A bug in vtss.sys

142 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

here is the WinDBG output

*** Fatal System Error: 0x00000093
                       (0x0000000000000000,0xFFFFF8A000001910,0x0000000000000000,0x0000000000000001)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x64 target at (Fri Apr 11 17:25:55.409 2014 (UTC - 5:00)), ptr64 TRUE
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols

Loading unloaded module list
..................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 93, {0, fffff8a000001910, 0, 1}

*** ERROR: Module load completed but symbols could not be loaded for vtss.sys
Probably caused by : vtss.sys ( vtss+7ed3 )

Followup: MachineOwner
---------

nt!DbgBreakPointWithStatus:
fffff800`030759f0 cc              int     3
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code (server, redirector, other driver, etc.)
attempts to close a handle that is not a valid handle.
Arguments:
Arg1: 0000000000000000, The handle that NtClose was called with.
Arg2: fffff8a000001910, 
Arg3: 0000000000000000
Arg4: 0000000000000001

Debugging Details:
------------------

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x93

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8000316ea12 to fffff800030759f0

STACK_TEXT:  
fffff880`033a0c78 fffff800`0316ea12 : 00000000`00000000 fffffa80`036c1b50 00000000`00000065 fffff800`030b8878 : nt!DbgBreakPointWithStatus
fffff880`033a0c80 fffff800`0316f7fe : 00000000`00000003 00000000`00000000 fffff800`030b90d0 00000000`00000093 : nt!KiBugCheckDebugBreak+0x12
fffff880`033a0ce0 fffff800`0307dcc4 : 00000000`0000001c fffff980`16cecfe0 00000000`00000000 00000000`00000000 : nt!KeBugCheck2+0x71e
fffff880`033a13b0 fffff800`032dbc9b : 00000000`00000093 00000000`00000000 fffff8a0`00001910 00000000`00000000 : nt!KeBugCheckEx+0x104
fffff880`033a13f0 fffff800`0307ce53 : fffff880`033a1400 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x4d9f4
fffff880`033a14f0 fffff800`03079410 : fffff880`1f2e9ed3 00000000`00000000 00000000`00000035 fffff800`00240024 : nt!KiSystemServiceCopyEnd+0x13
fffff880`033a16f8 fffff880`1f2e9ed3 : 00000000`00000000 00000000`00000035 fffff800`00240024 fffffa80`0871aa30 : nt!KiServiceLinkage
fffff880`033a1700 fffff880`1f2ed088 : 00000000`00000000 fffffa80`08c7eba0 fffff880`033a17d0 00000000`0000001c : vtss+0x7ed3
fffff880`033a1770 fffff800`03468467 : fffffa80`08c7eba0 00000000`00000000 fffff980`16cecfe0 00000000`00000001 : vtss+0xb088
fffff880`033a1860 fffff800`03468865 : 00000000`00000010 00000000`00000000 00000000`00000010 00000000`00010202 : nt!IopLoadDriver+0xa07
fffff880`033a1b30 fffff800`03087261 : 00000000`00000000 ffffffff`80000284 fffff800`03468810 fffffa80`036c1b50 : nt!IopLoadUnloadDriver+0x55
fffff880`033a1b70 fffff800`0331a2ea : 00000000`00000050 fffffa80`036c1b50 00000000`00000080 fffffa80`0363fb30 : nt!ExpWorkerThread+0x111
fffff880`033a1c00 fffff800`0306e8e6 : fffff880`031b4180 fffffa80`036c1b50 fffff880`031befc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033a1c40 00000000`00000000 : fffff880`033a2000 fffff880`0339c000 fffff880`033a0760 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb

FOLLOWUP_IP: 
vtss+7ed3
fffff880`1f2e9ed3 8b442458        mov     eax,dword ptr [rsp+58h]

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  vtss+7ed3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vtss

IMAGE_NAME:  vtss.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  531e3c70

FAILURE_BUCKET_ID:  X64_0x93_VRF_vtss+7ed3

BUCKET_ID:  X64_0x93_VRF_vtss+7ed3

Followup: MachineOwner
---------

0: kd> .reboot
Shutdown occurred at (Fri Apr 11 17:31:47.816 2014 (UTC - 5:00))...unloading all symbol tables.
Waiting to reconnect...
Connected to Windows 7 7601 x64 target at (Fri Apr 11 17:32:08.059 2014 (UTC - 5:00)), ptr64 TRUE

I have reported this to our developer, thank you. Is it possible that you can upload dump file for investigating?

