I have been using J for a few weeks and absolutely loving the new way it makes me look at old problems. I installed the ODBC drivers for Osx (10.15.6) but I get pointer violations:
[sean]% jconsole
load 'dd'
ddsrc''
jconsole(77340,0x1130efdc0) malloc: *** error for object 0x7f817ddcd1c0: pointer being freed was not allocated
jconsole(77340,0x1130efdc0) malloc: *** set a breakpoint in malloc_error_break to debug
[1] 77340 abort jconsole
[Seans-iMac:~]
[sean]%
I checked out the source from Github with the serious intent of trying to debug the problem for myself, I followed the instructions in the make.txt file, terse but mostly good; I had issues with the "./cpbin.sh" showing errors messages, and the first time I ran the tests it failed to find the .dylibs so I had to copy those manually
cp ../../bin/darwin/j64/*.dylib .
I then re-ran the tests:
sean#Seans-iMac:~/gitjsource/jsource/jlibrary/bin|master⚡ ⇒ ./jconsole ../../test/tsu.ijs
and his time the only errors were mach_vm_map errors, so a little progress but running RUN ddal gave this output which is superficially troubling!
RUN ddall
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=2251799813685248, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=2251799813685248, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=281474976710656, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
I then ran RECHO ddall and got this output:
RECHO ddall
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/g0.ijs
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/g000.ijs
:
: elided; assume to have passed, then...
:
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/g210.ijs
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/g210a.ijs
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=2251799813685248, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=2251799813685248, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=281474976710656, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=562949953421312, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
jconsole(76285,0x1152c2dc0) malloc: can't allocate region
:*** mach_vm_map(size=1125899906842624, flags: 100) failed (error code=3)
jconsole(76285,0x1152c2dc0) malloc: *** set a breakpoint in malloc_error_break to debug
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/g211.ijs
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/g212.ijs
:
: elided; assume to have passed
:
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/gxco2.ijs
/Users/sean/gitjsource/jsource/jlibrary/bin/../../test/gxinf.ijs
0
I just want to know if this is --serious-- or can be ignored, I am off to look in failed test script g210a.ijs to check it out...all I wanted to do was try to see why ODBC 'ddsrc' blows chunks!
The tsu reports of "malloc_error_break" are normal. They indicate a malloc request that was expected to fail so things are OK. We don't know how to turn off those warnings. They do not occur on other platforms.
The same error in ddsrc does indicate a problem. Again it indicates a malloc that does not succeed. Probably because of a bug that gives a bad arg to malloc. This is not a problem in the J engine, but is a problem in the odbc interface.
It certainly looks serious, but the problem's not likely in jsource, but in the FFI code that you can find in addons/data/odbc/odbc.ijs or ddmysql. An excerpt:
select. UNAME
case. 'Linux' do. libodbc=: (0-:PREFER_IODBC){::'libiodbc.so.2';'libodbc.so.2'
case. 'Darwin' do. libodbc=: 'libiodbc.dylib'
case. 'Win' do. libodbc=: 'odbc32.dll'
case. do. libodbc=: 'libodbc.so'
end.
i.0 0
)
sqlallochandle=: (libodbc, ' SQLAllocHandle s s x *x') &cd
sqlbindcol=: (libodbc, ' SQLBindCol s x s s * x *') &cd
sqlbindparameter=: (libodbc, ' SQLBindParameter s x s s s s x s * i *') &cd
The problem could be
that you have a library sufficiently different from the library this was coded against (note it doesn't seem to be doing any version checking) that just trying to call into it is destroying memory and breaking j internals
that somewhere J is receiving what is erroneously treated as an owned pointer, and it's A) not a freeable pointer, or B) not a pointer freeable by J because the library is using its own allocator
that somewhere J is erroneously passing a pointer to the library that the library regards as an owned pointer that it should free, with similar problems, and the error message just deceptively sources the fault to jsource
In any case I suggest reporting this to the general# forum
Of the g210a.ijs errors, the file itself warns about errors that seem to fit what you're seeing, and which look to be unrelated to the odbc issue.
NB. Some tests fail because memory is obtained in 65536 word increments,
NB. and malloc does not always fail gracefully.
NB. Other tests fail because they try to grab the entire result array
NB. at the outset, and fail with a limit error or an out of memory
Related
I've got an issue at the moment where the android app just quits without exception. I've managed to trace it back to this line.
PropertyChanged?.Invoke(this, new PropertyChangedEventArgs(propertyName));
I've checked all the properties and they all seem fine, no nulls etc.
