Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Crash in conhost.exe

Dec
32
0
Recently I've had some crashes in conhost.exe while TCC is executing
a "simple" text-search alias.

This is the WinDbg report from the last incident. First the modules:
Code:
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\advapi32.dll
C:\Windows\System32\sechost.dll
C:\Windows\SYSTEM32\ConhostV1.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\System32\MSCTF.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.DLL
C:\Windows\SYSTEM32\kernel.appcore.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\textinputframework.dll
C:\Windows\SYSTEM32\CoreMessaging.dll
C:\Windows\SYSTEM32\CoreUIComponents.dll
C:\Windows\System32\WS2_32.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\wintypes.dll
C:\Windows\SYSTEM32\TextShaping.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\System32\clbcatq.dll
C:\Windows\System32\AppExtension.dll
C:\Windows\System32\twinapi.appcore.dll
C:\Windows\System32\AppXDeploymentClient.dll
C:\Windows\System32\Windows.StateRepositoryPS.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ole32.dll

(4ba0.f4): Access violation - code c0000005 (!!! second chance !!!)

rax=000000000000000f rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000001 rsi=000000000000001b rdi=0000000000000000
rip=00007ff8050d5249 rsp=0000007db46ff400 rbp=0000007db46ff580
 r8=0000007db46ff489  r9=0000000000000001 r10=0000007db46ff480
r11=0000000000000001 r12=0000020ceb171106 r13=0000007db46ffb78
r14=000000000000001b r15=0000000000000010
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010200

ntdll!RtlCustomCPToUnicodeN+0xa9:
00007ff8`050d5249 0fb70c47        movzx   ecx,word ptr [rdi+rax*2] ds:00000000`0000001e=????

And the call-stack:
Code:
ntdll!RtlCustomCPToUnicodeN+0xa9
ConhostV1!SB_CharToWcharGlyph+0x43
ConhostV1!SB_WriteChars+0x257
ConhostV1!SB_DoWriteConsole+0x253
ConhostV1!SB_DoSrvWriteConsole+0x162
ConhostV1!SrvWriteConsole+0x143
ConhostV1!ConsoleIoThread+0x290
KERNEL32!BaseThreadInitThunk+0x14
ntdll!RtlUserThreadStart+0x21

Seems some illegal data to WriteConsole() is causing this.
This is the call-stack for the TCC thread that started this output
(I used ProcessExplorer to inspect while WinDbg was blocking TCC):
Code:
ntoskrnl.exe!KeSynchronizeExecution+0x6c56
ntoskrnl.exe!KeWaitForMutexObject+0x1460
ntoskrnl.exe!KeWaitForMutexObject+0x98f
ntoskrnl.exe!KeWaitForMutexObject+0x233
ntoskrnl.exe!wcsncpy_s+0x1942c
ntoskrnl.exe!NtDeviceIoControlFile+0x124b
ntoskrnl.exe!NtDeviceIoControlFile+0xce1
ntoskrnl.exe!NtDeviceIoControlFile+0x56
ntoskrnl.exe!setjmpex+0x8338
ntdll.dll!NtDeviceIoControlFile+0x14
KERNELBASE.dll!WriteConsoleW+0x191
KERNELBASE.dll!WriteConsoleW+0x6a
TakeCmd.dll!wwriteXP+0xd6
TakeCmd.dll!HtmlDecode+0x234
TakeCmd.dll!Ffind_Command+0x264b
TakeCmd.dll!Ffind_Command+0x3354
TakeCmd.dll!Ffind_Command+0x1bdc
TakeCmd.dll!ExecuteInternalCommand+0x55e
TakeCmd.dll!Command_S+0x1f69
TakeCmd.dll!Command_S+0x179d
tcc.exe+0x4182
tcc.exe+0x8cf8
KERNEL32.DLL!BaseThreadInitThunk+0x14
ntdll.dll!RtlUserThreadStart+0x21

Has anybody seen such crashes before?
 
