none
Random AccessViolationException (or no ex at all) in mscorwks using IOCompletionPorts for DeviceIOControl RRS feed

  • Question

  • Platform:
    XP SP2/3 on multiple computers...Vista too but it's been a while since I ran on my dev. box long enough to repro.

    Background:
    I'm using IOCompletionports (via threadpool.Bindhandle) to queue up asynchronous reads using DeviceIoControl to cyusb.sys. (Driver for the USB chip in my device) The software runs fine 95% of the time. However, it crashes VERY sporadically during normal usage and during our automated stress tests it usually takes hours (10+) to crop up.

    I'm not a pro at Win programming and I'm just getting started with WinDbg. I have a hardware heavy background, so the assambly doesn't scare me. I just have no idea how to navigate the maze of framework code to try and find an answer without spending days chasing the wrong goose.

    When my app crashes, it usally manifests itself as: "This application has encountered a problem..." generic error message without any debug info (running in VS or not).

    I'll present some relevant info I've gathered from WinDbg. At this point I'm just looking for some advice on what direction to take to get to the bottom of this. Since, it's so hard to repro this I don't have the luxury of endlessly testing builds over and over.

    Exception:

    Access violation - code c0000005 (!!! second chance !!!)
    eax=014ef7f4 ebx=00000000 ecx=79f90882 edx=0009b350 esi=1c9e4464 edi=044afc20
    eip=7a0b6b06 esp=014ef7d4 ebp=014ef814 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    mscorwks!BindIoCompletionCallbackStubEx+0x40:
    7a0b6b06 8b46f8          mov     eax,dword ptr [esi-8] ds:0023:1c9e445c=????????
    Threads & dump of current stack:
    0:012> k
    ChildEBP RetAddr  
    014ef814 7a0b6b8d mscorwks!BindIoCompletionCallbackStubEx+0x40
    014ef82c 79f3e605 mscorwks!BindIoCompletionCallbackStub+0x13
    014ef894 79f920a5 mscorwks!ThreadpoolMgr::CompletionPortThreadStart+0x430
    014effb4 7c80b729 mscorwks!Thread::intermediateThreadProc+0x49
    014effec 00000000 KERNEL32!BaseThreadStart+0x37
    0:012> ~*
       0  Id: 81c.540 Suspend: 1 Teb: 7ffdd000 Unfrozen
          Start: mscoree!_CorExeMain (79007bf0) 
          Priority: 0  Priority class: 32  Affinity: 2
       1  Id: 81c.f90 Suspend: 1 Teb: 7ffdc000 Unfrozen
          Start: mscorwks!DebuggerRCThread::ThreadProcStatic (79f023ff) 
          Priority: 0  Priority class: 32  Affinity: 3
       2  Id: 81c.4d8 Suspend: 1 Teb: 7ffdb000 Unfrozen
          Start: mscorwks!Thread::intermediateThreadProc (79f9205f) 
          Priority: 2  Priority class: 32  Affinity: 3
       3  Id: 81c.120 Suspend: 1 Teb: 7ffad000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
       4  Id: 81c.e84 Suspend: 1 Teb: 7ffda000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
       5  Id: 81c.dfc Suspend: 1 Teb: 7ffd9000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
       6  Id: 81c.7b4 Suspend: 1 Teb: 7ffd7000 Unfrozen
          Start: wpfgfx_v0300!CPartitionThread::ThreadMain (5400b670) 
          Priority: 0  Priority class: 32  Affinity: 3
       7  Id: 81c.ee4 Suspend: 1 Teb: 7ffd6000 Unfrozen
          Start: mscorwks!Thread::intermediateThreadProc (79f9205f) 
          Priority: 0  Priority class: 32  Affinity: 3
       8  Id: 81c.f24 Suspend: 1 Teb: 7ffd4000 Unfrozen
          Start: aspnet_perf!PerfDataGatherThreadStart (60082bb0) 
          Priority: 0  Priority class: 32  Affinity: 3
       9  Id: 81c.b30 Suspend: 1 Teb: 7ffd5000 Unfrozen
          Start: aspnet_perf!RegistryMonitorThreadStart (60081cbc) 
          Priority: 0  Priority class: 32  Affinity: 3
      10  Id: 81c.e9c Suspend: 1 Teb: 7ffaf000 Unfrozen
          Start: aspnet_isapi!RegistryMonitorThreadStart (03f08de7) 
          Priority: 0  Priority class: 32  Affinity: 3
      11  Id: 81c.8a0 Suspend: 1 Teb: 7ffae000 Unfrozen
          Start: aspnet_isapi!PerfDataGatherThreadStart (03f08dfa) 
          Priority: 0  Priority class: 32  Affinity: 3
    . 12  Id: 81c.68c Suspend: 1 Teb: 7ffd8000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      14  Id: 81c.a28 Suspend: 1 Teb: 7ffab000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      15  Id: 81c.e4c Suspend: 1 Teb: 7ffaa000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      16  Id: 81c.e6c Suspend: 1 Teb: 7ffa9000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      17  Id: 81c.be4 Suspend: 1 Teb: 7ffa8000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      18  Id: 81c.db8 Suspend: 1 Teb: 7ffa7000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      19  Id: 81c.bfc Suspend: 1 Teb: 7ffa6000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      20  Id: 81c.b38 Suspend: 1 Teb: 7ffa5000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      21  Id: 81c.cc4 Suspend: 1 Teb: 7ffa4000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
      22  Id: 81c.52c Suspend: 1 Teb: 7ffa3000 Unfrozen
          Start: KERNEL32!BaseThreadStartThunk (7c8106f9) 
          Priority: 0  Priority class: 32  Affinity: 3
    Disassembly:

