We Keep Coding

Analysis of application crash dump

I'm trying to analyze why an application is crashing on startup on a Windows 2k8R2 terminalserver with Citrix XenApp 6.5.
I created a crashdump and tried to analyze it with WinDbg but I'm not a developer so I do not realy understand what's going wrong.
The dump: http://ul.to/sesqjqws
This is what I got with WinDbg:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [N:\Shares\Datenaustausch\Kaufmann\atris.exe.21728.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: SRV*C:\SYMBOLS*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer
Machine Name:
Debug session time: Wed Jul 17 10:51:39.000 2013 (UTC + 2:00)
System Uptime: 0 days 8:18:13.644
Process Uptime: 0 days 0:00:08.000
................................................................
................
Loading unloaded module list
.................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(54e0.2e54): Access violation - code c0000005 (first/second chance not available)
eax=00000070 ebx=038a0000 ecx=00000007 edx=00000000 esi=038a007c edi=0000008c
eip=77b3eb2a esp=00091000 ebp=00091010 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
ntdll!ULongLongToULong+0x2:
77b3eb2a 55 push ebp
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for atris.exe -
FAULTING_IP:
ntdll!ULongLongToULong+2
77b3eb2a 55 push ebp
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77b3eb2a (ntdll!ULongLongToULong+0x00000002)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00090ffc
Attempt to write to address 00090ffc
DEFAULT_BUCKET_ID: INVALID_STACK_ACCESS
PROCESS_NAME: atris.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00090ffc
WRITE_ADDRESS: 00090ffc
FOLLOWUP_IP:
msvcr80!_decode_pointer+3f
74742c18 8bf0 mov esi,eax
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 00002e54
PRIMARY_PROBLEM_CLASS: INVALID_STACK_ACCESS
BUGCHECK_STR: APPLICATION_FAULT_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 77b3eb8e to 77b3eb2a
STACK_TEXT:
00090ffc 77b3eb8e 00000070 00000000 0009101c ntdll!ULongLongToULong+0x2
00091010 77b3e900 0000008c 00000007 00000010 ntdll!ARRAY_FITS+0x16
0009104c 77b3e9f6 0000077c 00000007 00000002 ntdll!RtlpLocateActivationContextSection+0x126
0009107c 77b3eb12 000910b8 000910dc 000910e0 ntdll!RtlpFindNextActivationContextSection+0x64
00091094 77b3ed19 000910b8 000910dc 000910e0 ntdll!RtlpFindFirstActivationContextSection+0x41
000910e8 77b3f3df 00000003 00000000 00000002 ntdll!RtlFindActivationContextSectionString+0x91
000911a4 77b3f1aa 00000000 00000000 00091390 ntdll!AitFireParentUsageEvent+0x772
00091300 77b3faf6 00000001 00091554 77b3fa84 ntdll!RtlDosApplyFileIsolationRedirection_Ustr+0x23e
00091340 77b3fe2a 00000000 00091554 77b3fa84 ntdll!LdrpApplyFileNameRedirection+0x128
000914c8 77b3fd2f 00000001 00000001 00000000 ntdll!LdrGetDllHandleEx+0x139
000914e4 75a51a35 00000001 00000000 00091554 ntdll!LdrGetDllHandle+0x18
00091538 75a51c49 00091554 0ce8dfd7 00000057 KERNELBASE!GetModuleHandleForUnicodeString+0x22
000919b0 75a51d44 00000001 00000002 030dad10 KERNELBASE!BasepGetModuleHandleExW+0x181
000919c8 75a52ea1 030dad10 76e711e0 001a0018 KERNELBASE!GetModuleHandleW+0x29
000919e0 74742c18 747a49ec 00000000 74742c89 KERNELBASE!GetModuleHandleA+0x34
000919ec 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x3f
000919f8 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091a08 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091a0c 7474182c 00000001 74742b11 00091a2c msvcr80!_errno+0x5
00091a14 74742b11 00091a2c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091a30 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091a38 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091a44 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091a54 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091a58 7474182c 00000001 74742b11 00091a78 msvcr80!_errno+0x5
00091a60 74742b11 00091a78 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091a7c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091a84 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091a90 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091aa0 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091aa4 7474182c 00000001 74742b11 00091ac4 msvcr80!_errno+0x5
00091aac 74742b11 00091ac4 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091ac8 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091ad0 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091adc 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091aec 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091af0 7474182c 00000001 74742b11 00091b10 msvcr80!_errno+0x5
00091af8 74742b11 00091b10 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091b14 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091b1c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091b28 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091b38 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091b3c 7474182c 00000001 74742b11 00091b5c msvcr80!_errno+0x5
00091b44 74742b11 00091b5c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091b60 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091b68 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091b74 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091b84 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091b88 7474182c 00000001 74742b11 00091ba8 msvcr80!_errno+0x5
00091b90 74742b11 00091ba8 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091bac 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091bb4 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091bc0 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091bd0 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091bd4 7474182c 00000001 74742b11 00091bf4 msvcr80!_errno+0x5
00091bdc 74742b11 00091bf4 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091bf8 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091c00 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091c0c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091c1c 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091c20 7474182c 00000001 74742b11 00091c40 msvcr80!_errno+0x5
00091c28 74742b11 00091c40 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091c44 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091c4c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091c58 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091c68 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091c6c 7474182c 00000001 74742b11 00091c8c msvcr80!_errno+0x5
00091c74 74742b11 00091c8c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091c90 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091c98 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091ca4 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091cb4 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091cb8 7474182c 00000001 74742b11 00091cd8 msvcr80!_errno+0x5
00091cc0 74742b11 00091cd8 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091cdc 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091ce4 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091cf0 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091d00 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091d04 7474182c 00000001 74742b11 00091d24 msvcr80!_errno+0x5
00091d0c 74742b11 00091d24 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091d28 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091d30 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091d3c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091d4c 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091d50 7474182c 00000001 74742b11 00091d70 msvcr80!_errno+0x5
00091d58 74742b11 00091d70 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091d74 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091d7c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091d88 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091d98 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091d9c 7474182c 00000001 74742b11 00091dbc msvcr80!_errno+0x5
00091da4 74742b11 00091dbc 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091dc0 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091dc8 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091dd4 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091de4 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091de8 7474182c 00000001 74742b11 00091e08 msvcr80!_errno+0x5
00091df0 74742b11 00091e08 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091e0c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091e14 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091e20 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091e30 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091e34 7474182c 00000001 74742b11 00091e54 msvcr80!_errno+0x5
00091e3c 74742b11 00091e54 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091e58 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091e60 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091e6c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091e7c 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091e80 7474182c 00000001 74742b11 00091ea0 msvcr80!_errno+0x5
00091e88 74742b11 00091ea0 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091ea4 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091eac 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091eb8 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091ec8 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091ecc 7474182c 00000001 74742b11 00091eec msvcr80!_errno+0x5
00091ed4 74742b11 00091eec 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091ef0 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091ef8 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091f04 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091f14 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091f18 7474182c 00000001 74742b11 00091f38 msvcr80!_errno+0x5
00091f20 74742b11 00091f38 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091f3c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091f44 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091f50 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091f60 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091f64 7474182c 00000001 74742b11 00091f84 msvcr80!_errno+0x5
00091f6c 74742b11 00091f84 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091f88 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091f90 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091f9c 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091fac 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091fb0 7474182c 00000001 74742b11 00091fd0 msvcr80!_errno+0x5
00091fb8 74742b11 00091fd0 76e60000 00000000 msvcr80!_get_winmajor+0x10
00091fd4 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00091fdc 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00091fe8 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00091ff8 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00091ffc 7474182c 00000001 74742b11 0009201c msvcr80!_errno+0x5
00092004 74742b11 0009201c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00092020 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00092028 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092034 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092044 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00092048 7474182c 00000001 74742b11 00092068 msvcr80!_errno+0x5
00092050 74742b11 00092068 76e60000 00000000 msvcr80!_get_winmajor+0x10
0009206c 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00092074 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092080 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092090 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
00092094 7474182c 00000001 74742b11 000920b4 msvcr80!_errno+0x5
0009209c 74742b11 000920b4 76e60000 00000000 msvcr80!_get_winmajor+0x10
000920b8 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
000920c0 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
000920cc 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
000920dc 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
000920e0 7474182c 00000001 74742b11 00092100 msvcr80!_errno+0x5
000920e8 74742b11 00092100 76e60000 00000000 msvcr80!_get_winmajor+0x10
00092104 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
0009210c 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092118 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092128 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0x15
0009212c 7474182c 00000001 74742b11 0009214c msvcr80!_errno+0x5
00092134 74742b11 0009214c 76e60000 00000000 msvcr80!_get_winmajor+0x10
00092150 74742c23 00000000 74742c89 00000000 msvcr80!_beginthreadex+0xc9
00092158 74742c89 00000000 00000000 74742dc7 msvcr80!_decode_pointer+0x4a
00092164 74742dc7 ffffffff 00000057 00000000 msvcr80!__set_flsgetvalue+0x1e
00092174 74744351 7474182c 00000001 74742b11 msvcr80!_getptd_noexit+0
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: f
SYMBOL_NAME: msvcr80!_decode_pointer+3f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr80
IMAGE_NAME: msvcr80.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ca2b271
FAILURE_BUCKET_ID: INVALID_STACK_ACCESS_c0000005_msvcr80.dll!_decode_pointer
BUCKET_ID: APPLICATION_FAULT_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE_msvcr80!_decode_pointer+3f
Followup: MachineOwner
---------
0:000> lmvm msvcr80
start end module name
74740000 747db000 msvcr80 (pdb symbols) c:\symbols\msvcr80.i386.pdb\769BC0A2E0054674A3F542BCBBD95BA81\msvcr80.i386.pdb
Loaded symbol image file: msvcr80.dll
Image path: C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
Image name: msvcr80.dll
Timestamp: Wed Sep 29 05:28:49 2010 (4CA2B271)
CheckSum: 000A606B
ImageSize: 0009B000
File version: 8.0.50727.4940
Product version: 8.0.50727.4940
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Visual Studio® 2005
InternalName: MSVCR80.DLL
OriginalFilename: MSVCR80.DLL
ProductVersion: 8.00.50727.4940
FileVersion: 8.00.50727.4940
FileDescription: Microsoft® C Runtime Library
LegalCopyright: © Microsoft Corporation. All rights reserved.

