Analyzers
Talk to fellow users of Intel Analyzer tools (Intel VTune™ Profiler, Intel Advisor)
5054 Discussions

A bug in vtss.sys

Slava_I_
Beginner
‎10-06-2012 10:03 AM
14,821 Views

There is a bug in vtss.sys - an attempt to close an invalid handle from the driver, the bug reveales itself only when the driver verifier is active. Mostly it is a nuisance as this bug should not have any impact on the system but the driver verifier must be disabled to use VTune 2013 as Microsoft considers this bug as a fatal error that should be fixed so the driver verifier crashes the system. The following is a crash analysis

 

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code (server, redirector, other driver, etc.)
attempts to close a handle that is not a valid handle.
Arguments:
Arg1: 0000000000000000, The handle that NtClose was called with.
Arg2: fffff8a0000018b0,
Arg3: 0000000000000000
Arg4: 0000000000000001

Debugging Details:
------------------


DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x93

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80003bbc3c2 to fffff80003abd620

STACK_TEXT:
fffff880`02fd2da8 fffff800`03bbc3c2 : 00000000`00000000 fffffa80`03d1e040 00000000`00000065 fffff800`03b03b10 : nt!RtlpBreakWithStatusInstruction
fffff880`02fd2db0 fffff800`03bbd1ae : 00000000`00000003 00000000`00000000 fffff800`03b006d0 00000000`00000093 : nt!KiBugCheckDebugBreak+0x12
fffff880`02fd2e10 fffff800`03ac56c4 : 00000000`0000001c fffff980`1288efe0 00000000`00000000 00000000`00000000 : nt!KeBugCheck2+0x71e
fffff880`02fd34e0 fffff800`03d2261b : 00000000`00000093 00000000`00000000 fffff8a0`000018b0 00000000`00000000 : nt!KeBugCheckEx+0x104
fffff880`02fd3520 fffff800`03ac4813 : fffff880`02fd3600 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x51ce4
fffff880`02fd3620 fffff800`03ac0db0 : fffff880`1fe0d3ff 00000000`00000000 fffff800`03c54880 00000000`00240024 : nt!KiSystemServiceCopyEnd+0x13
fffff880`02fd3828 fffff880`1fe0d3ff : 00000000`00000000 fffff800`03c54880 00000000`00240024 fffffa80`0509d4a0 : nt!KiServiceLinkage
fffff880`02fd3830 fffff880`1fe10502 : 00000000`00000000 fffffa80`05184db0 00000000`746c6600 fffff880`02fd3970 : vtss+0x73ff
fffff880`02fd38a0 fffff800`03eadeb7 : fffffa80`05184db0 ffffffff`80001bf0 fffff980`1288efe0 00000000`00000001 : vtss+0xa502
fffff880`02fd39a0 fffff800`03eae2b5 : 00000000`00000010 00000000`00000000 00000000`00000010 00000000`00010202 : nt!IopLoadDriver+0xa07
fffff880`02fd3c70 fffff800`03ad27e1 : fffff880`00000000 ffffffff`80001bf0 fffff800`03eae260 00000000`00000000 : nt!IopLoadUnloadDriver+0x55
fffff880`02fd3cb0 fffff800`03d656fa : ffffffff`ffffffff fffffa80`03d1e040 00000000`00000080 fffffa80`03d065a0 : nt!ExpWorkerThread+0x111
fffff880`02fd3d40 fffff800`03aa3b46 : fffff880`009e6180 fffffa80`03d1e040 fffff880`009f0f40 01e09a41`0c0a3590 : nt!PspSystemThreadStartup+0x5a
fffff880`02fd3d80 00000000`00000000 : fffff880`02fd4000 fffff880`02fce000 fffff880`02fd28b0 00000000`00000000 : nt!KiStartSystemThread+0x16

0 Kudos

Link Copied

148 Replies
Bernard
Valued Contributor I
‎04-18-2014 05:43 AM
1,771 Views

 

@Peter

After applying update 16 to the VTune I still cannot use VS 2013 debugger.

0 Kudos
Copy link
James_H_
Beginner
‎06-02-2014 07:13 AM
1,771 Views

Hi, I upgraded my system from win7 64 to win 8 64 a week ago, therefore I reinstalled Vtune and upgraded to the latest version.

