311>: je 0x76f55075 0x0000000076f3e07d <+317>: sub $0x1,%ecx 0x0000000076f3e080 <+320>: je 0x76f55052 0x0000000076f3e086 <+326>: sub $0x3,%ecx 0x0000000076f3e089 <+329>: je 0x76f54f72 0x0000000076f3e08f <+335>: sub $0x2,%ecx 0x0000000076f3e092 <+338>: je 0x76f3bebb 0x0000000076f3e098 <+344>: cmp $0x3,%ecx 0x0000000076f3e09b <+347>: jne 0x76f3bf97 0x0000000076f3e0a1 <+353>: lea 0x24(%rcx),%eax 0x0000000076f3e0a4 <+356>: jmp 0x76f3e0a6 0x0000000076f3e0a6 <+358>: mov %eax,0x60(%rsp) 0x0000000076f3e0aa <+362>: mov $0x10,%r8d 0x0000000076f3e0b0 <+368>: test %sil,%sil 0x0000000076f3e0b3 <+371>: jns 0x76f3bec3 0x0000000076f3e0b9 <+377>: jmpq 0x76f55061 0x0000000076f3e0be <+382>: xor %r8d,%r8d 0x0000000076f3e0c1 <+385>: mov %r11d,%edx 0x0000000076f3e0c4 <+388>: mov %r10,%rcx 0x0000000076f3e0c7 <+391>: movl $0x1,0x0(%r13) 0x0000000076f3e0cf <+399>: mov %ebp,0x20(%rsp) 0x0000000076f3e0d3 <+403>: callq 0x76f44ce0 0x0000000076f3e0d8 <+408>: mov 0x68(%rsp),%rbp 0x0000000076f3e0dd <+413>: add $0x30,%rsp 0x0000000076f3e0e1 <+417>: pop %r14 0x0000000076f3e0e3 <+419>: pop %r13 0x0000000076f3e0e5 <+421>: pop %r12 0x0000000076f3e0e7 <+423>: retq 0x0000000076f3e0e8 <+424>: mov 0x30(%rcx),%rax 0x0000000076f3e0ec <+428>: mov %rax,0xd0(%rdi) 0x0000000076f3e0f3 <+435>: jmpq 0x76f3390d 0x0000000076f3e0f8 <+440>: test $0x2,%al 0x0000000076f3e0fa <+442>: jne 0x76f9083e 0x0000000076f3e100 <+448>: mov $0x1,%ecx 0x0000000076f3e105 <+453>: jmpq 0x76f3c62f ---Type to continue, or q to quit--- 0x0000000076f3e10a <+458>: cmp %r10,%r9 0x0000000076f3e10d <+461>: jae 0x76f1d337 0x0000000076f3e113 <+467>: sub %r9,%r11 0x0000000076f3e116 <+470>: movzwl (%r11,%r9,1),%eax 0x0000000076f3e11b <+475>: cmp %ax,(%r9) 0x0000000076f3e11f <+479>: jne 0x76f1d362 0x0000000076f3e125 <+485>: add $0x2,%r9 0x0000000076f3e129 <+489>: cmp %r10,%r9 0x0000000076f3e12c <+492>: jb 0x76f3e116 0x0000000076f3e12e <+494>: jmpq 0x76f53f54 0x0000000076f3e133 <+499>: test %r8,%r8 0x0000000076f3e136 <+502>: jne 0x76f69afd 0x0000000076f3e13c <+508>: lea 0x2f8(%rdx),%r15 0x0000000076f3e143 <+515>: lea 0x300(%rdx),%rsi 0x0000000076f3e14a <+522>: mov (%r15),%rax 0x0000000076f3e14d <+525>: test %rax,%rax 0x0000000076f3e150 <+528>: je 0x76f3d4c6 0x0000000076f3e156 <+534>: mov 0x18(%rax),%ebp 0x0000000076f3e159 <+537>: add %rax,%rbp 0x0000000076f3e15c <+540>: cmp %r9,(%rsi) 0x0000000076f3e15f <+543>: jne 0x76f3d457 0x0000000076f3e165 <+549>: mov 0x20(%rdx),%rcx 0x0000000076f3e169 <+553>: lea 0x50(%rsp),%rdx 0x0000000076f3e16e <+558>: mov 0x60(%rcx),%rax 0x0000000076f3e172 <+562>: mov %rax,(%rdx) 0x0000000076f3e175 <+565>: mov 0x68(%rcx),%rax 0x0000000076f3e179 <+569>: mov %rax,0x8(%rdx) 0x0000000076f3e17d <+573>: movzwl 0x50(%rsp),%ebx 0x0000000076f3e182 <+578>: lea 