Discussion:
[Bug 4571] New: bash -i crashes ReactOS
(too old to reply)
R***@www.reactos.org
2009-06-01 09:18:25 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571

Summary: bash -i crashes ReactOS
Product: ReactOS
Version: TRUNK
Platform: QEmu
OS/Version: ReactOS
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: Kernel
AssignedTo: ros-***@reactos.org
ReportedBy: ***@free.Fr
QAContact: ros-***@reactos.org


with reactos 41214 build on linux for qemu,
with cygwin-setup 1.7
with default cygwin installation (which stop just before being finished).

open a command line and type:

cd \cygwin bin
bash -i

This crashes ReactOS, log here after:


qemu -net nic -net user -serial stdio -m 128 -hda ReactOS.vmdk -cdrom
cygwin-setup-1.7.iso
Could not open '/dev/kqemu' - QEMU acceleration layer not activated
(ntoskrnl/kd/kdio.c:220) -----------------------------------------------------
(ntoskrnl/kd/kdio.c:221) ReactOS 0.4-SVN (Build 20090531-r41214)
(ntoskrnl/kd/kdio.c:222) Command Line: DEBUG DEBUGPORT=COM1 BAUDRATE=115200
SOS
(ntoskrnl/kd/kdio.c:223) ARC Paths: multi(0)disk(0)rdisk(0)partition(1) \
multi(0)disk(0)rdisk(0)partition(1) \ReactOS\
Used memory 130676Kb
(ntoskrnl/mm/mminit.c:284) Start End Type
(ntoskrnl/mm/mminit.c:285) 0x80000000 - 0x80800000 Undefined region
(ntoskrnl/mm/mminit.c:288) 0x80800000 - 0x80E00000 FreeLDR Kernel mapping
region
(ntoskrnl/mm/mminit.c:291) 0x80E00000 - 0x80F00000 PFN Database region
(ntoskrnl/mm/mminit.c:298) 0x80F00000 - 0x87300000 Non paged pool region
(ntoskrnl/mm/mminit.c:301) 0x87300000 - 0x8D700000 Paged pool region
(ntoskrnl/ke/i386/kiinit.c:43) Large Page support detected but not yet taken
advantage of!
(ntoskrnl/ke/i386/patpge.c:62) Advanced Memory features detected but not yet
taken advantage of.
WARNING: KdDebuggerInitialize1 at drivers/base/kdcom/i386/kdbg.c:489 is
UNIMPLEMENTED!
WARNING: IoReportResourceUsage at ntoskrnl/io/iomgr/iorsrce.c:700 is
UNIMPLEMENTED!
WARNING: IoReportResourceUsage at ntoskrnl/io/iomgr/iorsrce.c:700 is
UNIMPLEMENTED!
(ntoskrnl/io/iomgr/driver.c:1348) '\Driver\BUSLOGIC' initialization failed,
status (0xc00000c0)
(drivers/storage/class/ramdisk/ramdisk.c:2310) RAM Disk Driver Initialized
(ntoskrnl/io/iomgr/deviface.c:892) IoRegisterDeviceInterface(): creating
symbolic link \??\Root#*PNP0F13#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} ->
\Device\0000000d
(ntoskrnl/io/iomgr/deviface.c:892) IoRegisterDeviceInterface(): creating
symbolic link \??\Root#*PNP0501#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73} ->
\Device\0000000c
(ntoskrnl/io/iomgr/deviface.c:892) IoRegisterDeviceInterface(): creating
symbolic link \??\Root#*PNP0501#0000#{4d36e978-e325-11ce-bfc1-08002be10318} ->
\Device\0000000c
(drivers/network/ndis/ndis/miniport.c:2292)(NdisMRegisterMiniport) Initializing
an NDIS 3.0 miniport
(drivers/bus/pci/pdo.c:1383) Unknown IOCTL 0x7
(ntoskrnl/io/iomgr/deviface.c:892) IoRegisterDeviceInterface(): creating
symbolic link \??\Root#*PNP0303#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} ->
\Device\0000000a
(ntoskrnl/io/iomgr/driver.c:1348) '\Driver\Floppy' initialization failed,
status (0xc000000e)
WARNING: MmPageEntireDriver at ntoskrnl/mm/drvlck.c:88 is UNIMPLEMENTED!
WARNING: MmPageEntireDriver at ntoskrnl/mm/drvlck.c:88 is UNIMPLEMENTED!
WARNING: MmPageEntireDriver at ntoskrnl/mm/drvlck.c:88 is UNIMPLEMENTED!
(ntoskrnl/io/iomgr/file.c:414) Using IopParseDevice() hack
(subsystems/win32/win32k/ntuser/input.c:904)
Raw Input Thread 0x81368620
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
WARNING: NtUserInitialize at subsystems/win32/win32k/ntuser/ntstubs.c:823 is
UNIMPLEMENTED!
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:951) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x50000)