On a quick analysis, as clear from the stack trace the crash is happening during switch to function ntdll!ULongLongToULong. 'push ebp' fails when it tries to place ebp value in the stack, the reason being the stack has got corrupted\exhausted. Stack corruption is trickier to crack. If you suspect there is no issue with atris.exe app, try increasing the default stack limit for this app. If it still fails, then you got to live debug it out. I have got below analysis from my windbg. Keep break point in function atris!QuantifySaveData and try step by step debugging to see, when it runs out stack and crashes.
FAULTING_IP:
ntdll!ULongLongToULong+2 [e:\obj.x86fre\minkernel\published\base\objfre\i386\intsafe.h # 5610]
77b3eb2a 55 push ebp
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77b3eb2a (ntdll!ULongLongToULong+0x00000002)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00090ffc
Attempt to write to address 00090ffc
CONTEXT: 00000000 -- (.cxr 0x0;r)
eax=00000070 ebx=038a0000 ecx=00000007 edx=00000000 esi=038a007c edi=0000008c
eip=77b3eb2a esp=00091000 ebp=00091010 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
ntdll!ULongLongToULong+0x2:
77b3eb2a 55 push ebp
DEFAULT_BUCKET_ID: STACK_CORRUPTION
PROCESS_NAME: atris.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00090ffc
WRITE_ADDRESS: 00090ffc
FOLLOWUP_IP:
ntdll!ULongLongToULong+2 [e:\obj.x86fre\minkernel\published\base\objfre\i386\intsafe.h # 5610]
77b3eb2a 55 push ebp
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: atris.exe
ANALYSIS_VERSION: 6.13.0015.1825 (debuggers(dbg).130504-0129) x86fre
FAULTING_THREAD: 00002e54
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 77b3eb8e to 77b3eb2a
PRIMARY_PROBLEM_CLASS: STACK_CORRUPTION
BUGCHECK_STR: APPLICATION_FAULT_STACK_CORRUPTION_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE
STACK_TEXT:
00091000 77b3eb8e ntdll!ARRAY_FITS+0x16
00091014 77b3e900 ntdll!RtlpLocateActivationContextSection+0x126
00091038 77b3ec62 ntdll!bsearch+0x70
00091044 77b3eba1 ntdll!ARRAY_FITS+0x2d
00091050 77b3e9f6 ntdll!RtlpFindNextActivationContextSection+0x64
00091080 77b3eb12 ntdll!RtlpFindFirstActivationContextSection+0x41
00091098 77b3ed19 ntdll!RtlFindActivationContextSectionString+0x91
000910ec 77b3f3df ntdll!sxsisol_SearchActCtxForDllName+0x90
00091154 77b3f442 ntdll!sxsisol_SearchActCtxForDllName+0x1ab
000911a0 7600311b shell32!_GUID_70577d41_432e_45c1_9245_816af8da9136+0xf
000911a8 77b3f1aa ntdll!RtlDosApplyFileIsolationRedirection_Ustr+0x23e
000911c8 00800000 atris!QuantifySaveData+0x373ff0
000912e8 77b3fb2e ntdll!ApiSetResolveToHost+0x28
000912f0 77b3fb48 ntdll!`string'+0x0
000912fc 760033bf shell32![thunk]:CResultSetManager::AddRef`adjustor{60}'+0x8
00091304 77b3faf6 ntdll!LdrpApplyFileNameRedirection+0x128
00091344 77b3fe2a ntdll!LdrGetDllHandleEx+0x139
00091380 77b3fa84 ntdll!LdrpDefaultExtension+0x0
000913a8 77b3e1b2 ntdll!zzz_AsmCodeRange_End+0x0
000913b0 760035ab shell32!CResultSetManager::~CResultSetManager+0x4d
000913fc 760035df shell32!CResultSetManager::~CResultSetManager+0x81
00091448 76003513 shell32!CResultSetManager::Release+0x1a
00091478 77c101a0 ntdll!LdrpDefaultPath+0x0
0009148c 01b3e1b2 atris!QuantifySaveData+0x16b21a2
00091490 77b40000 ntdll!LdrGetDllHandleEx+0x324
00091494 76003547 shell32!CResultSetManager::`scalar deleting destructor'+0xf
0009149c 77b3fd17 ntdll!LdrGetDllHandle+0x0
000914ac 76003477 shell32!CItem::~CItem+0x28
000914e8 75a51a35 kernelbase!GetModuleHandleForUnicodeString+0x22
0009150c 01ba9a3f atris!QuantifySaveData+0x171da2f
00091514 77b40078 ntdll!LdrGetDllHandleEx+0x451
00091518 77b3fd2f ntdll!LdrGetDllHandle+0x18
0009153c 75a51c49 kernelbase!BasepGetModuleHandleExW+0x181
00091820 02080000 atris!QuantifySaveData+0x1bf3ff0
00091830 75a51ac0 kernelbase!GetModuleHandleForUnicodeString+0xad
00091834 75a7737e kernelbase!__SEH_epilog4_GS+0xa
00091864 76003857 shell32!CResultSetManager::s_ClearSetInfo+0x58
00091884 75a51cfb kernelbase!BasepGetModuleHandleExW+0x233
000918b0 7600398b shell32!ShouldSuppressGrouping+0x26
000918fc 7600393f shell32!ILCompareHiddenStackData+0x76
00091948 76003973 shell32!ShouldSuppressGrouping+0xe
00091964 77b3e752 ntdll!RtlAnsiStringToUnicodeString+0x97
00091978 77b3e785 ntdll!RtlAnsiStringToUnicodeString+0xf2
0009197c 76003913 shell32![thunk]:CDefView::Release`adjustor{92}'+0x9
000919b4 75a51d44 kernelbase!GetModuleHandleW+0x29
000919cc 75a52ea1 kernelbase!GetModuleHandleA+0x34
000919d4 76e711e0 kernel32!TlsGetValueStub+0x0
000919e4 74742c18 msvcr80!_decode_pointer+0x3f
000919e8 747a49ec msvcr80!`string'+0x0
0018f054 74742c23 msvcr80!_decode_pointer+0x4a
0018f05c 74742c89 msvcr80!__set_flsgetvalue+0x1e
0018f068 74742dc7 msvcr80!_getptd_noexit+0x15
0018f078 74744351 msvcr80!_errno+0x5
0018f07c 7474182c msvcr80!_get_winmajor+0x10
0018f084 74742b11 msvcr80!_use_encode_pointer+0x1b
0018f09c 77b3e046 ntdll!RtlAllocateHeap+0x0
0018f0a0 74742bac msvcr80!_encode_pointer+0x4a
0018f0a8 74742bd7 msvcr80!_encoded_null+0x7
0018f0b0 747410de msvcr80!_set_error_mode+0x5
0018f0b4 74741c91 msvcr80!_FF_MSGBANNER+0x7
0018f0bc 74744d31 msvcr80!malloc+0x28
0018f0cc 76e71484 kernel32!InterlockedCompareExchangeStub+0x0
0018f0d0 7474474a msvcr80!_malloc_crt+0xd
0018f0d8 72b0e440 ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x6460
0018f0e0 72af4e19 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x329
0018f0e8 72b0a1d0 ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x21f0
0018f0ec 74741762 msvcr80!_initterm_e+0x15
0018f0f4 72af4efe ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x40e
0018f0f8 72b0a1cc ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x21ec
0018f0fc 72b0a1d4 ctxwsapi!CtxWSVirtualChannelSupportsShadow+0x21f4
0018f110 72af5084 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x594
0018f144 72af553d ctxwsapi!CtxWSAppKilledNotifyPrivileged+0xa4d
0018f154 72af5150 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x660
0018f184 72af0000 ctxwsapi+0x0
0018f1e0 77b4da1b ntdll!LdrpHandleTlsData+0x2f
0018f1e4 68590000 sehook20+0x0
0018f1f0 77b4da2d ntdll!LdrpHandleTlsData+0x323
