I am using one Windows application which parses certain binary file. The app is crashing (Read access violation) every time at a certain location.
I am trying to find out the root cause of the crash.
(f74.fac): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=02b74141 ebx=00000000 ecx=02760000 edx=00414141 esi=00000000 edi=01426fe4
eip=7c91081e esp=0012eb64 ebp=0012eb8c iopl=0 nv up ei ng nz na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010287
ntdll!RtlpImageNtHeader+0x35:
7c91081e 813850450000 cmp dword ptr [eax],4550h ds:0023:02b74141=????????
At Crash Point:
0:000> u eip
ntdll!RtlpImageNtHeader+0x35:
7c91081e 813850450000 cmp dword ptr [eax],4550h
7c910824 0f858b830200 jne ntdll!RtlpImageNtHeader+0x3d (7c938bb5)
7c91082a 834dfcff or dword ptr [ebp-4],0FFFFFFFFh
7c91082e e8cfe5ffff call ntdll!_SEH_epilog (7c90ee02)
7c910833 c20400 ret 4
7c910836 90 nop
7c910837 90 nop
7c910838 ff ???
Stack Trace :
0:000> kb
ChildEBP RetAddr Args to Child
0012eb8c 7c91708f 02760000 00000216 0012f3d0 ntdll!RtlpImageNtHeader+0x35
0012ee40 7c916042 02734da8 0012eeb8 00000000 ntdll!LdrpCheckForLoadedDll+0x4cd
0012f0fc 7c9162da 00000000 02734da8 0012f3f0 ntdll!LdrpLoadDll+0x1ba
0012f3a4 7c801bb9 02734da8 0012f3f0 0012f3d0 ntdll!LdrLoadDll+0x230
0012f40c 7c801d6e 7ffdec00 00000000 00000001 kernel32!LoadLibraryExW+0x18e
*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image00400000
0012f420 00407b8c 017f3ed8 00000000 00000001 kernel32!LoadLibraryExA+0x1f
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f4a4 7c80c710 73eae590 0012f49c 0012f558 image00400000+0x7b8c
0012f4c8 73dd4381 017f3ed8 017f3db8 00000047 kernel32!lstrlenA+0x3b
0012f528 73dd2263 0012f628 00000000 0012f4f0 MFC42!CString::CString+0x47
0012f538 73dd2725 017ef0ac 0012f628 00407846 MFC42!CFixedAlloc::Free+0x28
0012f544 00407846 0012f628 00000000 017ef158 MFC42!CString::~CString+0x1c
00000000 00000000 00000000 00000000 00000000 image00400000+0x7846
Not sure,But I'm guessing its a problem related to heap as CString uses heap allocation.
So please suggest the possible cause for this crash.
Please let me know if more information is needed.
Thanks in Advance,
Parsing binary file does not have valid MZ/PE headers.
Binary base in ecx=02760000 is valid, in edx=00414141 must be an offset to the IMAGE_NT_HEADERS structure in bytes istead of 414141 'AAA'. You may see 00414141 using dd 02760000+3c L1 command. RtlpImageNtHeader adds 414141 to you Base and this is mast be PE signature. Show output from !address 02760000, !dh 02760000, !address 02b74141 I may assume that 02b74141 is not mapped at all.
Related
I have a Visual Studio 2015 Professional Update 2 crossplatform c++ solution with shared, android and ios projects. It looks like the projects build successfully, but then Visual Studio hangs. I am unable to cancel the build or restart visual studio. I have to kill the devenv process, then open it again.
In windbg, I see the hanging thread as this:
0:000> kb
ChildEBP RetAddr Args to Child
0018f228 754da4fa 00000001 0018f3fc 00000001 ntdll!NtWaitForMultipleObjects+0xc
0018f3bc 7447c47b 00000001 0018f3fc 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x10a
0018f424 6cb610f7 00000000 00000000 ffffffff user32!MsgWaitForMultipleObjectsEx+0x17b
0018f448 5ec48c36 00000000 00000000 ffffffff vslog!VSResponsiveness::Detours::DetourMsgWaitForMultipleObjectsEx+0x45
0018f490 5eb072d5 7c443f4b 00000000 00d96a00 msenv!CMsoCMHandler::EnvironmentMsgLoop+0x15b
0018f4b8 5eb0722b 00000001 ffffffff 7c443f0b msenv!CMsoCMHandler::FPushMessageLoop+0x105
0018f4f8 5eb0716f 00000001 0917f998 00001684 msenv!SCM::FPushMessageLoop+0xb9
0018f518 5eb07136 00d96a04 050fe9c8 ffffffff msenv!SCM_MsoCompMgr::FPushMessageLoop+0x2a
0018f544 5eb07086 ffffffff 7c443e2b 00000000 msenv!CMsoComponent::PushMsgLoop+0x2e
0018f5d8 5ebf23b3 7c443df3 00000000 5eac0000 msenv!VStudioMainLogged+0x5bd
0018f600 2f5afed2 00ce3b20 0c66fc01 00000000 msenv!VStudioMain+0x7c
0018f640 2f5afaaa 0c66f359 74b9aba0 2f5bfa50 devenv!util_CallVsMain+0xde
0018f918 2f5c36e3 00000000 2f5fa570 003f9000 devenv!CDevEnvAppId::Run+0xbb5
0018f944 2f5c3803 2f5a0000 00000000 00cd50c5 devenv!WinMain+0xbd
0018f990 74b938f4 003f9000 74b938d0 57fa7e12 devenv!__scrt_common_main_seh+0xfd
0018f9a4 77455de3 003f9000 54766e72 00000000 kernel32!BaseThreadInitThunk+0x24
0018f9ec 77455dae ffffffff 7747b7dd 00000000 ntdll!__RtlUserThreadStart+0x2f
0018f9fc 00000000 2f5c0fe2 003f9000 00000000 ntdll!_RtlUserThreadStart+0x1b
Here is the !analyze output:
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for PresentationCore.ni.dll
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify checksum for WindowsBase.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.VisualStudio.Shell.14.0.ni.dll
*** WARNING: Unable to verify checksum for System.Runtime.Remoting.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.Build.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.CodeAnalysis.Features.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.CodeAnalysis.Workspaces.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.VisualStudio.JSLS.ni.dll
*** The OS name list needs to be updated! Unknown Windows version: 10.0 ***
FAULTING_IP:
+0
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000
NumberParameters: 0
CONTEXT: 00000000 -- (.cxr 0x0;r)
eax=000000b8 ebx=00000001 ecx=00000000 edx=00000000 esi=00000001 edi=00000001
eip=7746718c esp=0018f22c ebp=0018f3bc iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!NtWaitForMultipleObjects+0xc:
7746718c c21400 ret 14h
BUGCHECK_STR: 80000007
DEFAULT_BUCKET_ID: APPLICATION_HANG
PROCESS_NAME: devenv.exe
ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.
EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted
APP: devenv.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x9ac (0)
TEB information is not available so a stack size of 0xFFFF is assumed
Current frame:
ChildEBP RetAddr Caller, Callee
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
0 1684.9ac Handle
WAIT_CHAIN_COMMAND: ~0s;k;;
BLOCKING_THREAD: 000009ac
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG
LAST_CONTROL_TRANSFER: from 754da4fa to 7746718c
FAULTING_THREAD: 00000000
STACK_TEXT:
0018f228 754da4fa 00000001 0018f3fc 00000001 ntdll!NtWaitForMultipleObjects+0xc
0018f3bc 7447c47b 00000001 0018f3fc 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x10a
0018f424 6cb610f7 00000000 00000000 ffffffff user32!MsgWaitForMultipleObjectsEx+0x17b
0018f448 5ec48c36 00000000 00000000 ffffffff vslog!VSResponsiveness::Detours::DetourMsgWaitForMultipleObjectsEx+0x45
0018f490 5eb072d5 7c443f4b 00000000 00d96a00 msenv!CMsoCMHandler::EnvironmentMsgLoop+0x15b
0018f4b8 5eb0722b 00000001 ffffffff 7c443f0b msenv!CMsoCMHandler::FPushMessageLoop+0x105
0018f4f8 5eb0716f 00000001 0917f998 00001684 msenv!SCM::FPushMessageLoop+0xb9
0018f518 5eb07136 00d96a04 050fe9c8 ffffffff msenv!SCM_MsoCompMgr::FPushMessageLoop+0x2a
0018f544 5eb07086 ffffffff 7c443e2b 00000000 msenv!CMsoComponent::PushMsgLoop+0x2e
0018f5d8 5ebf23b3 7c443df3 00000000 5eac0000 msenv!VStudioMainLogged+0x5bd
0018f600 2f5afed2 00ce3b20 0c66fc01 00000000 msenv!VStudioMain+0x7c
0018f640 2f5afaaa 0c66f359 74b9aba0 2f5bfa50 devenv!util_CallVsMain+0xde
0018f918 2f5c36e3 00000000 2f5fa570 003f9000 devenv!CDevEnvAppId::Run+0xbb5
0018f944 2f5c3803 2f5a0000 00000000 00cd50c5 devenv!WinMain+0xbd
0018f990 74b938f4 003f9000 74b938d0 57fa7e12 devenv!__scrt_common_main_seh+0xfd
0018f9a4 77455de3 003f9000 54766e72 00000000 kernel32!BaseThreadInitThunk+0x24
0018f9ec 77455dae ffffffff 7747b7dd 00000000 ntdll!__RtlUserThreadStart+0x2f
0018f9fc 00000000 2f5c0fe2 003f9000 00000000 ntdll!_RtlUserThreadStart+0x1b
FOLLOWUP_IP:
vslog!VSResponsiveness::Detours::DetourMsgWaitForMultipleObjectsEx+45
6cb610f7 8bf0 mov esi,eax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: vslog!VSResponsiveness::Detours::DetourMsgWaitForMultipleObjectsEx+45
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vslog
IMAGE_NAME: vslog.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 56f22f38
STACK_COMMAND: ~0s ; kb
BUCKET_ID: 80000007_vslog!VSResponsiveness::Detours::DetourMsgWaitForMultipleObjectsEx+45
FAILURE_BUCKET_ID: APPLICATION_HANG_80000007_vslog.dll!VSResponsiveness::Detours::DetourMsgWaitForMultipleObjectsEx
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:application_hang_80000007_vslog.dll!vsresponsiveness::detours::detourmsgwaitformultipleobjectsex
FAILURE_ID_HASH: {4beed356-b376-19fc-7fdd-b5445b7b3d57}
Followup: MachineOwner
---------
0:000> lmvm vslog
start end module name
6cb60000 6cbc2000 vslog (pdb symbols) C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\VsLog.pdb\233146AA39DE4D9B96281A205CEFA40A2\VsLog.pdb
Loaded symbol image file: vslog.dll
Mapped memory image file: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\vslog.dll\56F22F3862000\vslog.dll
Image path: C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\vslog.dll
Image name: vslog.dll
Timestamp: Wed Mar 23 01:52:56 2016 (56F22F38)
CheckSum: 0006D56A
ImageSize: 00062000
File version: 14.0.25123.0
Product version: 14.0.25123.0
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Visual Studio® 2015
InternalName: VsLog.DLL
OriginalFilename: VsLog.DLL
ProductVersion: 14.0.25123.0
FileVersion: 14.0.25123.0 built by: D14REL
FileDescription: Visual Studio Logging
LegalCopyright: © Microsoft Corporation. All rights reserved.