I've also found this in the Debug output:
Fatal signal 6 (SIGABRT), code -6 (SI_TKILL) in tid 9154
I've googled this and spent the last 2 days trying various things like changing compiler options but to no avail. Is there a way to get more detailed information ? I am not familiar with the workings of Android so if its anything specific please explain in detail.
I'm using:
VS2019 community (not preview)
XF: 4.7.0.1351 (tried the latest 4.8.0.1451 but the same happens)
Android: 9.0 API 28
Running on an emulator also tried actual device.
UPDATE 1 (logcat snips):
09-20 14:09:03.764 777 777 F : Why are we setting the target on an unoccupied slot?
--------- beginning of crash
09-20 14:09:03.764 777 777 F libc : Fatal signal 6 (SIGABRT), code -6 (SI_TKILL) in tid 777, pid 777
09-20 14:09:03.790 852 852 I crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone
09-20 14:09:03.790 1747 1747 I /system/bin/tombstoned: received crash request for pid 777
09-20 14:09:03.791 852 852 I crash_dump32: performing dump of process 777 (target tid = 777)
09-20 14:09:03.795 852 852 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
09-20 14:09:03.795 852 852 F DEBUG : Build fingerprint: 'google/sdk_gphone_x86_arm/generic_x86_arm:9/PSR1.180720.117/5875966:user/release-keys'
09-20 14:09:03.795 852 852 F DEBUG : Revision: '0'
09-20 14:09:03.795 852 852 F DEBUG : ABI: 'x86'
09-20 14:09:03.795 852 852 F DEBUG : pid: 777, tid: 777
09-20 14:09:03.795 852 852 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
09-20 14:09:03.795 852 852 F DEBUG : Abort message: 'Why are we setting the target on an unoccupied slot?'
09-20 14:09:03.795 852 852 F DEBUG : eax 00000000 ebx 00000309 ecx 00000309 edx 00000006
09-20 14:09:03.796 852 852 F DEBUG : edi 00000309 esi c5462780
09-20 14:09:03.796 852 852 F DEBUG : ebp ffa9f6b8 esp ffa9f608 eip f66dfb39
09-20 14:09:03.796 852 852 F DEBUG :
09-20 14:09:03.796 852 852 F DEBUG : backtrace:
09-20 14:09:03.796 852 852 F DEBUG : #00 pc 00000b39 [vdso:f66df000] (__kernel_vsyscall+9)
09-20 14:09:03.796 852 852 F DEBUG : #01 pc 0001fdf8 /system/lib/libc.so (syscall+40)
09-20 14:09:03.796 852 852 F DEBUG : #02 pc 00022ed3 /system/lib/libc.so (abort+115)
UPDATE 2:
So as I've said it crashes without exception when Invoking the PropertyChanged method.
Using the debugger I've inspected the properties of PropertyChanged. I've got a subscriber to this even which is in an external assembly for the Data Access Layer.
I removed this subscriber to see if that was the issue, but no, the problem remains.
I checked the subscriber again and now it states it's inside the Xamarin.Forms.Core.dll called OnPropertyChanged
I'm not sure how to debug this further.
UPDATE 3:
I've created another project in the hope of getting the same behaviour, but unfortunately I could not reproduce the issue, but I did notice one thing.
We can clearly see the target in my broken project (second image) is NULL, any ideas how this could happen ?
It seems it makes no difference if the Target is null, I have no idea why it was null on one project and not the other.
Anyway after many hours , well days of debugging, the issue was because I was overwriting the properties of the bound object using Force.DeepCloner
I'm not sure exactly why this happens but its got something to do with how the object is used in the bindings. Once its created, using DeepCloner to overwrite "this" causes these issues.
Module AppRegistry is not a registered callable module (calling
runApplication)
when running in release mode a react-native app
xcode: 10.1
react-native: 0.57
When running a react-native app in release mode, it crashes and shows warning message as follows
It is working fine while running as debug mode.