0018f1f4 7611d2d3 shell32!CUndoManager::GetOpenParentState+0x49
0018f23c 72af5133 ctxwsapi!CtxWSAppKilledNotifyPrivileged+0x643
0018f250 00b4bc9e atris!QuantifySaveData+0x6bfc8e
0018f270 77b4d78c ntdll!LdrpLoadDll+0x4d1
0018f284 77b329ba ntdll! ?? ::FNODOBFM::`string'+0x0
0018f2ac 010db390 atris!QuantifySaveData+0xc4f380
0018f2c4 758f18a3 imm32!CtfImmTIMActivate+0x32
0018f2e4 7595b546 user32!ImeSystemHandler+0x2a6
0018f374 75a76fd0 kernelbase!_except_handler4+0x0
0018f380 75a55a0b kernelbase!LocalAlloc+0x19a
0018f390 7595cfef user32!RealDefWindowProcA+0x4a
0018f394 75a5e949 kernelbase!BasepIncInstanceRefCount+0x1e
0018f398 75a81810 kernelbase!DllSearchPath+0x10
0018f3a4 75a81800 kernelbase!DllSearchPath+0x0
0018f3b4 75a5eac2 kernelbase!BaseEndReadingCache+0x3a
0018f3b8 77b74393 ntdll!RtlWow64EnableFsRedirectionEx+0x70
0018f3bc 7611d367 shell32!CEnumOleUndoUnit::Skip+0x12
0018f3d0 01ba9dbf atris!QuantifySaveData+0x171ddaf
0018f3dc 77b4c4d5 ntdll!LdrLoadDll+0xaa
0018f3f8 77b47d93 ntdll!RtlInitUnicodeStringEx+0x0
0018f414 75a52c95 kernelbase!LoadLibraryExW+0x1f1
0018f450 7595aac3 user32!__ClientLoadLibrary+0x66
0018f590 77b2010a ntdll!KiUserCallbackDispatcher+0x2e
0018f5a0 77b20070 ntdll!KiUserCallbackExceptionHandler+0x0
0018f5bc 00680066 atris!QuantifySaveData+0x1f4056
0018f5cc 7595a95d user32!NtUserCreateWindowEx+0x15
0018f5d0 7595a8e8 user32!VerNtUserCreateWindowEx+0x1a9
0018f690 77b438be ntdll!RtlpFreeHeap+0xbb1
0018f69c 7611d7c3 shell32!CEnumOleUndoUnit::Next+0x35
0018f6e4 02000002 atris!QuantifySaveData+0x1b73ff2
0018f724 77b43c94 ntdll!RtlpAllocateHeap+0xab2
0018f72c 7611d743 shell32!_GUID_df7b49a5_e292_4b38_b6df_bb4b621e7282+0x3
0018f754 01000001 atris!QuantifySaveData+0xb73ff1
0018f760 01010000 atris!QuantifySaveData+0xb83ff0
0018f774 01bae8ef atris!QuantifySaveData+0x17228df
0018f77c 77b4389a ntdll!RtlpFreeHeap+0xb7a
0018f780 77b43492 ntdll!RtlFreeHeap+0x142
0018f7e0 01000000 atris!QuantifySaveData+0xb73ff0
0018f7f4 01bae8cf atris!QuantifySaveData+0x17228bf
0018f7fc 77b43cc3 ntdll!RtlpAllocateHeap+0xe73
0018f800 77b43cee ntdll!RtlAllocateHeap+0x23a
0018f850 01baee67 atris!QuantifySaveData+0x1722e57
0018f858 77b3f55e ntdll!RtlImageNtHeaderEx+0x117
0018f85c 77b4319f ntdll!RtlImageNtHeader+0x1b
0018f864 00400000 atris+0x0
0018f87c 7595aa3c user32!_CreateWindowEx+0x210
0018f8d0 01baf2e7 atris!QuantifySaveData+0x17232d7
0018f8d8 77b3e38c ntdll!RtlpLowFragHeapAllocFromContext+0xaec
0018f8dc 77b3e0f2 ntdll!RtlAllocateHeap+0x206
0018f900 77b32260 ntdll!RtlLeaveCriticalSection+0x0
0018f904 50008f45 gwbase!GwMemoryPool::allocate+0x5e
0018f930 7595d261 user32!CreateWindowExA+0x33
0018f96c 50168de1 gwcore!GwGritSync::GwGritSync+0x6f
0018f9ac 50168e42 gwcore!GwGritSync::wnd_proc+0x0
0018f9cc 502280a8 gwcore!gwtogitm_atom_tab+0x1b8
0018f9d0 50230438 gwcore!GwDDE::dde_sync+0x0
0018f9d8 501a6166 gwcore!GwDDEerror_message+0x2f2
0018f9dc 5022424c gwcore!GwDDE_Client::`vftable'+0x5cfe8
0018f9e0 501a4969 gwcore!GwDDESync::operator=+0x67
0018f9e4 754cc167 msvcrt!_initterm+0x13
0018f9f0 501a7b99 gwcore!GwDDEerror_message+0x1d25
0018f9f4 50224000 gwcore!GwDDE_Client::`vftable'+0x5cd9c
0018f9f8 50224254 gwcore!GwDDE_Client::`vftable'+0x5cff0
0018fa00 501a7c51 gwcore!GwDDEerror_message+0x1ddd
0018fa20 77b49950 ntdll!zzz_AsmCodeRange_End+0x0
0018fa40 77b4d8c9 ntdll!LdrpRunInitializeRoutines+0x26f
0018fa48 50100000 gwcore+0x0
0018fa54 7611db8f shell32!CCommonParentUndoUnit::GetMarshalSizeMax+0x76
0018fa64 77b4c913 ntdll!SbUpdateSwitchContextBasedOnDll+0x267
0018fa68 77b4ea4b ntdll!LdrpHandleOneOldFormatImportDescriptor+0x11d
0018fa7c 77b4c95c ntdll!SbSupportedOsList+0x1c
0018fa88 77b4c940 ntdll!SbSupportedOsList+0x0
0018faa8 77b4df9d ntdll!LdrpProcessStaticImports+0x2b4
0018fab0 77b4dfc4 ntdll!LdrpProcessStaticImports+0x2d0
0018fab4 77b4dfb4 ntdll!LdrpProcessStaticImports+0x1ab
0018fab8 7611db93 shell32!CCommonParentUndoUnit::GetMarshalSizeMax+0x7a
0018fac0 77b566bc ntdll!Kernel32DllName+0x0
0018fae4 77b4d8a8 ntdll!LdrpRunInitializeRoutines+0x24b
0018fb00 501a7c00 gwcore!GwDDEerror_message+0x1d8c
0018fb28 01ba9e0f atris!QuantifySaveData+0x171ddff
0018fb34 77b5681c ntdll!LdrpInitializeProcess+0x1400
0018fb44 77c1206c ntdll!LdrpProcessInitialized+0x0
0018fbc4 77b55838 ntdll!KnownDllPathString+0x0
0018fbd8 77b33cbe ntdll! ?? ::FNODOBFM::`string'+0x0
0018fbe4 77b100d8 ntdll!CsrPortMemoryRemoteDelta+0x0
0018fbfc 76e60000 kernel32!ConsolePortHeap+0x0
0018fc20 0208001c atris!QuantifySaveData+0x1bf400c
0018fc40 00400118 atris+0x118
0018fcac 7611dc0f shell32!CCommonParentUndoUnit::MarshalInterface+0x45
0018fcb4 77b552d6 ntdll!_LdrpInitialize+0x78
0018fcc0 7611ddbf shell32!CEnumOleUndoUnit::Release+0x23
0018fce4 77c12088 ntdll!__security_cookie+0x0
0018fcf4 77b871d5 ntdll!_except_handler4+0x0
0018fcf8 01ba9e2f atris!QuantifySaveData+0x171de1f
0018fd04 77b49e79 ntdll!LdrInitializeThunk+0x10
0018fd1c 77b10000 ntdll!CsrPortMemoryRemoteDelta+0x0
0018fdac 016718a3 atris!QuantifySaveData+0x11e5893
0018fdd4 01b2f7e2 atris!QuantifySaveData+0x16a37d2
0018fddc 77b201b4 ntdll!RtlUserThreadStart+0x0
SYMBOL_STACK_INDEX: 49
SYMBOL_NAME: ctxwsapi
FOLLOWUP_NAME: wintriag
MODULE_NAME: ctxwsapi
IMAGE_NAME: ctxwsapi.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 51b5cf53
STACK_COMMAND: dpS 91000 190000 ; dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; dps 91000 ; kb
FAILURE_BUCKET_ID: STACK_CORRUPTION_c0000005_ctxwsapi.dll!Unknown
BUCKET_ID: APPLICATION_FAULT_STACK_CORRUPTION_INVALID_STACK_ACCESS_INVALID_POINTER_WRITE_ctxwsapi
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:stack_corruption_c0000005_ctxwsapi.dll!unknown
FAILURE_ID_HASH: {25f34e8f-b24e-3ec8-95d5-cbe76e2a9281}
Updating the Thread Execution Block
0:000> !teb
TEB at 7efdd000
ExceptionList: 000914b8
StackBase: 00190000
StackLimit: 00091000
SubSystemTib: 00000000
FiberData: 00001e00
ArbitraryUserPointer: 00000000
Self: 7efdd000
EnvironmentPointer: 00000000
ClientId: 000054e0 . 00002e54
RpcHandle: 00000000
Tls Storage: 7efdd02c
PEB Address: 7efde000
LastErrorValue: 87
LastStatusValue: c000000d

