PDA

View Full Version : Crashing to the desktop still after Hotfix 2



JCitron
October 12th, 2015, 03:07 PM
I know this is retail release and the Hotfix, but this really has become an issue for us all.

http://forums.auran.com/trainz/showthread.php?123456-Help-Please!-T-ANE-User-Data-Folder-Crashing-My-C-Drive

I thought this was resolved with the hotfix, or was I mistaken?

I have, along with the many, many other people, sent off crashdump.dmp files and reports to the helpdesk though I haven't gotten an acknowledgement back from any human yet on the receipt. A nice thank you, other than the automated one would be nice.

The crash I reported had the same error as before, and so have others I have looked at but didn't save or document.



This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(d44.12f0): Access violation - code c0000005 (first/second chance not available)
ntdll!NtGetContextThread+0xa:
00007ffd`99e9432a c3 ret

rax=0000000115066327 rbx=0000000029e3fc90 rcx=0000000000004327
rdx=ffffffff9938e12a rsi=0000000115062000 rdi=000000017bcd3ed6
rip=00007ffd840fc3f9 rsp=0000000029e3f9d8 rbp=000000000000ffff
r8=000000000000ffff r9=fffffffe8aa99fbf r10=0000000115056328
r11=000000017bcc81fe r12=0000000000000008 r13=00000000230ad790
r14=0000000115056328 r15=00000001a0c84c60
iopl=0 nv up ei pl nz na po cy
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010207
msvcr120!memcpy+0x39:
00007ffd`840fc3f9 f3a4 rep movs byte ptr [rdi],byte ptr [rsi]

Running !analyze -V

Produces this:

FAULTING_IP:
msvcr120!memcpy+39 [f:\dd\vctools\crt\crtw32\string\amd64\memcpy.asm @ 128]
00007ffd`840fc3f9 f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007ffd840fc3f9 (msvcr120!memcpy+0x0000000000000039)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000115062000
Attempt to read from address 0000000115062000
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000000000453 rbx=00000000000004d0 rcx=00000000000205c8
rdx=00000000004d0000 rsi=0000000032943680 rdi=00007ffd99b40f20
rip=00007ffd99e9432a rsp=0000000029e3cc38 rbp=000000000001becc
r8=0000000000000452 r9=0000000000000d44 r10=0000000000000000
r11=0000000000000286 r12=0000000032943628 r13=00000000329435b8
r14=0000000032943628 r15=0000000032943638
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!NtGetContextThread+0xa:
00007ffd`99e9432a c3 ret
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
PROCESS_NAME: TANE.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000115062000
READ_ADDRESS: 0000000115062000
FOLLOWUP_IP:
msvcr120!memcpy+39 [f:\dd\vctools\crt\crtw32\string\amd64\memcpy.asm @ 128]
00007ffd`840fc3f9 f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
NTGLOBALFLAG: 0
APP: tane.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
FAULTING_THREAD: 00000000000012f0
PRIMARY_PROBLEM_CLASS: STRING_DEREFERENCE
BUGCHECK_STR: APPLICATION_FAULT_STRING_DEREFERENCE_INVALID_POINT ER_READ


IP_ON_HEAP: 0000000115056328
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.
FRAME_ONE_INVALID: 1
LAST_CONTROL_TRANSFER: from 0000000115056328 to 00007ffd840fc3f9

