Closed Bug 308935 Opened 20 years ago Closed 18 years ago

Blue screen crash and windows system reboot on thunderbird startup with Kaspersky antivirus and Azureus

Categories

(Plugins Graveyard :: Kaspersky AV, defect)

Product:
Plugins Graveyard
Component:
Kaspersky AV
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: TheRizz, Unassigned)

Details

(Keywords: crash, hang)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 Build Identifier: Thunderbird v1.0.6 and 1.5 Beta 1 Thunderbird has started to crash on a regular basis. When it does, it doesn't just crash the program but crashes all of Windows, giving me a black screen followed by a reboot (no errors are generated). This started at about the time I installed v1.0.6, but the crashes still ocurr after updating to 1.5 beta 1. Reproducible: Sometimes Steps to Reproduce: 1. Start Thunderbird 2. System Reboots -or- 1. Start Thunderbird 2. Wait for a while 3. System reboots Because it sometimes has a delay, and sometimes crashes immediately, I am assuming that it is part of the mail checking procedure that causes the crash. Actual Results: Sometimes crashes the computer. Expected Results: Shouldn't crash the computer. Probably related is the fact that this seems to occur mostly when I have file sharing software running (specifically eMule and the Azureus bittorrent client). I am unsure if I have even had a crash while no filesharing software is running.
Any other updates, like anti-virus, firewall, display or network drivers? Also you can prevent an automatic reboot by going to control panel -> system -> error recovery (?) and unchecking some option (I'm not on windows to check right now). It usually says which dll file the crash was in.
> Any other updates, like anti-virus, firewall, display or network drivers? Not that I can think of. Follwoing your advice on stopping the automatic reboot, it now causes a Blue Screen instead of a reboot. The information on the Blue Screen is as follows: STOP: 0x000000D1 (0x02E00368, 0x00000002, 0x00000000, 0xB8F38326) tcpip.sys - Address B8F38326, Datestamp 4294cc20 I also played around with running processes and found that the crash only occurs when checking email in Thunderbird at the same time as I am running Azureus and Kaspersky Anti-Virus. If either Kaspersky AV or Azureus are turned off, the crash does not occur.
two things to do, A. see instructions on using windbg.exe (bug 307577) B. follow these approximate instructions on using verifier.exe: 1. run the driver verifier 2. create custom settings 3. select individual settings from a full list 4. check everything except: dma checking low resources simulation 5. select automatically select unsigned drivers (next) if you get a list, write down (notepad, whatever) the names, click back 6. select automatically select drivers built for older versions of windows (next) if you get a list, write down (notepad, whatever) the names, click back 7. select driver names from a list 8. add all the items from 5 and 6. 9. click add currently not loaded driver(s) to the list..., tell the verifier to verify all of the drivers relating to Kaspersky AV and Azureus (use windows find or something to find all those drivers, they should have some consistent naming or placement scheme -- i don't use Kaspersky, i had to fight symantec this summer) 10. click finish (this will require a reboot and depending on settings will slow your system to somewhat of a crawl). after doing at least A and possibly B, run thunderbird and crash your system. at this point, follow the rest of the instructions on windbg.exe. at the very least !analyze -v output would be nice. hopefully you get a full sized dmp (note: your swap file must be large enough to contain all data from physical memory, if it is not, win-break>advanced>performance:settings>advanced>change) fwiw, if you decide you'd like to make the full memory image to me available: from windbg, .dump /maipwd /u /ba /c "comment describing problem" output-file and then contact me on irc with a url to the file (note: the file will be huge, mozilla crashes for me tend to be 100mb, windows crashes for me are 2gb and they won't compress to smaller than 100mb ...), most likely the minidumps will be sufficient for whatever chasing we'll do.
