none
Application crash with "Fatal Execution Engine Error" RRS feed

  • Question

  • Hi,

    we are observing sporadic crashes in our application. The application is rather complex: unmanaged startup code (kernel) with a lot of COM and using VSTA layer for customizing. The [VSTA] customizing approach starts and terminates separate AppDomains that call back into the COM object model provided by the main kernel.

    After several days of isolation and simplification of the application flow I managed to get a "stable" crash behaviour (from WinXP x86 up to Win7 x64) with an exception

    First-chance exception at 0x79fabdf7 (mscorwks.dll) in vctest.exe: 0xC0000005: Access violation reading location 0x00000000. 

    and the following stack trace:

      mscorwks.dll!MethodTable::GetGuid()  + 0x2ebf bytes 
      mscorwks.dll!RCW::GetComIPForMethodTableFromCache()  + 0x5c bytes 
      mscorwks.dll!RCW::GetComIPFromRCW()  + 0x23 bytes 
      mscorwks.dll!ComObject::GetComIPFromRCW()  + 0x40 bytes 
      mscorwks.dll!ComObject::SupportsInterface()  + 0x89 bytes 
      mscorwks.dll!Object::SupportsInterface()  + 0x6d bytes 
      mscorwks.dll!UnmarshalObjectFromInterface()  + 0x4a bytes 
      mscorwks.dll!InterfaceMarshalerBase::ConvertSpaceNativeToCLR()  + 0x28 bytes 
      mscorwks.dll!DefaultMarshalOverrides<InterfaceMarshalerBase>::ReturnCLRFromNativeRetval()  + 0xb bytes 
      mscorwks.dll!RunML()  + 0xbab9e bytes 
      mscorwks.dll!_CLRToCOMWorker@8()  + 0x2c080 bytes 
      0228ab3e() 
      mscorwks.dll!_CallDescrWorker@20()  + 0x33 bytes 
      mscorwks.dll!_CallDescrWorkerWithHandler@24()  + 0x9f bytes 
      mscorwks.dll!MethodDesc::CallDescr()  + 0x15a bytes 
      mscorwks.dll!MethodDesc::CallTargetWorker()  + 0x1f bytes 
      mscorwks.dll!MethodDescCallSite::CallWithValueTypes()  + 0x1a bytes 
      mscorwks.dll!InvokeImpl()  + 0x3cf bytes 
      mscorwks.dll!RuntimeMethodHandle::InvokeMethodFast()  + 0xb2 bytes 
      mscorlib.ni.dll!792d5428()  
      [Frames below may be incorrect and/or missing, no symbols loaded for mscorlib.ni.dll] 
      mscorlib.ni.dll!792d51d6()  
      mscorlib.ni.dll!792d50be()  
      mscorwks.dll!_CallDescrWorker@20()  + 0x33 bytes 
      mscorwks.dll!_CallDescrWorkerWithHandler@24()  + 0x9f bytes 
      mscorwks.dll!DispatchCallBody()  + 0x1e bytes 
      mscorwks.dll!DispatchCallDebuggerWrapper()  + 0x3d bytes 
      mscorwks.dll!DispatchCall()  + 0x98 bytes 
      mscorwks.dll!CrossDomainChannel::MarshalAndCall_Wrapper()  + 0x37d bytes 
      mscorwks.dll!MarshalAndCall_Wrapper2()  + 0xf bytes 
      mscorwks.dll!MakeCallWithAppDomainTransition()  + 0xae bytes 
      mscorwks.dll!CrossDomainChannel::MarshalAndCall()  + 0x507 bytes 
      mscorwks.dll!CrossDomainChannel::ExecuteCrossDomainCall()  + 0x59 bytes 
      mscorwks.dll!CrossDomainChannel::CheckCrossDomainCall()  + 0xd9 bytes 
      mscorwks.dll!CTPMethodTable::OnCall()  + 0xa8 bytes 
      021f2ead() 
      mscorwks.dll!COMToCLRWorkerBody()  + 0x1ac bytes 
      mscorwks.dll!COMToCLRWorkerDebuggerWrapper()  + 0x37 bytes 
      mscorwks.dll!_COMToCLRWorker@8()  + 0x130 bytes 
      0228a9c2() 
      DCore.dll!ScriptManager::FireCompEvent()  Line 3022 + 0x7a bytes BASIC
      vctest.exe!DCore::IScriptManager::FireCompEvent(_bstr_t EventName={...}, tagVARIANT * vResult=Empty, tagSAFEARRAY * * vParams=0x0012fc30)  Line 1632 + 0x25 bytes C++
      vctest.exe!FireSimpleEvent(_com_ptr_t<_com_IIID<DCore::IController,&_GUID_680b88f9_6f9b_11d5_bd94_00105ad9e0ac> > ctr={...}, wchar_t * EventName=0x004749dc, int paramCount=1)  Line 113 + 0x85 bytes C++
      vctest.exe!main(int argc=2, char * * argv=0x003c3250)  Line 243 + 0x24 bytes C++
      vctest.exe!__tmainCRTStartup()  Line 586 + 0x19 bytes C
      vctest.exe!mainCRTStartup()  Line 403 C
      kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes 
     

    I guess the most interesting part is

      mscorwks.dll!MethodTable::GetGuid()  + 0x2ebf bytes
      mscorwks.dll!RCW::GetComIPForMethodTableFromCache()  + 0x5c bytes
      mscorwks.dll!RCW::GetComIPFromRCW()  + 0x23 bytes
      mscorwks.dll!ComObject::GetComIPFromRCW()  + 0x40 bytes
      mscorwks.dll!ComObject::SupportsInterface()  + 0x89 bytes
      mscorwks.dll!Object::SupportsInterface()  + 0x6d bytes
      mscorwks.dll!UnmarshalObjectFromInterface()  + 0x4a bytes
      mscorwks.dll!InterfaceMarshalerBase::ConvertSpaceNativeToCLR()  + 0x28 bytes
      mscorwks.dll!DefaultMarshalOverrides<InterfaceMarshalerBase>::ReturnCLRFromNativeRetval()  + 0xb bytes
      mscorwks.dll!RunML()  + 0xbab9e bytes

    May be someone is able to give me a hint where to look further. Unfortunately the hardcore debugging technics and tools (like DevPartner) are overstrained in this situation. My guess is the RCW is trying to use an invalid COM pointer to perform a call.

    Is it possible to deactivate the garbage collector for some defined time window?

    Thanks in advance,

    Andrej 



    Wednesday, March 21, 2012 4:08 PM

Answers

All replies