tcmdx64 crash

Bug reports will be moved here when the described bug has been fixed

Moderators: white, Hacker, petermad, Stefan2

mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

tcmdx64 crash

Post by *mhanor »

I can reproduce a crash using TCMD 7.57a and 8.0 x86, under Windows 7 64 bit SP1, on a real machine and on a Virtualbox machine (same OS, clean install).

To reproduce it, create a Windows command batch file (.bat) with the following content, and execute it (please mind the access rights):

Code: Select all

cd \
mkdir vbox
cd vbox
mkdir src
cd src
mkdir VBox
cd VBox
mkdir Additions
cd Additions
mkdir common
cd common
mkdir VBoxService
cd VBoxService
mkdir testcase
cd testcase
echo . > Makefile.kmk
Navigate to the vbox folder, press Alt+F7 (Search) and issue a search command for *.kmk. In the search results, there should be the Makefile.kmk file. Right click it and hover the mouse cursor over the X64 menu entry. It should crash. The stack backtrace looks like this:

Code: Select all

0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files (x86)\totalcmd\tcmdx64.exe
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/tcmdx64_exe/1_0_0_5/4ca1b247/ntdll_dll/6_1_7601_17725/4ec4aa8e/c0000374/000c40f2.htm?Retriage=1

FAULTING_IP: 
ntdll!RtlReportCriticalFailure+62
00000000`779140f2 eb00            jmp     ntdll!RtlReportCriticalFailure+0x64 (00000000`779140f4)

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000779140f2 (ntdll!RtlReportCriticalFailure+0x0000000000000062)
   ExceptionCode: c0000374
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000007798b450

FAULTING_THREAD:  0000000000000f58

PROCESS_NAME:  tcmdx64.exe

ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.

EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.

EXCEPTION_PARAMETER1:  000000007798b450

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG:  400

APPLICATION_VERIFIER_FLAGS:  0

DEFAULT_BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_entry_corruption

PRIMARY_PROBLEM_CLASS:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_entry_corruption

BUGCHECK_STR:  APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_entry_corruption

LAST_CONTROL_TRANSFER:  from 0000000077914736 to 00000000779140f2

STACK_TEXT:  
00000000`0012d970 00000000`77914736 : 00000000`00000002 00000000`00000023 00000000`00000000 00000000`00000003 : ntdll!RtlReportCriticalFailure+0x62
00000000`0012da40 00000000`77915942 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlpReportHeapFailure+0x26
00000000`0012da70 00000000`779175f4 : 00000000`01f20000 00000000`01f20000 00000000`0000000a 00000000`00000000 : ntdll!RtlpHeapHandleError+0x12
00000000`0012daa0 00000000`779179d8 : 00000000`01f20000 00000000`00000000 00000000`00100000 00000000`00000000 : ntdll!RtlpLogHeapFailure+0xa4
00000000`0012dad0 00000000`778afb46 : 00000000`01f20000 00000000`01d967c0 00000000`01f20000 00000000`00000000 : ntdll!RtlpAnalyzeHeapFailure+0x3a8
00000000`0012db30 00000000`778a3518 : 00000000`01f20000 00000000`00000002 00000000`00000008 00000000`00000020 : ntdll!RtlpAllocateHeap+0x1d2a
00000000`0012e0d0 00000001`400055d7 : 00000000`00000003 00000000`00000008 00000000`00000001 00000000`00000000 : ntdll!RtlAllocateHeap+0x16c
00000000`0012e1e0 00000001`400017ca : 00000000`0000005c 00000000`01d96740 00000000`0000005c 00000000`01d96740 : tcmdx64+0x55d7
00000000`0012e210 00000001`400033be : 00000000`00000030 00000000`00000030 00000000`00000000 00000000`000003e8 : tcmdx64+0x17ca
00000000`0012ed90 00000001`40005be1 : 00000000`00000000 00000000`00000000 00000000`00000006 00000000`00000006 : tcmdx64+0x33be
00000000`0012fea0 00000000`7774652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcmdx64+0x5be1
00000000`0012ff60 00000000`7787c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0012ff90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


FOLLOWUP_IP: 
tcmdx64+55d7
00000001`400055d7 4885c0          test    rax,rax

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  tcmdx64+55d7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcmdx64