Sadly, the BSOD happened again in win 8, mm...BSOD might be an error term in win 8 now though :P

Anyway, with win 8 I can have a crash dump now (still dunno why my win 7 failed to generate crash dump, it's in past anyway)

 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800818dc945, Address of the exception record for the exception that caused the bugcheck
Arg3: ffffd0002acadec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

FAULTING_IP:
vtss+d945
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13

CONTEXT:  ffffd0002acadec0 -- (.cxr 0xffffd0002acadec0)
rax=0000000001130000 rbx=00000000004a0025 rcx=fffff80086b17cc5
rdx=0000000000080004 rsi=fffff80086b17cc5 rdi=fffff800818cf000
rip=fffff800818dc945 rsp=ffffd0002acae8f0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000001
r11=ffffd0002acae960 r12=00000000000074c2 r13=0000000000000000
r14=0000000000080004 r15=0000000000000286
iopl=0         nv up di pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010006
vtss+0xd945:
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  LastPassBroker

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 000800040001d308 to fffff800818dc945

STACK_TEXT: 
ffffd000`2acae8f0 00080004`0001d308 : ffffd000`2acaf000 ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 : vtss+0xd945
ffffd000`2acae8f8 ffffd000`2acaf000 : ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 00000000`00000fff : 0x80004`0001d308
ffffd000`2acae900 ffffd000`2aca9000 : 00000000`087c0000 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 : 0xffffd000`2acaf000
ffffd000`2acae908 00000000`087c0000 : 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 : 0xffffd000`2aca9000
ffffd000`2acae910 00000000`087bc000 : 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 : 0x87c0000
ffffd000`2acae918 00000000`00000fff : 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 fffff800`40c8601c : 0x87bc000
ffffd000`2acae920 00000000`00e0fdf0 : 00000000`7e92d000 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 : 0xfff
ffffd000`2acae928 00000000`7e92d000 : 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 : 0xe0fdf0
ffffd000`2acae930 00020508`00000000 : fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 00000000`0000003f : 0x7e92d000
ffffd000`2acae938 fffff800`40c8601c : ffffd000`2acae8f0 00000000`00000048 00000000`0000003f ffffe001`eff93080 : 0x20508`00000000
ffffd000`2acae940 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x6c


FOLLOWUP_IP:
vtss+d945
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  vtss+d945

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vtss

IMAGE_NAME:  vtss.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5379c90e

STACK_COMMAND:  .cxr 0xffffd0002acadec0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_vtss+d945

BUCKET_ID:  X64_0x3B_vtss+d945

Followup: MachineOwner
---------

 

0 Kudos
Copy link
Peter_W_Intel
Employee
‎06-02-2014 08:15 PM
1,771 Views

@James H

Thanks for your report. I have escalated your data to our engineering team, will update if any progress.

0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-02-2014 10:41 PM
1,771 Views

@James

Do you have debug symbols installed?

Regarding the BSOD it seems that this is access violation exception in kernel mode. Such a exception will always cause a BSOD while offending code is running inside the kernel. This Bugcheck could be also related to transition between user - kernel mode code.

Can you decode this address 00000000`7e92d000  by using !address command?

mov     qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????

 

0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-02-2014 10:44 PM
1,771 Views

@Peter

I thought about possible workaround. It can be for example insertion of  function call to ProbeForRead() routine right before the faulting IP.

Can you pass this advise to the development team?

Thank you.

0 Kudos
Copy link
Peter_W_Intel
Employee
‎06-03-2014 12:07 AM
1,771 Views

iliyapolak

I have transferred your opinion to developer.  

0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-03-2014 12:33 AM
1,771 Views

@Peter

Thanks. Hope it will help:)

0 Kudos
Copy link
Peter_W_Intel
Employee
‎06-03-2014 05:40 AM
1,771 Views

@ James H

Our developer said, "it looks like accessing unmapped memory beyond user stack. Is it possible to get the driver binary from the user who reported the problem? Or get the exact build number of his Amplifier, so that I can fetch both the driver binary and PDB file from our repository here?"

Thanks for your support!

0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-04-2014 12:14 AM
1,771 Views

@Peter

Was inserting call to ProbeForRead helpful? Because it seems that user memory access by kernel mode caused the BSOD.

0 Kudos
Copy link
Peter_W_Intel
Employee
‎06-04-2014 01:39 AM
1,771 Views

@ iliyapolak

The developer is asking for driver binary, pdb with VTune build number. I has sent your question again.

Will get back to you if I get any update.