0xe(%rbx),%rcx 0x0000000076f3e186 <+582>: cmp $0x208,%rcx 0x0000000076f3e18d <+589>: ja 0x76f69b0b 0x0000000076f3e193 <+595>: lea 0x60(%rsp),%rdi 0x0000000076f3e198 <+600>: mov $0x208,%edx 0x0000000076f3e19d <+605>: mov %rdi,0x48(%rsp) 0x0000000076f3e1a2 <+610>: mov %dx,0x42(%rsp) 0x0000000076f3e1a7 <+615>: mov 0x58(%rsp),%rdx 0x0000000076f3e1ac <+620>: mov %rbx,%r8 0x0000000076f3e1af <+623>: mov %rdi,%rcx 0x0000000076f3e1b2 <+626>: callq 0x76f3e6f0 0x0000000076f3e1b7 <+631>: mov 0xceb2(%rip),%rax # 0x76f4b070 0x0000000076f3e1be <+638>: shr %rbx 0x0000000076f3e1c1 <+641>: mov %rax,(%rdi,%rbx,2) 0x0000000076f3e1c5 <+645>: mov 0xcead(%rip),%eax # 0x76f4b078 0x0000000076f3e1cb <+651>: mov %eax,0x8(%rdi,%rbx,2) 0x0000000076f3e1cf <+655>: movzwl 0xcea6(%rip),%eax # 0x76f4b07c 0x0000000076f3e1d6 <+662>: mov %ax,0xc(%rdi,%rbx,2) 0x0000000076f3e1db <+667>: movzwl 0x50(%rsp),%eax 0x0000000076f3e1e0 <+672>: add $0xc,%ax 0x0000000076f3e1e4 <+676>: mov %ax,0x40(%rsp) 0x0000000076f3e1e9 <+681>: jmpq 0x76f3d457 0x0000000076f3e1ee <+686>: mov %gs:0x30,%rax 0x0000000076f3e1f7 <+695>: mov 0x48(%rax),%rdx 0x0000000076f3e1fb <+699>: cmp %rdx,0x10(%rcx) 0x0000000076f3e1ff <+703>: jne 0x76f3e37d 0x0000000076f3e205 <+709>: incl 0xc(%rcx) 0x0000000076f3e208 <+712>: xor %eax,%eax 0x0000000076f3e20a <+714>: add $0x20,%rsp 0x0000000076f3e20e <+718>: pop %rbx ---Type to continue, or q to quit--- 0x0000000076f3e20f <+719>: retq 0x0000000076f3e210 <+720>: incl 0x14(%rdi) 0x0000000076f3e213 <+723>: jmpq 0x76f43d95 0x0000000076f3e218 <+728>: decl 0x14(%r8) 0x0000000076f3e21c <+732>: jmpq 0x76f438af 0x0000000076f3e221 <+737>: mov (%r10),%rax 0x0000000076f3e224 <+740>: cmp 0x20(%r8),%rax 0x0000000076f3e228 <+744>: je 0x76f3e2f9 0x0000000076f3e22e <+750>: mov %rax,(%r14,%r15,8) 0x0000000076f3e232 <+754>: mov 0x38(%rsp),%r15d 0x0000000076f3e237 <+759>: jmpq 0x76f4395a 0x0000000076f3e23c <+764>: decl 0x14(%r8) 0x0000000076f3e240 <+768>: jmpq 0x76f4436b 0x0000000076f3e245 <+773>: mov (%r10),%rax 0x0000000076f3e248 <+776>: cmp 0x20(%r8),%rax 0x0000000076f3e24c <+780>: je 0x76f3e32b 0x0000000076f3e252 <+786>: mov %rax,(%r14,%r15,8) 0x0000000076f3e256 <+790>: mov 0x40(%rsp),%r14b 0x0000000076f3e25b <+795>: jmpq 0x76f4440f 0x0000000076f3e260 <+800>: mov 0xc8(%rbx),%rax 0x0000000076f3e267 <+807>: lea (%rax,%r8,1),%rcx 0x0000000076f3e26b <+811>: cmp 0xc0(%rbx),%rcx 0x0000000076f3e272 <+818>: jb 0x76f444b8 0x0000000076f3e278 <+824>: xor %r9d,%r9d 0x0000000076f3e27b <+827>: mov %rsi,%rdx 0x0000000076f3e27e <+830>: mov %rbx,%rcx 0x0000000076f3e281 <+833>: callq 0x76f15970 0x0000000076f3e286 <+838>: jmpq 0x76f44814 0x0000000076f3e28b <+843>: mov $0x20,%r11d 0x0000000076f3e291 <+849>: add $0xffffffe0,%edx 0x0000000076f3e294 <+852>: sub $0x40,%r8 