DEBUG_FLR_IMAGE_TIMESTAMP:  4ca1b247

STACK_COMMAND:  !heap ; ~0s ; kb

BUCKET_ID:  X64_APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_entry_corruption_tcmdx64+55d7

IMAGE_NAME:  C:\Program Files (x86)\totalcmd\tcmdx64.exe

FAILURE_BUCKET_ID:  ACTIONABLE_HEAP_CORRUPTION_heap_failure_entry_corruption_c0000374_C:_Program_Files_(x86)_totalcmd_tcmdx64.exe!Unknown

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/tcmdx64_exe/1_0_0_5/4ca1b247/ntdll_dll/6_1_7601_17725/4ec4aa8e/c0000374/000c40f2.htm?Retriage=1

Followup: MachineOwner
---------


LE: If, at some point in time, you can't reproduce the issue anymore, try rebooting the system.
umbra
Power Member
Power Member
Posts: 871
Joined: 2012-01-14, 20:41 UTC

Post by *umbra »

I can confirm it (well, a sort of) in Win 7 and Win 8.
In a Win 8 virtual machine, when I tried it for the first time, tcmdx64.exe crashed and the x64 context menu contained something like "No response (timeout)!". After I restarted TC, I was no longer able to reproduce it - menu worked fine. I had to restart a computer to see it again.
In a Win 7 virtual machine, it was very similar - there was no crash report but everything else was the same.

edit: mhanor, every time I reload the page I see more info in your post. I had to find out about that rebooting on my own :(
Windows 7 Pro x64, Windows 10 Pro x64
mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

Post by *mhanor »

I submitted the post before completing it, that's why you saw more info on each page refresh.

On my real PC, it doesn't seem to dissapear while the postmortem debugger (windbg) automatically starts and attaches itself to the failed process. It appears I can crash it over and over again. I'm thinking that the OS caches/adjusts something, while there's no postmortem debugger set, and the crash becomes unlikely without a system reboot.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48005
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

From your report it seems that you found some bug in an Explorer shell extension for this file type. Can you try the same right click on Explorer?
Author of Total Commander
https://www.ghisler.com
mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

Post by *mhanor »

There is no shell extension installed or file type set for this file extension name. I can reproduce the issue with a clean installation of Windows 7 SP1 64 bit. And there's no X64 menu entry when right clicking files in TCMD x64 and Explorer (which is also 64 bit).
User avatar
petermad
Power Member
Power Member
Posts: 14700
Joined: 2003-02-05, 20:24 UTC
Location: Denmark
Contact:

Post by *petermad »

I can confirm the bug using mhanor's batch file - but ONLY when the vbox folder and it's subdirs are placed in the root - not if I place vbox in a subdir to the root. It doesn't matter whether it is in the root of a NTFS drive or a FAT32 drive.

Interestingly enough - if I go to Makefile.kmk in the file panel and right click it, there are no problems - it is only when I right click it in the search dialog.

I don't have any Windows associations of *.kmk files in the registry.
License #524 (1994)
Danish Total Commander Translator
TC 11.03 32+64bit on Win XP 32bit & Win 7, 8.1 & 10 (22H2) 64bit, 'Everything' 1.5.0.1371a
TC 3.50b4 on Android 6 & 13
Try: TC Extended Menus | TC Languagebar | TC Dark Help | PHSM-Calendar
mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

Post by *mhanor »

Why do you think I put the "cd \" as the first line in the batch file? :)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48005
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

I do not have the problem here, Windows 7 x64, TC8 x32.

I guess that there are some Explorer extensions which are not file extension specific.

Try this: Open the x64 menu while holding down shift. If this works, choose "configure" and exclude all the displayed extensions. Now open the "X64" menu again without shift. Does it still crash?
Author of Total Commander
https://www.ghisler.com
User avatar
petermad
Power Member
Power Member
Posts: 14700
Joined: 2003-02-05, 20:24 UTC
Location: Denmark
Contact:

Post by *petermad »

Try this: Open the x64 menu while holding down shift. If this works, choose "configure" and exclude all the displayed extensions. Now open the "X64" menu again without shift. Does it still crash?
Right after disabeling all displayed extensions, TC does not crash when I hover "X64", but if I do a new Search, right click Makefile.kmk and hover "X64" TC crashes like before.
License #524 (1994)
Danish Total Commander Translator
TC 11.03 32+64bit on Win XP 32bit & Win 7, 8.1 & 10 (22H2) 64bit, 'Everything' 1.5.0.1371a
TC 3.50b4 on Android 6 & 13
Try: TC Extended Menus | TC Languagebar | TC Dark Help | PHSM-Calendar
mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

Post by *mhanor »

Same here. I've disabled the extensions, it crashes when right clicking that file, in the search window, when hovering over X64 and not holding the shift key.