    mscorwks!BindIoCompletionCallbackStubEx+0x30:
    7a0b6af6 6a01            push    1
    7a0b6af8 8d4de0          lea     ecx,[ebp-20h]
    7a0b6afb e8ccb7dbff      call    mscorwks!GCHolder<1,0,0>::GCHolder<1,0,0> (79e722cc)
    7a0b6b00 895dfc          mov     dword ptr [ebp-4],ebx
    7a0b6b03 8b7510          mov     esi,dword ptr [ebp+10h]
    7a0b6b06 8b46f8          mov     eax,dword ptr [esi-8]
    7a0b6b09 50              push    eax
    7a0b6b0a e86fbfdcff      call   mscorwks!SystemDomain::GetAppDomainAtId (79e82a7e)
    
     u mscorwks!BindIoCompletionCallbackStubEx+0x40
    mscorwks!BindIoCompletionCallbackStubEx+0x40:
    7a0b6b06 8b46f8          mov     eax,dword ptr [esi-8]
    7a0b6b09 50              push    eax
    7a0b6b0a e86fbfdcff      call    mscorwks!SystemDomain::GetAppDomainAtId (79e82a7e)
    7a0b6b0f 895df0          mov     dword ptr [ebp-10h],ebx
    7a0b6b12 3bc3            cmp     eax,ebx
    7a0b6b14 7450            je      mscorwks!BindIoCompletionCallbackStubEx+0xa0 (7a0b6b66)
    7a0b6b16 33c0            xor     eax,eax
    7a0b6b18 395d14          cmp     dword ptr [ebp+14h],ebx

    Here is some more disassembly of function where the crash happens. The addressing of the unloaded .dll seems a little suspect to me. I know that all of my debug symbols were loaded...So, I'm not sure if the problem haws to do with the CLR loading/unloading dependent assemblies or something. I'm not too familiar with the nut's and bolts of .NET. So, I don't even know if that is something to worry about.