2019-02-11 15:33:04.330531+0800 EASE[1709:691989] [DYMTLInitPlatform] platform initialization successful
2019-02-11 15:33:04.639426+0800 EASE[1709:691855] =======>>>>-[ViewController initWithNibName:bundle:]
2019-02-11 15:33:04.639721+0800 EASE[1709:691855] ================ViewController :going initWithNibName, storyBoard goto ===========
2019-02-11 15:33:04.639739+0800 EASE[1709:691855] ================ViewController :start sync===========
2019-02-11 15:33:04.641529+0800 EASE[1709:691855] ===========Here is the synchronization when the program starts============
2019-02-11 15:33:05.069459+0800 EASE[1709:691855] The application is in the foreground and is active
2019-02-11 15:33:05.468 [error][tid:com.facebook.react.JavaScript] Can't find variable: n
2019-02-11 15:33:05.467943+0800 EASE[1709:692012] Can't find variable: n
2019-02-11 15:33:05.470 [fatal][tid:com.facebook.react.ExceptionsManagerQueue] Unhandled JS Exception: Can't find variable: n
2019-02-11 15:33:05.469853+0800 EASE[1709:692009] Unhandled JS Exception: Can't find variable: n
2019-02-11 15:33:05.471 [error][tid:com.facebook.react.JavaScript] Module AppRegistry is not a registered callable module (calling runApplication)
2019-02-11 15:33:05.471115+0800 EASE[1709:692012] Module AppRegistry is not a registered callable module (calling runApplication)
2019-02-11 15:33:05.476228+0800 EASE[1709:692009] *** Terminating app due to uncaught exception 'RCTFatalException: Unhandled JS Exception: Can't find variable: n', reason: 'Unhandled JS Exception: Can't find variable: n, stack:
<unknown>#1163:26828t#1163:474
<unknown>#1163:788t#1163:474
<unknown>#1163:703t#1163:474
<unknown>#1163:588t#1163:474
<unknown>#1163:418355v#2:1483
<unknown>#1162:69v#2:1483
<unknown>#1161:376v#2:1483
<unknown>#1160:592v#2:1483
<unknown>#1159:572v#2:1483
<unknown>#1158:661v#2:1483
<unknown>#998:5169v#2:1483
<unknown>#948:263v#2:1483
<unknown>#946:98v#2:1483
<unknown>#945:49v#2:1483
<unknown>#944:78v#2:1483
<unknown>#943:79v#2:1483
<unknown>#942:49v#2:1483
<unknown>#718:79v#2:1483
<unknown>#717:66v#2:1483
<unknown>#716:51v#2:1483
<unknown>#715:116v#2:1483
<unknown>#714:148v#2:1483
<unknown>#713:176v#2:1483
<unknown>#705:180v#2:1483
<unknown>#704:183v#2:1483
<unknown>#668:223v#2:1483
<unknown>#659:271v#2:1483
<unknown>#658:28v#2:1483
<unknown>#657:138v#2:1483
<unknown>#528:128v#2:1483
<unknown>#343:418v#2:1483
<unknown>#11:58v#2:1483d#2:866global code#2177:4'
*** First throw call stack:
(0x23b373ea0 0x23a545a40 0x105030e30 0x10502d238 0x23b37b600
0x23b259530 0x23b25a114 0x105045030 0x10508be7c 0x10508bbd8
0x10817f824 0x108180dc8 0x108188e6c 0x108189b60 0x108193bfc
0x23af900dc 0x23af92cec)
libc++abi.dylib: terminating with uncaught exception of type
NSException
(lldb)
App doesn't crash when running in both release mode and debug mode
Is there a way to break windbg or visual studio debugger execution when the value of LastError value changes?
Edit:
Found a way by setting a breakpoint in ntdll!RtlSetLastWin32Error.
Does anyone know another way or it's the best way for that?
set a write breakpoint on the address of teb->LastErrorValue
ba w4 ##c++(&(#$thread->LastErrorValue))
happy breaking whenever error value changes
you can add conditions to the bp to break only when you want too
0:000> ba w4 ##c++(&(#$thread->LastErrorValue)) "!gle;gc"
breakpoint 0 redefined
0:000> g
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc000008a - Indicates the specified resource type cannot be found in the image file.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
My operations group, and the devs are clueless to why this happens. Basically the server-side service of a client/server application hangs. We have been pushing new bugfixed versions and providing all kinds of logs to the devs, but they can't figure it out. To make it even harder to figure out, this is an application that works very closely with another application on the client side.
I have no idea if I'm onto something here, as I have limited windbg experience, but this seems worth checking out. Google comes up pretty promising, but with mostly gamers having BSODs not providing much more info...
I found this bit at the start of the dump:
WARNING: odbccp32 overlaps comctl32 .
WARNING: odbc32 overlaps odbccp32
WARNING: odbc32 overlaps comctl32 .............
WARNING: mswsock overlaps FWPUCLNT .......
WARNING: winsta overlaps winnsi .
WARNING: ntlanman overlaps drprov .... ...
WARNING: srvcli overlaps netapi32
WARNING: wkscli overlaps srvcli ..........
WARNING: ncrypt overlaps schannel .
WARNING: nlaapi overlaps ncrypt .
WARNING: NapiNSP overlaps nlaapi ....
