1

My customer is facing random crashes. And got multiple dumps from him but Unable to analyze the reason correctly. Crashes are on Windows Server 2008 and 2012. he customer is running an application on a windows network:

Most users access to the application from their local clients (all Windows 10). Some users are running the application via terminal servers (TS1 and TS2). TS1 is a Windows Server 2008 R2. TS2 is a Windows Server 2012 R2. On TS1, TS2 and all Windows 10 PCs Actian PSQL Clients are installed (13.30.037.000). A Windows Server 2012 R2 is used as a file and database server (Actian PSQL 13.31.006.000). Windbg shows :

*** procdump  -e -ma 7824 C:\Debugging
*** Unhandled exception: C0000005.ACCESS_VIOLATION'

!analyze -v shows : 
GetUrlPageData2 (WinHttp) failed: 12002.



FAULTING_IP: 
clr!DontCallDirectlyForceStackOverflow+12
74184c2a 0000            add     byte ptr [eax],al

EXCEPTION_RECORD:  76ef042f -- (.exr 0x76ef042f)
ExceptionAddress: 0be13000
   ExceptionCode: 0be03000
  ExceptionFlags: 0be0b000
NumberParameters: 199442432
   Parameter[0]: 0bef4000
   Parameter[1]: 0bf09000
   Parameter[2]: 0bf0c000
   Parameter[3]: 0bf0f000
   Parameter[4]: 0bf2d000
   Parameter[5]: 0bf41000
   Parameter[6]: 0bf46000
   Parameter[7]: 0bf55000
   Parameter[8]: 0bf5a000
   Parameter[9]: 0bf62000
   Parameter[10]: 0bf67000
   Parameter[11]: 0bf82000
   Parameter[12]: 0bfc3000
   Parameter[13]: 0bfc7000
   Parameter[14]: 0bfdf000

CONTEXT:  0b971530 -- (.cxr 0xb971530;r)
eax=000001ff ebx=01ffffff ecx=ffff0000 edx=00000000 esi=00000000 edi=0000003f
eip=003fffff esp=00000000 ebp=00000000 iopl=0 vip vif nv up di pl nz na po nc
cs=0000  ss=0000  ds=0000  es=0000  fs=ffff  gs=0000             efl=ffff0000
0000:ffff ??              ???
Last set context:
eax=000001ff ebx=01ffffff ecx=ffff0000 edx=00000000 esi=00000000 edi=0000003f
eip=003fffff esp=00000000 ebp=00000000 iopl=0 vip vif nv up di pl nz na po nc
cs=0000  ss=0000  ds=0000  es=0000  fs=ffff  gs=0000             efl=ffff0000
0000:ffff ??              ???
Resetting default scope

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

PROCESS_NAME:  MgxpaRuntime.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000001

EXCEPTION_PARAMETER2:  0b9703bc

WRITE_ADDRESS:  0b9703bc 

FOLLOWUP_IP: 
clr!DontCallDirectlyForceStackOverflow+12
74184c2a 0000            add     byte ptr [eax],al

APPLICATION_VERIFIER_FLAGS:  6aeef141

WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view  entire output.
17666 errors : !clr (73cb1000-7440c927)

APP:  mgxparuntime.exe

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre

MANAGED_STACK: !dumpstack -EE
Failed to load data access DLL, 0x80004005
Some functionality may be impaired
OS Thread Id: 0x3d58 (9)
TEB information is not available so a stack size of 0xFFFF is assumed
Current frame: 
ChildEBP RetAddr  Caller, Callee

PRIMARY_PROBLEM_CLASS:  CODE_CORRUPTION

BUGCHECK_STR:  APPLICATION_FAULT_WRONG_SYMBOLS

LAST_CONTROL_TRANSFER:  from 73fcb5b4 to 74184c2a

STACK_TEXT:  
0b9713c0 73fcb5b4 92ca4142 0b971450 73db0690 clr!DontCallDirectlyForceStackOverflow+0x12
0b9713e8 73db062a 92ca469e 00b06970 00000000 clr!CLRVectoredExceptionHandler+0x9b
0b971434 76eb6822 0b971450 0b971580 0b971530 clr!CLRVectoredExceptionHandlerShim+0xd6
0b971484 76f1cfc1 00000000 0b971a78 091351a0 ntdll!RtlpCallVectoredHandlers+0xba
0b971514 0b9719e8 76ef042f 0b971530 0b971580 ntdll!RtlDispatchException+0x72
WARNING: Frame IP not in any known module. Following frames may be wrong.
0b971520 0b971580 0b971530 0b971580 c0000005 0xb9719e8
0b971530 00000000 00000000 74184c2a 00000002 0xb971580


STACK_COMMAND:  ~9s; .ecxr ; kb

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

BUCKET_ID:  MEMORY_CORRUPTION_LARGE

FAILURE_BUCKET_ID:  CODE_CORRUPTION_c0000005_memory_corruption!Unknown

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:code_corruption_c0000005_memory_corruption!unknown

FAILURE_ID_HASH:  {52b16108-a3a5-b115-868e-9fc9ce8e1ee0}

Followup: memory_corruption
---------

Can someone help to understand the cause of such crashes? If i try to check such dumps in DebugDiag , it shows the recursive call stack ...But what is the actual cause?

rakhi
  • 11
  • 1
  • "it shows the recursive call stack"? That's already the hint you can follow. – Lex Li Jun 08 '20 at 22:54
  • But I have multiple dumps and each shows the root at different places. So, may be the cause is same and crash occurs at different places.. top shows :clr!DontCallDirectlyForceStackOverflow+12 2ca4142 b971450 3db0690 clr!CLRVectoredExceptionHandler+9b 2ca469e 0b06970 0000000 clr!CLRVectoredExceptionHandlerShim+d6 b971450 b971580 b971530 ntdll!RtlpCallVectoredHandlers+ba 0000000 b971a78 91351a0 ntdll!RtlDispatchException+72 b971530 b971580 b971530 – rakhi Jun 09 '20 at 03:25
  • 1
    `APPLICATION_FAULT_WRONG_SYMBOLS` - have you tried setting up symbols correctly and analyze again? https://stackoverflow.com/questions/30019889/how-to-set-up-symbols-in-windbg – Thomas Weller Jun 11 '20 at 18:59

0 Answers0