    mscorwks!BindIoCompletionCallbackStubEx+0xa:
    7a0b6ad0 db              ???
    7a0b6ad1 ff              ???
    7a0b6ad2 ff1544323b7a    call    dword ptr [mscorwks!GetThread (7a3b3244)]
    7a0b6ad8 8bf8            mov     edi,eax
    7a0b6ada 33db            xor     ebx,ebx
    7a0b6adc 3bfb            cmp     edi,ebx
    7a0b6ade 7516            jne     mscorwks!BindIoCompletionCallbackStubEx+0x30 (7a0b6af6)
    7a0b6ae0 6800100000      push    offset <Unloaded_dll>+0xfef (00001000)
    0:004> u mscorwks!BindIoCompletionCallbackStubEx+0x10
    mscorwks!BindIoCompletionCallbackStubEx+0x10:
    7a0b6ad6 3b7a8b          cmp     edi,dword ptr [edx-75h]
    7a0b6ad9 f8              clc
    7a0b6ada 33db            xor     ebx,ebx
    7a0b6adc 3bfb            cmp     edi,ebx
    7a0b6ade 7516            jne     mscorwks!BindIoCompletionCallbackStubEx+0x30 (7a0b6af6)
    7a0b6ae0 6800100000      push    offset <Unloaded_dll>+0xfef (00001000)
    7a0b6ae5 e82fb6edff      call    mscorwks!ClrFlsSetThreadType (79f92119)
    7a0b6aea 53              push    ebx

    Thanks!
    Wednesday, September 16, 2009 10:32 PM

Answers

  • Hello Andy

    I'm very sorry for the delayed response. It's weird that I did not receive the notification of your updates.

    According to
    7a0b6b03 8b7510          mov     esi,dword ptr [ebp+10h]

    esi points to the third parameter of the current function, which should be the OVERLAPPED structure. The the OVERLAPPED structure was possibly released or unpinned by mistake so the memory pointed by esi becomes invalide (you got an access violation error).

    Your use of adplus command to capture the dump is correct.

    I also checked our support database, and found that a support professional is working with you on this issue. Hope that you will reach the solution soon.

    Best wishes
    Jialiang Ge
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, October 8, 2009 4:20 AM
    Moderator

All replies

  • Here is the code I use to dispatch the Async operations. OuterclassRef is just a reference to the wrapper for all of my unsafe code. The pattern I emplyed is based havily on Jeffery Richters MSDN Magazine articles dealing with asynch IO.
    public void beginTransfer()
                {
                    byte[] data = new byte[buffLen];
    
                    //lambda expression is the callback routine that gets wrapped into an Overlapped structure
                    //which is handed off to the DeviceIoControl function 
                    outerClassRef.BeginTransfer(this.cyEp, data, data.Length, result =>
                    {
                        try
                        {
                            UInt32 bytesRead = CyUSBAsyncIO.EndTransfer(result);
                            
                            if (bytesRead != 0)
                            {
                                this.beginTransfer();
                                ParentVc.QueueRawBuffer(this, data, bytesRead);
                            }
                            else //endpoint done getting data, no need to dispatch more requests
                            {
     return; } } catch (Exception ex) { if (ParentVc != null) ParentVc.ThrowInUI(ex); } }, this);//Changed to this from null //even though my use of lambda for callback makes the state object uneccesary
     //perhaps this was what was causing my null reference exception //method returns after issuing async i/o request }
    Wrapper class for my DeviceIoControl Operations:

    namespace CyIOCP
    {
        public class CyUSBAsyncIO
        {
            //File Handle for DeviceIoControl
            public SafeFileHandle safeHandle;
    
            private const Int32 IOCTL_ADAPT_SEND_NO_EP0_DIRECT = 0x22004b;
    
            public unsafe CyUSBAsyncIO(CyUSBDevice cyDev)
            {
                safeHandle = new SafeFileHandle(cyDev.DeviceHandle, false);
                
                if (safeHandle.IsInvalid) throw new Win32Exception(Marshal.GetLastWin32Error());
    
                ThreadPool.BindHandle(safeHandle);
            }    
    
            public IAsyncResult BeginTransfer(CyUSBEndPoint ep, byte[] buffer, int len, AsyncCallback userCallback, object state)
            {
                SINGLE_TRANSFER inBuffer = new SINGLE_TRANSFER();
                inBuffer.WaitForever = 0;
                inBuffer.ucEndpointAddress = ep.Address;
                inBuffer.IsoPacketLength = 0;
                inBuffer.BufferOffset = 0;
                inBuffer.BufferLength = 0;
    