Crash is occurring because of heavy recursion in your program. Check the stack size using !teb,
Run ? Stack base- stack Limit
Use dps to load raw stack and check if your are doing API hooking , which is responsible for Recusrion

Assistance with debugging in WinDbg

After running the Crash/Hang Analyzer in the DebugDiag tool it list that thread 17 is locking.
Running a !locks command in windbg also points to thread 17.
I am up to this point...
0:000> ~17 kb
ChildEBP RetAddr Args to Child
0261fcc4 7c827b69 77e6202c 00000002 0261fd14 ntdll!KiFastSystemCallRet
0261fcc8 77e6202c 00000002 0261fd14 00000001 ntdll!ZwWaitForMultipleObjects+0xc
0261fd70 77e62fbe 00000002 7a3d0468 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
0261fd8c 79f9a9d2 00000002 7a3d0468 00000000 kernel32!WaitForMultipleObjects+0x18
0261fdac 79f9ab07 000f2ab0 0261feb0 000f32b0 mscorwks!SVR::WaitForFinalizerEvent+0x77
0261fdc0 79eac697 0261feb0 00000000 00000000 mscorwks!SVR::GCHeap::FinalizerThreadWorker+0x49
0261fdd4 79eac633 0261feb0 0261fe5c 79fb685f mscorwks!Thread::DoADCallBack+0x32a
0261fe68 79eac553 0261feb0 3aa1ce47 00000000 mscorwks!Thread::ShouldChangeAbortToUnload+0xe3
0261fea4 79f4431c 0261feb0 00000000 0010f080 mscorwks!Thread::ShouldChangeAbortToUnload+0x30a
0261fecc 79f4432d 79f9aabc 00000008 0261ff14 mscorwks!ManagedThreadBase_NoADTransition+0x32
0261fedc 79f45ecb 79f9aabc 3aa1cff7 00000000 mscorwks!ManagedThreadBase::FinalizerBase+0xd
0261ff14 79fd2733 00000000 00000003 ffffffff mscorwks!SVR::GCHeap::FinalizerThreadStart+0xbb
0261ffb8 77e6482f 000f32b0 00000000 00000000 mscorwks!Thread::intermediateThreadProc+0x49
0261ffec 00000000 79fd26ed 000f32b0 00000000 kernel32!BaseThreadStart+0x34
From my understanding that the stack in thread 17 was trying to run this last
0261fcc4 7c827b69 77e6202c 00000002 0261fd14 ntdll!KiFastSystemCallRet
What do I do from here to go further on my analysis?

Mixed mode crash from workerthread pool, but no managed thread

It’s a large 32 bits mixed mode MFC 7.0 app on XP, the user tells that he was using a feature which is implemented in managed code.
The crach is in a thread that has acquired the LoaderLock, and seems to orgin from .NET workerthread pool.
0:016> !cs -o -l
-----------------------------------------
DebugInfo = 0x7c97e1a0
Critical section = 0x7c97e174 (ntdll!LdrpLoaderLock+0x0)
LOCKED
LockCount = 0x4
OwningThread = 0x00000260
RecursionCount = 0x1
LockSemaphore = 0x7BC
SpinCount = 0x00000000
OwningThread DbgId = ~16s
OwningThread Stack =
ChildEBP RetAddr Args to Child
0f66e400 7c90df4a 7c8648a2 00000002 0f66e57c ntdll!KiFastSystemCallRet (FPO: [0,0,0])
0f66e404 7c8648a2 00000002 0f66e57c 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
0f66e74c 7c83ab50 0f66e774 7c839b39 0f66e77c kernel32!UnhandledExceptionFilter+0x8b9 (FPO: [Non-Fpo])
0f66e754 7c839b39 0f66e77c 00000000 0f66e77c kernel32!BaseThreadStart+0x4d (FPO: [Non-Fpo])
0f66e77c 7c9032a8 0f66e868 0f66ffdc 0f66e884 kernel32!_except_handler3+0x61 (FPO: [Uses EBP] [3,0,7])
0f66e7a0 7c90327a 0f66e868 0f66ffdc 0f66e884 ntdll!ExecuteHandler2+0x26
0f66e850 7c90e48a 00000000 0f66e884 0f66e868 ntdll!ExecuteHandler+0x24
0f66e850 79247eb4 00000000 0f66e884 0f66e868 ntdll!KiUserExceptionDispatcher+0xe (FPO: [2,0,0]) (CONTEXT # 0f66e884)
0f66eb4c 7929a46e 0e715d80 792483ef 0e715d80 mscorwks!Thread::UnhijackThread+0xb (FPO: [0,0,0])
0f66eb54 792483ef 0e715d80 00000000 00000000 mscorwks!Thread::RareEnablePreemptiveGC+0x36 (FPO: [0,0,0])
0f66eb64 792a6ff9 06ee0000 00000000 00000000 mscorwks!Thread::RareDisablePreemptiveGC+0x5f (FPO: [0,0,0])
0f66ec10 79247e14 06ee0000 00000003 00000000 mscorwks!SystemDomain::RunDllMain+0x7d (FPO: [Non-Fpo])
0f66ee98 603d6a2c 00000001 00000003 00000000 mscorwks!ExecuteDLL+0x3c0 (FPO: [Non-Fpo])
0f66eed8 603d70a3 06ee0000 0f66eebc 00000000 mscoreei!CorDllMainWorker+0x153 (FPO: [Non-Fpo])
0f66ef14 79015012 00000000 00000003 00000000 mscoreei!_CorDllMain+0x111 (FPO: [Non-Fpo])
0f66ef30 7c90118a 06ee0000 00000003 00000000 mscoree!ShellShim__CorDllMain+0xad (FPO: [Non-Fpo])
0f66ef50 7c91397b 06ef841e 06ee0000 00000003 ntdll!LdrpCallInitRoutine+0x14
0f66efc8 7c80c136 00000000 793fa180 7c80934a ntdll!LdrShutdownThread+0xd7 (FPO: [Non-Fpo])
0f66f000 792ee8ad 00000000 00000000 792ee78a kernel32!ExitThread+0x3e (FPO: [Non-Fpo])
0f66f020 792edfcb 00000000 00000000 00000000 mscorwks!ThreadpoolMgr::WorkerThreadStart+0x123 (FPO: [Non-Fpo])
Some interesting vales on the stack might be the 06ee0000 and 0f66eebc.
The first is the base address for myMixedModeDll, and the second:
0:016> ln 06ef841e
(06ef841e) myMixedModeDll!CorDllMain | (06ef8424) myMixedModeDll!CDialog::CDialog
Exact matches:
The actual exception should be here:
0:000> .cxr 0f66e884;kb
eax=000000df ebx=00000000 ecx=0e715d80 edx=000003a4 esi=0e715d80 edi=00010000
eip=79247eb4 esp=0f66eb50 ebp=0f66ec10 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010282
mscorwks!Thread::UnhijackThread+0xb:
79247eb4 8910 mov dword ptr [eax],edx ds:0023:000000df=????????
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
0f66eb4c 7929a46e 0e715d80 792483ef 0e715d80 mscorwks!Thread::UnhijackThread+0xb
0f66eb54 792483ef 0e715d80 00000000 00000000 mscorwks!Thread::RareEnablePreemptiveGC+0x36
And yes the eax is not good:
0:000> u 79247eae
mscorwks!Thread::UnhijackThread+0x5:
79247eae 8b5178 mov edx,dword ptr [ecx+78h]
79247eb1 8b417c mov eax,dword ptr [ecx+7Ch]
79247eb4 8910 mov dword ptr [eax],edx
Yes, ECX has been restored properly
0:016> dd #ecx+0x78 L1
0e715df8 000003a4
0:016> dd #ecx+0x7c L1
0e715dfc 000000df
0:016> dd #ecx L0x20
0e715d80 0e6f4798 00000000 ffffffff 00000000
0e715d90 00000000 00000020 00000000 0e715da0
0e715da0 0e715da0 0e715da0 00000000 00000000
0e715db0 00000000 000000df 00000000 00000000
0e715dc0 00000000 00000000 00000000 00000000
0e715dd0 00000000 00000000 00000000 00000000
0e715de0 00000000 00000000 00000000 00000000
0e715df0 0e7093e8 00002733 000003a4 000000df
The last error value
0:016> !gle
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
This .NET is version 1.1.4322 , and the sos! Claims that thread #16 is not a managed thread.
0:016> !t
ThreadCount: 10
UnstartedThread: 0
BackgroundThread: 10
PendingThread: 0
DeadThread: 0
PreEmptive GC Alloc Lock
ID ThreadOBJ State GC Context Domain Count APT Exception
0 0xc8c 0x001ae598 0x4220 Enabled 0x1b7df804:0x1b7df8d8 0x001fda98 0 STA
5 0xcd4 0x001caea0 0xb220 Enabled 0x00000000:0x00000000 0x001fda98 0 MTA (Finalizer)
8 0xe28 0x0c56ac40 0x220 Enabled 0x00000000:0x00000000 0x001fda98 0 Ukn
10 0x8a8 0x0e5f4b48 0x800220 Enabled 0x1b822518:0x1b824458 0x001fda98 0 MTA (Threadpool Completion Port)
11 0xc18 0x0e6d6a60 0x800220 Enabled 0x1b8651cc:0x1b867008 0x001fda98 0 MTA (Threadpool Completion Port)
12 0xa54 0x00190c28 0x220 Enabled 0x1b5247f0:0x1b52650c 0x001fda98 0 Ukn
13 0xe9c 0x0e6627f8 0x220 Enabled 0x1b5307f0:0x1b53250c 0x001fda98 0 Ukn
14 0xe58 0x0e6b11a0 0x1800220 Enabled 0x00000000:0x00000000 0x001fda98 0 MTA (Threadpool Worker)
15 0x8dc 0x0e6d68a8 0x220 Enabled 0x00000000:0x00000000 0x001fda98 0 Ukn
17 0xbcc 0x0e709378 0x220 Enabled 0x1b52c7f0:0x1b52e50c 0x001fda98 0 Ukn
0:016> !ClrStack
Thread 16
Not a managed thread.
How can I find out more to reveal the cause to this crash ?