> B. follow these approximate instructions on using verifier.exe: This didn't work very well... it causes a blue screen upon reboot - I ended up having to use the Last Known Good Configuration to get back into windows. [Re: windbg.exe] > .dump /maipwd /u /ba /c "comment describing problem" output-file This does not work. It gives me the following error: ^ Extra character error in '.dump /maipwd /u /ba /c "comment describing problem" output-file' I ran the following three commands: .symfix+ .reload !analyze -v ...and this is the output: ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: f78f33e5, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: b8f3832f, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: f78f33e5 CURRENT_IRQL: 2 FAULTING_IP: tcpip!GetAddress+14 b8f3832f 6683780202 cmp word ptr [eax+0x2],0x2 DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from b8f3f4af to b8f3832f TRAP_FRAME: f78b6de4 -- (.trap fffffffff78b6de4) ErrCode = 00000000 eax=f78f33e3 ebx=00000000 ecx=6bc80100 edx=00000001 esi=000088d9 edi=f78b6ec8 eip=b8f3832f esp=f78b6e58 ebp=f78b6e5c iopl=0 nv up ei ng nz na pe cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283 tcpip!GetAddress+0x14: b8f3832f 6683780202 cmp word ptr [eax+0x2],0x2 ds:0023:f78f33e5=???? Resetting default scope STACK_TEXT: f78b6e5c b8f3f4af f78eab02 f78b6e98 f78b6e9c tcpip!GetAddress+0x14 f78b6ea4 b8f3ed0b f78b6ec8 00000000 f78eabe0 tcpip!TdiConnect+0x37 f78b6ee0 b8f5c96b 88a74008 88a74078 88c22870 tcpip!TCPConnect+0xa8 f78b6f04 b8f42912 00000000 804e2448 88c22870 tcpip!TCPResumeActiveOpen+0x77 f78b6f24 b8f3cce8 02c22870 00000002 00000000 tcpip!CloseTCB+0x1c4 f78b6f40 b8f42f00 88c22870 00000002 004f7ae1 tcpip!DerefTCB+0x60 f78b6fbc b8f323ec b8f7ab38 00000000 f7727980 tcpip!TCBTimeout+0x79c f78b6fcc 804dcd22 b8f7ab48 b8f7ab38 f81e1b98 tcpip!TCBTimeoutdpc+0xf f78b6ff4 804dc88d b5880d44 00000000 00000000 nt!KiRetireDpcList+0x61 f78b6ff8 b5880d44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2b WARNING: Frame IP not in any known module. Following frames may be wrong. 804dc88d 00000000 00000009 0081850f bb830000 0xb5880d44 CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt 804dc962-804dc968 7 bytes - nt!SwapContext+20 [ 83 bb 94 09 00 00 00:e9 b9 ce 95 38 90 90 ] 804e4c40-804e4c43 4 bytes - nt!KiServiceTable+390 (+0x82de) [ 1d 1b 58 80:e0 96 e3 b8 ] 80672000-8067200d 14 bytes - nt!IovUnloadDrivers+8 [ 90 90 90 90 90 a1 00 71:00 00 01 ba 44 ca fe de ] 80672010-8067206b 92 bytes - nt!FormatMaxDisplacement <PERF> (nt+0x19b010) (+0x10) [ 00 00 90 90 90 90 90 8b:01 bb 00 12 80 c4 e1 04 ] 8067206d-80672075 9 bytes - nt!IovFreeIrpPrivate+26 (+0x5d) [ 74 0f 53 53 56 6a 02 68:00 00 00 00 00 00 00 00 ] 80672079-80672085 13 bytes - nt!IovFreeIrpPrivate+32 (+0x0c) [ e8 11 51 ec ff 8d 55 0b:00 00 00 00 00 00 00 00 ] 80672088-80672097 16 bytes - nt!IovFreeIrpPrivate+41 (+0x0f) [ 38 5d 0b 75 06 56 e8 1e:00 00 00 00 00 00 00 00 ] 80672099-806720c7 47 bytes - nt!IovFreeIrpPrivate+52 (+0x11) [ 90 cc cc cc cc cc cc 90:00 00 00 00 00 00 