                PinnedBuffer inPinnedBuff = new PinnedBuffer(inBuffer);
                PinnedBuffer outPinnedBuff = new PinnedBuffer(buffer);
    
                CyAsyncIOResult result = new CyAsyncIOResult(inPinnedBuff, outPinnedBuff, userCallback, state);
    
                unsafe
                {
                    NativeOverlapped* no = result.Pack();
                    Int32 bytesReturned;
    
                    Control(this.safeHandle, IOCTL_ADAPT_SEND_NO_EP0_DIRECT, inPinnedBuff, inPinnedBuff.Size,
                        outPinnedBuff, outPinnedBuff.Size, out bytesReturned, no);
                }
    
                return result;
            }
    
            const Int32 ERROR_IO_PENDING = 997;
    
            private static int _devIoCtlSynchCompletions;
    
            private static unsafe void Control(SafeFileHandle device, Int32 deviceControlCode,
                PinnedBuffer inBuffer, Int32 inBufferSize, PinnedBuffer outBuffer, Int32 outBufferSize,
                out Int32 bytesReturned, NativeOverlapped* no)
            {
                //if DeviceIoControl returns true that means the operation completed synchronously
                if(DeviceIoControl(device, deviceControlCode,
                   inBuffer, inBufferSize, outBuffer, outBufferSize, out bytesReturned, no))
                {
                    Interlocked.Increment(ref _devIoCtlSynchCompletions);
                    //Console.WriteLine(String.Format("{0} DeviceIoControls completed synchronously", _devIoCtlSynchCompletions));
                    Overlapped.Unpack(no);
                    Overlapped.Free(no);
                }
                //if not then it is hopefully a pending asych operation
    
                Int32 error = Marshal.GetLastWin32Error();
                if (error != ERROR_IO_PENDING)
                {
                    //Console.WriteLine("DeviceIoControl failed");
                    Overlapped.Unpack(no);
                    Overlapped.Free(no);
                    throw new InvalidOperationException(String.Format("Control failed (code={0})", error));
                }
            }
    
            public static UInt32 EndTransfer(IAsyncResult result)
            {
                CyAsyncIOResult res = (CyAsyncIOResult)result;
                return res.EndInvoke();
            }
    
            [return: MarshalAs(UnmanagedType.Bool)]
            [DllImport("Kernel32", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
            private static extern unsafe bool DeviceIoControl(
                SafeFileHandle device, 
                Int32 controlCode, 
                PinnedBuffer inBuffer, 
                Int32 inBufferSize, 
                PinnedBuffer outBuffer, 
                Int32 outBufferSize,
                out Int32 bytesReturned, 
                NativeOverlapped* nativeOverlapped);
    
            [StructLayout(LayoutKind.Sequential, Pack = 1)]
            internal struct SETUP_PACKET
            {
                public byte bmRequest;
                public byte bRequest;
                public ushort wValue;
                public ushort wIndex;
                public ushort wLength;
                public uint dwTimeOut;
            }
    
            [StructLayout(LayoutKind.Sequential, Pack = 1)]
            internal struct SINGLE_TRANSFER
            {
                public SETUP_PACKET SetupPacket;
                public byte WaitForever;
                public byte ucEndpointAddress;
                public uint NtStatus;
                public uint UsbdStatus;
                public uint IsoPacketOffset;
                public uint IsoPacketLength;
                public uint BufferOffset;
                public uint BufferLength;
            }
    
        }
    IAsynch Result Class:
    namespace CyIOCP
    {
        internal class CyAsyncIOResult : IAsyncResult 
        {
            //set at construction and never change
            private readonly AsyncCallback _asyncCallback;
            private readonly Object _asyncState;
            //these change after operation completes
            private const Int32 _statePending = 0;
            private const Int32 _stateCompletedSynchronously = 1;
            private const Int32 _stateCompletedAsynchronously = 2;
            private Int32 _completedState = _statePending;
    