hang analysis - lock on xls OleDbConnection?

Admins told us that there is some prolem in production. They noticed big jump in memory usage and in requests waiting.
I received one crash dump. I need help analysing it.
Using Debug Diagnostic Tool I found this:
Detected possible blocking or leaked critical section at 0x1e5bd320 owned by thread 141 in dllhst3g.exe__Metastorm Process Engine__PID__7444__Date__10_25_2011__Time_01_19_15PM__686__Manual Dump.dmp
Impact of this lock
11,59% of threads blocked
(Threads 97 137 142 143 144 147 207 208 211 212 213 214 215 216 217 218 219 221 222 223 224 225 226 227 228 229 230)
The following functions are trying to enter this critical section
ACECORE+20eb
The following module(s) are involved with this critical section
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ACECORE.DLL from Microsoft Corporation
From the listed threads only thread 142 is waiting for thread 141. All others are waiting for thread 142.
~141
141 Id: 1d14.1b38 Suspend: 0 Teb: 7fee4000 Unfrozen
Start: msvcrt!_endthreadex+0x2f (77bcb4bc)
Priority: 0 Priority class: 32 Affinity: ff
~141s : Edit: new stacktrace after fixing symbols
kb
2a2efdcc 7c827b89 77e6202c 00000003 2a2efe1c ntdll!KiFastSystemCallRet
2a2efdd0 77e6202c 00000003 2a2efe1c 00000001 ntdll!NtWaitForMultipleObjects+0xc
2a2efe78 7739bbd1 00000003 2a2efea0 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
2a2efed4 7739ce36 00000002 2a2eff74 ffffffff user32!RealMsgWaitForMultipleObjectsEx+0x141
2a2efef0 4a77cb28 00000002 2a2eff74 00000000 user32!MsgWaitForMultipleObjects+0x1f
2a2eff84 77bcb530 33c23fe8 00000000 00000000 comsvcs!CSTAThread::WorkerLoop+0x1f9
2a2effb8 77e6482f 37e3b7e8 00000000 00000000 msvcrt!_endthreadex+0xa3
2a2effec 00000000 77bcb4bc 37e3b7e8 00000000 kernel32!BaseThreadStart+0x34
~142
142 Id: 1d14.1128 Suspend: 0 Teb: 7feb9000 Unfrozen
Start: msvcrt!_endthreadex+0x2f (77bcb4bc)
Priority: 0 Priority class: 32 Affinity: ff
~142s : Edit: new stacktrace after fixing symbols
kb
31b5aa88 7c827b99 7c83d09c 00006c44 00000000 ntdll!KiFastSystemCallRet
31b5aa8c 7c83d09c 00006c44 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
31b5aac8 7c83d0e7 00006c44 00000004 00000000 ntdll!RtlpWaitOnCriticalSection+0x1a3
*** ERROR: Module load completed but symbols could not be loaded for ACECORE.DLL
31b5aae8 3c9e20eb 1e5bd320 31b5ab3c 2ae13a61 ntdll!RtlEnterCriticalSection+0xa8
WARNING: Stack unwind information not available. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 ACECORE+0x20eb
!clrstack
Shows call to System.Data.OleDb.OleDbConnection.Open()
I found it connects to xls
Provider=Microsoft.ACE.OLEDB.12.0;Data Source=c:\temp\somefile.xls;Extended Properties="Excel 8.0;HDR=Yes;"
~97
97 Id: 1d14.730 Suspend: 0 Teb: 7fee5000 Unfrozen
Start: mscorwks!CorExitProcess+0x21ef9 (79f756cf)
Priority: 0 Priority class: 32 Affinity: ff
Edit: new stacktrace after fixing symbols
~97s
kb
27e1ca10 7c827b99 77e61d1e 000018e4 00000000 ntdll!KiFastSystemCallRet
27e1ca14 77e61d1e 000018e4 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
27e1ca84 77e61c8d 000018e4 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xac
27e1ca98 7769c7ad 000018e4 ffffffff 2386d3a8 kernel32!WaitForSingleObject+0x12
27e1cab4 7778b5cb 24a1c758 2386d3a8 00000000 ole32!GetToSTA+0x7c
27e1cad4 7778c38b 27e1cb9c 27e1cc9c 22d3e674 ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0xcb
27e1cbb4 776c0585 22d3e674 27e1ccac 27e1cc9c ole32!CRpcChannelBuffer::SendReceive2+0xd3
27e1cc20 776c051a 22d3e674 27e1ccac 27e1cc9c ole32!CAptRpcChnl::SendReceive+0xab
27e1cc74 77ce347f 22d3e674 27e1ccac 27e1cc9c ole32!CCtxComChnl::SendReceive+0x1a9
27e1cc90 77ce352f 45e02be4 27e1ccd8 0600016e rpcrt4!NdrProxySendReceive+0x43
27e1d080 77ce35a6 776762b8 776794ba 27e1d0b8 rpcrt4!NdrClientCall2+0x206
27e1d0a0 77c65037 00000014 00000004 27e1d0d0 rpcrt4!ObjectStublessClient+0x8b
27e1d0b0 776ad951 45e02be4 00000000 27e1d89c rpcrt4!ObjectStubless+0xf
27e1d0d0 776acb4b 77794960 00000001 00000000 ole32!CProcessActivator::CCICallback+0x6d
27e1d0f0 776acafc 77794960 27e1d6f8 00000000 ole32!CProcessActivator::AttemptActivation+0x2c
27e1d12c 776ada3b 77794960 27e1d6f8 00000000 ole32!CProcessActivator::ActivateByContext+0x4f
27e1d154 776aaf9e 77794960 00000000 27e1d89c ole32!CProcessActivator::CreateInstance+0x49
27e1d194 4a777108 27e1d89c 00000000 27e1d5d8 ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
27e1d210 776aaf9e 443dd8f8 00000000 27e1d89c comsvcs!CSTAPoolActivator::CreateInstance+0x5a9
27e1d250 4a766303 27e1d89c 00000000 27e1d5d8 ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
27e1d2a0 776aaf9e 341d3168 00000000 27e1d89c comsvcs!CStdContextActivator::CreateInstance+0x221
27e1d2e0 77727f8a 27e1d89c 00000000 27e1d5d8 ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
27e1d310 776f5c55 0009a0f8 00000000 27e1d89c ole32!CSurrogateProcessActivator::CreateInstance+0xf7
27e1d344 776aaf9e 7779487c 00000000 27e1d89c ole32!CClientContextActivator::CreateInstance+0xc9
27e1d384 776ab12f 27e1d89c 00000000 27e1d5d8 ole32!ActivationPropertiesIn::DelegateCreateInstance+0xf7
27e1d68c 776a67ba 361f8c54 00000000 00000015 ole32!ICoCreateInstanceEx+0x3f8
27e1d6c0 7769b9b3 361f8c54 00000000 00000000 ole32!CComActivator::DoCreateInstance+0x6a
27e1ddc8 4a7516d8 45bfeb58 361f8c54 00000000 ole32!CComActivator::StandardCreateInstance+0x7c
27e1de3c 4a751fc6 00000000 361f8c40 00000000 comsvcs!CClassFactoryWrapper::ActivateOnMachine+0xaf
27e1de74 7a078d9b 361f8c40 00000000 79edda70 comsvcs!CClassFactoryWrapper::CreateInstance+0x80