(subsystems/win32/win32k/objects/gdiobj.c:814) Attempted to lock object 0x0 of
wrong type (Handle: 0x0, requested: 0x40000)
(base/services/umpnpmgr/umpnpmgr.c:2298) Unknown event, GUID
{CB3A4009-46F0-11D0-B08F-00609713053F}
(base/services/umpnpmgr/umpnpmgr.c:2298) Unknown event, GUID
{CB3A4009-46F0-11D0-B08F-00609713053F}
(base/services/umpnpmgr/umpnpmgr.c:2298) Unknown event, GUID
{CB3A4009-46F0-11D0-B08F-00609713053F}
(base/services/umpnpmgr/umpnpmgr.c:2298) Unknown event, GUID
{CB3A4009-46F0-11D0-B08F-00609713053F}
(base/services/umpnpmgr/umpnpmgr.c:2298) Unknown event, GUID
{CB3A4009-46F0-11D0-B08F-00609713053F}
(base/services/umpnpmgr/umpnpmgr.c:2298) Unknown event, GUID
{CB3A4009-46F0-11D0-B08F-00609713053F}
(subsystems/win32/win32k/ntuser/desktop.c:591) RtlQueryRegistryValues failed
for PaintDesktopVersion (c0000034)
err:(base/system/winlogon/screensaver.c:86) ImpersonateLoggedOnUser() failed
with error 5
err:(base/system/userinit/userinit.c:559) USERPREFERENCESMASK size: 4
err:(base/system/userinit/userinit.c:586) No User Preferences set in registry
or incorrect type (error 2)
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
Using shell hooks for notification of shell events.
(subsystems/win32/win32k/ntuser/hook.c:1143) Not implemented: HookId 3 Global
TRUE
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
err:(dll/win32/shell32/classes.c:463) HCR_GetFolderAttributes should be called
for simple PIDL's only!
err:(dll/win32/setupapi/queue.c:1659) copy error 2
L"C:\\ReactOS\\inf\\isapnp.sys" ->
L"C:\\ReactOS\\System32\\drivers\\isapnp.sys"
fixme:(dll/win32/shell32/shlview.c:1595) LVN_KEYDOWN key=0x0000000d
MainFrameBase::OpenShellFolders(): parent_pidl=C:\Documents and
Settings\Administrator.REACTOS\Bureau
fixme:(dll/win32/shell32/she_ocmenu.c:1247) pidl is a shortcut
(subsystems/win32/win32k/ntuser/clipboard.c:1159) No WINSTA_ACCESSCLIPBOARD
access
fixme:(dll/win32/shell32/shlexec.c:1541) flags ignored: 0x00010000
(subsystems/win32/csrss/win32csr/guiconsole.c:1524) GuiConsoleResize X 560 Y
375
(subsystems/win32/csrss/win32csr/guiconsole.c:1524) GuiConsoleResize X 560 Y
375
(subsystems/win32/csrss/win32csr/guiconsole.c:2151) received event Console
00930950 GuiData 009309D0 X 80 Y 25
WARNING: SeAppendPrivileges at ntoskrnl/se/priv.c:296 is UNIMPLEMENTED!
WARNING: SeAppendPrivileges at ntoskrnl/se/priv.c:296 is UNIMPLEMENTED!
WARNING: SeAppendPrivileges at ntoskrnl/se/priv.c:296 is UNIMPLEMENTED!
WARNING: SeAppendPrivileges at ntoskrnl/se/priv.c:296 is UNIMPLEMENTED!
Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page
Fault)
Memory at 0x00000000 could not be read: Page not present.
kdb:> bt
Eip:
<FASTFAT.SYS:1a53>
Frames:
<FASTFAT.SYS:98e9>
<FASTFAT.SYS:99f9>
<NTOSKRNL.EXE:567ad (ntoskrnl/io/iomgr/irp.c:1137 (@***@8))>
<NTOSKRNL.EXE:4c379 (ntoskrnl/io/iomgr/file.c:705 (***@40))>
<NTOSKRNL.EXE:4cc33 (ntoskrnl/io/iomgr/file.c:923 (***@40))>
<NTOSKRNL.EXE:9d2b3 (ntoskrnl/ob/obname.c:380 (***@44))>
<NTOSKRNL.EXE:9b32b (ntoskrnl/ob/obhandle.c:2504 (***@28))>
<NTOSKRNL.EXE:4dbf3 (ntoskrnl/io/iomgr/file.c:1803 (***@56))>
<NTOSKRNL.EXE:4eded (ntoskrnl/io/iomgr/file.c:2714 (***@24))>
<NTOSKRNL.EXE:bac0c (ntoskrnl/ke/i386/trap.s:244 (KiFastCallEntry))>
<ntdll.dll:6592>
<cygwin1.dll:88638>
<cygwin1.dll:66e2>
<cygwin1.dll:4a96>
<ec835356>
Couldn't access memory at 0x57E58959!
kdb:>
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-01 20:33:20 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #1 from hto <***@dev.null> 2009-06-01 22:33:20 CET ---
Could you please raddr2line these FASTFAT.SYS:XXXX ?
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-01 21:06:30 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #2 from jeanmichel.123 <***@free.Fr> 2009-06-01 23:06:30 CET ---
I did not found any raddr2line, but a mingw32-addr2line.