No solution, but I'd like to add that I get the same hang on NTWaitformultipleObjects often in my VS2015 solution when removing items from a project.
I am attempting to analyze a memory dump that I received from one of my end users after a hang occurred in my application. It seems to be related to the audio playback portion of my application. I believe that there are two threads involved, the main thread which is about to start playing the sound, and an updater thread which iterates over the sounds in a linked list to update their state continuously. I do not understand what the source for the hang could be, however.
My WinDbg knowledge is limited, but I have managed to figure out that the hang seems to occur inside the SetLoop method of the audio library (in the static sound code specifically). I use DirectSound, and the application is running on Windows 7 32 bit in this case (I am developing on XP myself where I have never had an issue like this). The static sound class locks a critical section before it checks to see if the sound is playing, and if it isn't it sets the loop flag to either true or false. In this case, the main thread is calling SetLoop to set it to false because it wants to play the sound in a non-looped state. I can see that at the time of the hang, the main thread is stuck in a call to EtwEventEnabled in ntdll.dll which is apparently made by the SetLoop method of the static sound class. I wonder if it is stuck in the EnterCriticalSection call, or somewhere a little further down when it calls upon DirectSound's GetStatus method for the secondary buffer? Here's where my knowledge of memory dump analysis falls short, and I would very much appreciate it if someone would take the time to look at the dump.
Here is a link to the dump, with the application specific symbols:
https://dl.dropbox.com/u/5121962/hangdump.zip
Thanks very much in advance for any help.
You could try analysing the dump with Microsoft's Debug Diagnostics Tool - it seems to confirm what you suspect, but without your knowledge of the code or the Release build PDB's for your exe, I can't get more info from the call stack.
From the report (you can run the full analysis yourself using the tool) there are two threads involved - the summary is as follows:
The call stacks of threads 0 and 4 are as follows:
.. and ...
These might give you some more info to get you moving again....
Hope that helps,
Roger
Two threads (one is WinMain) are waiting on the same critical section 03cb6ffc which has no owner.
Look at StaticSound::Update and StaticSound::SetLoop. Maybe thread currently being terminated is still owning a critical section. Try use Application Verifier with Locks Stop Details - Verifies the correct usage for critical sections.
0:000> !analyze -hang -v
[...]
BUGCHECK_STR: HANG
[...]
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
0 768.d1c Critical Section (Self)
WAIT_CHAIN_COMMAND: ~0s;k;;
BLOCKING_THREAD: 00000d1c
DEFAULT_BUCKET_ID: APPLICATION_HANG_SELF_Unowned_CriticalSection
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_SELF_Unowned_CriticalSection
LAST_CONTROL_TRANSFER: from 77d56a24 to 77d57094
[...]
0:000> !locks
CritSec +13af7d0 at 013af7d0
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread 10a8
EntryCount 0
ContentionCount 2b7
*** Locked
CritSec +3cb6ffc at 03cb6ffc
WaiterWoken No
LockCount 2
RecursionCount 0
OwningThread 0
EntryCount 0
ContentionCount d
*** Locked
0:000> ~*
. 0 Id: 768.d1c Suspend: 0 Teb: 7ffde000 Unfrozen
Start: pontefract_timer!WinMainCRTStartup (01299030)
Priority: 0 Priority class: 32 Affinity: f
[...]
4 Id: 768.10a8 Suspend: 0 Teb: 7ffdb000 Unfrozen
Start: pontefract_timer!_threadstartex (012ae09f)
Priority: 2 Priority class: 32 Affinity: f
[...]