Quote:

Marián "VooDooMan" Meravý wrote:

@iliyapolak

You don't need to verbatim copy my posts, to earn the points.

@Marian

I am quite satisfied with my total number of points so I  really do not need to copy your posts.

My intention is to help solving that dreaded BSOD  problem which plagues VTune users.

Is that so hard to understand?

 

@Peter

If this is the same BSOD which was solved by lowering IRQL I suppose that some other kernel module could raise IRQL to level 0x2 right before that function call which caused kernel BugCheck.

 

@Peter

After applying update 16 to the VTune I still cannot use VS 2013 debugger.

Hi, I upgraded my system from win7 64 to win 8 64 a week ago, therefore I reinstalled Vtune and upgraded to the latest version.

Sadly, the BSOD happened again in win 8, mm...BSOD might be an error term in win 8 now though :P

Anyway, with win 8 I can have a crash dump now (still dunno why my win 7 failed to generate crash dump, it's in past anyway)

 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800818dc945, Address of the exception record for the exception that caused the bugcheck
Arg3: ffffd0002acadec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx

FAULTING_IP:
vtss+d945
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13

CONTEXT:  ffffd0002acadec0 -- (.cxr 0xffffd0002acadec0)
rax=0000000001130000 rbx=00000000004a0025 rcx=fffff80086b17cc5
rdx=0000000000080004 rsi=fffff80086b17cc5 rdi=fffff800818cf000
rip=fffff800818dc945 rsp=ffffd0002acae8f0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000001
r11=ffffd0002acae960 r12=00000000000074c2 r13=0000000000000000
r14=0000000000080004 r15=0000000000000286
iopl=0         nv up di pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010006
vtss+0xd945:
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  LastPassBroker

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 000800040001d308 to fffff800818dc945

STACK_TEXT: 
ffffd000`2acae8f0 00080004`0001d308 : ffffd000`2acaf000 ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 : vtss+0xd945
ffffd000`2acae8f8 ffffd000`2acaf000 : ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 00000000`00000fff : 0x80004`0001d308
ffffd000`2acae900 ffffd000`2aca9000 : 00000000`087c0000 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 : 0xffffd000`2acaf000
ffffd000`2acae908 00000000`087c0000 : 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 : 0xffffd000`2aca9000
ffffd000`2acae910 00000000`087bc000 : 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 : 0x87c0000
ffffd000`2acae918 00000000`00000fff : 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 fffff800`40c8601c : 0x87bc000
ffffd000`2acae920 00000000`00e0fdf0 : 00000000`7e92d000 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 : 0xfff
ffffd000`2acae928 00000000`7e92d000 : 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 : 0xe0fdf0
ffffd000`2acae930 00020508`00000000 : fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 00000000`0000003f : 0x7e92d000
ffffd000`2acae938 fffff800`40c8601c : ffffd000`2acae8f0 00000000`00000048 00000000`0000003f ffffe001`eff93080 : 0x20508`00000000
ffffd000`2acae940 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x6c

FOLLOWUP_IP:
vtss+d945
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  vtss+d945

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vtss

IMAGE_NAME:  vtss.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5379c90e

STACK_COMMAND:  .cxr 0xffffd0002acadec0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_vtss+d945

BUCKET_ID:  X64_0x3B_vtss+d945

Followup: MachineOwner
---------

 

@James H

Thanks for your report. I have escalated your data to our engineering team, will update if any progress.

@James

Do you have debug symbols installed?

Regarding the BSOD it seems that this is access violation exception in kernel mode. Such a exception will always cause a BSOD while offending code is running inside the kernel. This Bugcheck could be also related to transition between user - kernel mode code.

Can you decode this address 00000000`7e92d000  by using !address command?

mov     qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????

 

@Peter

I thought about possible workaround. It can be for example insertion of  function call to ProbeForRead() routine right before the faulting IP.

Can you pass this advise to the development team?

Thank you.

iliyapolak

I have transferred your opinion to developer.  

@Peter

Thanks. Hope it will help:)

@ James H

Our developer said, "it looks like accessing unmapped memory beyond user stack. Is it possible to get the driver binary from the user who reported the problem? Or get the exact build number of his Amplifier, so that I can fetch both the driver binary and PDB file from our repository here?"

