UhOh! I've got a problem (app is frozen)

usasma · Dec 12, 2012

Running the dumps from this topic: [BSOD] Windows 7 crashes with blue screen
Using v2.5.3.3 of the app
tmp file zipped and uploaded
Dump file is 151 mB in size, let me know if you want it.

App is frozen on this screen:

*****************************************************************
* *
* SYSNATIVE BSOD APPS *
* *
* Copyright 2012 Mikael Pryor *
*****************************************************************
******************************ERROR*****************************
Kernel symbols are WRONG.
Downloading correct symbols...
Please Wait, this may take some time...
******************************ERROR*****************************
user kd: analyzing .dmp 4 of 5 71% Finished

Got this when I right clicked on the app in Task Manager and selected "Create dump file":

Code:

Microsoft (R) Windows Debugger Version 6.2.8400.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\John\AppData\Local\Temp\_v2_5_3_3_SysnativeBSODApps.DMP]
User Mini Dump File with Full Memory: Only application data is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Windows 8 Version 8400 MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
Built by: 6.2.8400.0 (winmain_win8rc.120518-1423)
Machine Name:
Debug session time: Wed Dec 12 07:08:24.000 2012 (UTC - 5:00)
System Uptime: 6 days 14:42:24.919
Process Uptime: 0 days 0:13:22.000
................................................................
.
wow64cpu!CpupSyscallStub+0x2:
00000000`77ca2ad2 c3              ret
0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*** ERROR: Module load completed but symbols could not be loaded for _v2_5_3_3_SysnativeBSODApps.exe

FAULTING_IP: 
+0
00000000`00000000 ??              ???

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  000000000000128c

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

PROCESS_NAME:  _v2_5_3_3_SysnativeBSODApps.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

APP:  _v2_5_3_3_sysnativebsodapps.exe

MANAGED_STACK: !dumpstack -EE
No export dumpstack found

PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

BUGCHECK_STR:  APPLICATION_FAULT_WRONG_SYMBOLS

LAST_CONTROL_TRANSFER:  from 0000000077ca2941 to 0000000077ca2ad2

STACK_TEXT:  
00000000`00c6ebd8 00000000`77ca2941 : 00000023`77cef01c 00000000`00000023 00000000`00000000 00000000`00d68a58 : wow64cpu!CpupSyscallStub+0x2
00000000`00c6ebe0 00000000`77c5c4f6 : 0033ffff`00000001 00000000`77ca182c 00000000`00010000 000007ff`a5151b2e : wow64cpu!Thunk0ArgReloadState+0x5
00000000`00c6ec90 00000000`77c5b8f5 : 00000000`00c6f5f0 00000000`00c6f5f0 00000000`77c53e08 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa
00000000`00c6ece0 000007ff`a518bf29 : 00000000`13106bda 00000000`00000000 00000000`00000009 00000000`7ec2f000 : wow64!Wow64LdrpInitialize+0x435
00000000`00c6f220 000007ff`a5161dc2 : 00000000`00c6f5f0 000007ff`a5163d4f 00000000`00000000 00000000`7ec2f000 : ntdll!LdrpInitializeProcess+0x1576
00000000`00c6f530 000007ff`a516e962 : 00000000`00c6f5f0 00000000`00000000 00000000`7ec2f000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x57f6
00000000`00c6f5a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe


STACK_COMMAND:  ~0s; .ecxr ; kb

FOLLOWUP_IP: 
wow64cpu!CpupSyscallStub+2
00000000`77ca2ad2 c3              ret

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  wow64cpu!CpupSyscallStub+2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: wow64cpu

IMAGE_NAME:  wow64cpu.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4fb71596

FAILURE_BUCKET_ID:  WRONG_SYMBOLS_80000003_wow64cpu.dll!CpupSyscallStub

BUCKET_ID:  APPLICATION_FAULT_WRONG_SYMBOLS_wow64cpu!CpupSyscallStub+2

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/_v2_5_3_3_SysnativeBSODApps_exe/2_5_3_3/50c61a9b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1

Followup: MachineOwner
---------

usasma · Dec 12, 2012

Froze the second time at 67%

I'm going to run without the 4th memory dump to see what happens
Hmmm - can't tell which one is #4

usasma · Dec 12, 2012

BTW - just wanted to let you know that I'm still using the neimiro.dll (v1.4 I think)

usasma · Dec 12, 2012

Found it, it was actually #3: 120312-19437-01.dmp
Dumps ran fine without it.
Bad dump file attached......

niemiro · Dec 12, 2012

usasma said:
BTW - just wanted to let you know that I'm still using the neimiro.dll (v1.4 I think)

A frozen kd.exe is very possibly caused by my extension. kd.exe/WinDBG loves freezing when I make a mistake in the code. In addition, v1.4 made a lot of changes over the more stable v1.3. New bugs are very possible.

I will take a look at my extension when I get home this evening.

niemiro · Dec 12, 2012

OK, just had a look at the dump John identified:

Code:

1: kd> !thread
GetPointerFromAddress: unable to read from fffff80003105000
fffffa80043ec060 is not a thread object, interpreting as stack value...
Unable to read @ fffff8000307cb30
TYPE mismatch for thread object at fffffa80043ec060

Dump file is corrupt around the area which is required to read a raw stack trace. I bet this is my extension causing this freeze.

I need to wait to get home before I can investigate further and fix though. Sorry.

Richard

writhziden · Dec 12, 2012

Also a problem in version 1.3 of niemiro.dll; let us know what you find and what type of corruption caused it. I'm curious now. :-}

niemiro · Dec 12, 2012

writhziden said:
Also a problem in version 1.3 of niemiro.dll; let us know what you find and what type of corruption caused it. I'm curious now. :-}

Usually what happens is the app identifies addresses for the rawstack - but the incorrect addresses due to the corruption.

It then starts at one end and works towards the other, but if the address are massively far apart (one of them often being 0), it takes ages and appears to hang the app. Technically, if you leave it long enough (often several hours), it might recover.

I need to implement a system to catch when the addresses are too far apart. But I don't know what value to give it. Some rawstack output can be really long. And even if I set it at something safe like 10,000, it will hang for many minutes, as the WinDBG lookup of memory via symbols and all the other craziness it does is really slow.

I don't know what to do really.

Anyway, I will identify a way to spot this type of corruption and add a conditional for it.

Richard

niemiro · Dec 12, 2012

I have done quite a few general checks in 1.3, such as making sure it starts with an f and is above 8/16 digits long (done mathematically, not via string manipulation). Also that the memory addresses are the right way around so the app doesn't chase off into infinity.

This must be something else.

niemiro · Dec 12, 2012

Hello John.

Please let me know if version 1.5 resolves your difficulties: https://www.sysnative.com/forums/bs...al-check-drivers-found-stack-5.html#post34972

@Mike: It turns out the checks I described in my last post had not yet been implement. I had intended to, but clearly never got around to it.

Here, the raw stack addresses both started with a c, which is I think impossible to be correct.

I really must get around to splitting off my extension into a new thread. The problem is that I have 37 items on my todo list at the moment.

Search

Search

UhOh! I've got a problem (app is frozen)

usasma

Retired Admin

Attachments

usasma

Retired Admin

usasma

Retired Admin

usasma

Retired Admin

Attachments

niemiro

Senior Administrator, Windows Update Expert

niemiro

Senior Administrator, Windows Update Expert

writhziden

Administrator, .NET/UWP Developer

niemiro

Senior Administrator, Windows Update Expert

niemiro

Senior Administrator, Windows Update Expert

niemiro

Senior Administrator, Windows Update Expert