0:004> kb
ChildEBP RetAddr Args to Child
021af9b4 77d56a24 77d42278 000002f0 00000000 ntdll!KiFastSystemCallRet
021af9b8 77d42278 000002f0 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
021afa1c 77d4215c 00000000 00000000 00000000 ntdll!RtlpWaitOnCriticalSection+0x13e
021afa44 012882c2 03cb6ffc 013af7cc 00326ee8 ntdll!RtlEnterCriticalSection+0x150
021afa60 0128a1ed 021afa8c 021afa80 013af810 pontefract_timer!StaticSound::Update+0x12
021afa84 012ae079 013af700 73a14e26 00000000 pontefract_timer!UpdaterTick+0x7d
021afabc 012ae103 00000000 021afad4 7750ed6c pontefract_timer!_callthreadstartex+0x1b
021afac8 7750ed6c 013af810 021afb14 77d7377b pontefract_timer!_threadstartex+0x64
021afad4 77d7377b 013af810 6b63b5bd 00000000 kernel32!BaseThreadInitThunk+0xe
021afb14 77d7374e 012ae09f 013af810 00000000 ntdll!__RtlUserThreadStart+0x70
021afb2c 00000000 012ae09f 013af810 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kb
ChildEBP RetAddr Args to Child
0020c39c 77d56a24 77d42278 000002f0 00000000 ntdll!KiFastSystemCallRet
0020c3a0 77d42278 000002f0 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
0020c404 77d4215c 00000000 00000000 774f8e38 ntdll!RtlpWaitOnCriticalSection+0x13e
0020c42c 012881af 03cb6ffc 00000000 03cb6ff8 ntdll!RtlEnterCriticalSection+0x150
0020c440 0128682c 00000000 00000000 00000000 pontefract_timer!StaticSound::SetLoop+0xf
0020c460 012616ac 00000000 00000000 01765bac pontefract_timer!DeviceManager::SetLoop+0x6c
0020c474 0121a2ce 01a46ddc 00000000 0178ea9c pontefract_timer!BgtSound::play+0x6c
0020c61c 01219d02 0178ea9c 01765bf4 01a46ddc pontefract_timer!CallSystemFunctionNative+0x42e
0020c64c 0121d450 00000000 00000000 0178ea9c pontefract_timer!CallSystemFunction+0xd2
0020c6d4 0121c276 01a46dfc 77b6ea11 00000000 pontefract_timer!asCContext::ExecuteNext+0x930
0020c708 0127a293 719b431a 0020f780 00000000 pontefract_timer!asCContext::Execute+0x1d6
0020f780 0127a1d5 719b4c6a 77b1f2a9 0010000c pontefract_timer!execute+0x83
0020f8f0 0127acff 77b1f2a9 77b18d02 0020f958 pontefract_timer!RunApplication+0x805
0020f908 0127b085 0020f908 0127b339 00000000 pontefract_timer!run_script+0x9f
0020f910 0127b339 00000000 00000000 7ffdf000 pontefract_timer!main_game+0x35
0020f958 01298fdd 01210000 00000000 00361f32 pontefract_timer!WinMain+0x2a9
0020f9e8 7750ed6c 7ffdf000 0020fa34 77d7377b pontefract_timer!__tmainCRTStartup+0x11a
0020f9f4 77d7377b 7ffdf000 6959b49d 00000000 kernel32!BaseThreadInitThunk+0xe
0020fa34 77d7374e 01299030 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70
0020fa4c 00000000 01299030 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b
I have a .NET application that is crashing sometimes on exit. There's a bunch of COM and native stuff underneath the hood, too. It's a x86 application running on Windows 7 x64.
I've run through some WinDbg tutorials and I think I'm executing reasonable steps to get helpful information, but the stack trace itself isn't ringing any bells.
A few other tidbits:
I can reproduce this pretty consistently, say 75% of the time
If I clean up the threading (a lot of Thread.Abort()), it's reproducible maybe 20% of the time
Running the same procedure, I've seen a completely different stack trace than the one below, too
I'm using the 32-bit WinDbg. Here's the general process I've been using:
open the executable directly from WinDbg
set symbol path as: SRV*c:\sym*http://msdl.microsoft.com/download/symbols
type: .loadby sos clr
use the application, and get it to crash
Right after the crash, I get output:
(a38.1424): CLR exception - code e0434352 (first chance)
(a38.1424): CLR exception - code e0434352 (first chance)
(a38.1fd0): Unknown exception - code c000000d (first chance)
(a38.1fd0): Unknown exception - code c000000d (!!! second chance !!!)
eax=00000000 ebx=004dea1c ecx=7efdd000 edx=00000057 esi=7264d0c0 edi=07f2a248
eip=778715de esp=004dea08 ebp=004def50 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ZwRaiseException+0x12:
778715de 83c404 add esp,4
If I type in ~ I only get one thread:
. 0 Id: a38.1fd0 Suspend: 1 Teb: 7efdd000 Unfrozen
Now, if I type in !analyze -v I get a big stack trace:
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
[ a bunch of symbol stuff loading here ]
FAULTING_IP:
ntdll!TpReleaseCleanupGroupMembers+276
778e4f52 a1b4009577 mov eax,dword ptr [ntdll!TppLogpRoutine (779500b4)]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 778e4f52 (ntdll!TpReleaseCleanupGroupMembers+0x00000276)
ExceptionCode: c000000d
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00001fd0
PROCESS_NAME: XXXXX.exe
ERROR_CODE: (NTSTATUS) 0xc000000d - An invalid parameter was passed to a service or function.
EXCEPTION_CODE: (NTSTATUS) 0xc000000d - An invalid parameter was passed to a service or function.