Thanks for your support!

@Peter

Was inserting call to ProbeForRead helpful? Because it seems that user memory access by kernel mode caused the BSOD.

@ iliyapolak

The developer is asking for driver binary, pdb with VTune build number. I has sent your question again.

Will get back to you if I get any update.

Ok thanks:)

I have put vtss.sys in the following
https://mega.co.nz/#F!ZtY2DToC!P5WebpDyNsCYgDvGMjYA6g

@iliyapolak

Thanks for your understanding:-) 

First at all, we check how it happened that we detect user stack borders incorrectly...

@James H

I would like to hear from you, and look forward to get info - I posted on 06/03/2014 - 20:40

It will be helpful to diagnose the problem, otherwise I only hope others to report this problem again with solid data, then our developer can investigate.

Thanks, Peter

@Peter

It is OK.

@ James H,

I cannot find files under https://mega.co.nz/#F!ZtY2DToC!P5WebpDyNsCYgDvGMjYA6g, please check.

vtss.sys is not big one, you can upload it onto this tread if you like. Thank you.

sorry, was busy with other project

==================

2: kd> .cxr 0xffffd0002acadec0
rax=0000000001130000 rbx=00000000004a0025 rcx=fffff80086b17cc5
rdx=0000000000080004 rsi=fffff80086b17cc5 rdi=fffff800818cf000
rip=fffff800818dc945 rsp=ffffd0002acae8f0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000001
r11=ffffd0002acae960 r12=00000000000074c2 r13=0000000000000000
r14=0000000000080004 r15=0000000000000286
iopl=0         nv up di pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010006
vtss+0xd945:
fffff800`818dc945 4c896808        mov     qword ptr [rax+8],r13 ds:002b:00000000`01130008=????????????????
2: kd> kb
  *** Stack trace for last set context - .thread/.cxr resets it
RetAddr           : Args to Child                                                           : Call Site
00080004`0001d308 : ffffd000`2acaf000 ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 : vtss+0xd945
ffffd000`2acaf000 : ffffd000`2aca9000 00000000`087c0000 00000000`087bc000 00000000`00000fff : 0x80004`0001d308
ffffd000`2aca9000 : 00000000`087c0000 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 : 0xffffd000`2acaf000
00000000`087c0000 : 00000000`087bc000 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 : 0xffffd000`2aca9000
00000000`087bc000 : 00000000`00000fff 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 : 0x87c0000
00000000`00000fff : 00000000`00e0fdf0 00000000`7e92d000 00020508`00000000 fffff800`40c8601c : 0x87bc000
00000000`00e0fdf0 : 00000000`7e92d000 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 : 0xfff
00000000`7e92d000 : 00020508`00000000 fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 : 0xe0fdf0
00020508`00000000 : fffff800`40c8601c ffffd000`2acae8f0 00000000`00000048 00000000`0000003f : 0x7e92d000
fffff800`40c8601c : ffffd000`2acae8f0 00000000`00000048 00000000`0000003f ffffe001`eff93080 : 0x20508`00000000
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpRemoveObjectRoutine+0x6c
2: kd> ub
vtss+0xd919:
fffff800`818dc919 c7843ba48cda0401000000 mov dword ptr [rbx+rdi+4DA8CA4h],1
fffff800`818dc924 eb12            jmp     vtss+0xd938 (fffff800`818dc938)
fffff800`818dc926 4439ac3ba48cda04 cmp     dword ptr [rbx+rdi+4DA8CA4h],r13d
fffff800`818dc92e 7419            je      vtss+0xd949 (fffff800`818dc949)
fffff800`818dc930 4489ac3ba48cda04 mov     dword ptr [rbx+rdi+4DA8CA4h],r13d
fffff800`818dc938 488b843bb98cda04 mov     rax,qword ptr [rbx+rdi+4DA8CB9h]
fffff800`818dc940 493bc5          cmp     rax,r13
fffff800`818dc943 7404            je      vtss+0xd949 (fffff800`818dc949)
2: kd> !address 00000000`7e92d000
unable to resolve nt!MiSessionViewStart

 

Attachments: 

AttachmentSize
Download vtss.zip50.33 KB

@James

Can you upload full kernel mode crash dump?

i only have 2 minidumps before I rename it so that it won't load to crash my system

Attachments: 

AttachmentSize
Download 060614-58265-01.zip75.54 KB

Ok thanks.