What version of TCC and/or TCMD are you using?

What are the contents of your TCC.exception.log?

Here's the file on my system,;
Code:
 Directory of  C:\ProgramData\JP Software\Take Command 30\*

2023-07-29  15:48         <DIR>    .
2023-07-29  15:48         <DIR>    ..
2023-06-19  20:14         <DIR>    updates
2023-07-29  15:48             264  TCC.exception.log
                 264 bytes in 1 file and 3 dirs    4,096 bytes allocated
     303,265,161,216 bytes free

C:\...\Take Command 30>type TCC.exception.log
[2023/07/29 15:48:35.296] D:\TakeCommand30\TCConsole\ntinit.cpp:366 wmain()  SEH Exception: 0x00007FFDDEB79760 - ACCESS_VIOLATION

Joe
 
> What version of TCC and/or TCMD are you using?

TCC ver. 30.0.22.

> What are the contents of your TCC.exception.log?

I have no such file. It was conhost.exe that crashed, not tcc.exe (it just seemed to hang waiting for conhost.exe).
 
What are your Wndows version, the command/alias that caused the crash, and your code page.
 
Conhost? That's weird. Do you have the same problem with cmd.exe ?
 
> What are your Wndows version, the command/alias that caused the crash, and your code page.

Win-10, version 22H2 (OS-build 19045.3324).

My Codepage is 865.
My alias ts is defined as (anybody remember Norton Utilities' program ts.exe; Text Search?):
ffind %3$ /VLSA /MT%2 %1

conhost
crashed when issuing 'ts ..\cmake\* PYTHON_DEBUG_LIBRARY !
 
Gisle, are you using the "legacy" console? (Alt-Space ... Properties ... Options)
 
> Gisle, are you using the "legacy" console? (Alt-Space ... Properties ... Options)

Yes I had. Now after switching off Lecacy Mode, I've not seen the same crash again.
I used this mode since I had troubles with conhost and some ANSI issue.
 
Yes I had. Now after switching off Lecacy Mode, I've not seen the same crash again.

Just now I had another conhost.exe crash running this tiptip.exe Python program from
:

Call-stack from WinDbg:
ucrtbase!abort+0x4e
ucrtbase!terminate+0x1f
ucrtbase!__crt_state_management::wrapped_invoke<void +0x18
conhost!_scrt_unhandled_exception_filter+0x37
KERNELBASE!UnhandledExceptionFilter+0x1e7
ntdll!RtlUserThreadStart$filt$0+0xa2
ntdll!_C_specific_handler+0x96
ntdll!RtlpExecuteHandlerForException+0xf
ntdll!RtlDispatchException+0x244
ntdll!RtlRaiseException+0x1d7
KERNELBASE!RaiseException+0x69
ucrtbase!CxxThrowException+0xad
conhost!wil::details::ThrowResultExceptionInternal+0x4e
conhost!wil::details::ReportFailure+0x236aa
conhost!wil::details::ReportFailure_Hr+0x44
conhost!wil::details::in1diag3::Throw_Hr+0x26
conhost!Microsoft::Console::Render::Renderer::_PaintBufferOutput+0x1f9f1
conhost!Microsoft::Console::Render::Renderer::_PaintFrameForEngine+0x1a8
conhost!Microsoft::Console::Render::Renderer::PaintFrame+0x86
conhost!Microsoft::Console::Render::RenderThread::_ThreadProc+0x56
KERNEL32!BaseThreadInitThunk+0x14
ntdll!RtlUserThreadStart+0x21


So I'm worried it's something in TCC that causes this. And I'm not using the Legacy Console.
And this is how the process-tree looks like while WinDbg is blocking everything:
conhost-crash.jpg



The 2nd instance of conhost.exe is Suspended (crashed).
And there are 7 threads in tcc.exe. Some waiting on conhost.exe.
 
Back
Top
[FOX] Ultimate Translator
Translate