NTGLOBALFLAG: 70
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: 004dea6c -- (.cxr 0x4dea6c)
eax=004deee0 ebx=00000001 ecx=7efdd000 edx=00000057 esi=7264d0c0 edi=07f2a248
eip=778e4f52 esp=004deed0 ebp=004def50 iopl=0 nv up ei ng nz ac pe cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000297
ntdll!TpReleaseCleanupGroupMembers+0x276:
778e4f52 a1b4009577 mov eax,dword ptr [ntdll!TppLogpRoutine (779500b4)] ds:002b:779500b4=00000000
Resetting default scope
STACK_ADDR_RAW_STACK_SYMBOL: 4deb4c
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[ffffffff]
LAST_CONTROL_TRANSFER: from 00000000 to 77883c04
DEFAULT_BUCKET_ID: STATUS_INVALID_PARAMETER
PRIMARY_PROBLEM_CLASS: STATUS_INVALID_PARAMETER
BUGCHECK_STR: APPLICATION_FAULT_STATUS_INVALID_PARAMETER
STACK_TEXT:
778e4f52 ntdll!TpReleaseCleanupGroupMembers+0x276
72630d69 AUDIOSES!DllCanUnloadNow+0x42
7565b5f4 ole32!CClassCache::CDllPathEntry::CanUnload_rl+0x3b
7565b771 ole32!CClassCache::FreeUnused+0x83
7565b68f ole32!CoFreeUnusedLibrariesEx+0x36
756a0ccb ole32!CoFreeUnusedLibraries+0x9
15e2f549 GxMetadata+0xf549
15e45e3d GxMetadata!DllCanUnloadNow+0x1686d
77889950 ntdll!LdrpCallInitRoutine+0x14
7789d6b2 ntdll!LdrShutdownProcess+0x1aa
7789d554 ntdll!RtlExitUserProcess+0x74
754279f4 KERNEL32!ExitProcessStub+0x12
720642f0 mscoreei!RuntimeDesc::ShutdownAllActiveRuntimes+0x29c
72064321 mscoreei!CLRRuntimeHostInternalImpl::ShutdownAllRuntimesThenExit+0x15
5ea18580 clr!EEPolicy::ExitProcessViaShim+0x66
5ea1862f clr!SafeExitProcess+0x122
5e9638a9 clr!DisableRuntime+0x120
5e963905 clr!EEPolicy::HandleExitProcess+0x5c
5e9b8af8 clr!_CorExeMainInternal+0xdd
5e9b3a30 clr!_CorExeMain+0x4e
720555ab mscoreei!_CorExeMain+0x38
72f67f16 MSCOREE!ShellShim__CorExeMain+0x99
72f64de3 MSCOREE!_CorExeMain_Exported+0x8
7542339a KERNEL32!BaseThreadInitThunk+0xe
77889ef2 ntdll!__RtlUserThreadStart+0x70
77889ec5 ntdll!_RtlUserThreadStart+0x1b
FOLLOWUP_IP:
AUDIOSES!DllCanUnloadNow+42
72630d69 ff3514d06472 push dword ptr [AUDIOSES!_AudioClientThreadpoolCleanupGroup (7264d014)]
EDIT 1: (additional info)
!clrstack
OS Thread Id: 0x1fd0 (0)
Child SP IP Call Site
GetFrameContext failed: 1
!threads
ThreadCount: 7
UnstartedThread: 0
BackgroundThread: 4
PendingThread: 0
DeadThread: 3
Hosted Runtime: no
PreEmptive GC Alloc Lock
ID OSID ThreadOBJ State GC Context Domain Count APT Exception
0 1 1fd0 005afe88 16220 Enabled 03051294:03051e6c 00578550 0 STA
XXXX 2 e5c 005801d0 b220 Enabled 0305a22c:0305be6c 00578550 0 MTA (Finalizer)
XXXX 3 00641258 19820 Enabled 00000000:00000000 00578550 0 Ukn
XXXX 4 06e4b800 819820 Enabled 00000000:00000000 00578550 0 Ukn
XXXX 5 18a0 081be620 200b220 Enabled 00000000:00000000 00578550 1 MTA
XXXX 8 081d5e18 819820 Enabled 00000000:00000000 00578550 0 Ukn
XXXX 7 158 07ed78d8 220 Enabled 00000000:00000000 00578550 0 Ukn
Looks like the ntdll!TpReleaseCleanupGroupMembers (the same as kernel32!CloseThreadpoolCleanupGroupMembers - you can look it up on msdn) function (from top of the fault stack) does not like to be called when the process is being shut down - it throws the exception you're seeing (invalid parameter) in this case.
From the presence of two more libs on the stack (audioses and gxmetadata) I'd guess some objects are destroyed/released way too late. audioses.dll seems to the Core Audio API library, not sure about the gxmetadata.dll - can you explain the use of these?
I'm using Debug Diagnostic Tool, trying to understand why around 5% of the requests that are sent to my webservice just crash, without necessarily throw any error inside my application.
One of the errors this tool took is below. Can anyone here understand exactly what could be happening?
Thanks!
