Crash on startup when certain controller is connected

For discussion about Trine, firstly released in 2009 for Windows and on PlayStation Network.
t0x1n
Posts: 5
Joined: Wed Oct 22, 2014 10:57 pm

Crash on startup when certain controller is connected

Postby t0x1n » Wed Oct 22, 2014 11:10 pm

USB Controller identifier:

Code: Select all

USB\VID_1345&PID_0003&REV_0210


Driver:
http://zebronics.info/downloads/gamepad/ (don't recall which one, I think 150jp)

Crash message:

Code: Select all

---------------------------
Unhandled exception
---------------------------Exception code: 0xc0000005
Address: 0x699919EB in HID.DLL:69991000
Related modules: FFDrv.dll DINPUT8.dll trine1_32bit.exe KERNEL32.DLL ntdll.dll
Minidump:
F:\Steam\SteamApps\common\Trine\_enchanted_edition_\log\trine1_32bit.exe_48a081cc.dmp


I've uploaded the full dump file here:
http://www.filedropper.com/trine132bitexe48a081cc

Here's the result of WinDbg analyze -v:

Code: Select all

!analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for trine1_32bit.exe
*** ERROR: Module load completed but symbols could not be loaded for trine1_32bit.exe
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for atiumdag.dll -

FAULTING_IP:
hid!HidD_FreePreparsedData+b
699919eb 813885379969    cmp     dword ptr [eax],offset hid!HidD_Hello (69993785)

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 699919eb (hid!HidD_FreePreparsedData+0x0000000b)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: fffffff0
Attempt to read from address fffffff0

CONTEXT:  00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=770a7320 ecx=00000000 edx=00000000 esi=3d26f55d edi=00000b4c
eip=77e6b30c esp=3d2695d0 ebp=3d2695dc iopl=0         nv up ei pl nz ac po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000212
ntdll!NtGetContextThread+0xc:
77e6b30c c20800          ret     8

PROCESS_NAME:  trine1_32bit.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  fffffff0

READ_ADDRESS:  fffffff0

FOLLOWUP_IP:
hid!HidD_FreePreparsedData+b
699919eb 813885379969    cmp     dword ptr [eax],offset hid!HidD_Hello (69993785)