            //shouldn't really ever get set
     private AutoResetEvent _asyncWaitHandle; private Exception _exception; //field set when operation has completed private PinnedBuffer _inBuffer; private PinnedBuffer _outBuffer; private UInt32 _bytesReturned; // Constructs an instance speficying the encapsulated input/output buffers pair public CyAsyncIOResult(PinnedBuffer inBuff, PinnedBuffer outBuff, AsyncCallback cb, Object state) { _inBuffer = inBuff; _outBuffer = outBuff; _asyncCallback = cb; _asyncState = state; } protected void SetAsCompleted(UInt32 result, Boolean completedSynchronously) { _bytesReturned = result; SetAsCompleted(null, completedSynchronously); } protected void SetAsCompleted(Exception ex, Boolean completedSyncronously) { _exception = ex; Int32 prevState = Interlocked.Exchange(ref _completedState, completedSyncronously ? _stateCompletedSynchronously : _stateCompletedAsynchronously); if (prevState != _statePending) throw new InvalidOperationException("You can set a result only once"); if (_asyncWaitHandle != null) _asyncWaitHandle.Set(); if (_asyncCallback != null) _asyncCallback(this); } public UInt32 EndInvoke() { if (!IsCompleted) { AsyncWaitHandle.WaitOne(); AsyncWaitHandle.Close(); _asyncWaitHandle = null; } if (_exception != null) throw _exception; return _bytesReturned; } public unsafe NativeOverlapped* Pack() { // Create a managed Overlappted structure Overlapped o = new Overlapped(0, 0, IntPtr.Zero, this); // In the managed Overlapped structure, pack the method that shoudl be // called when the I/O completes and the pinned input/output buffers return o.Pack(CompletionCallback, new Object[] { _inBuffer.Target, _outBuffer.Target }); } // This method is called by a threadpool thread when native overlapped I/O completes private unsafe void CompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nov) { try { if (errorCode != 0) { SetAsCompleted(new Win32Exception((Int32)errorCode), false); } else { SetAsCompleted(numBytes, false); } } finally { Overlapped.Unpack(nov); Overlapped.Free(nov); // Make sure that the input/output pair is unpinned _inBuffer.Dispose(); _outBuffer.Dispose(); _inBuffer = _outBuffer = null; } } // Returns the result
     public UInt32 EndTransfer() { return EndInvoke(); } #region Implementation of IAsyncResult public Object AsyncState { get { return _asyncState; } } public Boolean CompletedSynchronously { get { return Thread.VolatileRead(ref _completedState) == _stateCompletedSynchronously; } } public WaitHandle AsyncWaitHandle { get { if (_asyncWaitHandle == null) { Boolean done = IsCompleted; AutoResetEvent mre = new AutoResetEvent(done); if (Interlocked.CompareExchange(ref _asyncWaitHandle, mre, null) != null) { //Another thread created this object's event; dispose the event we just created mre.Close(); } else { if (!done && IsCompleted) { //If the operation wasn't done when we created the event but now it is done, set the event _asyncWaitHandle.Set(); } } } return _asyncWaitHandle; } } public Boolean IsCompleted { get { return Thread.VolatileRead(ref _completedState) != _statePending; } } #endregion } }

    Wednesday, September 16, 2009 11:30 PM
  • Hello awsmolak

    Access violation - code c0000005 (!!! second chance !!!)
    eax=014ef7f4 ebx=00000000 ecx=79f90882 edx=0009b350 esi=1c9e4464 edi=044afc20
    eip=7a0b6b06 esp=014ef7d4 ebp=014ef814 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    mscorwks!BindIoCompletionCallbackStubEx+0x40:
    7a0b6b06 8b46f8          mov     eax,dword ptr [esi-8] ds:0023:1c9e445c=????????


    ESI is pointing to an invalid address. Could you please enter the command "ub eip L50". It dumps the assemblies before the crash point. Hope that we can see who set ESI to an invalid value.