[6/17/2010 5:32:58 PM] First chance exception - 0xe0434f4d caused by thread with system id 1736
[6/17/2010 5:32:58 PM] Stack Trace
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
1c5bec58 79ef2bbc e0434f4d 00000001 00000001 kernel32!RaiseException+0x3c
1c5becb8 79fccf80 0a6d4998 00000000 00000000 mscorwks!GetMetaDataInternalInterface+0x84a9
1c5bed7c 656cab0e 0a6d4788 1c5bed98 65221345 mscorwks!StrongNameErrorInfo+0x103dc
1c5bed88 65221345 0a6cefb0 1c5bedf8 1c5bee08 System_Data_ni+0x57ab0e
1c5bee0c 79e7e1f3 1c147158 1c147158 0a6d0710 System_Data_ni+0xd1345
1c5bee24 79f7c770 0a6d0710 1c147158 026f25a8 mscorwks!DllUnregisterServerInternal+0x21d7
1c5beee8 79e71b4c 0a6cd9b8 0a6cd994 026f409c mscorwks!CorExitProcess+0x28f9a
1c5bef00 79e821b9 1c5befd8 00000002 1c5befa0 mscorwks+0x1b4c
1c5bef80 79e96531 1c5befd8 00000002 1c5befa0 mscorwks!DllUnregisterServerInternal+0x619d
1c5bf0c8 79e96564 1c531688 1c5bf228 1c5bf120 mscorwks!CoUninitializeEE+0x2ead
1c5bf0e4 79e96582 1c531688 1c5bf228 1c5bf120 mscorwks!CoUninitializeEE+0x2ee0
1c5bf0fc 79f87a83 1c5bf120 1c5bf2e0 79fa6a6b mscorwks!CoUninitializeEE+0x2efe
1c5bf2ec 79f87be2 00629d50 0a6cdae8 0a6d0e04 mscorwks!CorExitProcess+0x342ad
1c5bf3ac 792d5348 00629d90 00000086 1c5bf3c8 mscorwks!CorExitProcess+0x3440c
1c5bf3fc 792d50f6 00629d90 00000086 066a1ae0 mscorlib_ni+0x215348
1c5bf434 792d4fde 00000000 00000000 0a6cd944 mscorlib_ni+0x2150f6
1c5bf488 65e1098e 0a6cd944 00000000 00000000 mscorlib_ni+0x214fde
1c5bf4cc 65e10665 66082f99 0a6ca144 00000000 System_Web_Services_ni+0x13098e
1c5bf4fc 65e10ff7 026c1054 0a6ca168 0a6ace9c System_Web_Services_ni+0x130665
1c5bf510 6dde7666 1c5bf54c 660adb16 6ddd2c34 System_Web_Services_ni+0x130ff7
1c5bf518 660adb16 6ddd2c34 0a6ace8c 0a6c883c System_Web_Extensions_ni+0x1c7666
1c5bf54c 6608132c 1c5bf578 0a6c883c 00000000 System_Web_ni+0x18db16
1c5bf588 6608c5c3 1c5bf5b0 0a6abecc 0a6c8b4c System_Web_ni+0x16132c
1c5bf5dc 660808ac 0a6c8218 0a6abecc 026c0d48 System_Web_ni+0x16c5c3
1c5bf5f0 66083e1c 0a6c883c 026c1054 0a6c883c System_Web_ni+0x1608ac
1c5bf62c 66083ac3 026bc67c 0a6c8400 1c5bf6b0 System_Web_ni+0x163e1c
1c5bf63c 66082c5c 8984fdc8 79e7a6b8 1c5bf858 System_Web_ni+0x163ac3
1c5bf6b0 79f9811e 00000002 01b93b00 026cf6e4 System_Web_ni+0x162c5c
1c5bf768 79f9822b 0017a0d0 1c5bf970 1c5bf9e8 mscorwks!CorExitProcess+0x44948
1c5bf7c4 79f98691 0017a0d0 1c5bf970 1c5bf9e8 mscorwks!CorExitProcess+0x44a55
1c5bf9d0 6a2aa19b 00000001 01b93b00 00000000 mscorwks!CorExitProcess+0x44ebb
1c5bf9f0 6a2aa19b 023ad3f0 01b93b00 00000002 webengine!BufferPoolReleaseBuffer+0x1bb
1c5bfa28 79e72032 79e821f6 e5934469 0017a0d0 webengine!BufferPoolReleaseBuffer+0x1bb
00000000 00000000 00000000 00000000 00000000 mscorwks+0x2032
[6/17/2010 5:33:00 PM] First chance exception - 0xe0434f4d caused by thread with system id 3252
[6/17/2010 5:33:00 PM] Stack Trace
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
01d0ecd8 79ef2bbc e0434f4d 00000001 00000001 kernel32!RaiseException+0x3c
01d0ed38 79fccf80 02748edc 00000000 00000000 mscorwks!GetMetaDataInternalInterface+0x84a9
01d0edfc 656cab0e 02748ccc 01d0ee18 65221345 mscorwks!StrongNameErrorInfo+0x103dc
01d0ee08 65221345 027434d0 01d0ee78 01d0ee88 System_Data_ni+0x57ab0e
01d0ee8c 79e7e1f3 1c147158 1c147158 02744c30 System_Data_ni+0xd1345
01d0eea4 79f7c770 02744c30 1c147158 026f25a8 mscorwks!DllUnregisterServerInternal+0x21d7
01d0ef68 79e71b4c 02741ed8 02741eb4 026f409c mscorwks!CorExitProcess+0x28f9a
01d0ef80 79e821b9 01d0f058 00000002 01d0f020 mscorwks+0x1b4c
01d0f000 79e96531 01d0f058 00000002 01d0f020 mscorwks!DllUnregisterServerInternal+0x619d
01d0f148 79e96564 1c531688 01d0f2a8 01d0f1a0 mscorwks!CoUninitializeEE+0x2ead
01d0f164 79e96582 1c531688 01d0f2a8 01d0f1a0 mscorwks!CoUninitializeEE+0x2ee0
01d0f17c 79f87a83 01d0f1a0 01d0f360 79fa6a6b mscorwks!CoUninitializeEE+0x2efe
01d0f36c 79f87be2 00629d50 02742008 02745324 mscorwks!CorExitProcess+0x342ad
01d0f42c 792d5348 00629d90 00000086 01d0f448 mscorwks!CorExitProcess+0x3440c
01d0f47c 792d50f6 00629d90 00000086 066a1ae0 mscorlib_ni+0x215348
01d0f4b4 792d4fde 00000000 00000000 02741e64 mscorlib_ni+0x2150f6
01d0f508 65e1098e 02741e64 00000000 00000000 mscorlib_ni+0x214fde
01d0f54c 65e10665 66082f99 0273e664 00000000 System_Web_Services_ni+0x13098e
01d0f57c 65e10ff7 026c1054 0273e688 0a6ace9c System_Web_Services_ni+0x130665
01d0f590 6dde7666 01d0f5cc 660adb16 6ddd2c34 System_Web_Services_ni+0x130ff7