APPLICATION_VERIFIER_FLAGS:  0

APP:  trine1_32bit.exe

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

FAULTING_THREAD:  00001f3c

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_FINALIZER

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ_FINALIZER

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ_FINALIZER

LAST_CONTROL_TRANSFER:  from 27281636 to 699919eb

STACK_TEXT: 
006ef7a0 27281636 00000000 1f438af8 1f430000 hid!HidD_FreePreparsedData+0xb
006ef7b4 272816e3 ffffffff 1fe15eb0 0f992bea FFDrv!DllCanUnloadNow+0x239
006ef7c0 0f992bea 1f438af8 0f9a6480 1fe15eb0 FFDrv!DllCanUnloadNow+0x2e6
006ef7c8 0f9a6480 1fe15eb0 006ef7ec 0f997d14 dinput8!Invoke_Release+0xe
006ef7d4 0f997d14 1fe15eb0 1fdf53f0 ffffffff dinput8!CEShep_Finalize+0x11
006ef7ec 0f992bea 1fe15eac 0f997ff8 ffffffff dinput8!Common_PrivateRelease+0x84
006ef7f4 0f997ff8 ffffffff 1fdf5400 0f997ec0 dinput8!Invoke_Release+0xe
006ef800 0f997ec0 1fdf5400 006ef824 0f997d14 dinput8!CDIDev_Reset+0x28
006ef80c 0f997d14 1fdf5400 17fbb4f4 00000000 dinput8!CDIDev_Finalize+0x1b
006ef824 01a0ab1c 1fdf53fc 725eda16 1e5379f0 dinput8!Common_PrivateRelease+0x84
WARNING: Stack unwind information not available. Following frames may be wrong.
006ef848 01a0aa5b 1eb88390 006ef860 01a0a670 trine1_32bit+0xd6ab1c
006ef854 01a0a670 00000001 006ef884 01a09cbc trine1_32bit+0xd6aa5b
006ef860 01a09cbc 1e5379f0 1fe1d790 17fbb4e8 trine1_32bit+0xd6a670
006ef884 01a0924e 725edafa 17fbb4e8 17fbb4e8 trine1_32bit+0xd69cbc
006ef8a4 01a17a72 1fe2e9c8 006ef8d8 01a139e1 trine1_32bit+0xd6924e
006ef8b0 01a139e1 17fbb4e8 1fe16030 725eda86 trine1_32bit+0xd77a72
006ef8d8 01a12aeb 1eb88000 006ef8f0 014e28d0 trine1_32bit+0xd739e1
006ef8e4 014e28d0 00000001 006ef918 01a0d10e trine1_32bit+0xd72aeb
006ef8f0 01a0d10e 1fe2e9c8 1fe165d0 725edb46 trine1_32bit+0x8428d0
006ef918 01a0d08b 00000009 006ef930 014e28d0 trine1_32bit+0xd6d10e
006ef924 014e28d0 00000001 006ef9e4 014d34ca trine1_32bit+0xd6d08b
006ef930 014d34ca 1eb88000 1fe165a8 725edbba trine1_32bit+0x8428d0
006ef9e4 014d3cbb 00000001 00000000 00000018 trine1_32bit+0x8334ca
006efa4c 00fdb17b 3c23d86d 725ed8d2 0000000a trine1_32bit+0x833cbb
006efa8c 010c7ccc 3c23d86d 725ed8e6 06704758 trine1_32bit+0x33b17b
006efab8 010c7e69 0670d3f8 00770000 3c23d86d trine1_32bit+0x427ccc
006efbc0 7709919f 7e674000 006efc10 77e80bbb trine1_32bit+0x427e69
006efbcc 77e80bbb 7e674000 0729a43e 00000000 kernel32!BaseThreadInitThunk+0xe
006efc10 77e80b91 ffffffff 77e6c9f4 00000000 ntdll!__RtlUserThreadStart+0x20
006efc20 00000000 02d672f0 7e674000 00000000 ntdll!_RtlUserThreadStart+0x1b


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  hid!HidD_FreePreparsedData+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hid

IMAGE_NAME:  hid.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  52157d73

STACK_COMMAND:  ~41s; .ecxr ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_FINALIZER_c0000005_hid.dll!HidD_FreePreparsedData

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_FINALIZER_hid!HidD_FreePreparsedData+b

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_finalizer_c0000005_hid.dll!hidd_freepreparseddata

FAILURE_ID_HASH:  {76a08f1e-c962-7256-739a-007324d03a6f}

Followup: MachineOwner

User avatar
RiikkaFB
Posts: 98
Joined: Mon Mar 17, 2014 11:55 am

Re: Crash on startup when certain controller is connected

Postby RiikkaFB » Thu Oct 23, 2014 3:26 pm

Does this crash only happen when the controller is connected, and not otherwise? I'd also like to know if you experience this issue if you plug the controller in when the game is already running. Do you experience this issue with the original version of Trine, or only in the Enchanted Edition?

Have you tried the regular solutions under the Troubleshooting section of our Trine FAQ?

Sorry for the many questions; we haven't run into an issue like this before. Our QA can look into this, once we know a bit more. Unfortunately I can't promise a fix (at least anytime soon), since this seems like a really rare issue connected to a certain controller, and we have not encountered anything like this before - but yes, we can look into this. In the meanwhile, you could try playing using a keyboard + mouse or another controller.

Sorry for the inconvenience. Let me know how it goes or if you have other questions. :)

t0x1n
Posts: 5
Joined: Wed Oct 22, 2014 10:57 pm

Re: Crash on startup when certain controller is connected

Postby t0x1n » Fri Oct 24, 2014 12:03 pm

RiikkaFB wrote:Does this crash only happen when the controller is connected, and not otherwise?

Only when connected
I'd also like to know if you experience this issue if you plug the controller in when the game is already running.