I will look at them.

I can report that this driver is still a problem with the Parallel Studio XE 2015 release. VTSS.sys crashed my system a number of times with a BSOD, while I was not even using the Intel tools.

Can you post BSOD minidump files?

Also please run "amplxe-feedback -create-bug-report <report archive>", and post zipped log file for investigating. Thank you.

Have you tried VTune(TM) Amplifier XE 2015 Update 1? 

@marcel

Do you have any updates on your issue?

Same issue on Windows 8, 64-bit with "Intel VTune Amplifier XE 2015" installed.  I randomly blue screen via vtss.sys

Is there an ETA on when this will be fixed?

Not sure whether the problem still persists on VTune(TM) Amplifier XE 2015 Update 2.

Are there other users who work on Windows 8, 64-bit and have sane issue, with Update 2?

@Tronster

Is the BSOD code the same as in previous versions of Windows?

@Peter

I am running Intel Vtune Amplifier XE 2015 Update 2 (license) on Windows Server 2012 r2 64-bit. I just had BSOD when I tried to collect advanced hotspots analysis with Hotspots, call counts, stack and context switches, CPU sampling interval, ms by 1. It happened twice when I tried twice. I am afraid that it would happen every time if I keep trying. It works o.k. with basic hotspots and concurrency. I may not be able to upload the dump file to this site.

@Steve

This was a known issue about vtune drivers conflict on Windows* 8, thank you of reporting this on Windows Sever 2012.

Basic hotspots should have no problem since there is no vtune drivers used.

You may check if no stack sampling, call counts used - it still has this BSOD? If you change sample interval ms to 10, what happens? I just want to reduce time cost on ISR (interrupt service routine).

@Steve

What is the BSOD code?

@Peter

I tried to collect Advanced Hotspots with "Hotspots", 10 ms sampling, it's o.k. However, it crashed when using "Hotspots, call stack and context switches" at 10 ms sampling. The attached file vtuneBSOD_Stack.PNG is the BSOD's information for this crash. The 2nd attachment vtuneBSOD_Count.PNG is BSOD's information for yesterday's crash with "Hotspots, call counts, stacks and context switches" option.

Attachments: 

AttachmentSize
Download vtuneBSOD_Stack.PNG14.48 KB
Download vtuneBSOD_Count.PNG14.49 KB

@ steve z

Thank you for this update. That was why I asked to change sample interval to bigger, and don't use stack sampling or stack sampling with call counts.

I also reported this to engineering.  

First BSOD "vtuneBSOD_Stack" was probably casued by prolonged execution of VTune ISR/DPC routine.

Second BSOD was probably caused by corrupting some important kernel structure "GDT"?

Hi all,

I am using "Intel VTune Amplifier XE 2015 Update 3" (installed as part of "Intel Parallel Studio XE 2015 Update 3 Professional Edition") and I am seeing a similar issue.

It crashes sporadically when just using the computer for normal office usage ... sometimes even when not doing something with the comuter but just looking at the screen.

System Configuration:

- Windows 7 SP1 64bit with all current updates and security fixes installed
- Dell Precision T3610
- Intel Xeon E5-1650 v2
- 48 GB RAM

Thanks for your help in advance!

Attachments: 

Thank you for data. Currently please don't use stack sampling with/without call counts, as a workaround (I hope).

@Peter: thanks a lot for your quick answer but somehow I don't understand how this could help in my case as the crash does not happen during working with VTune but when doing something else (normal office work). Did I get something wrong?

>>.thanks a lot for your quick answer but somehow I don't understand how this could help in my case as the crash does not happen during working with VTune but when doing something else (normal office work).>>>

Probably vtss.sys is still loaded and still is causing indirectly PageFault. What is interesting that vtss.sys runs in the context of BrokerAgent.exe process.

I would like to advise you simply kiling BrokerAgent process and observer what will happen.

 

It seems that BrokerAgent.exe is Citrix program so in your case simply vtss.sys triggered BSOD while running in context of BrokerAgent.exe unless there was some interaction between vtss.sys and aferomentioned program. In such a case on the call stack of BrokerAgent.exe sholud exist and leftovers from calling vtss.sys.

Pages

Leave a Comment

Please sign in to add a comment. Not a member? Join today