0x0000000076f3e298 <+856>: sub %r11,%r9 0x0000000076f3e29b <+859>: jmpq 0x76f44d2f 0x0000000076f3e2a0 <+864>: cmpl $0x0,0x7c(%rbx) 0x0000000076f3e2a4 <+868>: je 0x76f519a9 0x0000000076f3e2aa <+874>: mov -0x8(%rdx),%eax 0x0000000076f3e2ad <+877>: mov %eax,0x208(%rsp) 0x0000000076f3e2b4 <+884>: test %eax,0x7c(%rbx) 0x0000000076f3e2b7 <+887>: je 0x76f3e2c6 0x0000000076f3e2b9 <+889>: xor 0x88(%rbx),%eax 0x0000000076f3e2bf <+895>: mov %eax,0x208(%rsp) 0x0000000076f3e2c6 <+902>: movzwl 0x208(%rsp),%eax 0x0000000076f3e2ce <+910>: mov %ax,0x7a(%rsp) 0x0000000076f3e2d3 <+915>: mov 0x350(%rsp),%rsi 0x0000000076f3e2db <+923>: movzwl 0x8(%rsi),%ecx 0x0000000076f3e2df <+927>: movzwl %ax,%eax 0x0000000076f3e2e2 <+930>: sub %eax,%ecx 0x0000000076f3e2e4 <+932>: test %ecx,%ecx 0x0000000076f3e2e6 <+934>: jle 0x76f447bb 0x0000000076f3e2ec <+940>: jmpq 0x76f447c3 0x0000000076f3e2f1 <+945>: incl 0x14(%rdi) 0x0000000076f3e2f4 <+948>: jmpq 0x76f447b2 0x0000000076f3e2f9 <+953>: movq $0x0,(%r14,%r15,8) 0x0000000076f3e301 <+961>: mov %r9d,%eax 0x0000000076f3e304 <+964>: shr $0x5,%eax 0x0000000076f3e307 <+967>: and $0x1f,%r9d 0x0000000076f3e30b <+971>: mov $0x1,%edx 0x0000000076f3e310 <+976>: movzbl %r9b,%ecx ---Type to continue, or q to quit--- 0x0000000076f3e314 <+980>: shl %cl,%edx 0x0000000076f3e316 <+982>: mov %eax,%ecx 0x0000000076f3e318 <+984>: mov 0x28(%r8),%rax 0x0000000076f3e31c <+988>: not %edx 0x0000000076f3e31e <+990>: and %edx,(%rax,%rcx,4) 0x0000000076f3e321 <+993>: mov 0x38(%rsp),%r15d 0x0000000076f3e326 <+998>: jmpq 0x76f4395a 0x0000000076f3e32b <+1003>: movq $0x0,(%r14,%r15,8) 0x0000000076f3e333 <+1011>: mov %r9d,%eax 0x0000000076f3e336 <+1014>: shr $0x5,%eax 0x0000000076f3e339 <+1017>: and $0x1f,%r9d 0x0000000076f3e33d <+1021>: mov $0x1,%edx 0x0000000076f3e342 <+1026>: movzbl %r9b,%ecx 0x0000000076f3e346 <+1030>: shl %cl,%edx 0x0000000076f3e348 <+1032>: mov %eax,%ecx 0x0000000076f3e34a <+1034>: mov 0x28(%r8),%rax 0x0000000076f3e34e <+1038>: not %edx 0x0000000076f3e350 <+1040>: and %edx,(%rax,%rcx,4) 0x0000000076f3e353 <+1043>: mov 0x40(%rsp),%r14b 0x0000000076f3e358 <+1048>: jmpq 0x76f4440f 0x0000000076f3e35d <+1053>: mov %r12,%r8 0x0000000076f3e360 <+1056>: mov %r12,0xa0(%rsp) 0x0000000076f3e368 <+1064>: jmpq 0x76f43cad 0x0000000076f3e36d <+1069>: mov %r11,%r8 0x0000000076f3e370 <+1072>: mov %r11,0x80(%rsp) 0x0000000076f3e378 <+1080>: jmpq 0x76f446c5 0x0000000076f3e37d <+1085>: mov 0x20(%rcx),%rax 0x0000000076f3e381 <+1089>: mov %rbp,0x30(%rsp) 0x0000000076f3e386 <+1094>: mov %rsi,0x38(%rsp) 0x0000000076f3e38b <+1099>: bt $0x1a,%rax 0x0000000076f3e390 <+1104>: mov %rdi,0x40(%rsp) 0x0000000076f3e395 <+1109>: mov $0xff000000,%ebp 0x0000000076f3e39a <+1114>: jb 0x76eff25c 0x0000000076f3e3a0 <+1120>: mov $0x1,%esi 