Yes
Do you experience this issue with the original version of Trine, or only in the Enchanted Edition? Have you tried the regular solutions under the Troubleshooting section of our Trine FAQ?

I didn't, and probably won't as I simply uninstalled the driver for now and it works (the only thing the driver gave me was vibration support in x360ce which I don't use anymore since I bought an original xbox controller).

Sorry for the many questions; we haven't run into an issue like this before. Our QA can look into this, once we know a bit more. Unfortunately I can't promise a fix (at least anytime soon), since this seems like a really rare issue connected to a certain controller, and we have not encountered anything like this before - but yes, we can look into this. In the meanwhile, you could try playing using a keyboard + mouse or another controller.
Sorry for the inconvenience. Let me know how it goes or if you have other questions. :)

Thanks, I'm good for now. Note that I linked to the full dump file (at filedropper) - your developers should be able to isolate the bug using a debugger such as WinDbg, as they have the necessary symbols making the dump almost as good as reproducing it with the original controller.

User avatar
RiikkaFB
Posts: 98
Joined: Mon Mar 17, 2014 11:55 am

Re: Crash on startup when certain controller is connected

Postby RiikkaFB » Fri Oct 24, 2014 1:00 pm

Good to know it works. :) Thanks for sharing this. I'll notify our QA about this. Cheers.

fb_jlarja
Posts: 219
Joined: Fri Nov 11, 2011 4:45 pm

Re: Crash on startup when certain controller is connected

Postby fb_jlarja » Fri Oct 24, 2014 1:27 pm

According to the dump you attached, the crash happens in some third party code. Google for HidD_FreePreparsedData for better guess. It is quite possible we could code around this, but without the controller and the driver (and we don't even know if the offending code is directly related to the particular controller), it would have to be done blindly, which is pretty cumbersome and usually doesn't work too well.

Anyway, thanks for the effort. Would be great if every user was able to sent preanalyzed dump files :D .

-JLarja

t0x1n
Posts: 5
Joined: Wed Oct 22, 2014 10:57 pm

Re: Crash on startup when certain controller is connected

Postby t0x1n » Fri Oct 24, 2014 3:54 pm

fb_jlarja wrote:According to the dump you attached, the crash happens in some third party code. Google for HidD_FreePreparsedData for better guess. It is quite possible we could code around this, but without the controller and the driver (and we don't even know if the offending code is directly related to the particular controller), it would have to be done blindly, which is pretty cumbersome and usually doesn't work too well.

Anyway, thanks for the effort. Would be great if every user was able to sent preanalyzed dump files :D .

-JLarja


Don't mention it, though I have to give Microsoft most of the credit for making it so simple (and tools such as DebugDiag take that even further).

I think it's a safe bet to say that the driver is the offender here (I linked to the zebronics site) - like I said once uninstalled the problem disappeared.

I don't have your PDBs but it looks like you're calling some sort of a release method in dinput8. The solution may be as simple as a try/catch there, but I'm really stabbing at the dark here as I know next to nothing about DirectX/DirectInput development, and swallowing that exception could lead to the controller not working, a crash in some other place, etc. It probably won't be worse than crashing though, so you might want to give it a shot in the next patch you release just in case... my 2 cents anyway.

Cheers :)

fb_jlarja
Posts: 219
Joined: Fri Nov 11, 2011 4:45 pm

Re: Crash on startup when certain controller is connected

Postby fb_jlarja » Mon Oct 27, 2014 7:39 am

t0x1n wrote:I don't have your PDBs but it looks like you're calling some sort of a release method in dinput8. The solution may be as simple as a try/catch there, but I'm really stabbing at the dark here as I know next to nothing about DirectX/DirectInput development, and swallowing that exception could lead to the controller not working, a crash in some other place, etc. It probably won't be worse than crashing though, so you might want to give it a shot in the next patch you release just in case... my 2 cents anyway.

Cheers :)


Yeah, we don't use exceptions. I can't actually find any mention of Release() method from MSDN documents, yet I'm pretty sure I didn't just pull it out from my ass either (I wrote the DirectInput joystick code almost five years ago. Probably copied Release() call from some sample). I don't really dare to touch it without having time to test the changes too. I'll keep this in mind though.