00 00 ] 806720cb-806720d7 13 bytes - nt!IovCallDriver+26 (+0x32) [ 66 83 3a 06 74 0a 51 51:00 00 00 00 00 00 00 00 ] 806720db-806720eb 17 bytes - nt!IovCallDriver+36 (+0x10) [ 57 e8 36 ff ff ff 84 c0:00 00 00 00 00 00 00 00 ] 806720ef-806720ff 17 bytes - nt!IovCallDriver+4a (+0x14) [ 8b 35 08 81 4d 80 ff d6:00 00 00 00 00 00 00 00 ] 80672102-8067210d 12 bytes - nt!IovCallDriver+5d (+0x13) [ 8b 4d fc 8d 55 f8 88 45:00 00 00 00 00 00 00 00 ] 80672110-80672123 20 bytes - nt!IovCallDriver+6b (+0x0e) [ 84 c0 75 12 6a 50 58 e8:00 00 00 00 00 00 00 00 ] 80672126-80672130 11 bytes - nt!IovCallDriver+81 (+0x16) [ ff 75 f8 8d 55 fc 8b cf:00 00 00 00 00 00 00 00 ] 80672133-80672138 6 bytes - nt!IovCallDriver+8e (+0x0d) [ 83 c9 ff e8 8e 94:00 00 00 00 00 00 ] 8067213b-80672152 24 bytes - nt!IovCallDriver+96 (+0x08) [ 8b 55 fc 8b cf e8 6d f2:00 00 00 00 00 00 00 00 ] 80672155-8067215a 6 bytes - nt!IovCallDriver+b0 (+0x1a) [ 8b 4d f8 e8 f6 72:00 00 00 00 00 00 ] 8067215d-80672166 10 bytes - nt!IovCallDriver+b8 (+0x08) [ ff 75 f0 ff 75 fc 57 e8:00 00 00 00 00 00 00 00 ] 80672169-8067217d 21 bytes - nt!IovCallDriver+c4 (+0x0c) [ ff d6 3a d8 74 17 ff d6:00 00 00 00 00 00 00 00 ] 80672181-806721ad 45 bytes - nt!IovCallDriver+dc (+0x18) [ e8 09 50 ec ff 8b 45 f4:00 00 00 00 00 00 00 00 ] 806721af-806721d3 37 bytes - nt!IovBuildAsynchronousFsdRequest+10 (+0x2e) [ ff 75 1c ff 75 18 ff 75:00 00 00 00 00 00 00 00 ] 806721d5-806721dd 9 bytes - nt!IovBuildAsynchronousFsdRequest+36 (+0x26) [ 90 90 90 90 90 8b 45 ec:00 00 00 00 00 00 00 00 ] 806721df - nt!IovBuildAsynchronousFsdRequest+3b (+0x0a) [ 8b:00 ] 806721e1-806721fc 28 bytes - nt!IovBuildAsynchronousFsdRequest+3d (+0x02) [ 89 45 e4 33 c0 40 c3 90:00 00 00 00 00 00 00 00 ] 80672200-8067221e 31 bytes - nt!IovBuildAsynchronousFsdRequest+57 (+0x1f) [ e8 8a 4f ec ff cc cc cc:00 00 00 00 00 00 00 00 ] 80672220-8067224d 46 bytes - nt!IovBuildDeviceIoControlRequest+10 (+0x20) [ ff 75 28 ff 75 24 ff 75:00 00 00 00 00 00 00 00 ] 8067224f-80672257 9 bytes - nt!IovBuildDeviceIoControlRequest+3f (+0x2f) [ 90 90 90 90 90 8b 45 ec:00 00 00 00 00 00 00 00 ] 80672259 - nt!IovBuildDeviceIoControlRequest+44 (+0x0a) [ 8b:00 ] 8067225b-80672276 28 bytes - nt!IovBuildDeviceIoControlRequest+46 (+0x02) [ 89 45 e4 33 c0 40 c3 90:00 00 00 00 00 00 00 00 ] 8067227a-806722a0 39 bytes - nt!IovBuildDeviceIoControlRequest+60 (+0x1f) [ e8 10 4f ec ff cc cc cc:00 00 00 00 00 00 00 00 ] 806722a4-806722b7 20 bytes - nt!IovInitializeTimer+19 (+0x2a) [ e8 e6 4e ec ff ff 75 10:00 00 00 00 00 00 00 00 ] 806722b9-80672325 109 bytes - nt!IovInitializeTimer+2e (+0x15) [ 90 cc cc cc cc cc cc 90:00 00 00 00 00 00 00 00 ] 80672328-80672331 10 bytes - nt!IovpLocalCompletionRoutine+63 (+0x6f) [ 8b 53 1c 33 c0 3b d0 c6:00 00 00 00 00 00 00 00 ] 80672333-80672335 3 bytes - nt!IovpLocalCompletionRoutine+6e (+0x0b) [ c6 43 02:00 00 00 ] 80672337-8067236c 54 bytes - nt!IovpLocalCompletionRoutine+72 (+0x04) [ c6 43 03 10 89 43 04 89:00 00 00 00 00 00 00 00 ] 8067236f-80672385 23 bytes - nt!IovpLocalCompletionRoutine+aa (+0x38) [ ff 73 20 57 ff 75 08 ff:00 00 00 00 00 00 00 00 ] 80672388-8067238f 8 bytes - nt!IovpLocalCompletionRoutine+c3 (+0x19) [ 8b 56 08 8b cf e8 7c d2:00 00 00 00 00 00 00 00 ] 80672392-80672395 4 bytes - nt!IovpLocalCompletionRoutine+cd (+0x0a) [ 81 7d 08 16:00 00 00 00 ] 80672398-8067239d 6 bytes - nt!IovpLocalCompletionRoutine+d3 (+0x06) [ c0 74 69 80 7d ff:00 00 00 00 00 00 ] 8067239f-806723a3 5 bytes - nt!IovpLocalCompletionRoutine+da (+0x07) [ 75 63 83 66 0c:00 00 00 00 00 ] 806723a5-806723d8 52 bytes - nt!IovpLocalCompletionRoutine+e0 (+0x06) [ 83 c3 24 89 1e 8b 43 20:00 00 00 00 00 00 00 00 ] 806723da-8067243a 97 bytes - nt!IovpLocalCompletionRoutine+115 (+0x35) [ 74 17 f6 43 03 20 74 11:00 00 00 00 00 00 00 00 ] 8067243c-80672458 29 bytes - nt!IovInitializeIrp+24 (+0x62) [ cc cc cc cc cc cc 90 90:00 00 00 00 00 00 00 00 ] 8067245b-8067245d 3 bytes - nt!IovAttachDeviceToDeviceStack+14 (+0x1f) [ 5d c2 08:00 00 00 ] 8067245f-8067247e 32 bytes - nt!IovAttachDeviceToDeviceStack+18 (+0x04) [ 90 cc cc cc cc cc cc 90:00 00 00 00 00 00 00 00 ] 80672481-8067248d 13 bytes - nt!IovDeleteDevice+16 (+0x22) [ 83 3d 20 a8 55 80 02 72:00 00 00 00 00 00 00 00 ] 80672490-80672492 3 bytes - nt!IovDeleteDevice+25 (+0x0f) [ 5d c2 04:00 00 00 ] 80672494-806724af 28 bytes - nt!IovDeleteDevice+29 (+0x04) [ cc cc cc cc cc 90 90 90:00 00 00 00 00 00 00 00 ] 806724b2-806724b4 3 bytes - nt!IovDetachDevice+14 (+0x1e) [ 5d c2 04:00 00 00 ] 806724b6-806724d3 30 bytes - nt!IovDetachDevice+18 (+0x04) [ 90 90 cc cc cc cc cc cc:00 00 00 00 00 00 00 00 ] 806724d6-806724db 6 bytes - nt!IovCancelIrp+13 (+0x20) [ 8a 45 0f 5d c2 08:00 00 00 00 00 00 ] 806724dd-80672528 76 bytes - nt!IovCancelIrp+1a (+0x07) [ 90 90 90 cc cc cc cc cc:00 00 00 00 00 00 00 00 ] WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output. 80689000-8068911d 286 bytes - nt!KdPullRemoteFile <PERF> (nt+0x1b2000) [ 00 00 00 00 00 00 90 90:38 cf bc 0c c7 fd dd 4d ] 8068911f-8068921a 252 bytes - nt!MiMakeSpecialPoolPagable+60 (+0x11f) [ e7 ff c6 05 6a 6c 56 80:a9 f7 3a 35 78 66 f4 eb ] 8068921c-8068926c 81 bytes - nt!MiProtectSpecialPool+c9 (+0xfd) [ ef 0b 83 e7 01 6a 02 75:4d fd b1 ed c9 22 89 82 ] 8068926e-80689353 230 bytes - nt!MiProtectSpecialPool+11b (+0x52) [ eb 0c 8d 0c 5b bb 1f ff:23 f5 33 46 02 0c b4 79 ] 80689355-806893c8 116 bytes - nt!MiProtectSpecialPool+202 (+0xe7) [ 0f 84 63 01 00 00 83 7d:93 89 d4 b5 4f 84 39 ea ] 806893ca-80689575 428 bytes - nt!MiProtectSpecialPool+277 (+0x75) [ 28 81 4d 80 8b 1e 8b cb:7e 66 f0 08 f0 b0 db 54 ] 80689577-80689584 14 bytes - nt!MiAllocateSpecialPool+80 (+0x1ad) [ 74 df 3d 4d 6d 53 64 74:a3 be f1 9a 43 fa ae 97 ] 80689586-8068962c 167 bytes - nt!MiAllocateSpecialPool+8f (+0x0f) [ d1 33 c9 33 d2 41 e8 74:15 ee 37 bb dc 39 38 a2 ] 8068962e-8068985f 562 bytes - nt!MiAllocateSpecialPool+137 (+0xa8) [ 79 02 00 00 6a 02 8a d3:c9 2e 7c 47 6b d5 a1 4d ] 80689861-806899b8 344 bytes - nt!MiAllocateSpecialPool+36a (+0x233) [ 2a d9 ea ff 8b 41 08 83:61 5a 8d 34 9b e3 1d 39 ] 806899ba-80689b21 