none
Servicesd.exe crashing. RRS feed

  • Question

  • Hello
    i have very strange bug with WEC7 - 'servicesd.exe' are crashed.
    On target platform i have ftp and telnet server are up. On pc side i use test program for write\read\erase test file by ftp protocol in loop.
    after some cycles i got this crash in debug:

    "

    1 log imx287
    PID:02160022 TID:04B629B6 Exception 'Data Abort' (0x4): Thread-Id=04b629b6(pth=c0499934), Proc-Id=02
    160022(pprc=c04596f8) 'servicesd.exe', VM-active=02160022(pprc=c04596f8) 'servicesd.exe'
    PID:02160022 TID:04B629B6 PC=40ba7afc(ftpd.dll+0x00007afc) RA=802216fc(kernel.dll+0x0000e6fc) SP=002
    cf0ac, BVA=001df196


    2 log imx287
    PID:02160022 TID:05362922 Exception 'Data Abort' (0x4): Thread-Id=05362922(pth=c048091c), Proc-Id=02
    160022(pprc=c04596f8) 'servicesd.exe', VM-active=02160022(pprc=c04596f8) 'servicesd.exe'
    PID:02160022 TID:05362922 PC=40ba7afc(ftpd.dll+0x00007afc) RA=802216fc(kernel.dll+0x0000e6fc) SP=002
    9f0ac, BVA=002a5136




    3 log ============================ am3517

    PID:03410016 TID:05DB0052 Exception 'Data Abort' (0x4): Thread-Id=05db0052(pth=c04a0000), Proc-Id=03
    410016(pprc=c0460000) 'servicesd.exe', VM-active=03410016(pprc=c0460000) 'servicesd.exe'
    PID:03410016 TID:05DB0052 PC=40297130(ws2.dll+0x00007130) RA=0021db30(???+0x0021db30) SP=002ce124, B
    VA=0000ac58

    4 log ============================ am3517
    PID:03410016 TID:054E004E Exception 'Data Abort' (0x4): Thread-Id=054e004e(pth=c04a3000), Proc-Id=03
    410016(pprc=c0460000) 'servicesd.exe', VM-active=03410016(pprc=c0460000) 'servicesd.exe'
    PID:03410016 TID:054E004E PC=40c47988(ftpd.dll+0x00007988) RA=80037638(kernel.dll+0x0000e638) SP=002
    8f0b0, BVA=0021f0e6

    5 log ============================ am3517
    PID:03410016 TID:054D001E Exception 'Data Abort' (0x4): Thread-Id=054d001e(pth=c0477000), Proc-Id=03
    410016(pprc=c0460000) 'servicesd.exe', VM-active=03410016(pprc=c0460000) 'servicesd.exe'
    PID:03410016 TID:054D001E PC=40c47988(ftpd.dll+0x00007988) RA=80037638(kernel.dll+0x0000e638) SP=002
    6f0b0, BVA=0021d1f6
    6 log
    PID:03410016 TID:054C001E Exception 'Data Abort' (0x4): Thread-Id=054c001e(pth=c0450a40), Proc-Id=03
    410016(pprc=c0460000) 'servicesd.exe', VM-active=03410016(pprc=c0460000) 'servicesd.exe'
    PID:03410016 TID:054C001E PC=40c47988(ftpd.dll+0x00007988) RA=80037638(kernel.dll+0x0000e638) SP=002
    5f0b0, BVA=0021e1e6


    7 log ============================ am3517

    PID:03410016 TID:03AD0336 Exception 'Data Abort' (0x4): Thread-Id=03ad0336(pth=c0485c6c), Proc-Id=03
    410016(pprc=c0460000) 'servicesd.exe', VM-active=03410016(pprc=c0460000) 'servicesd.exe'
    PID:03410016 TID:03AD0336 PC=402d1548(ssllsp.dll+0x00001548) RA=402d2a28(ssllsp.dll+0x00002a28) SP=0
    028f01c, BVA=0000b95c

    "

    after this crash my telnet server on target stop work and cant connect  from pc to target.

    Why servicesd.exe are crashed?

    I have updates instaled until January 1 - 31, 2013.
    I im trying this test on two development boards - one based on imx287 and one based on am3517.

    Any help?

    Tuesday, March 12, 2013 5:46 AM

Answers


  • finally its solved!

    was BUG from ms programmers

    must be:

    //eai test 140313 was this is error!!    pszHome[dwMaxLen - 1] = L'\0';
    pszHome[MAX_PATH - 1] = L'\0';

    use dwMaxLen for index of array this is error.