    Because the issue is hardly reproducible, please save a memory dump when the application crashes. Looking at the nature of the issue, it may require intensive debugging, which can be more efficiently done in Microsoft CSS. You may consider creating a support incident in Microsoft using your free incidents in the MSDN Subscription.

    Most of your IOCP codes are referencing Mr.Richter 's article Asynchronous Device Operations
    http://msdn.microsoft.com/en-us/magazine/cc163415.aspx
    I don't find apparent problems with them.

    What's in ParentVc.QueueRawBuffer(this, data, bytesRead);?
    Do we need to check for bytesRead < buffLen before calling ParentVc.QueueRawBuffer(this, data, bytesRead);?

    Regards,
    Jialiang Ge
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, September 17, 2009 10:21 AM
    Moderator
  • Thanks Jialiang Ge,
    I was going to file a support incident next week if I couldn't crack this on my own but figured I'd solicit some community advice first.

    I will repro and dump the assemblies using "ub eip L50" next time it crashes today. (probably not until this afternoon) If I am actually running attached in windbg how do I save the memory dump?

    I was running in windbg to collect the info that I provided in the previous post. But, couldn't figure out how to save the data after I was done. In the past, I'd been attaching ADPlus to my process ("c:\> adplus -crash -pn myapp.exe") to get the dump but wasn't sure if I was getting the complete picture. So, let me know what the preferred method is for collecting the most useful information. Like I said, I'm kinda new to this and have been really busy designing (small company!) so I haven't had the luxury of learning these tools from the ground up...

    QueueRawBuffer(this, data, bytesRead) : (not including code now just because it's a pretty simple producer/consumer pattern but has a few layers of abstration across a couple files)