360 bytes - nt!MmFreeSpecialPool+aa (+0x159) [ f6 66 8b 37 81 e6 ff 1f:96 0e ab 53 f1 ab 28 7f ] 80689b23-80689bba 152 bytes - nt!MmFreeSpecialPool+213 (+0x169) [ 81 4d 80 ff 0d 34 21 56:f2 e5 ea 41 92 85 39 34 ] 80689bbc-80689c3e 131 bytes - nt!MmFreeSpecialPool+2ac (+0x99) [ 89 41 08 eb 07 8b cf e8:c0 5c ce df 4c b7 e6 06 ] 64055 errors : !nt (804dc962-80689c3e) MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption FOLLOWUP_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MEMORY_CORRUPTOR: LARGE STACK_COMMAND: .trap fffffffff78b6de4 ; kb FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE BUCKET_ID: MEMORY_CORRUPTION_LARGE Followup: memory_corruption ---------
a few things. 1. if verifier causes blue screens, you should find out which drivers suck and get them reported and fixed or removed from your system. in our cases, we were able to finger one or two specific drives and remove or upgrade them to get the system to be mostly happy with verifier which made normal operation much less sketchy. 2. could you possibly list all the drivers that you told verifier to investigate? that would at least give someone some things to google, perhaps some of them turn up as common sources of blue screens :). 3. try: .dump /maip /u /ba /c "tcp CODE_CORRUPTION/MEMORY_CORRUPTION_LARGE" c:\tcp-308925 if it keeps complaining about flags, try removing letters from the ends of the / things, the "comment" bit is part of /c, so you'd remove that as a pair (you can read help on .dump) for a description. i've never met this error, there's a newsgroup under msnews.microsoft.com which we could probably use to get more help (or you could google for CODE_CORRUPTION or MEMORY_CORRUPTION_LARGE. thank you for the output, it does give me some understanding of what your system is thinking (unfortunately it's a class of error i haven't before had to investigate).
(In reply to comment #2) > I also played around with running processes and found that the crash only occurs > when checking email in Thunderbird at the same time as I am running Azureus and > Kaspersky Anti-Virus. If either Kaspersky AV or Azureus are turned off, the > crash does not occur. timeless, reporter upgraded "just about every piece of software involved", is not running Azureus, and doesn't see it anymore. but is willing to help if it's needed. -> INVALID (based on the Kaspersky/Azureus aspect) - reopen if it deserves further work
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Keywords: crash, hang
Resolution: --- → INVALID
Summary: Total system crash on mail check → Blue screen crash and windows system reboot on thunderbird startup with Kaspersky antivirus and Azureus
We're now tracking such bugs. This doesn't mean it's something we can fix, merely something we hope to be able to point vendors to so they can investigate. This is an automated message.
Assignee: mscott → nobody
Component: General → Kaspersky AV
Product: Thunderbird → Plugins
QA Contact: general → kaspersky-antivirus
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.