    Best Regards!


    • Marked as answer by Anndd Friday, March 15, 2013 8:05 AM
    Friday, March 15, 2013 8:05 AM

All replies

  • According to your log the crash is in the FTP server (ftpd.dll) - which makes sense at some extent since you have an FTP client which is looping reading/writing/erasing files. Given the Program Counter value and the ftpd.map file you should be able to identify which part of the FTP server is generating the data abort and, maybe why. In order to identify the offending FTP server code you will find useful the following post from Bruce Eitman's blog: http://geekswithblogs.net/BruceEitman/archive/2008/05/19/windows-ce--finding-the-cause-of-a-data-abort.aspx                                                                                     http://geekswithblogs.net/BruceEitman/archive/2008/06/02/platform-builder-find-the-source-of-a-data-abort-an.aspx 

    Luca Calligaris lucaDOTcalligarisATeurotechDOTcom www.eurotech.com Check my blog: http://lcalligaris.wordpress.com

    Tuesday, March 12, 2013 8:08 AM
  •  I am trying find this data abort.

    look below please:

    based on this abort

    ==========================

    1 log imx287
    PID:02160022 TID:04B629B6 Exception 'Data Abort' (0x4): Thread-Id=04b629b6(pth=c0499934), Proc-Id=02
    160022(pprc=c04596f8) 'servicesd.exe', VM-active=02160022(pprc=c04596f8) 'servicesd.exe'
    PID:02160022 TID:04B629B6 PC=40ba7afc(ftpd.dll+0x00007afc) RA=802216fc(kernel.dll+0x0000e6fc) SP=002
    cf0ac, BVA=001df196

    ==========================

    i need PC address = 0x00007afc - 0x1000 = 0x0006afc

    in ftpd.map

    i have

     0001:00006a6c       ?ReadUserConfig@CFtpSession@@IAAHXZ 10007a6c f   ftpsession.obj
     0001:00006c1c       ?ClientThreadProc@CFtpSession@@SAKPAX@Z 10007c1c f   ftpsession.obj

    look like  i have Data Abort in ReadUserConfig()

    ReadUserConfig() sits in ftpsession.cpp

    now we go to

    file ftpsession.cod 

    calculate offset   =  0x0006afc - 00006a6c = 0x90

    and look on it

    ; 1321 :     if ((ERROR_SUCCESS != RegQueryValueExW(hkUser, RV_HOMEDIR, NULL, &dwType, (LPBYTE)pszHome, &dwLen)) || (dwType != REG_SZ))

      00054    e59f1148     ldr         r1,|$LN30@ReadUserCo| ; =|??_C@_19CAEBHJHP@?$AAH?$AAo?$AAm?$AAe?$AA?$AA@|
      00058    e28de008     add         lr,sp,#8
      0005c    e28d300c     add         r3,sp,#0xC
      00060    e3a02000     mov         r2,#0
      00064    e1a00007     mov         r0,r7
      00068    e58de004     str         lr,[sp,#4]
      0006c    e58d4000     str         r4,[sp]
      00070    eb000000     bl          RegQueryValueExW
      00074    e1b00000     movs        r0,r0
      00078    1a00003b     bne         |$LN11@ReadUserCo|
      0007c    e59d300c     ldr         r3,[sp,#0xC]
      00080    e3530001     cmp         r3,#1
      00084    1a000038     bne         |$LN11@ReadUserCo|

    ; 1324 :         goto Done;
    ; 1325 :     }
    ; 1326 :
    ; 1327 :     // Null terminate registry string buffer in case RegQueryValueEx() did not.
    ; 1328 :     pszHome[dwMaxLen - 1] = L'\0';

      00088    e2843b01     add         r3,r4,#0x400
      0008c    e3a08000     mov         r8,#0
      00090    e1c380be     strh        r8,[r3,#0xE]

    look like

      pszHome[dwMaxLen - 1] = L'\0';

    give to me Data Abort ?

    Wednesday, March 13, 2013 2:30 PM

  • finally its solved!

    was BUG from ms programmers

    must be:

    //eai test 140313 was this is error!!    pszHome[dwMaxLen - 1] = L'\0';
    pszHome[MAX_PATH - 1] = L'\0';

    use dwMaxLen for index of array this is error.

    Best Regards!


    • Marked as answer by Anndd Friday, March 15, 2013 8:05 AM
    Friday, March 15, 2013 8:05 AM