clicking on a sub-link .cxr 0x0 ; r

CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000000000453 rbx=00000000000004d0 rcx=00000000000205c8
rdx=00000000004d0000 rsi=0000000032943680 rdi=00007ffd99b40f20
rip=00007ffd99e9432a rsp=0000000029e3cc38 rbp=000000000001becc
r8=0000000000000452 r9=0000000000000d44 r10=0000000000000000
r11=0000000000000286 r12=0000000032943628 r13=00000000329435b8
r14=0000000032943628 r15=0000000032943638
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!NtGetContextThread+0xa:
00007ffd`99e9432a c3 ret
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
PROCESS_NAME: TANE.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000115062000
READ_ADDRESS: 0000000115062000
FOLLOWUP_IP:
msvcr120!memcpy+39 [f:\dd\vctools\crt\crtw32\string\amd64\memcpy.asm @ 128]
00007ffd`840fc3f9 f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
NTGLOBALFLAG: 0
APP: tane.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
FAULTING_THREAD: 00000000000012f0
PRIMARY_PROBLEM_CLASS: STRING_DEREFERENCE
BUGCHECK_STR: APPLICATION_FAULT_STRING_DEREFERENCE_INVALID_POINT ER_READ
IP_ON_HEAP: 0000000115056328
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.
FRAME_ONE_INVALID: 1
LAST_CONTROL_TRANSFER: from 0000000115056328 to 00007ffd840fc3f9
STACK_TEXT:
00000000`29e3f9d8 00000001`15056328 : 00000000`0000ffff 00000001`4092d36d 00000000`033b1000 00000000`00001000 : msvcr120!memcpy+0x39
00000000`29e3f9e0 00000000`0000ffff : 00000001`4092d36d 00000000`033b1000 00000000`00001000 00000000`29e3fc90 : 0x00000001`15056328
00000000`29e3f9e8 00000001`4092d36d : 00000000`033b1000 00000000`00001000 00000000`29e3fc90 00000001`15056328 : 0xffff
00000000`29e3f9f0 00000001`401ee6bf : 00000000`033a9000 00000000`29e3fcc8 00000000`29e3fcd8 00000000`29e3fa90 : TANE!nvtt::version+0x124c6d
00000000`29e3fa20 00000001`4091e17d : ffffffff`ffffffff 00000000`29e3fcd8 00000000`0000ffff 00000000`29e3fc90 : TANE+0x1ee6bf
00000000`29e3fa50 00000001`407a73ca : 00000000`00010000 00000000`29e3fcd8 00000000`29e3fcc8 00000000`000002ec : TANE!nvtt::version+0x115a7d
00000000`29e3fa90 00000001`40782e12 : 00000001`0000340f 00000000`0000a93f 00000001`40e2c268 00000000`29e3fcc8 : TANE+0x7a73ca
00000000`29e3fb00 00000001`40783491 : 00000000`0005e59b 00000000`d93e99c8 00000001`0000001a 00000000`d93e9960 : TANE+0x782e12
00000000`29e3fb90 00000001`4078cc2c : 00000000`c75a6b00 00000000`29e3fe90 00000000`2f16acd0 00000000`d93e9960 : TANE+0x783491
00000000`29e3fd60 00000001`4078d9c9 : 00000000`fffffff9 00000000`d93e99b0 00000000`5d7c4dd0 00000000`0000a1d8 : TANE+0x78cc2c
00000000`29e3fdf0 00000001`409355f3 : 00000000`c75a6b00 00000000`c75a6b00 00000000`29e3fe90 00000000`00000000 : TANE+0x78d9c9
00000000`29e3fe20 00000001`40935a01 : 00000000`00000000 00000002`4dcf1c70 00000000`00000000 00000000`00000000 : TANE!nvtt::version+0x12cef3
00000000`29e3fe60 00007ffd`8ce9d24c : 00000000`2f45c8a0 00007ffd`840e3403 00000000`00000000 00000002`4dcf1c70 : TANE!nvtt::version+0x12d301
00000000`29e3fec0 00007ffd`840e4f7f : 00000000`001f81b0 00000000`00000000 00000000`00000000 00000000`00000000 : msvcp120!_Call_func+0x14
00000000`29e3ff00 00007ffd`840e5126 : 00007ffd`8419cb80 00000000`00000000 00000000`00000000 00000000`00000000 : msvcr120!_callthreadstartex+0x17
00000000`29e3ff30 00007ffd`99b32d92 : 00007ffd`840e5024 00000002`4dcf1c70 00000000`00000000 00000000`00000000 : msvcr120!_threadstartex+0x102
00000000`29e3ff60 00007ffd`99e09f64 : 00007ffd`99b32d70 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x22
00000000`29e3ff90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34

FAULTING_SOURCE_LINE: f:\dd\vctools\crt\crtw32\string\amd64\memcpy.asm
FAULTING_SOURCE_FILE: f:\dd\vctools\crt\crtw32\string\amd64\memcpy.asm
FAULTING_SOURCE_LINE_NUMBER: 128
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: msvcr120!memcpy+39
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr120
IMAGE_NAME: msvcr120.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 524f83ff
STACK_COMMAND: ~59s; .ecxr ; kb
FAILURE_BUCKET_ID: STRING_DEREFERENCE_c0000005_msvcr120.dll!memcpy
BUCKET_ID: APPLICATION_FAULT_STRING_DEREFERENCE_INVALID_POINT ER_READ_msvcr120!memcpy+39
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:string_dereference_c0000005_msvcr120.dll!memcpy
FAILURE_ID_HASH: {3640237b-6ccd-432a-12d5-5c9d832f18ab}
Followup: MachineOwner
---------



and so on...



Perhaps you can speak to those on the other side of the wall and see what they can do or are doing to address this issue.

JCitron
October 13th, 2015, 10:10 AM
A question/observation from Shane Turner on this same.

I've noticed your thread in Trainz Dev regarding the crashes. I've just been analysing a crash dump from boleyd, which seems to be very similar.

Something in it I did notice though was a call to NtGetContextThread. According to sources elsewhere on the internet it seems that this particular function seems to have problems if switching between 32-bit and 64-bit and is particularly an issue when the thread is suspended (which I've got a feeling may be happening during save routines).

I wonder if this is what's causing a lot of these crash situations? I'm interested to see what you think on this, as it looks like it's all to do with thread contexts and specifically the CONTEXT32/CONTEXT64 (although it makes me wonder if T:ANE is using the wrong context somewhere along the line).