- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a bug in vtss.sys - an attempt to close an invalid handle from the driver, the bug reveales itself only when the driver verifier is active. Mostly it is a nuisance as this bug should not have any impact on the system but the driver verifier must be disabled to use VTune 2013 as Microsoft considers this bug as a fatal error that should be fixed so the driver verifier crashes the system. The following is a crash analysis
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code (server, redirector, other driver, etc.)
attempts to close a handle that is not a valid handle.
Arguments:
Arg1: 0000000000000000, The handle that NtClose was called with.
Arg2: fffff8a0000018b0,
Arg3: 0000000000000000
Arg4: 0000000000000001
Debugging Details:
------------------
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x93
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80003bbc3c2 to fffff80003abd620
STACK_TEXT:
fffff880`02fd2da8 fffff800`03bbc3c2 : 00000000`00000000 fffffa80`03d1e040 00000000`00000065 fffff800`03b03b10 : nt!RtlpBreakWithStatusInstruction
fffff880`02fd2db0 fffff800`03bbd1ae : 00000000`00000003 00000000`00000000 fffff800`03b006d0 00000000`00000093 : nt!KiBugCheckDebugBreak+0x12
fffff880`02fd2e10 fffff800`03ac56c4 : 00000000`0000001c fffff980`1288efe0 00000000`00000000 00000000`00000000 : nt!KeBugCheck2+0x71e
fffff880`02fd34e0 fffff800`03d2261b : 00000000`00000093 00000000`00000000 fffff8a0`000018b0 00000000`00000000 : nt!KeBugCheckEx+0x104
fffff880`02fd3520 fffff800`03ac4813 : fffff880`02fd3600 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x51ce4
fffff880`02fd3620 fffff800`03ac0db0 : fffff880`1fe0d3ff 00000000`00000000 fffff800`03c54880 00000000`00240024 : nt!KiSystemServiceCopyEnd+0x13
fffff880`02fd3828 fffff880`1fe0d3ff : 00000000`00000000 fffff800`03c54880 00000000`00240024 fffffa80`0509d4a0 : nt!KiServiceLinkage
fffff880`02fd3830 fffff880`1fe10502 : 00000000`00000000 fffffa80`05184db0 00000000`746c6600 fffff880`02fd3970 : vtss+0x73ff
fffff880`02fd38a0 fffff800`03eadeb7 : fffffa80`05184db0 ffffffff`80001bf0 fffff980`1288efe0 00000000`00000001 : vtss+0xa502
fffff880`02fd39a0 fffff800`03eae2b5 : 00000000`00000010 00000000`00000000 00000000`00000010 00000000`00010202 : nt!IopLoadDriver+0xa07
fffff880`02fd3c70 fffff800`03ad27e1 : fffff880`00000000 ffffffff`80001bf0 fffff800`03eae260 00000000`00000000 : nt!IopLoadUnloadDriver+0x55
fffff880`02fd3cb0 fffff800`03d656fa : ffffffff`ffffffff fffffa80`03d1e040 00000000`00000080 fffffa80`03d065a0 : nt!ExpWorkerThread+0x111
fffff880`02fd3d40 fffff800`03aa3b46 : fffff880`009e6180 fffffa80`03d1e040 fffff880`009f0f40 01e09a41`0c0a3590 : nt!PspSystemThreadStartup+0x5a
fffff880`02fd3d80 00000000`00000000 : fffff880`02fd4000 fffff880`02fce000 fffff880`02fd28b0 00000000`00000000 : nt!KiStartSystemThread+0x16
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Peter
After applying update 16 to the VTune I still cannot use VS 2013 debugger.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I upgraded my system from win7 64 to win 8 64 a week ago, therefore I reinstalled Vtune and upgraded to the latest version.
Sadly, the BSOD happened again in win 8, mm...BSOD might be an error term in win 8 now though :P
Anyway, with win 8 I can have a crash dump now (still dunno why my win 7 failed to generate crash dump, it's in past anyway)
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800818dc945, Address of the exception record for the exception that caused the bugcheck
Arg3: ffffd0002acadec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
vtss+d945
fffff800`818dc945 4c896808 mov qword ptr [rax+8],r13
CONTEXT: ffffd0002acadec0 -- (.cxr 0xffffd0002acadec0)
rax=0000000001130000 rbx=00000000004a0025 rcx=fffff80086b17cc5
rdx=0000000000080004 rsi=fffff80086b17cc5 rdi=fffff800818cf000
rip=fffff800818dc945 rsp=ffffd0002acae8f0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=ffffd0002acae960 r12=00000000000074c2 r13=0000000000000000
r14=0000000000080004 r15=0000000000000286
iopl=0 nv up di pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010006
vtss+0xd945:
fffff800`818dc945 4c896808 mov qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: LastPassBroker
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 000800040001d308 to fffff800818dc945
STACK_TEXT:
ffffd000`2acae8f0 00080004`0001d308 : ffffd000`2acaf000 ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 : vtss+0xd945
ffffd000`2acae8f8 ffffd000`2acaf000 : ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 00000000`00000fff : 0x80004`0001d308
ffffd000`2acae900 ffffd000`2aca9000 : 00000000`087c0000 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 : 0xffffd000`2acaf000
ffffd000`2acae908 00000000`087c0000 : 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 : 0xffffd000`2aca9000
ffffd000`2acae910 00000000`087bc000 : 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 : 0x87c0000
ffffd000`2acae918 00000000`00000fff : 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 fffff800`40c8601c : 0x87bc000
ffffd000`2acae920 00000000`00e0fdf0 : 00000000`7e92d000 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 : 0xfff
ffffd000`2acae928 00000000`7e92d000 : 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 : 0xe0fdf0
ffffd000`2acae930 00020508`00000000 : fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 00000000`0000003f : 0x7e92d000
ffffd000`2acae938 fffff800`40c8601c : ffffd000`2acae8f0 00000000`00000048 00000000`0000003f ffffe001`eff93080 : 0x20508`00000000
ffffd000`2acae940 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x6c
FOLLOWUP_IP:
vtss+d945
fffff800`818dc945 4c896808 mov qword ptr [rax+8],r13
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: vtss+d945
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vtss
IMAGE_NAME: vtss.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5379c90e
STACK_COMMAND: .cxr 0xffffd0002acadec0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_vtss+d945
BUCKET_ID: X64_0x3B_vtss+d945
Followup: MachineOwner
---------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your report. I have escalated your data to our engineering team, will update if any progress.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@James
Do you have debug symbols installed?