01d0f598 660adb16 6ddd2c34 0a6ace8c 0272cce4 System_Web_Extensions_ni+0x1c7666
01d0f5cc 6608132c 01d0f5f8 0272cce4 00000000 System_Web_ni+0x18db16
01d0f608 6608c5c3 01d0f630 0a6abecc 0272cff4 System_Web_ni+0x16132c
01d0f65c 660808ac 0272c6c0 0a6abecc 026c0d48 System_Web_ni+0x16c5c3
01d0f670 66083e1c 0272cce4 026c1054 0272cce4 System_Web_ni+0x1608ac
01d0f6ac 66083ac3 026bc67c 0272c8a8 01d0f730 System_Web_ni+0x163e1c
01d0f6bc 66082c5c 8984fdc8 79e7a6b8 01d0f8d8 System_Web_ni+0x163ac3
01d0f730 79f9811e 00000002 01b93b00 026cf6e4 System_Web_ni+0x162c5c
01d0f7e8 79f9822b 000dcea8 01d0f9f0 01d0fa68 mscorwks!CorExitProcess+0x44948
01d0f844 79f98691 000dcea8 01d0f9f0 01d0fa68 mscorwks!CorExitProcess+0x44a55
01d0fa50 6a2aa19b 00000001 01b93b00 00000000 mscorwks!CorExitProcess+0x44ebb
01d0fa70 6a2aa19b 023ad3f0 01b93b00 00000002 webengine!BufferPoolReleaseBuffer+0x1bb
01d0fac8 79e79cba 79e79ccd 0000000d 00000000 webengine!BufferPoolReleaseBuffer+0x1bb
01d0facc 79e79ccd 0000000d 00000000 79ec3f4b mscorwks+0x9cba
01d0fad8 79ec3f4b 79e7c82c 79ec3f53 f818458d mscorwks+0x9ccd
00000000 00000000 00000000 00000000 00000000 mscorwks!CreateAssemblyNameObject+0x22f40
[6/17/2010 5:33:37 PM] Thread exited. Exiting thread system id - 2144. Exit code - 0x00000000
EDIT: This is what I get from the client side:
https://stackoverflow.com/questions/3302587/invalidoperationexception-when-getting-into-the-alternative-flows-of-a-ws-call
EDIT 2: The error had been resolved by its own :S Great, because I had no clue on how resolving this..
What you have posted is the unmanaged stack. You need to use something like sos.dll to convert this stack to the managed code.
Open the .dmp in WinDbg.
Load sos.dll
Run CLRStack and DumpStack on the thread that had the exception.
This will produce the managed stack and should tell you what file and line is having the issue.
DebugDiags/WinDbg/SOS is the best way that I have found to track down these types of issues so this is a great debugging technique to get good at.
As mentioned earlier, Tess' blog has a lot of information related to using SOS in various situations. There is also a lot of information on the SOS.dll page.
OK, This is purely just a guess but I bet something like this is going on, it looks like some process is exiting from this function ...
CorExitProcess
Since this is IIS, maybe an Application Pool is recycling or shutting down.
Next it seems to be calling DllUnregisterServer which is called by CoUnitializeEx, so this sounds like somewhere you have a COM object, my gut tell me the COM object is implemented in .net from the call to StrongNameErrorInfo since strong names of more like a .net era thing than a COM era term.
Again this is all speculation, Do you have any objects that fit this bill, alternatively, do you have any .net dlls that you are using that haven't been Gac'd correctly? Or maybe were added to the gac and are no longer present on the machine or the strong name key was changed for some reason?
Hope this helps and doesn't hinder :)
What seems strange to me about this is that you are getting strong name issues on unitialize rather than initialize, hmm, intruiging
Our Windows app is often hanging in memory and I'm trying to use windbg to track
down the problem. I'm very new to windbg and could use some advice (I
have started to read Advanced Windows Debugging though).
The app is a mix of C++ and COM objects written in VB. Occasionally when
you exit, the app appears to go away but task manager shows it hanging around
in memory, apparently idle.
!threads shows me this:
ThreadCount: 2
UnstartedThread: 0
BackgroundThread: 2
PendingThread: 0
DeadThread: 0
Hosted Runtime: no
PreEmptive GC Alloc Lock
ID OSID ThreadOBJ State GC Context Domain Count APT Exception
0 1 175c 001aa040 4220 Enabled 09131b78:09131fe8 001a2b80 0 STA
6 2 143c 001b4b48 b220 Enabled 00000000:00000000 001a2b80 0 MTA (Finalizer)
To my untrained eye, it looks like it is being kept alive by the
finalize queue being blocked by a single-threaded apartment. Does this
seem reasonable?
~0kb yields:
ntdll!KiFastSystemCallRet
user32!NtUserGetMessage+0xc
mfc80!AfxInternalPumpMessage+0x18 [f:\sp\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp # 153]
mfc80!CWinThread::Run+0x54 [f:\sp\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp # 625]
mfc80!AfxWinMain+0x69 [f:\sp\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp # 47]
WARNING: Stack unwind information not available. Following frames may be wrong.