    Places data and bytesRead into two seaparate threadsafe queues (locking around enqueue/dequeue) to be made available to the rest of the application. Consumer thread dequeues and checks the bytesRead value to determine how many valid bytes are stored. I have confirmed that there are no problems when the value is less than the size of the array, which usually only happens when I read out the last bytes of data after USB endpoint has finished.
    -Andy
    Thursday, September 17, 2009 4:30 PM
  • I reproduced it and ran the requested dis-assembly:
    The stored exception information can be accessed via .ecxr.
    (6a8.1a4): Access violation - code c0000005 (first/second chance not available)
    eax=181cf8f4 ebx=00000000 ecx=160d2e00 edx=0013b393 esi=172863f4 edi=160d2e00
    eip=7a0b6b06 esp=181cf8d4 ebp=181cf914 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    mscorwks!BindIoCompletionCallbackStubEx+0x40:
    7a0b6b06 8b46f8          mov     eax,dword ptr [esi-8] ds:0023:172863ec=????????
    0:014> ub eip L50
    mscorwks!ReleaseDelegateInfo+0x3d:
    7a0b6a03 c20400          ret     4
    mscorwks!BaseHolder<DelegateInfo *,FunctionBase<DelegateInfo *,&AcquireDelegateInfo,&ReleaseDelegateInfo,2>,0,&CompareDefault<DelegateInfo *>,2>::~BaseHolder<DelegateInfo *,FunctionBase<DelegateInfo *,&AcquireDelegateInfo,&ReleaseDelegateInfo,2>,0,&CompareDefault<DelegateInfo *>,2>:
    7a0b6a06 56              push    esi
    7a0b6a07 8bf1            mov     esi,ecx
    7a0b6a09 837e0400        cmp     dword ptr [esi+4],0
    7a0b6a0d 740b            je      mscorwks!BaseHolder<DelegateInfo *,FunctionBase<DelegateInfo *,&AcquireDelegateInfo,&ReleaseDelegateInfo,2>,0,&CompareDefault<DelegateInfo *>,2>::~BaseHolder<DelegateInfo *,FunctionBase<DelegateInfo *,&AcquireDelegateInfo,&ReleaseDelegateInfo,2>,0,&CompareDefault<DelegateInfo *>,2>+0x14 (7a0b6a1a)
    7a0b6a0f ff36            push    dword ptr [esi]
    7a0b6a11 e8b0ffffff      call    mscorwks!ReleaseDelegateInfo (7a0b69c6)
    7a0b6a16 83660400        and     dword ptr [esi+4],0
    7a0b6a1a 5e              pop     esi
    7a0b6a1b c3              ret
    mscorwks!RegisterWaitForSingleObjectCallback:
    7a0b6a1c 6a18            push    18h
    7a0b6a1e b8e022347a      mov     eax,offset mscorwks!GetManagedNameForTypeInfo+0x19cac (7a3422e0)
    7a0b6a23 e8a0addbff      call    mscorwks!_EH_prolog3 (79e717c8)
    7a0b6a28 ff1544323b7a    call    dword ptr [mscorwks!GetThread (7a3b3244)]
    7a0b6a2e 8bf0            mov     esi,eax
    7a0b6a30 85f6            test    esi,esi
    7a0b6a32 7516            jne     mscorwks!RegisterWaitForSingleObjectCallback+0x2e (7a0b6a4a)
    7a0b6a34 6800100000      push    offset <Unloaded_dll>+0xfef (00001000)
    7a0b6a39 e8dbb6edff      call    mscorwks!ClrFlsSetThreadType (79f92119)
    7a0b6a3e 56              push    esi
    7a0b6a3f e8cdede0ff      call    mscorwks!SetupThreadNoThrow (79ec5811)
    7a0b6a44 8bf0            mov     esi,eax
    7a0b6a46 85f6            test    esi,esi
    7a0b6a48 7464            je      mscorwks!RegisterWaitForSingleObjectCallback+0x92 (7a0b6aae)
    7a0b6a4a 6a01            push    1
    7a0b6a4c 8d4ddc          lea     ecx,[ebp-24h]
    7a0b6a4f e878b8dbff      call    mscorwks!GCHolder<1,0,0>::GCHolder<1,0,0> (79e722cc)
    7a0b6a54 8365fc00        and     dword ptr [ebp-4],0
    7a0b6a58 8365f000        and     dword ptr [ebp-10h],0
    7a0b6a5c 8975ec          mov     dword ptr [ebp-14h],esi
    7a0b6a5f 85f6            test    esi,esi
    7a0b6a61 7407            je      mscorwks!RegisterWaitForSingleObjectCallback+0x4e (7a0b6a6a)
    7a0b6a63 c745f001000000  mov     dword ptr [ebp-10h],1
    7a0b6a6a c645fc02        mov     byte ptr [ebp-4],2
    7a0b6a6e 8b7508          mov     esi,dword ptr [ebp+8]
    7a0b6a71 8b06            mov     eax,dword ptr [esi]
    7a0b6a73 50              push    eax
    7a0b6a74 e805c0dcff      call    mscorwks!SystemDomain::GetAppDomainAtId (79e82a7e)