27e1e118 7a07a1e6 361f8c40 00000000 00000000 mscorwks!ComClassFactory::CreateInstanceFromClassFactory+0x102
27e1e174 7a0bf10a 1e772994 00000000 27e1e1b4 mscorwks!ComClassFactory::CreateInstance+0x91
27e1e184 7a0c870b 1e772994 1e772994 79faa672 mscorwks!AllocateComObject_ForManaged+0x1e
27e1e1b4 79e9c82b 1e772994 234b20e8 79faa737 mscorwks!AllocateObject+0x38
27e1e1c0 79faa737 05ff2627 00000001 072336fc mscorwks!MethodTable::Allocate+0x35
27e1e260 792c25c3 1e772994 27e1e278 792c257c mscorwks!CRemotingServices::AllocateUninitializedObject+0xdf
27e1e278 792c1951 0f5b1b50 27e1e2d0 03100120 mscorlib_ni+0x2025c3
27e1e290 792c143e 44194464 00000000 00000016 mscorlib_ni+0x201951
27e1e2ac 79e71e04 00000001 27e1e334 79faa569 mscorlib_ni+0x20143e
27e1e2b8 79faa569 792c1400 072336fc 00000000 mscorwks!CTPMethodTable__CallTargetHelper3+0xf
27e1e334 79faa5d8 072336fc 00000000 00000001 mscorwks!CTPMethodTable::CallTarget+0xdd
27e1e348 79faa614 790fd65c 072336fc 00000000 mscorwks!CTPMethodTable::CallTarget+0x14
27e1e368 7a04b578 1e772994 00000000 00000001 mscorwks!CRemotingServices::CreateProxyOrObject+0x38
27e1e414 1e923c99 0f5b1a58 0f5b1b1c 27e1e464 mscorwks!JIT_NewCrossContextHelper+0xa9
WARNING: Frame IP not in any known module. Following frames may be wrong.
27e1e430 776e2fae 00000000 00000064 00000001 0x1e923c99
27e1e464 79e71b4c 27e1ef70 00000064 00000001 ole32!CoGetContextToken+0x29
27e1e494 79e821b9 27e1ee70 00000008 27e1ee20 mscorwks!CallDescrWorker+0x33
27e1e514 7a0f851b 27e1ee70 00000008 27e1ee20 mscorwks!CallDescrWorkerWithHandler+0xa3
27e1e5e4 79270454 00000001 00000000 00000000 mscorwks!CMessage::Dispatch+0x162
27e1e63c 7977c16e 00000001 00000000 075d788c mscorlib_ni+0x1b0454
27e1e658 6744d146 0752309c 0f5b19d8 0752304c mscorlib_ni+0x6bc16e
27e1e690 197cb7c7 0d0e3640 79e7a6b8 27e1ea80 System_EnterpriseServices_ni+0x5d146
27e1e70c 197f3d04 27e1eae4 0071f13b 36c6b460 System_EnterpriseServices_Wrapper!__dyn_tls_init_callback (System_EnterpriseServices_Wrapper+0x2b7c7)
27e1e74c 77720df0 27e1eae4 35ccbed0 00000000 System_EnterpriseServices_Wrapper_197f0000!System::EnterpriseServices::Thunk::FilteringCallbackFunction+0x44
27e1e798 7772189c 00000000 35ccbed0 197f3cc0 ole32!EnterForCallback+0xc4
27e1e8f8 776f0418 27e1e7d0 197f3cc0 27e1eae4 ole32!SwitchForCallback+0x1a3
27e1e924 7769c194 35ccbed0 197f3cc0 27e1eae4 ole32!PerformCallback+0x54
27e1e9bc 776e316c 36c6b460 197f3cc0 27e1eae4 ole32!CObjectContext::InternalContextCallback+0x159
27e1ea0c 79e71d8b 36c6b470 197f3cc0 27e1eae4 ole32!CObjectContext::ContextCallback+0x85
27e1ea68 197cbc82 776e30e7 0f5b1a28 072323f0 mscorwks!PInvokeCalliReturnFromCall
27e1ea88 197cbc82 0010c8f0 00000000 00000008 System_EnterpriseServices_Wrapper!__dyn_tls_init_callback (System_EnterpriseServices_Wrapper+0x2bc82)
27e1eab4 197cbb51 07231a74 27e1eb2c 79282f85 System_EnterpriseServices_Wrapper!__dyn_tls_init_callback (System_EnterpriseServices_Wrapper+0x2bc82)
27e1eac0 79282f85 27e1eb44 00000000 00000000 System_EnterpriseServices_Wrapper!__dyn_tls_init_callback (System_EnterpriseServices_Wrapper+0x2bb51)
27e1eb2c 797f5a0d 03100788 072323f0 075d7830 mscorlib_ni+0x1c2f85
00000000 00000000 00000000 00000000 00000000 mscorlib_ni+0x735a0d
And all other threads waiting for thread 142 have same stack trace.
I don't know what thread 141 is doing. Thread 142 cannot open connection to xls file. And not sure why other threads wait for thread 142.
Maybe you have any ideas?
EDIT:
analyze -v -hang
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/dllhst3g_exe/5_2_3790_3959/unknown/0_0_0_0/00000000.htm?Retriage=1
FAULTING_IP:
+1e02faf0157df58
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 0000008d
BUGCHECK_STR: HANG
PROCESS_NAME: dllhst3g.exe
ERROR_CODE: (NTSTATUS) 0xcfffffff -
EXCEPTION_CODE: (NTSTATUS) 0xcfffffff -
MOD_LIST:
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0xc2c (17)
Current frame:
ChildEBP RetAddr Caller,Callee
1974f450 655f1110 (MethodDesc 0x651b7efc +0x30 System.Data.ProviderBase.WrappedIUnknown.ReleaseHandle())
1974f93c 792e5e4f (MethodDesc 0x79107064 +0xf System.Runtime.InteropServices.SafeHandle.Dispose(Boolean))
1974f944 792e5d6b (MethodDesc 0x79107030 +0x1b System.Runtime.InteropServices.SafeHandle.Finalize())
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
0 1d14.71c Speculated (Triage) -->
17 1d14.c2c Critical Section -->
141 1d14.1b38 Event
WAIT_CHAIN_COMMAND: ~0s;k;;~17s;k;;~141s;k;;
BLOCKING_THREAD: 00001b38
DEFAULT_BUCKET_ID: APPLICATION_HANG_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 7c827b89 to 7c82847c
STACK_TEXT:
2a2efdcc 7c827b89 77e6202c 00000003 2a2efe1c ntdll!KiFastSystemCallRet
2a2efdd0 77e6202c 00000003 2a2efe1c 00000001 ntdll!NtWaitForMultipleObjects+0xc
2a2efe78 7739bbd1 00000003 2a2efea0 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
2a2efed4 7739ce36 00000002 2a2eff74 ffffffff user32!RealMsgWaitForMultipleObjectsEx+0x141
2a2efef0 4a77cb28 00000002 2a2eff74 00000000 user32!MsgWaitForMultipleObjects+0x1f
2a2eff84 77bcb530 33c23fe8 00000000 00000000 comsvcs!CSTAThread::WorkerLoop+0x1f9
2a2effb8 77e6482f 37e3b7e8 00000000 00000000 msvcrt!_endthreadex+0xa3
2a2effec 00000000 77bcb4bc 37e3b7e8 00000000 kernel32!BaseThreadStart+0x34
FOLLOWUP_IP:
ntdll!KiFastSystemCallRet+0
7c82847c c3 ret
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ntdll!KiFastSystemCallRet+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4cc18322
STACK_COMMAND: ~141s ; kb
BUCKET_ID: HANG_ntdll!KiFastSystemCallRet+0
FAILURE_BUCKET_ID: APPLICATION_HANG_WRONG_SYMBOLS_cfffffff_ntdll.dll!KiFastSystemCallRet