WARNING: rsaenh overlaps cryptsp
and a bit lower:
OVERLAPPED_MODULE: Address regions for 'odbc32' and 'odbccp32' overlap
Here is the complete !analyze -v dump:
Microsoft (R) Windows Debugger Version 6.2.8400.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\debug\MES\PLSMES.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*c:\symbols*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (16 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Machine Name:
Debug session time: Thu Jun 14 10:37:01.000 2012 (UTC + 2:00)
System Uptime: not available
Process Uptime: 0 days 6:36:13.000
......................................WARNING: odbccp32 overlaps comctl32
.WARNING: odbc32 overlaps odbccp32
WARNING: odbc32 overlaps comctl32
.............WARNING: mswsock overlaps FWPUCLNT
.......WARNING: winsta overlaps winnsi
.WARNING: ntlanman overlaps drprov
....
...WARNING: srvcli overlaps netapi32
.WARNING: wkscli overlaps srvcli
..........WARNING: ncrypt overlaps schannel
.WARNING: nlaapi overlaps ncrypt
.WARNING: NapiNSP overlaps nlaapi
....WARNING: rsaenh overlaps cryptsp
Cannot read PEB32 from WOW64 TEB32 7efdd000 - Win32 error 0n30
wow64cpu!CpupSyscallStub+0x9:
00000000`741f2e09 c3 ret
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify timestamp for PLSMES.exe
*** ERROR: Module load completed but symbols could not be loaded for PLSMES.exe
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 0000000000001364
DEFAULT_BUCKET_ID: BAD_DUMP_MISSING_MEMORY
PROCESS_NAME: PLSMES.exe
OVERLAPPED_MODULE: Address regions for 'odbc32' and 'odbccp32' overlap
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: plsmes.exe
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 0000000000000000 to 00000000741f2e09
PRIMARY_PROBLEM_CLASS: BAD_DUMP_MISSING_MEMORY
BUGCHECK_STR: APPLICATION_FAULT_BAD_DUMP_MISSING_MEMORY
STACK_TEXT:
00000000`00000000 00000000`00000000 bad_dump!missing_stack+0x0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: bad_dump!missing_stack
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: bad_dump
IMAGE_NAME: bad_dump
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: BAD_DUMP_MISSING_MEMORY_80000003_bad_dump!missing_stack
BUCKET_ID: X64_APPLICATION_FAULT_BAD_DUMP_MISSING_MEMORY_bad_dump!missing_stack
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/PLSMES_exe/4_4_3_2582/4f8ac8f6/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
Followup: MachineOwner
---------
Could this be related to the application hangs? Overlapping memory doesn't seem good.
Note: The same server runs other instances of the same application without error.
Any pointers to further debugging would also be nice.
(Moved from ServerFault, I guess this is better asked here.)
I've seen this happen when a 64 bit version of task manager is used to create a dump of a 32 bit process. If this is your case, then use the 32 bit version of task manager which can be found in the SysWOW64 folder. This link describes the problem:
http://blogs.msdn.com/b/tess/archive/2010/09/29/capturing-memory-dumps-for-32-bit-processes-on-an-x64-machine.aspx
I'm debugging some random crash bugs, but actually very difficult to go deep into. Because when i open crash dump, only find one error:
0:000> .exr -1
ExceptionAddress: 00000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
Actually i haven't set any hard-code breakpoint in code, so i search about this exception in google, some people said this exception may be caused by heap corruption.
So my question is,
Is there any other reason why cause this exception, except hard-code breakpoint, manual breakpoint while debugging, heap corruption?
Another question is, i try to use Application Verifier to check heap corruption, i understand how does it work, app verifier will trigger break instruction exception while heap corruption. But currently, i run without app verifier, who will raise the break instruction exception?
Additional info: call stack for current thread.
*0:000> k
ChildEBP RetAddr
0012f96c 7c827d19 ntdll!KiFastSystemCallRet
0012f970 77e6202c ntdll!NtWaitForMultipleObjects+0xc
0012fa18 7739bbd1 kernel32!WaitForMultipleObjectsEx+0x11a
0012fa74 3b288523 user32!RealMsgWaitForMultipleObjectsEx+0x141
0012fab8 3b32b9bd msenv!EnvironmentMsgLoop+0x1ea
0012fae4 3b32b94d msenv!CMsoCMHandler::FPushMessageLoop+0x86
0012fb0c 3b32b8e9 msenv!SCM::FPushMessageLoop+0xb7
0012fb28 3b32b8b8 msenv!SCM_MsoCompMgr::FPushMessageLoop+0x28
0012fb48 3b32be4e msenv!CMsoComponent::PushMsgLoop+0x28
0012fbe0 3b327561 msenv!VStudioMainLogged+0x482
0012fc0c 3000a4a6 msenv!VStudioMain+0xc1
0012fc38 30007301 devenv!util_CallVsMain+0xff
0012ff14 3000760c devenv!CDevEnvAppId::Run+0x91f
0012ff30 30007680 devenv!WinMain+0x74
0012ffc0 77e6f23b devenv!License::GetPID+0x258
0012fff0 00000000 kernel32!BaseProcessStart+0x23*
Our application is a Visual Studio Package.