    7a0b6a79 85c0            test    eax,eax
    7a0b6a7b 7419            je      mscorwks!RegisterWaitForSingleObjectCallback+0x7a (7a0b6a96)
    7a0b6a7d 8b450c          mov     eax,dword ptr [ebp+0Ch]
    7a0b6a80 8975e4          mov     dword ptr [ebp-1Ch],esi
    7a0b6a83 8945e8          mov     dword ptr [ebp-18h],eax
    7a0b6a86 8d45e4          lea     eax,[ebp-1Ch]
    7a0b6a89 50              push    eax
    7a0b6a8a 68ac660b7a      push    offset mscorwks!ThreadPoolNative::InitializeVMTp+0x100 (7a0b66ac)
    7a0b6a8f ff36            push    dword ptr [esi]
    7a0b6a91 e8c324f2ff      call    mscorwks!ManagedThreadBase::ThreadPool (79fd8f59)
    7a0b6a96 c645fc00        mov     byte ptr [ebp-4],0
    7a0b6a9a 8d4dec          lea     ecx,[ebp-14h]
    7a0b6a9d e8e724f2ff      call    mscorwks!Holder<Thread *,&DoNothing<Thread *>,&ResetThreadSecurityState,0,&CompareDefault<Thread *>,2>::~Holder<Thread *,&DoNothing<Thread *>,&ResetThreadSecurityState,0,&CompareDefault<Thread *>,2> (79fd8f89)
    7a0b6aa2 834dfcff        or      dword ptr [ebp-4],0FFFFFFFFh
    7a0b6aa6 8d4ddc          lea     ecx,[ebp-24h]
    7a0b6aa9 e806b8dbff      call    mscorwks!GCHolder<0,0,0>::Pop (79e722b4)
    7a0b6aae e801addbff      call    mscorwks!_EH_epilog3 (79e717b4)
    7a0b6ab3 c20800          ret     8
    7a0b6ab6 ff36            push    dword ptr [esi]
    7a0b6ab8 e809ffffff      call    mscorwks!ReleaseDelegateInfo (7a0b69c6)
    7a0b6abd 83660400        and     dword ptr [esi+4],0
    7a0b6ac1 e9b71bebff      jmp     mscorwks!Holder<DelegateInfo *,&AcquireDelegateInfo,&ReleaseDelegateInfo,0,&CompareDefault<DelegateInfo *>,2>::~Holder<DelegateInfo *,&AcquireDelegateInfo,&ReleaseDelegateInfo,0,&CompareDefault<DelegateInfo *>,2>+0x26 (79f6867d)
    mscorwks!BindIoCompletionCallbackStubEx:
    7a0b6ac6 6a24            push    24h
    7a0b6ac8 b8c021347a      mov     eax,offset mscorwks!GetManagedNameForTypeInfo+0x19c2d (7a3421c0)
    7a0b6acd e8f6acdbff      call    mscorwks!_EH_prolog3 (79e717c8)
    7a0b6ad2 ff1544323b7a    call    dword ptr [mscorwks!GetThread (7a3b3244)]
    7a0b6ad8 8bf8            mov     edi,eax
    7a0b6ada 33db            xor     ebx,ebx
    7a0b6adc 3bfb            cmp     edi,ebx
    7a0b6ade 7516            jne     mscorwks!BindIoCompletionCallbackStubEx+0x30 (7a0b6af6)
    7a0b6ae0 6800100000      push    offset <Unloaded_dll>+0xfef (00001000)
    7a0b6ae5 e82fb6edff      call    mscorwks!ClrFlsSetThreadType (79f92119)
    7a0b6aea 53              push    ebx
    7a0b6aeb e821ede0ff      call    mscorwks!SetupThreadNoThrow (79ec5811)
    7a0b6af0 8bf8            mov     edi,eax
    7a0b6af2 3bfb            cmp     edi,ebx
    7a0b6af4 747c            je      mscorwks!BindIoCompletionCallbackStubEx+0xac (7a0b6b72)
    7a0b6af6 6a01            push    1
    7a0b6af8 8d4de0          lea     ecx,[ebp-20h]
    7a0b6afb e8ccb7dbff      call    mscorwks!GCHolder<1,0,0>::GCHolder<1,0,0> (79e722cc)
    7a0b6b00 895dfc          mov     dword ptr [ebp-4],ebx
    7a0b6b03 8b7510          mov     esi,dword ptr [ebp+10h]
    
    Friday, September 18, 2009 6:30 PM
  • Hello Andy

    I'm very sorry for the delayed response. It's weird that I did not receive the notification of your updates.

    According to
    7a0b6b03 8b7510          mov     esi,dword ptr [ebp+10h]

    esi points to the third parameter of the current function, which should be the OVERLAPPED structure. The the OVERLAPPED structure was possibly released or unpinned by mistake so the memory pointed by esi becomes invalide (you got an access violation error).

    Your use of adplus command to capture the dump is correct.

    I also checked our support database, and found that a support professional is working with you on this issue. Hope that you will reach the solution soon.

    Best wishes
    Jialiang Ge
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, October 8, 2009 4:20 AM
    Moderator