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/dllhst3g_exe/5_2_3790_3959/45d69678/unknown/0_0_0_0/bbbbbbb4/cfffffff/00000000.htm?Retriage=1
Followup: MachineOwner
Not sure I understand it. But thread 17 is finalizer thread. So looks like it is blocked? And I thinkg it as again some kind of access to xls?
~17s
kb
ChildEBP RetAddr Args to Child
1974f08c 7c827b99 7c83d09c 00003a98 00000000 ntdll!KiFastSystemCallRet
1974f090 7c83d09c 00003a98 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
1974f0cc 7c83d0e7 00003a98 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x1a3
1974f0ec 2ae1fa94 29202124 32787727 00000000 ntdll!RtlEnterCriticalSection+0xa8
WARNING: Stack unwind information not available. Following frames may be wrong.
1974f160 4c856487 2263eff4 00000000 00000005 ACEOLEDB!DllGetClassObject+0xdc2d
1974f174 4c862d06 2263eff4 4c8633c4 2263efe8 oledb32!CACMDynamic::CmFinalRelease+0x50
1974f17c 4c8633c4 2263efe8 2263efe8 1974f1e4 oledb32!CDCM::FinalRelease+0x1b
1974f198 4c8633f6 00000000 2263efe8 1974f1b8 oledb32!ATL::CComPolyObject::~CComPolyObject+0x2a
1974f1a8 4c88d5ad 2263efe8 2370a39c 1974f1f4 oledb32!ATL::CComPolyObject::Release+0x25
1974f1b8 4a757681 1a271fa0 2263efe8 2370a39c oledb32!CDCMCreator::DestroyResource+0xf
1974f1f4 4a75793e 2370a39c 2263efe8 00000000 comsvcs!CHolder::SafeDispenserDriver::DestroyResource+0x20
1974f20c 4a758a35 23151cd0 00000000 2fa44808 comsvcs!CHolder::ProcessDestroyList+0x2e
1974f238 4c88d30e 23151cd0 2263efe8 2263efe8 comsvcs!CHolder::FreeResource+0x7f
1974f268 4c878a3a 2263efe8 00000000 271aa824 oledb32!CDCMCreator::ReleaseResource+0x31
1974f288 4c8545e7 271aa824 00000000 4c85456a oledb32!CDPO::ReturnDCMToPool+0x89
1974f294 4c85456a 271aa818 271aa818 1974f320 oledb32!CDPO::FinalRelease+0xb
1974f2b0 4c88e78a 271aa818 1974f2d0 4c85218c oledb32!ATL::CComPolyObject::~CComPolyObject+0x2a
1974f2bc 4c85218c 00000001 00000000 000eaaf8 oledb32!ATL::CComPolyObject::`scalar deleting destructor'+0xd
1974f2d0 4c8521aa 271aa818 1974f330 79f63ff9 oledb32!ATL::CComPolyObject::Release+0x27
1974f2dc 79f63ff9 271aa824 3b6a3777 000eaaf8 oledb32!ATL::CComContainedObject::Release+0x11
1974f330 79f640ac 271aa828 3b6a3733 000eaaf8 mscorwks!ReleaseTransitionHelper+0x5f
1974f374 79f64110 271aa828 00000000 3b6a37ef mscorwks!SafeReleaseHelper+0x8c
1974f3a8 79f53b5d 271aa828 00000000 3b6a3017 mscorwks!SafeRelease+0x2f
1974f450 655f1110 000eaaf8 00000000 1974f470 mscorwks!MarshalNative::Release+0xb0
1974f460 79e71b4c 1974f4dc 000c5958 1974f4f0 System_Data_ni!_bidW103 (System_Data_ni+0x4a1110)
1974f470 79e821b9 1974f540 00000000 1974f510 mscorwks!CallDescrWorker+0x33
1974f4f0 79e96531 1974f540 00000000 1974f510 mscorwks!CallDescrWorkerWithHandler+0xa3
1974f634 79e96564 655f10e0 1974f6bc 1974f6a4 mscorwks!MethodDesc::CallDescr+0x19c
1974f650 79e96c4c 655f10e0 1974f6bc 1974f6a4 mscorwks!MethodDesc::CallTargetWorker+0x1f
1974f670 79eccd2a 1974f6a4 0b402780 00000004 mscorwks!MethodDescCallSite::Call_RetObjPtr+0x1c
1974f770 79eccd5e 0b402780 000eaaf8 000eaaf8 mscorwks!SafeHandle::RunReleaseMethod+0x89
1974f870 79eccbf4 00000001 0d0e3640 79e7a1c8 mscorwks!SafeHandle::Release+0x11b
1974f89c 79f83999 3b6a3d7b 00000000 000eaaf8 mscorwks!SafeHandle::Dispose+0x23
1974f93c 792e5e4f 1974f970 792e5d6b 0b3ac100 mscorwks!SafeHandle::Finalize+0xab
1974f944 792e5d6b 0b3ac100 ffffffff 00000000 mscorlib_ni+0x225e4f
1974f970 79f7169a 1974f9c4 79ef465c 1974fc1c mscorlib_ni+0x225d6b
1974f9d4 79f7175b 0b402780 792e5d50 08000000 mscorwks!MethodTable::GetObjCreateDelegate+0xaf
1974f9f4 79f71609 0b402780 0b402780 00000000 mscorwks!MethodTable::CallFinalizer+0xa0
1974fa08 79fd46a6 0b402780 3b6a3e1f 00000000 mscorwks!SVR::CallFinalizer+0xa6
1974fa58 79fd45d7 000eaaf8 00000415 1974fadf mscorwks!SVR::GCHeap::TraceGCSegments+0x1b0
1974fae0 79f5832f 0740eeb4 00000000 1974feb0 mscorwks!SVR::GCHeap::TraceGCSegments+0x2f6
1974faf4 79e9848f 1974fd04 000eaaf8 00000000 mscorwks!SVR::ProfScanRootsHelper+0x69
1974fb08 79e9842b 1974feb0 1974fb90 79fa6a6b mscorwks!Thread::DoADCallBack+0x32a
1974fb9c 79e98351 1974feb0 3b6a3f9f 000eaaf8 mscorwks!Thread::ShouldChangeAbortToUnload+0xe3
1974fbd8 79ec4322 1974feb0 00000000 1974fc98 mscorwks!Thread::ShouldChangeAbortToUnload+0x30a
1974fbe8 79f581f3 1974feb0 1974fc8c 79fa6a6b mscorwks!Thread::RaiseCrossContextException+0x434
1974fc98 79f58279 1a9cb678 79ec430e 1974feb0 mscorwks!Thread::DoADCallBack+0xcd
1974fcb8 79f58265 1974feb0 1974fd20 79f582e4 mscorwks!Thread::DoADCallBack+0x322
1974fcc4 79f582e4 1a9cb678 79f58316 1974fd04 mscorwks!ManagedThreadBase::FinalizerAppDomain+0x25
1974fd20 79fd45d7 000eaaf8 00000000 1974fda7 mscorwks!SVR::GCHeap::TraceGCSegments+0x251
1974fda8 79fd48a8 00000000 00000000 1974feb0 mscorwks!SVR::GCHeap::TraceGCSegments+0x2f6
1974fdc0 79e9848f 1974feb0 00000000 00000000 mscorwks!SVR::GCHeap::FinalizerThreadWorker+0xb7
1974fdd4 79e9842b 1974feb0 1974fe5c 79fa6a6b mscorwks!Thread::DoADCallBack+0x32a
1974fe68 79e98351 1974feb0 3b6a3ae3 00000000 mscorwks!Thread::ShouldChangeAbortToUnload+0xe3
1974fea4 79f074d4 1974feb0 00000000 1a9cb678 mscorwks!Thread::ShouldChangeAbortToUnload+0x30a
1974fecc 79f074e5 79fd4809 00000008 1974ff14 mscorwks!ManagedThreadBase_NoADTransition+0x32
1974fedc 79f090b3 79fd4809 3b6a3b53 00000000 mscorwks!ManagedThreadBase::FinalizerBase+0xd
1974ff14 79f75715 00000000 00000007 ffffffff mscorwks!SVR::GCHeap::FinalizerThreadStart+0xbb
1974ffb8 77e6482f 000eb528 00000000 00000000 mscorwks!Thread::intermediateThreadProc+0x49
1974ffec 00000000 79f756cf 000eb528 00000000 kernel32!BaseThreadStart+0x34