OurApp+0x7e8274
kernel32!BaseProcessStart+0x23
~6kb yields:
ntdll!KiFastSystemCallRet
ntdll!ZwWaitForMultipleObjects+0xc
kernel32!WaitForMultipleObjectsEx+0x12c
kernel32!WaitForMultipleObjects+0x18
mscorwks!WKS::WaitForFinalizerEvent+0x7a
mscorwks!WKS::GCHeap::FinalizerThreadWorker+0x75
mscorwks!Thread::UserResumeThread+0xfb
mscorwks!Thread::DoADCallBack+0x355
mscorwks!Thread::DoADCallBack+0x541
mscorwks!ManagedThreadBase_NoADTransition+0x32
mscorwks!ManagedThreadBase::FinalizerBase+0xb
mscorwks!WKS::GCHeap::FinalizerThreadStart+0xbb
mscorwks!Thread::intermediateThreadProc+0x49
kernel32!BaseThreadStart+0x37
I would appreciate a little course correction here. If my guess of a
blocked finalizer seems reasonable, please let me know. I would also be
very happy to get some advice on figuring out what exactly is blocking.
Edit:
Shane asked for the output from !analyze. This is actually from a different dump -- I have lots of them and they all look pretty much the same.
FAULTING_IP:
+18a952f00ebdf74
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000
NumberParameters: 0
BUGCHECK_STR: 80000007
PROCESS_NAME: OurApp.exe
OVERLAPPED_MODULE: Address regions for 'OurApp' and 'Unknown_Module_00350062' overlap
ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.
EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x4490 (0)
Current frame:
ChildEBP RetAddr Caller,Callee
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
0 48c8.4490 Speculated (Triage) -->
5 48c8.4b74 Event
WAIT_CHAIN_COMMAND: ~0s;k;;~5s;k;;
BLOCKING_THREAD: 00004b74
DEFAULT_BUCKET_ID: APPLICATION_HANG_BlockedOn_EventHandle
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_BlockedOn_EventHandle
LAST_CONTROL_TRANSFER: from 7c90df4a to 7c90e514
FAULTING_THREAD: 00000005
STACK_TEXT:
0882fcd0 7c90df4a 7c809590 00000002 0882fcfc ntdll!KiFastSystemCallRet
0882fcd4 7c809590 00000002 0882fcfc 00000001 ntdll!ZwWaitForMultipleObjects+0xc
0882fd70 7c80a115 00000002 7a3b8d28 00000000 kernel32!WaitForMultipleObjectsEx+0x12c
0882fd8c 79f92c5b 00000002 7a3b8d28 00000000 kernel32!WaitForMultipleObjects+0x18
0882fdac 79f970b8 001b1ad8 0882feb0 001a0b18 mscorwks!WKS::WaitForFinalizerEvent+0x77
0882fdc0 79e984cf 0882feb0 00000000 00000000 mscorwks!WKS::GCHeap::FinalizerThreadWorker+0x49
0882fdd4 79e9846b 0882feb0 0882fe5c 79f7762b mscorwks!Thread::DoADCallBack+0x32a
0882fe68 79e98391 0882feb0 9f3f02e2 00000000 mscorwks!Thread::ShouldChangeAbortToUnload+0xe3
0882fea4 79eef74c 0882feb0 00000000 001a86c0 mscorwks!Thread::ShouldChangeAbortToUnload+0x30a
0882fecc 79eef75d 79f9706d 00000008 0882ff14 mscorwks!ManagedThreadBase_NoADTransition+0x32
0882fedc 79f3c6bc 79f9706d 9f3f0352 00000000 mscorwks!ManagedThreadBase::FinalizerBase+0xd
0882ff14 79f920a5 00000000 86fb6620 804fb078 mscorwks!WKS::GCHeap::FinalizerThreadStart+0xbb
0882ffb4 7c80b729 001a0b18 00730074 00610020 mscorwks!Thread::intermediateThreadProc+0x49
0882ffec 00000000 79f9205f 001a0b18 00000000 kernel32!BaseThreadStart+0x37
FOLLOWUP_IP:
mscorwks!WKS::WaitForFinalizerEvent+77
79f92c5b 85c0 test eax,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: mscorwks!WKS::WaitForFinalizerEvent+77
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mscorwks
IMAGE_NAME: mscorwks.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 492b82c1
STACK_COMMAND: ~5s ; kb
BUCKET_ID: 80000007_mscorwks!WKS::WaitForFinalizerEvent+77
FAILURE_BUCKET_ID: APPLICATION_HANG_BlockedOn_EventHandle_80000007_mscorwks.dll!WKS::WaitForFinalizerEvent
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/OurApp_exe/6_2_6_1/4a29a184/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
Followup: MachineOwner
---------
0:000> !threads
ThreadCount: 2
UnstartedThread: 0
BackgroundThread: 2
PendingThread: 0
DeadThread: 0
Hosted Runtime: no
PreEmptive GC Alloc Lock
ID OSID ThreadOBJ State GC Context Domain Count APT Exception
0 1 4490 0019de20 4220 Enabled 09003658:09003fe8 001a86c0 0 STA
5 2 4b74 001b1b08 b220 Enabled 00000000:00000000 001a86c0 0 MTA (Finalizer)
The finalizer thread is idle and is waiting for work -- its trace looks fine. Theread 0 also looks fine and is idle -- it waits for the next UI message.
Can you give some details on how you 'exit' the application? Given that the message loop is still running, it seems to me that something is wrong with your close-application logic.
I agree with J. Passing.
Since one thread is managed code, have you tried loading the SOS debug extension in windbg to get the managed stack trace. Also you could try windbg's "!analyze -v" command ans see what that says.