Re: Kernel32 AV while running IIS 6 under Stress, Win2003

From: Pat [MSFT] (patfilot_at_online.microsoft.com)
Date: 04/08/04 

Date: Wed, 7 Apr 2004 19:57:23 -0700

It looks a bit odd. I actually suspect that there is a problem on the stack
(i.e. corruption) that is causing the problem, though I am not sure what.
.Net would not be a factor b/c it is not running on thise thread, only Java.
So...it could be a bug in the Java VM. It's hard to say from this.

You really need a 1st chance AV with the stack to say for sure. Since this
is a second chance AV, other things may have occurred in the interim which
will lead us astray.

Pat

"GJB" <gboysko@REMOVE_THIS_TO_REPLY.yahoo.com> wrote in message
news:A6C319B8-0B46-4C29-9D82-6868E0639174@microsoft.com...
> Hello All:
>
> We are encountering an AV condition inside the Win32 function,
WaitForSingleObjectEx while running inside IIS 6 on Windows 2003. I've done
some analysis and it is quite bizarre. Here is the call stack of the thread
with the second chance AV:
>
> ChildEBP RetAddr Args to Child
> 0698fea8 77e4168f 000004bc ffffffff 00000000
kernel32!WaitForSingleObjectEx+0x22
> 0698feb8 08049d2a 000004bc ffffffff 080494b2
kernel32!WaitForSingleObject+0xf
> 0698fec4 080494b2 01543e68 01543e68 0698fefc
jvm!Mutex::wait_for_lock_implementation+0xb
> 0698fed4 08049e98 00000000 0153dfb0 00000000
jvm!Mutex::lock_without_safepoint_check+0x19
> 0698fefc 080559fa 00000001 ffffffff 01543e08 jvm!Monitor::wait+0x72
> 0698ff20 080713eb 01543ab8 015428f0 01546780
jvm!SafepointSynchronize::begin+0xad
> 0698ff70 080711b0 00000000 01546818 0804dcdf jvm!VMThread::loop+0x11b
> 0698ff7c 0804dcdf 0698ffb8 77bc91ed 015428f0 jvm!VMThread::run+0x52
> 0698ff84 77bc91ed 015428f0 00000000 00000000 jvm!_start+0xb
> 0698ffb8 77e4a990 01546780 00000000 00000000 msvcrt!_endthreadex+0x95
> 0698ffec 00000000 77bc917e 01546780 00000000 kernel32!BaseThreadStart+0x34
>
> Here are the registers at the time:
>
> (420.93c): Access violation - code c0000005 (!!! second chance !!!)
> eax=00000000 ebx=00000000 ecx=00000007 edx=7ffe0304 esi=01543e68
edi=0698fe60
> eip=77e417b1 esp=0698fe4c ebp=0698fea8 iopl=0 nv up ei pl zr na po
nc
> cs=001b ss=0023 ds=0023 es=001b fs=003b gs=0000
efl=00010246
> kernel32!WaitForSingleObjectEx+0x22:
> 77e417b1 f3ab rep stosd
es:0698fe60=00000000
>
> Here is a snippet of the WaitForSingleObjectEx call:
>
> kernel32!WaitForSingleObjectEx:
> 77e4178f 6a40 push 0x40
> 77e41791 68e08ee777 push 0x77e78ee0
> 77e41796 e85bffffff call kernel32!_SEH_prolog (77e416f6)
> 77e4179b c745b024000000 mov dword ptr [ebp-0x50],0x24
> 77e417a2 c745b401000000 mov dword ptr [ebp-0x4c],0x1
> 77e417a9 6a07 push 0x7
> 77e417ab 59 pop ecx
> 77e417ac 33c0 xor eax,eax
> 77e417ae 8d7db8 lea edi,[ebp-0x48]
> 77e417b1 f3ab rep stosd
es:0698fe60=00000000
>
> First, I can't find anyone else that is failing at this offset into
WaitForSingleObjectEx. Next, if you look at the registers and memory state,
it seems that the code is trying to clear (eax=0) 7 DWORDs (ecx=7) of memory
starting at edi (0x0698fe60) which is on the stack. It seems rather odd
that it could get an AV for this type of operation.
>
> The exception record shows:
>
> EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
> ExceptionAddress: 77e417b1 (kernel32!WaitForSingleObjectEx+0x00000022)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 00000000
> Parameter[1]: ffffffff
> Attempt to read from address ffffffff
>
> Has anyone ever seen anything like this? Like I said, this only comes up
after stressing our web application (ASP.NET with embedded Java) for 20+
hours. We haven't tried ASP.NET 1.0 hot fix yet, but we'll consider this as
well. The same exact application on Windows 2000 has no problems with this.
>
> Thanks,
> Glenn

Relevant Pages

  • Re: Set Up To Print Book, 2 Sides, L & R Margins Alternate-Pagination
    ... chapter a new section which starts on odd page. ... Printing might be more interesting. ... Place the output stack back in the input hopper ... The result is a duplex stack in the ...
    (microsoft.public.mac.office.word)
  • Re: Manual duplex printing requires each finished page to be flipp
    ... Daiya ... > SIDE B. This means that if you thumbed through the output stack, ... > If I do this all semi-manually (printing just the odd pages and then just ...
    (microsoft.public.word.docmanagement)
  • Re: Manual duplex printing requires each finished page to be flipp
    ... the first sheet in the stack will have PAGE 2 on SIDE A and ... SIDE B. This means that if you thumbed through the output stack, ... If I do this all semi-manually (printing just the odd pages and then just ... > What *is* the sequence of page images that Word is sending to the printer? ...
    (microsoft.public.word.docmanagement)
  • Re: System::String question
    ... I know it looks odd, but you code would work in the following manner ... I will follow up up on why decided to disallow String with stack semantics ... If I create my own ref class and instantiate it with the ... > I just edited the bug report: ...
    (microsoft.public.dotnet.languages.vc)
  • Re: AVR stack problem
    ... > reason it looks like my stack is disabled. ... It appears that your fuse bits are still in compatibility mode i.e. ... certain odd problems arise out of the situation that the AVR ...
    (comp.arch.embedded)