You need to find who owns the following critical section that your thread is waiting on:
1974f0ec 2ae1fa94 29202124 32787727 00000000 ntdll!RtlEnterCriticalSection+0xa8
You can do an automated critical section analysis with call stacks:
!locks -v
This will dump all critical section locks that are in a locked state and the call stacks of the threads, you then need to scan each call stack for each lock to see if say Thread A is waiting on lock 1 which is owned by Thread B, Thread B is waiting on lock 2 which is owned by Thread A.
Hope this helps

ActiPerl + Tcl.pm *** glibc detected *** munmap_chunk(): invalid pointer: 0x09b5e0d8

I installed ActivePerl 5.10.1.1007 on my Ubuntu 10.04 machine.
I have a very simple Perl script with the following lines:
use lib "/opt/ActivePerl-5.10/lib";
use Tcl;
my $Interpreter = new Tcl;
$Interpreter->Eval('puts "Hello world"');
$Interpreter->Eval('set ::env(TESTVAR) 55')
The output is the following:
$ /opt/ActivePerl-5.10/bin/perl5.10.1 simple.pl
Hello world
*** glibc detected *** /opt/ActivePerl-5.10/bin/perl5.10.1: munmap_chunk(): invalid pointer: 0x09b5e0d8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb7696591]
/lib/tls/i686/cmov/libc.so.6(+0x6c80e)[0xb769780e]
/opt/ActivePerl-5.10/bin/perl5.10.1(perl_destruct+0xda6)[0x8071716]
/opt/ActivePerl-5.10/bin/perl5.10.1(main+0xb0)[0x8060a30]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7641bd6]
/opt/ActivePerl-5.10/bin/perl5.10.1(chroot+0x31)[0x80608e1]
======= Memory map: ========
08048000-0815e000 r-xp 00000000 08:11 5154055 /opt/ActivePerl-5.10/bin/perl-static
0815e000-08160000 rwxp 00116000 08:11 5154055 /opt/ActivePerl-5.10/bin/perl-static
09aae000-09bf1000 rwxp 00000000 00:00 0 [heap]
b6ad8000-b6af5000 r-xp 00000000 08:11 3399754 /lib/libgcc_s.so.1
b6af5000-b6af6000 r-xp 0001c000 08:11 3399754 /lib/libgcc_s.so.1
b6af6000-b6af7000 rwxp 0001d000 08:11 3399754 /lib/libgcc_s.so.1
b6af7000-b6b01000 r-xp 00000000 08:11 3424653 /lib/tls/i686/cmov/libnss_files-2.11.1.so
b6b01000-b6b02000 r-xp 00009000 08:11 3424653 /lib/tls/i686/cmov/libnss_files-2.11.1.so
b6b02000-b6b03000 rwxp 0000a000 08:11 3424653 /lib/tls/i686/cmov/libnss_files-2.11.1.so
b6b03000-b6b0b000 r-xp 00000000 08:11 3424655 /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b6b0b000-b6b0c000 r-xp 00007000 08:11 3424655 /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b6b0c000-b6b0d000 rwxp 00008000 08:11 3424655 /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b6b0d000-b6b13000 r-xp 00000000 08:11 3424651 /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b6b13000-b6b14000 r-xp 00006000 08:11 3424651 /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b6b14000-b6b15000 rwxp 00007000 08:11 3424651 /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b6b2a000-b6b2b000 ---p 00000000 00:00 0
b6b2b000-b732b000 rwxp 00000000 00:00 0
b74c1000-b74cb000 r-xp 00000000 08:11 5162486 /opt/ActivePerl-5.10/lib/auto/Tcl/Tcl.so
b74cb000-b74cc000 rwxp 00009000 08:11 5162486 /opt/ActivePerl-5.10/lib/auto/Tcl/Tcl.so
b74cc000-b750b000 r-xp 00000000 08:11 5712734 /usr/lib/locale/en_US.utf8/LC_CTYPE
b750b000-b7629000 r-xp 00000000 08:11 5712735 /usr/lib/locale/en_US.utf8/LC_COLLATE
b7629000-b762b000 rwxp 00000000 00:00 0
b762b000-b777e000 r-xp 00000000 08:11 3424483 /lib/tls/i686/cmov/libc-2.11.1.so
b777e000-b777f000 ---p 00153000 08:11 3424483 /lib/tls/i686/cmov/libc-2.11.1.so
b777f000-b7781000 r-xp 00153000 08:11 3424483 /lib/tls/i686/cmov/libc-2.11.1.so
b7781000-b7782000 rwxp 00155000 08:11 3424483 /lib/tls/i686/cmov/libc-2.11.1.so
b7782000-b7785000 rwxp 00000000 00:00 0
b7785000-b779a000 r-xp 00000000 08:11 3424658 /lib/tls/i686/cmov/libpthread-2.11.1.so
b779a000-b779b000 r-xp 00014000 08:11 3424658 /lib/tls/i686/cmov/libpthread-2.11.1.so
b779b000-b779c000 rwxp 00015000 08:11 3424658 /lib/tls/i686/cmov/libpthread-2.11.1.so
b779c000-b779e000 rwxp 00000000 00:00 0
b779e000-b77a0000 r-xp 00000000 08:11 3424663 /lib/tls/i686/cmov/libutil-2.11.1.so
b77a0000-b77a1000 r-xp 00001000 08:11 3424663 /lib/tls/i686/cmov/libutil-2.11.1.so
b77a1000-b77a2000 rwxp 00002000 08:11 3424663 /lib/tls/i686/cmov/libutil-2.11.1.so
b77a2000-b77ab000 r-xp 00000000 08:11 3424646 /lib/tls/i686/cmov/libcrypt-2.11.1.so
b77ab000-b77ac000 r-xp 00008000 08:11 3424646 /lib/tls/i686/cmov/libcrypt-2.11.1.so
b77ac000-b77ad000 rwxp 00009000 08:11 3424646 /lib/tls/i686/cmov/libcrypt-2.11.1.so
b77ad000-b77d4000 rwxp 00000000 00:00 0
b77d4000-b77f8000 r-xp 00000000 08:11 3424648 /lib/tls/i686/cmov/libm-2.11.1.so
b77f8000-b77f9000 r-xp 00023000 08:11 3424648 /lib/tls/i686/cmov/libm-2.11.1.so
b77f9000-b77fa000 rwxp 00024000 08:11 3424648 /lib/tls/i686/cmov/libm-2.11.1.so
b77fa000-b77fb000 rwxp 00000000 00:00 0
b77fb000-b77fd000 r-xp 00000000 08:11 3424647 /lib/tls/i686/cmov/libdl-2.11.1.so
b77fd000-b77fe000 r-xp 00001000 08:11 3424647 /lib/tls/i686/cmov/libdl-2.11.1.so
b77fe000-b77ff000 rwxp 00002000 08:11 3424647 /lib/tls/i686/cmov/libdl-2.11.1.so
b77ff000-b7812000 r-xp 00000000 08:11 3424650 /lib/tls/i686/cmov/libnsl-2.11.1.so
b7812000-b7813000 r-xp 00012000 08:11 3424650 /lib/tls/i686/cmov/libnsl-2.11.1.so
b7813000-b7814000 rwxp 00013000 08:11 3424650 /lib/tls/i686/cmov/libnsl-2.11.1.so
b7814000-b7816000 rwxp 00000000 00:00 0
b781a000-b781b000 r-xp 00000000 08:11 1859586 /usr/lib/locale/en_US.utf8/LC_NUMERIC
b781b000-b781c000 r-xp 00000000 08:11 5712754 /usr/lib/locale/en_US.utf8/LC_TIME
b781c000-b781d000 r-xp 00000000 08:11 5712755 /usr/lib/locale/en_US.utf8/LC_MONETARY
b781d000-b781e000 r-xp 00000000 08:11 5712756 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
b781e000-b781f000 r-xp 00000000 08:11 1859591 /usr/lib/locale/en_US.utf8/LC_PAPER
b781f000-b7820000 r-xp 00000000 08:11 1859592 /usr/lib/locale/en_US.utf8/LC_NAME
b7820000-b7821000 r-xp 00000000 08:11 5712757 /usr/lib/locale/en_US.utf8/LC_ADDRESS
b7821000-b7822000 r-xp 00000000 08:11 5712758 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
b7822000-b7823000 r-xp 00000000 08:11 1859595 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
b7823000-b782a000 r-xs 00000000 08:11 5711192 /usr/lib/gconv/gconv-modules.cache
b782a000-b782b000 r-xp 00000000 08:11 5712759 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
b782b000-b782d000 rwxp 00000000 00:00 0
b782d000-b782e000 r-xp 00000000 00:00 0 [vdso]
b782e000-b7849000 r-xp 00000000 08:11 3401485 /lib/ld-2.11.1.so
b7849000-b784a000 r-xp 0001a000 08:11 3401485 /lib/ld-2.11.1.so
b784a000-b784b000 rwxp 0001b000 08:11 3401485 /lib/ld-2.11.1.so
bfd36000-bfd4b000 rwxp 00000000 00:00 0 [stack]
Aborted
Please help. I can't find a way to make this work. Setting a non-environment variable does not cause the crash. For example:
$Interpreter->Eval('set localvar 55')
THANKS!!!

First stage analysis: memory corruption on exit. I'd say that there's warring over who should free a block and how. Now we dig deeper…
It's possible that you're seeing the consequences of the fact that both Perl and Tcl are independently trying to work around the bugs misfeatures in the system implementation of environment variables. In particular, the C library's setenv() has a number of problems with memory leaks which make it rather more impractical than you might naïvely expect; I'd quite expect Perl to work around this, and I know that Tcl does too, but it does mean that only one language should set environment variables, and that almost certainly needs to be Perl in this case (on the basis of evidence you've presented).
Do you really need to set environment variables from your Tcl code? If you can just not do it, that'd be the easiest way forward. :-) Otherwise, we're talking about having a different build of Tcl (so that it asks the Perl side of things to do the memory management) or doing some magic to disconnect the Tcl side from the real environment. You might also want to report the problem upstream to ActiveState.

I'll keep digging and if I find the solution I'll let you know.
I reported this to ActiveState. Inline is my email and their response, but to sum up:
1. They didn't develop "Inline Tcl" for Perl nor did they test it.
2. It was developed in 2001 and no additions were made to it since then.
3. When it was developed (in 2001), it was marked as "alpha" and no additions were made since then.
Hi Mircea,
Inline::Tcl is not part of ActivePerl. It's not tested with ActivePerl, and it
does not build on our PPM build farm against ActivePerl:
http://ppm4.activestate.com/i686-linux/5.10/1000/R/RR/RRS/Inline-Tcl-0.09.d/log-20090614T112213.txt
Offhand, the error message looks like a compiler mismatch problem, but it could be
almost anything since Inline::Tcl hasn't been touched by the author since 2001,
and even then the release notes describe it as "alpha software". It doesn't seem
to like Linux very much any more:
http://matrix.cpantesters.org/?dist=Inline-Tcl%200.09;maxver=1
Hmm.. The author's home page is 404. You should probably find another way to do it.

You should not need this line: use lib "/opt/ActivePerl-5.10/lib"; unless you have a misconfiguration. You might want to nuke the install from orbit and start over.
Is there any particular reason why you are using ActivePerl? You should be able to simply install perl from source -- you're using a real OS, so I'd take advantage of it :)