0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-04-2014 02:01 AM
1,771 Views

Ok thanks:)

0 Kudos
Copy link
James_H_
Beginner
‎06-04-2014 05:53 PM
1,771 Views

I have put vtss.sys in the following
https://mega.co.nz/#F!ZtY2DToC!P5WebpDyNsCYgDvGMjYA6g

0 Kudos
Copy link
Peter_W_Intel
Employee
‎06-04-2014 06:00 PM
1,771 Views

@iliyapolak

Thanks for your understanding:-) 

First at all, we check how it happened that we detect user stack borders incorrectly...

@James H

I would like to hear from you, and look forward to get info - I posted on 06/03/2014 - 20:40

It will be helpful to diagnose the problem, otherwise I only hope others to report this problem again with solid data, then our developer can investigate.

Thanks, Peter

0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-05-2014 12:36 AM
1,771 Views

@Peter

It is OK.

0 Kudos
Copy link
Peter_W_Intel
Employee
‎06-11-2014 10:15 PM
1,771 Views

@ James H,

I cannot find files under https://mega.co.nz/#F!ZtY2DToC!P5WebpDyNsCYgDvGMjYA6g, please check.

vtss.sys is not big one, you can upload it onto this tread if you like. Thank you.

0 Kudos
Copy link
James_H_
Beginner
‎06-19-2014 12:52 AM
1,778 Views

sorry, was busy with other project

==================

2: kd> .cxr 0xffffd0002acadec0
rax=0000000001130000 rbx=00000000004a0025 rcx=fffff80086b17cc5
rdx=0000000000080004 rsi=fffff80086b17cc5 rdi=fffff800818cf000
rip=fffff800818dc945 rsp=ffffd0002acae8f0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000001
r11=ffffd0002acae960 r12=00000000000074c2 r13=0000000000000000
r14=0000000000080004 r15=0000000000000286
iopl=0         nv up di pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010006
vtss+0xd945:
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
RetAddr           : Args to Child                                                           : Call Site
00080004`0001d308 : ffffd000`2acaf000 ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 : vtss+0xd945
ffffd000`2acaf000 : ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 00000000`00000fff : 0x80004`0001d308
ffffd000`2aca9000 : 00000000`087c0000 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 : 0xffffd000`2acaf000
00000000`087c0000 : 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 : 0xffffd000`2aca9000
00000000`087bc000 : 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 : 0x87c0000
00000000`00000fff : 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 fffff800`40c8601c : 0x87bc000
00000000`00e0fdf0 : 00000000`7e92d000 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 : 0xfff
00000000`7e92d000 : 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 : 0xe0fdf0
00020508`00000000 : fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 00000000`0000003f : 0x7e92d000
fffff800`40c8601c : ffffd000`2acae8f0 00000000`00000048 00000000`0000003f ffffe001`eff93080 : 0x20508`00000000
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x6c
2: kd> ub
vtss+0xd919:
fffff800`818dc919 c7843ba48cda0401000000 mov dword ptr [rbx+rdi+4DA8CA4h],1
fffff800`818dc924 eb12            jmp     vtss+0xd938 (fffff800`818dc938)
fffff800`818dc926 4439ac3ba48cda04 cmp     dword ptr [rbx+rdi+4DA8CA4h],r13d
fffff800`818dc92e 7419            je      vtss+0xd949 (fffff800`818dc949)
fffff800`818dc930 4489ac3ba48cda04 mov     dword ptr [rbx+rdi+4DA8CA4h],r13d
fffff800`818dc938 488b843bb98cda04 mov     rax,qword ptr [rbx+rdi+4DA8CB9h]
fffff800`818dc940 493bc5          cmp     rax,r13
fffff800`818dc943 7404            je      vtss+0xd949 (fffff800`818dc949)
2: kd> !address 00000000`7e92d000
unable to resolve nt!MiSessionViewStart

 

vtss.zip
0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-20-2014 01:00 PM
1,778 Views

@James

Can you upload full kernel mode crash dump?

0 Kudos
Copy link
James_H_
Beginner
‎06-20-2014 08:51 PM
1,778 Views

i only have 2 minidumps before I rename it so that it won't load to crash my system

060614-58265-01.zip
0 Kudos
Copy link
Bernard
Valued Contributor I
‎06-20-2014 11:48 PM
1,778 Views

Ok thanks.

I will look at them.

0 Kudos
Copy link
hendrix__marcel
Beginner
‎12-27-2014 01:15 PM
1,778 Views

I can report that this driver is still a problem with the Parallel Studio XE 2015 release. VTSS.sys crashed my system a number of times with a BSOD, while I was not even using the Intel tools.

0 Kudos
Copy link
Bernard
Valued Contributor I
‎12-28-2014 12:09 AM
1,778 Views

Can you post BSOD minidump files?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.