$ /usr/RosBE/i386/bin/mingw32-addr2line -e ./output-i386/cd/reactos/fastfat.sys
99f9
??:0
$ /usr/RosBE/i386/bin/mingw32-addr2line -e ./output-i386/cd/reactos/fastfat.sys
98e9
??:0
$ /usr/RosBE/i386/bin/mingw32-addr2line -e ./output-i386/cd/reactos/fastfat.sys
1a53
??:0
$ /usr/RosBE/i386/bin/mingw32-addr2line -e ./output-i386/cd/reactos/fastfat.sys
1A53
??:0

Moreover, /usr/RosBE/i386/bin/mingw32-nm ./output-i386/cd/reactos/fastfat.sys
/usr/RosBE/i386/bin/mingw32-nm: ./output-i386/cd/reactos/fastfat.sys: no
symbols


Might be because I did some "make" since bug report, but as I did not "svn
update", file should be the same...
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-01 21:44:58 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #3 from hto <***@dev.null> 2009-06-01 23:44:57 CET ---
Raddr2line can be compiled by "make raddr2line". It will be in
output-i386/tools/rsym subdirectory. Also, there is another useful utility
called log2lines.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-02 22:28:38 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #4 from jeanmichel.123 <***@free.Fr> 2009-06-03 00:28:37 CET ---
So:


kdb:> bt
Eip:
<FASTFAT.SYS:1a53> drivers/filesystems/fastfat/create.c:525 (VfatCreate)
Frames:
<FASTFAT.SYS:98e9> drivers/filesystems/fastfat/misc.c:107 (VfatDispatchRequest)
<FASTFAT.SYS:99f9> drivers/filesystems/fastfat/misc.c:160 (***@8)
<NTOSKRNL.EXE:567ad (ntoskrnl/io/iomgr/irp.c:1137 (@***@8))>
<NTOSKRNL.EXE:4c379 (ntoskrnl/io/iomgr/file.c:705 (***@40))>
<NTOSKRNL.EXE:4cc33 (ntoskrnl/io/iomgr/file.c:923 (***@40))>
<NTOSKRNL.EXE:9d2b3 (ntoskrnl/ob/obname.c:380 (***@44))>
<NTOSKRNL.EXE:9b32b (ntoskrnl/ob/obhandle.c:2504 (***@28))>
<NTOSKRNL.EXE:4dbf3 (ntoskrnl/io/iomgr/file.c:1803 (***@56))>
<NTOSKRNL.EXE:4eded (ntoskrnl/io/iomgr/file.c:2714 (***@24))>
<NTOSKRNL.EXE:bac0c (ntoskrnl/ke/i386/trap.s:244 (KiFastCallEntry))>
<ntdll.dll:6592>
<cygwin1.dll:88638>
<cygwin1.dll:66e2>
<cygwin1.dll:4a96>
<ec835356>
Couldn't access memory at 0x57E58959!
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-11 21:19:34 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #5 from jeanmichel.123 <***@free.Fr> 2009-06-11 23:19:34 CET ---
Created an attachment (id=4065)
--> (http://www.reactos.org/bugzilla/attachment.cgi?id=4065)
log just before crash showing some status: c0000034