-JLarja

t0x1n
Posts: 5
Joined: Wed Oct 22, 2014 10:57 pm

Re: Crash on startup when certain controller is connected

Postby t0x1n » Mon Oct 27, 2014 1:08 pm

fb_jlarja wrote:Yeah, we don't use exceptions. I can't actually find any mention of Release() method from MSDN documents, yet I'm pretty sure I didn't just pull it out from my ass either (I wrote the DirectInput joystick code almost five years ago. Probably copied Release() call from some sample). I don't really dare to touch it without having time to test the changes too. I'll keep this in mind though.
-JLarja

Yeah I hear you. If you want to send me the (public) PDB I can tell you exactly which method in your code ends up calling into dinput8!Common_PrivateRelease+0x84 (up to method inlining at least). Lots of companies share their public PDBs (including Microsoft, via its symbol server), it shouldn't pose an intellectual property issue.

fb_jlarja
Posts: 219
Joined: Fri Nov 11, 2011 4:45 pm

Re: Crash on startup when certain controller is connected

Postby fb_jlarja » Tue Oct 28, 2014 8:04 am

t0x1n wrote:Yeah I hear you. If you want to send me the (public) PDB I can tell you exactly which method in your code ends up calling into dinput8!Common_PrivateRelease+0x84 (up to method inlining at least). Lots of companies share their public PDBs (including Microsoft, via its symbol server), it shouldn't pose an intellectual property issue.


It's actually called only in one place, so that's not a problem. Here's the link to PDB (http://files.frozenbyte.com/trine1.pdb.7z. In case that doesn't work, try http://files.frozenbyte.com/trine1-211.pdb.7z), if you want to check it anyway. It would be good to check, but of course I could just do that myself, if I just had the time :) .

-JLarja

t0x1n
Posts: 5
Joined: Wed Oct 22, 2014 10:57 pm

Re: Crash on startup when certain controller is connected

Postby t0x1n » Wed Oct 29, 2014 1:43 am

fb_jlarja wrote:It's actually called only in one place, so that's not a problem. Here's the link to PDB (http://files.frozenbyte.com/trine1.pdb.7z. In case that doesn't work, try http://files.frozenbyte.com/trine1-211.pdb.7z), if you want to check it anyway. It would be good to check, but of course I could just do that myself, if I just had the time :) .
-JLarja

Yeah I know what you mean...
I already had the dump handy, and I needed an excuse to fire up WinDbg anyway, so here's the resolved stack:

Code: Select all

007bfa60 26371636 00000000 1f53b0f8 1f530000 hid!HidD_FreePreparsedData+0xb
WARNING: Stack unwind information not available. Following frames may be wrong.
007bfa94 0f997d14 1e898de0 1ffedb00 ffffffff FFDrv+0x1636
007bfaac 0f992bea 1e898ddc 0f997ff8 ffffffff dinput8!Common_PrivateRelease+0x84
007bfab4 0f997ff8 ffffffff 1ffedb10 0f997ec0 dinput8!Invoke_Release+0xe
007bfac0 0f997ec0 1ffedb10 007bfae4 0f997d14 dinput8!CDIDev_Reset+0x28
007bfacc 0f997d14 1ffedb10 1e5a76c4 00000000 dinput8!CDIDev_Finalize+0x1b
007bfae4 01a0ab1c 1ffedb0c d574248c 1e670a38 dinput8!Common_PrivateRelease+0x84
007bfb08 01a0aa5b 1e13d888 007bfb20 01a0a670 trine1_32bit!fb::sys::input::windows::DirectInputJoystick::~DirectInputJoystick+0x4c
007bfb14 01a0a670 00000001 007bfb44 01a09cbc trine1_32bit!fb::sys::input::windows::DirectInputJoystick::`scalar deleting destructor'+0xb
007bfb20 01a09cbc 1e670a38 1e898718 1e5a76b8 trine1_32bit!`fb::lang::SharedPointer<fb::sys::input::windows::DirectInputJoystick>::reset<fb::lang::DefaultSharedPointerDeleter>'::`5'::Destructor::destroy+0x10
007bfb44 01a0924e d57424e0 1e5a76b8 1e5a76b8 trine1_32bit!fb::lowlevel::container::TinyVector<fb::lang::SharedPointer<fb::sys::input::windows::DirectInputJoystick>,0,1>::clear+0x3c
007bfb64 01a17a72 20067708 007bfb98 01a139e1 trine1_32bit!fb::sys::input::windows::DirectInputHandler::~DirectInputHandler+0xde
007bfb70 01a139e1 1e5a76b8 1e898cb8 d574241c trine1_32bit!`fb::lang::SharedPointer<fb::sys::input::windows::DirectInputHandler>::reset<fb::lang::DefaultSharedPointerDeleter>'::`5'::Destructor::destroy+0x12
007bfb98 01a12aeb 1e13d438 007bfbb0 014e28d0 trine1_32bit!fb::sys::input::windows::WindowsHIDHandler::~WindowsHIDHandler+0x191
007bfba4 014e28d0 00000001 007bfbd8 01a0d10e trine1_32bit!fb::sys::input::windows::WindowsHIDHandler::`scalar deleting destructor'+0xb
007bfbb0 01a0d10e 20067708 1e8895b0 d574245c trine1_32bit!`fb::lang::SharedPointer<fb::sys::input::IHIDHandler>::reset<fb::lang::DefaultSharedPointerDeleter>'::`5'::Destructor::destroy+0x10
007bfbd8 01a0d08b 00000009 007bfbf0 014e28d0 trine1_32bit!fb::sys::input::HIDHandler::~HIDHandler+0x4e
007bfbe4 014e28d0 00000001 007bfca4 014d34ca trine1_32bit!fb::sys::input::HIDHandler::`scalar deleting destructor'+0xb
007bfbf0 014d34ca 1e13d438 1e8893f8 d5742320 trine1_32bit!`fb::lang::SharedPointer<fb::sys::input::IHIDHandler>::reset<fb::lang::DefaultSharedPointerDeleter>'::`5'::Destructor::destroy+0x10
007bfca4 014d3cbb 00000001 00000000 00000018 trine1_32bit!fb::input::InputModule::Impl::initControllers+0x2ba
007bfcb8 014d5629 00000000 00000018 3a58d340 trine1_32bit!fb::input::InputModule::Impl::doReenumeration+0x7b
007bfd04 00fdb15c 007bfd4c 00fdb17b 3c23d86d trine1_32bit!fb::input::InputModule::update+0x149
007bfd4c 010c7ccc 3c23d86d d57422fc 067058b0 trine1_32bit!fb::engine::module::ModuleRoot::update+0x14c
007bfd78 010c7e69 06724af0 00870000 3c23d86d trine1_32bit!fb::gamebase::GameBaseApplication::updateTick+0x1ac
007bfe7c 7709919f 7eeaf000 007bfecc 77e80bbb trine1_32bit!fb::gamebase::GameBaseApplication::awakenFromThreadSleep+0x129
007bfe88 77e80bbb 7eeaf000 a00358e3 00000000 kernel32!BaseThreadInitThunk+0xe
007bfecc 77e80b91 ffffffff 77e6c9e0 00000000 ntdll!__RtlUserThreadStart+0x20
007bfedc 00000000 02d672f0 7eeaf000 00000000 ntdll!_RtlUserThreadStart+0x1b

Looks like the destructor of DirectInputJoystick ultimately calls into the crashing DInput code.
Cheers :)

fb_jlarja
Posts: 219
Joined: Fri Nov 11, 2011 4:45 pm

Re: Crash on startup when certain controller is connected

Postby fb_jlarja » Wed Oct 29, 2014 8:10 am

t0x1n wrote:Looks like the destructor of DirectInputJoystick ultimately calls into the crashing DInput code.
Cheers :)


Yeah, that's what I thought (only place that calls Release, really). Thanks for confirmation.

-JLarja


Return to “Trine”

Who is online

Users browsing this forum: No registered users and 1 guest