Below is the result from !analyze -v
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
+0
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00001f1c
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: devenv.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK:
SP IP Function
0012E584 09C8A903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure(Int32, Int32[])+0x3b
0012E590 09C8C604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged(UInt32, System.Object, System.Object)+0x144
StackTraceString: <none>
HResult: 80004005
EXCEPTION_OBJECT: !pe 3115d464
Exception object: 3115d464
Exception type: System.Runtime.InteropServices.COMException
Message: Error HRESULT E_FAIL has been returned from a call to a COM component.
InnerException: <none>
StackTrace (generated):
SP IP Function
0012E584 09C8A903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure(Int32, Int32[])+0x3b
0012E590 09C8C604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged(UInt32, System.Object, System.Object)+0x144
StackTraceString: <none>
HResult: 80004005
MANAGED_OBJECT: !dumpobj 3201988
Name: System.String
MethodTable: 79330a00
EEClass: 790ed64c
Size: 158(0x9e) bytes
(C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: Error HRESULT E_FAIL has been returned from a call to a COM component.
Fields:
MT Field Offset Type VT Attr Value Name
79332c4c 4000096 4 System.Int32 1 instance 71 m_arrayLength
79332c4c 4000097 8 System.Int32 1 instance 70 m_stringLength
793316e0 4000098 c System.Char 1 instance 45 m_firstChar
79330a00 4000099 10 System.String 0 shared static Empty
>> Domain:Value 00219c28:03031198 <<
79331630 400009a 14 System.Char[] 0 shared static WhitespaceChars
>> Domain:Value 00219c28:03031798 <<
EXCEPTION_MESSAGE: Error HRESULT E_FAIL has been returned from a call to a COM component.
MANAGED_OBJECT_NAME: System.Runtime.InteropServices.COMException
LAST_CONTROL_TRANSFER: from 7c827d19 to 7c82860c
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
STACK_TEXT:
09c8a903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure
09c8c604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged
STACK_COMMAND: dds 12e584 ; kb
FOLLOWUP_IP:
+9c8a903
09c8a903 8bc6 mov eax,esi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure+9c8a903
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Microsoft_VisualStudio_Design
IMAGE_NAME: Microsoft.VisualStudio.Design.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_Microsoft.VisualStudio.Design.dll!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure
BUCKET_ID: APPLICATION_FAULT_STATUS_BREAKPOINT_Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure+9c8a903
Followup: MachineOwner
...
In the managed stack, there is a explicit error,Microsoft.VisualStudio.NativeMethods.ThrowOnFailure..
But that means the com exception cause the break instruction exception?
!analyze seems just dump the managed level, the com exception maybe the last error in the managed level.
I also search something about interrupt and exception from google, Normally, the break instruction exception can be triggered in following conditions:
1. Hardcode interrupt request, like: __asm int 3 (ASM), System.Diagnostics.Debugger.Break (C#), DebugBreak() (WinAPI).
2. OS enable memory runtime check, like Application Verifier can trigger after heap corruption, memory overrun.
3. Compiler can have some configuration to enble what should be filled for the uninitialized memory block and end of function(blank area, after retun..). For example, Microsoft VC complier can fill 0xCC if enable /GZ. 0xCC is actually a opcode of __asm int 3. So if some error cause the application run into such block, will trigger a break point.
Correct?
If that, I think Application Verifier should be best choice to find the root cause.
For future reference, the Your debugger is not using the correct symbols warning is caused because you need to add Windows symbols to the Windbg symbols path. Here is how to do that:
Set Microsoft symbol server path automatically:
0:000> .symfix
Optionally you can specify an additional location where to download symbol from, e.g.:
0:000> .sympath+ c:\myproject
Check current symbol search path:
0:000> .sympath
You should see something like this:
SRV**http://msdl.microsoft.com/download/symbols
Reload symbols:
0:000> .reload
Then, you will be able to see information about the current exception using this command:
0:000> !analyze -v
You should see a line similar to the following:
ExceptionCode: c0000005 (Access violation)
Good luck fixing bugs!
The command to use to find the exception that caused the crash dump is .ecxr. The outpt you got from .exr -1 is incorrect as the ExceptionAddress is zero.