Regarding the BSOD it seems that this is access violation exception in kernel mode. Such a exception will always cause a BSOD while offending code is running inside the kernel. This Bugcheck could be also related to transition between user - kernel mode code.
Can you decode this address 00000000`7e92d000 by using !address command?
mov qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Peter
I thought about possible workaround. It can be for example insertion of function call to ProbeForRead() routine right before the faulting IP.
Can you pass this advise to the development team?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Peter
Thanks. Hope it will help:)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ James H
Our developer said, "it looks like accessing unmapped memory beyond user stack. Is it possible to get the driver binary from the user who reported the problem? Or get the exact build number of his Amplifier, so that I can fetch both the driver binary and PDB file from our repository here?"
Thanks for your support!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Peter
Was inserting call to ProbeForRead helpful? Because it seems that user memory access by kernel mode caused the BSOD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ iliyapolak
The developer is asking for driver binary, pdb with VTune build number. I has sent your question again.
Will get back to you if I get any update.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok thanks:)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@iliyapolak
Thanks for your understanding:-)
First at all, we check how it happened that we detect user stack borders incorrectly...
@James H
I would like to hear from you, and look forward to get info - I posted on 06/03/2014 - 20:40
It will be helpful to diagnose the problem, otherwise I only hope others to report this problem again with solid data, then our developer can investigate.
Thanks, Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Peter
It is OK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ James H,
I cannot find files under https://mega.co.nz/#F!ZtY2DToC!P5WebpDyNsCYgDvGMjYA6g, please check.
vtss.sys is not big one, you can upload it onto this tread if you like. Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry, was busy with other project
==================
2: kd> .cxr 0xffffd0002acadec0
rax=0000000001130000 rbx=00000000004a0025 rcx=fffff80086b17cc5
rdx=0000000000080004 rsi=fffff80086b17cc5 rdi=fffff800818cf000
rip=fffff800818dc945 rsp=ffffd0002acae8f0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=ffffd0002acae960 r12=00000000000074c2 r13=0000000000000000
r14=0000000000080004 r15=0000000000000286
iopl=0 nv up di pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010006
vtss+0xd945:
fffff800`818dc945 4c896808 mov qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
2: kd> kb
*** Stack trace for last set context - .thread/.cxr resets it
RetAddr : Args to Child : Call Site
00080004`0001d308 : ffffd000`2acaf000 ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 : vtss+0xd945
ffffd000`2acaf000 : ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 00000000`00000fff : 0x80004`0001d308
ffffd000`2aca9000 : 00000000`087c0000 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 : 0xffffd000`2acaf000
00000000`087c0000 : 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 : 0xffffd000`2aca9000
00000000`087bc000 : 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 : 0x87c0000
00000000`00000fff : 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 fffff800`40c8601c : 0x87bc000
00000000`00e0fdf0 : 00000000`7e92d000 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 : 0xfff
00000000`7e92d000 : 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 : 0xe0fdf0
00020508`00000000 : fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 00000000`0000003f : 0x7e92d000
fffff800`40c8601c : ffffd000`2acae8f0 00000000`00000048 00000000`0000003f ffffe001`eff93080 : 0x20508`00000000
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x6c
2: kd> ub
vtss+0xd919:
fffff800`818dc919 c7843ba48cda0401000000 mov dword ptr [rbx+rdi+4DA8CA4h],1
fffff800`818dc924 eb12 jmp vtss+0xd938 (fffff800`818dc938)
fffff800`818dc926 4439ac3ba48cda04 cmp dword ptr [rbx+rdi+4DA8CA4h],r13d
fffff800`818dc92e 7419 je vtss+0xd949 (fffff800`818dc949)
fffff800`818dc930 4489ac3ba48cda04 mov dword ptr [rbx+rdi+4DA8CA4h],r13d
fffff800`818dc938 488b843bb98cda04 mov rax,qword ptr [rbx+rdi+4DA8CB9h]
fffff800`818dc940 493bc5 cmp rax,r13
fffff800`818dc943 7404 je vtss+0xd949 (fffff800`818dc949)
2: kd> !address 00000000`7e92d000
unable to resolve nt!MiSessionViewStart
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@James
Can you upload full kernel mode crash dump?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok thanks.
I will look at them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can report that this driver is still a problem with the Parallel Studio XE 2015 release. VTSS.sys crashed my system a number of times with a BSOD, while I was not even using the Intel tools.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you post BSOD minidump files?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page