This logs displays last files tried to be open just before bash.exe crashes
ReactOS via fastfat driver.
Including some «Could not make a new FCB,»issues with status.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-11 21:50:22 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #6 from jeanmichel.123 <***@free.Fr> 2009-06-11 23:50:21 CET ---
The issues in
drivers/filesystems/fastfat/create.c:525 (VfatCreate)

is:

<FASTFAT.SYS:1a77>: cmpw $0x5c,(%ecx)
<FASTFAT.SYS:1a7b>: je <FASTFAT.SYS:1892>
<FASTFAT.SYS:1a81>: movzwl 0xffffffd8(%ebp),%edx
<FASTFAT.SYS:1a85>: cmp $0x2,%dx
<FASTFAT.SYS:1a89>: ja <FASTFAT.SYS:1ccd>

with

ECX 0x00000000 EDX 0x00000000

This probably mean that in PathNameU.Buffer[0] == L'\\'

PathNameU.Buffer is NULL.

Moreover:
EBP 0xa2df9a38
<a2df9a10>: 00000000 00000000 81615890 a2df9a34

As line 529 begins with
if (PathNameU.Length > sizeof(WCHAR) &&

This mean PathNameU.Length is 0.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-11 22:54:13 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #7 from hto <***@dev.null> 2009-06-12 00:54:13 CET ---
Debug log mentioned 'Memory at 0x00130000', but you say that PathNameU.Buffer
is NULL.
R***@www.reactos.org
2009-06-12 08:59:25 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #8 from jeanmichel.123 <***@free.Fr> 2009-06-12 10:59:24 CET ---
(In reply to comment #7)
Post by R***@www.reactos.org
Debug log mentioned 'Memory at 0x00130000', but you say that PathNameU.Buffer
is NULL.
R***@www.reactos.org
2009-06-12 09:11:53 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #9 from jeanmichel.123 <***@free.Fr> 2009-06-12 11:11:52 CET ---
(In reply to comment #7)
Post by R***@www.reactos.org
Debug log mentioned 'Memory at 0x00130000', but you say that PathNameU.Buffer
is NULL.
R***@www.reactos.org
2009-06-12 10:59:38 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #10 from hto <***@dev.null> 2009-06-12 12:59:37 CET ---
Either &FileObject->RelatedFileObject or PathNameU.Buffer is 0x130000.

You can try to attach GDB to QEMU and insert a breakpoint to that place. KDBG
also has its breakpoints.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-15 22:24:54 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #11 from jeanmichel.123 <***@free.Fr> 2009-06-16 00:24:54 CET ---
(In reply to comment #10)
Post by R***@www.reactos.org
Either &FileObject->RelatedFileObject or PathNameU.Buffer is 0x130000.
You can try to attach GDB to QEMU and insert a breakpoint to that place. KDBG
also has its breakpoints.
Not sure, due to following line:
(drivers/filesystems/fastfat/create.c:526) fat create: test PathNameU.Buffer
pointer 00000000 PathNameU.Length 0

within its context:

(ntoskrnl/io/iomgr/file.c:948) ObjectBody: 81848998
(ntoskrnl/io/iomgr/file.c:1656) FileName: \??\C:\cygwin\etc\fstab
(ntoskrnl/io/iomgr/file.c:200) ParseObject: 810F9D98. RemainingName:
\cygwin\etc\fstab
(drivers/filesystems/fastfat/create.c:526) fat create: test PathNameU.Buffer
pointer 8D360E78 PathNameU.Length 34
(drivers/filesystems/fastfat/create.c:351) VfatOpenFile(8110F0D0,
'\cygwin\etc\fstab', 816E8840, 9EFAAA60)
(drivers/filesystems/fastfat/create.c:403) Checking for existing FCB in memory
(drivers/filesystems/fastfat/create.c:408) Could not make a new FCB, status:
c0000034
(ntoskrnl/io/iomgr/file.c:948) ObjectBody: 816E8840
(ntoskrnl/io/iomgr/file.c:1656) FileName:
\??\C:\cygwin\etc\fstab.d\Administrator
(ntoskrnl/io/iomgr/file.c:200) ParseObject: 810F9D98. RemainingName:
\cygwin\etc\fstab.d\Administrator
(drivers/filesystems/fastfat/create.c:526) fat create: test PathNameU.Buffer
pointer 8D578230 PathNameU.Length 66
(drivers/filesystems/fastfat/create.c:351) VfatOpenFile(8110F0D0,
'\cygwin\etc\fstab.d\Administrator', 816E8840, 9EFAAA60)
(drivers/filesystems/fastfat/create.c:403) Checking for existing FCB in memory
(drivers/filesystems/fastfat/create.c:408) Could not make a new FCB, status:
c000003a
(ntoskrnl/io/iomgr/file.c:948) ObjectBody: 816E8840
(ntoskrnl/io/iomgr/file.c:1656) FileName:
(ntoskrnl/io/iomgr/file.c:200) ParseObject: 8110F018. RemainingName: <NULL>
WARNING: SeAppendPrivileges at ntoskrnl/se/priv.c:296 is UNIMPLEMENTED!
(drivers/filesystems/fastfat/create.c:526) fat create: test PathNameU.Buffer
pointer 00000000 PathNameU.Length 0
Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page
Fault)
Memory at 0x011DCF78 could not be read: Page not present.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-16 13:27:25 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #12 from hto <***@dev.null> 2009-06-16 15:27:25 CET ---
What about &FileObject->RelatedFileObject ? It is checked first.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-16 20:58:48 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #13 from jeanmichel.123 <***@free.Fr> 2009-06-16 22:58:48 CET ---
Making additional tests, I detected the issue is not specific to bash.exe, but
also accords with true.exe.
In my opinion, this mind the issue is related to cygwin dll which executes
before applications's main.

I also have some
small_printf ("Huh? No /etc/fstab file in %W? Using default root and cygdrive
prefix...\n", path);

But I still do not know what the applications tries to do between this fstab
reading and application's main.

Message which is displayed in console.
This indicates a cvs revision prior to 1.35.
http://cygwin.com/cgi-bin/cvsweb.cgi/src/winsup/cygwin/mount.cc.diff?r1=1.35&r2=1.36&cvsroot=src&f=h
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-17 06:22:27 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #14 from jeanmichel.123 <***@free.Fr> 2009-06-17 08:22:25 CET ---
(In reply to comment #12)
Post by R***@www.reactos.org
What about &FileObject->RelatedFileObject ? It is checked first.
I addeded some debug information in the code.

Here after, the brut log, then source modification and then more after my
interpretation.

(ntoskrnl/io/iomgr/file.c:948) ObjectBody: 81871A18
(ntoskrnl/io/iomgr/file.c:2700) NtOpenFile: 7, 4021, 100020
(ntoskrnl/io/iomgr/file.c:1656) FileName:
(ntoskrnl/io/iomgr/file.c:200) ParseObject: 8110F018. RemainingName: <NULL>
WARNING: SeAppendPrivileges at ntoskrnl/se/priv.c:296 is UNIMPLEMENTED!
(drivers/filesystems/fastfat/create.c:526) fat create: test PathNameU.Buffer
pointer 00000000 PathNameU.Length 0
(drivers/filesystems/fastfat/create.c:528) fat create: test
FileObject->RelatedFileObject pointer 8183FE88
Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page
Fault)
Memory at 0x03FE0000 could not be read: Page not present.



create.c:
526 DPRINT ("fat create: test PathNameU.Buffer pointer %p
PathNameU.Length %d\n",
527 PathNameU.Buffer, PathNameU.Length);
528 DPRINT ("fat create: test FileObject->RelatedFileObject pointer %p
\n",
529 FileObject->RelatedFileObject);
file.c:
2700 IOTRACE(IO_FILE_DEBUG, "NtOpenFile: %lx, %lx, %lx\n", ShareAccess,
OpenOptions, DesiredAccess);


This mean that exception in ReactOS code occurs in a NtOpenFile call, not due
to dereferencing FileObject->RelatedFileObject, but finename.

This NtOpenFile was called with a <NULL> filename,
ShareAccess=7,
#define FILE_SHARE_READ 0x00000001
#define FILE_SHARE_WRITE 0x00000002
#define FILE_SHARE_DELETE 0x00000004
OpenOptions=0x4021,
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_DIRECTORY_FILE 0x00000001
DesiredAccess=0x100020
#define SYNCHRONIZE (0x00100000L)
0x20: Specific rights. Contains the access mask specific
to the object type associated with the mask.
);


I am wondering f this call can be related to the one in
http://www.google.fr/codesearch/p?hl=fr&sa=N&cd=1&ct=rc#XZEU371UQGA/cygwin/exceptions.cc&q=%22using%20default%20root%20and%20cygdrive%20prefix%22
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-17 06:35:20 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571
Post by R***@www.reactos.org
http://www.google.fr/codesearch/p?hl=fr&sa=N&cd=1&ct=rc#XZEU371UQGA/cygwin/exceptions.cc&q=%22using%20default%20root%20and%20cygdrive%20prefix%22
Or more probably:
http://google.fr/codesearch/p?hl=fr&sa=N&cd=12&ct=rc#bXCwqadbOuY/winsup/cygwin/fhandler_disk_file.cc&q=FILE_LIST_DIRECTORY%20file:cygwin
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-17 07:42:04 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #16 from hto <***@dev.null> 2009-06-17 09:42:04 CET ---
I think that this report would look better with more attachments and less
inlined debug logs.
This probably explains why: entered debugger on *last-chance* exception.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-17 10:55:10 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571
Post by R***@www.reactos.org
This probably explains why: entered debugger on *last-chance* exception.
I simply do not understand what you mean.

But the bug seams to be very simple: ReactOS might crash when NtOpenFile is
called with 0 length filename.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-17 21:34:26 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #18 from hto <***@dev.null> 2009-06-17 23:34:25 CET ---
A simple test program would check this hypothesis.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-18 22:51:30 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #19 from jeanmichel.123 <***@free.Fr> 2009-06-19 00:51:29 CET ---
Created an attachment (id=4085)
--> (http://www.reactos.org/bugzilla/attachment.cgi?id=4085)
patch to not crash ReactOS on empty pathname

Despite I do not know what the driver should do on empty filename, (continue or
fail with adequate status), I am pretty sure ReactOS is not supposed to crash.

I tested it on my reactOS, and that solves the issue, in the way that true.exe
can be executed. On the other hand, bash only work as interpreter because
access to current directory and virtual file system is "limited" to fstab
issue, but this is another issue, not in the scope of this 4571 bug.

Moreover, as this patch allows cygwin.dll to continue, we now know that the
call with empty filename is previous to access file \cygwin\etc\group, named
pipes and dll loading.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-06-22 14:39:48 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


jeanmichel.123 <***@free.Fr> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Component|Kernel |Drivers
Ever Confirmed|0 |1
Summary|bash -i crashes ReactOS |fastfat buffer overflow can
| |crash reactOS.




--- Comment #20 from jeanmichel.123 <***@free.Fr> 2009-06-22 16:39:48 CET ---
Assuming fastfat.sys is a driver.

Marked as new, because there is no clue that issue is not a buffer overflow.

Changed the title, because relationship between bash.exe, cygwin1.dll and this
bug is not clearly available.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-07-12 09:43:01 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


Lone_Rifle <***@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@gmail.com




--- Comment #21 from Lone_Rifle <***@gmail.com> 2009-07-12 11:43:00 CET ---
Could you attach a copy of true.exe so that I can verify your findings? Both
source and binary please. Thanks.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-07-12 19:37:21 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #22 from hto <***@dev.null> 2009-07-12 21:37:21 CET ---
(In reply to comment #21)

cygwin1.dll is needed (rather large file).
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-07-15 00:07:01 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #23 from hto <***@dev.null> 2009-07-15 02:07:01 CET ---
cwdstuff::set() in winsup/cygwin/path.cc

<http://cygwin.com/cgi-bin/cvsweb.cgi/src/winsup/cygwin/path.cc?annotate=1.553&cvsroot=src>
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@www.reactos.org
2009-07-15 01:41:28 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571





--- Comment #24 from hto <***@dev.null> 2009-07-15 03:41:26 CET ---
Created an attachment (id=4143)
--> (http://www.reactos.org/bugzilla/attachment.cgi?id=4143)
Reduced testcase
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@reactos.org
2009-07-25 05:48:31 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


hto <***@dev.null> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |4359
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@reactos.org
2010-03-09 22:23:09 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


q4a <***@bk.ru> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@bk.ru
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
R***@reactos.org
2010-08-04 10:29:51 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


Heis Spiter <***@reactos.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@reactos.or
| |g
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
R***@reactos.org
2010-08-04 10:43:18 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


Heis Spiter <***@reactos.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@reactos.org
2010-08-04 10:44:08 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


Heis Spiter <***@reactos.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|ros-***@reactos.org |***@reactos.or
| |g
Status|ASSIGNED |NEW
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
R***@reactos.org
2010-08-04 18:34:29 UTC
Permalink
http://www.reactos.org/bugzilla/show_bug.cgi?id=4571


Heis Spiter <***@reactos.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED




--- Comment #25 from Heis Spiter <***@reactos.org> 2010-08-04 18:34:29 CET ---
Fixed in r47959 & r48453
Thanks!
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Loading...