I can't reproduce the issue when enabling page heap for tcmdx64.exe, in Global Flags. If I enable other heap checking options, it finds this:

http://pastebin.com/xheAnnzZ

Later edit:
I assume that the crash stops when the fault tolerant heap makes the appropriate adjustments (FTH). FTH does output a msg to the debug
output.

Code: Select all

HEAP[tcmdx64.exe]: Heap block at 0000000000452300 modified at 0000000000452398 past requested size of 88
0:000> dc 0000000000452300 l28
00000000`00452300  feeefeee feeefeee 0b07000c 38000f2f  ............/..8
00000000`00452310  003a0063 0076005c 006f0062 005c0078  c.:.\.v.b.o.x.\.
00000000`00452320  00720073 005c0063 00420056 0078006f  s.r.c.\.V.B.o.x.
00000000`00452330  0041005c 00640064 00740069 006f0069  \.A.d.d.i.t.i.o.
00000000`00452340  0073006e 0063005c 006d006f 006f006d  n.s.\.c.o.m.m.o.
00000000`00452350  005c006e 00420056 0078006f 00650053  n.\.V.B.o.x.S.e.
00000000`00452360  00760072 00630069 005c0065 00650074  r.v.i.c.e.\.t.e.
00000000`00452370  00740073 00610063 00650073 004d005c  s.t.c.a.s.e.\.M.
00000000`00452380  006b0061 00660065 006c0069 002e0065  a.k.e.f.i.l.e...
00000000`00452390  006d006b 0000006b abab0000 abababab  k.m.k...........
Last edited by mhanor on 2012-05-31, 21:53 UTC, edited 1 time in total.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48005
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

I'm sorry but I cannot reproduce it. Does it happen only with that extension, or only with that directory, or only that contents of the file? Or a combination of some of them?

And could you try to disable the extensions also with ShellExView?
Author of Total Commander
https://www.ghisler.com
mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

Post by *mhanor »

After disabling FTH, cleaning AppCompatFlags & rebooting, I'm able to reproduce the crash every time.

umbra mentioned a crash (2nd reply), that I think it wasn't related to the same setup. There are a few other threads on this forum, where some users reported crashes of tcmdx64 inside ntdll code, probably caused by the same issue.

What extensions should I disable with ShellExView? It lists only Microsoft extensions and it even warns about disabling certain of them. I've disabled them, but the OS feels the same, even after reboot, and tcmdx64 still crashes.

Maybe you should check if your OS has set up a FaultTolerantHeap flag for tcmdx64 and perhaps you should disable FTH: http://blogs.msdn.com/b/itasupport/archive/2009/10/08/come-disabilitare-il-fault-tolerant-heap.aspx
You could also try a virtual machine, maybe some installed extensions prohibit you from reproducing the problem.

It may have something to do with the length of the full path & file name, 67 characters

I can reproduce the crash with:

Code: Select all

g:\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.km
g:\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
g:\aaaaaaaaaaaaaaaaaaaaaaa\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
Only when right clicking inside the search window. I can't crash it if the full path and file name has 66 or 68 characters.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48005
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Only when right clicking inside the search window.
Ah, that was the clue - I always used "feed to listbox" first! I can indeed reproduce a crash when I right click in the search window - it seems that the x64 submenu was never tested in that situation, and is getting some invalid parameters from TC.
Author of Total Commander
https://www.ghisler.com
umbra
Power Member
Power Member
Posts: 871
Joined: 2012-01-14, 20:41 UTC

Post by *umbra »

No more crashes in TC 8.01 rc1.
Windows 7 Pro x64, Windows 10 Pro x64
mhanor
Junior Member
Junior Member
Posts: 22
Joined: 2010-04-07, 11:04 UTC

Post by *mhanor »

Indeed, it seems safe now.
Post Reply