0x0000000076f3e3a5 <+1125>: lea 0x3(%rsi),%edi 0x0000000076f3e3a8 <+1128>: mov 0x20(%rbx),%r8 0x0000000076f3e3ac <+1132>: mov %r8,%rdx 0x0000000076f3e3af <+1135>: and %rbp,%r8 0x0000000076f3e3b2 <+1138>: and $0xffffff,%edx 0x0000000076f3e3b8 <+1144>: test %rdx,%rdx 0x0000000076f3e3bb <+1147>: jne 0x76f13c0c 0x0000000076f3e3c1 <+1153>: mov 0x8(%rbx),%eax 0x0000000076f3e3c4 <+1156>: test $0x1,%al 0x0000000076f3e3c6 <+1158>: je 0x76f3e3f6 0x0000000076f3e3c8 <+1160>: mov %eax,%ecx 0x0000000076f3e3ca <+1162>: xor %esi,%ecx 0x0000000076f3e3cc <+1164>: lock cmpxchg %ecx,0x8(%rbx) 0x0000000076f3e3d1 <+1169>: jne 0x76f3e3f2 0x0000000076f3e3d3 <+1171>: bt $0x19,%r8 0x0000000076f3e3d8 <+1176>: jb 0x76ef8631 0x0000000076f3e3de <+1182>: mov 0x40(%rsp),%rdi 0x0000000076f3e3e3 <+1187>: mov 0x38(%rsp),%rsi 0x0000000076f3e3e8 <+1192>: mov 0x30(%rsp),%rbp 0x0000000076f3e3ed <+1197>: jmpq 0x76f42f95 0x0000000076f3e3f2 <+1202>: test $0x1,%al 0x0000000076f3e3f4 <+1204>: jne 0x76f3e3c8 0x0000000076f3e3f6 <+1206>: bt $0x19,%r8 0x0000000076f3e3fb <+1211>: jb 0x76ef23bb ---Type to continue, or q to quit--- 0x0000000076f3e401 <+1217>: mov %edi,%edx 0x0000000076f3e403 <+1219>: mov %rbx,%rcx 0x0000000076f3e406 <+1222>: callq 0x76f3e430 0x0000000076f3e40b <+1227>: cmp $0x1,%eax 0x0000000076f3e40e <+1230>: je 0x76f3e3de 0x0000000076f3e410 <+1232>: cmp $0x2,%eax 0x0000000076f3e413 <+1235>: jne 0x76f3e3a8 0x0000000076f3e415 <+1237>: lea 0x1(%rax),%esi 0x0000000076f3e418 <+1240>: mov %eax,%edi 0x0000000076f3e41a <+1242>: jmp 0x76f3e3a8 0x0000000076f3e41c <+1244>: nop 0x0000000076f3e41d <+1245>: nop 0x0000000076f3e41e <+1246>: nop 0x0000000076f3e41f <+1247>: nop 0x0000000076f3e420 <+1248>: nop 0x0000000076f3e421 <+1249>: nop 0x0000000076f3e422 <+1250>: nop 0x0000000076f3e423 <+1251>: nop 0x0000000076f3e424 <+1252>: nop 0x0000000076f3e425 <+1253>: nop 0x0000000076f3e426 <+1254>: nop 0x0000000076f3e427 <+1255>: nop 0x0000000076f3e428 <+1256>: nop 0x0000000076f3e429 <+1257>: nop 0x0000000076f3e42a <+1258>: nop 0x0000000076f3e42b <+1259>: nop 0x0000000076f3e42c <+1260>: nop 0x0000000076f3e42d <+1261>: nop 0x0000000076f3e42e <+1262>: nop 0x0000000076f3e42f <+1263>: nop 0x0000000076f3e430 <+1264>: mov %rbx,0x20(%rsp) 0x0000000076f3e435 <+1269>: push %rbp 0x0000000076f3e436 <+1270>: push %rsi 0x0000000076f3e437 <+1271>: push %rdi 0x0000000076f3e438 <+1272>: push %r14 0x0000000076f3e43a <+1274>: push %r15 0x0000000076f3e43c <+1276>: sub $0x80,%rsp 0x0000000076f3e443 <+1283>: lea 0xe9046(%rip),%rax # 0x77027490 0x0000000076f3e44a <+1290>: xor %r15d,%r15d 0x0000000076f3e44d <+1293>: mov %edx,%ebp 0x0000000076f3e44f <+1295>: mov %rcx,%rbx 0x0000000076f3e452 <+1298>: cmp %rax,%rcx 0x0000000076f3e455 <+1301>: je 0x76f1c939 0x0000000076f3e45b <+1307>: xor %edi,%edi 0x0000000076f3e45d <+1309>: mov %edi,0xb0(%rsp) 0x0000000076f3e464 <+1316>: mov %gs:0x30,%r14 0x0000000076f3e46d <+1325>: test %edi,%edi 0x0000000076f3e46f <+1327>: jne 0x76f1c94a 0x0000000076f3e475 <+1333>: cmp %r15b,0xe420c(%rip) # 0x77022688 0x0000000076f3e47c <+1340>: jne 0x76f5a294 0x0000000076f3e482 <+1346>: cmp %r15d,0xe3e83(%rip) # 0x7702230c 0x0000000076f3e489 <+1353>: jne 0x76f5a26f 0x0000000076f3e48f <+1359>: mov %r12,0xb8(%rsp) 0x0000000076f3e497 <+1367>: cmp %r15b,0xe3df3(%rip) # 0x77022291 0x0000000076f3e49e <+1374>: je 0x76f5a2a8 0x0000000076f3e4a4 <+1380>: xor %r12d,%r12d 0x0000000076f3e4a7 <+1383>: mov 0x18(%rbx),%rsi 0x0000000076f3e4ab <+1387>: test %rsi,%rsi ---Type to continue, or q to quit--- 0x0000000076f3e4ae <+1390>: je 0x76f23ed6 0x0000000076f3e4b4 <+1396>: mov 0x8(%rbx),%eax 0x0000000076f3e4b7 <+1399>: test $0x1,%al 0x0000000076f3e4b9 <+1401>: jne 0x76f12c74 0x0000000076f3e4bf <+1407>: mov %eax,%ecx 0x0000000076f3e4c1 <+1409>: sub %ebp,%ecx 0x0000000076f3e4c3 <+1411>: lock cmpxchg %ecx,0x8(%rbx) 0x0000000076f3e4c8 <+1416>: jne 0x76f12c69 0x0000000076f3e4ce <+1422>: mov (%rbx),%rax 0x0000000076f3e4d1 <+1425>: mov %r13,0xc0(%rsp) 0x0000000076f3e4d9 <+1433>: xor %ebp,%ebp 0x0000000076f3e4db <+1435>: xor %r13d,%r13d 0x0000000076f3e4de <+1438>: cmp $0xffffffffffffffff,%rax 0x0000000076f3e4e2 <+1442>: je 0x76f3e4e7 => 0x0000000076f3e4e4 <+1444>: incl 0x24(%rax) 0x0000000076f3e4e7 <+1447>: mov $0x1722,%edx 0x0000000076f3e4ec <+1452>: lea 0xe8f9d(%rip),%rdi # 0x77027490 --- cut --- And rax == 0 in my case. I've attempted to trace its origin in this code. Looks like the real entry to this function is 0x0000000076f3e430, and first argument is a pointer to a structure, whose first element goes to RAX. The code expects it to be something valid or 0xffffffffffffffff (INVALID_HANDLE_VALUE ?), but it is NULL instead, causing crash. I have set breakpoint at 0x0000000076f3e430 and discovered that is is called from 0x0000000076f3e406 (also present in the disassembly, there is a callq there). A possible way to get there is (in backwards order): 0x0000000076f3e406 - reached from 0x0000000076f3e3f2 by normal execution 0x0000000076f3e3d1 <+1169>: jne 0x76f3e3f2 0x0000000076f3e3d1 - reached from 0x0000000076f3e37d by normal execution I have proven this flow control by setting breakpoints at these addresses, but here i stopped. Looks like i am jumping to 0x0000000076f3e3d1 from somewhere else, and this is not call, so backtrace doesn't help. I hope this analysis will give some clues to what happens, in the meanwhile i'll try to continue it. Kind regards, Pavel Fedin Expert Engineer Samsung Electronics Research center Russia -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple