question

Vercidium-2742 avatar image
0 Votes"
Vercidium-2742 asked lextm edited

.NET Framework 4.8 Crash on Stack/Memory Corruption

I'm the developer for the game Sector's Edge, which uses .NET Framework 4.8.

Lately I have received crash dumps from users stating the game immediately crashes at seemingly random points, sometimes a few minutes after launching and sometimes after hours of gameplay.

I believe it's caused by stack or memory corruption given that the crashes happen at a different point in code each time.

3 crash dumps are available here: https://www.dropbox.com/s/gx7tmksc44zhl9h/sectorsedge-crashdumps.zip?dl=0

The common factor across each crash dump is in the disassembly, each of which points to the instruction after a JIT InlineGetThread call:

Crash Dump A:
Exception Code: 0xC0000005
Exception Information: The thread tried to read from or write to a virtual address for which it does not have the appropriate access.

 00007FF90686D214  ?? ?????? 
 00007FF90686D215  ?? ?????? 
 00007FF90686D216  mov         rcx,7FF90644EC12h  
 00007FF90686D220  call        JIT_NewArr1VC_MP_InlineGetThread (07FF9653E2620h)  
 - 00007FF90686D225  mov         r14,rax  
 00007FF90686D228  lea         r15d,[rbx-2]  
 00007FF90686D22C  xor         r12d,r12d  
 00007FF90686D22F  xor         r13d,r13d  
 00007FF90686D232  mov         eax,ebx  
 00007FF90686D234  ?? ?????? 
 00007FF90686D235  ?? ?????? 


Crash Dump B:
Exception Code: 0xC0000005
Exception Information: The thread tried to read from or write to a virtual address for which it does not have the appropriate access.

 00007FFF14D42A05  ?? ?????? 
 00007FFF14D42A06  ?? ?????? 
 --- f:\dd\ndp\clr\src\BCL\system\collections\generic\list.cs -------------------
 00007FFF14D42A07  call        JIT_GenericHandleClass (07FFF741546C0h)  
 00007FFF14D42A0C  mov         rcx,rax  
 00007FFF14D42A0F  mov         edx,edi  
 00007FFF14D42A11  call        JIT_NewArr1OBJ_MP_InlineGetThread (07FFF73F82680h)  
 - 00007FFF14D42A16  lea         rcx,[rsi+8]  
 00007FFF14D42A1A  mov         rdx,rax  
 00007FFF14D42A1D  call        JIT_WriteBarrier (07FFF73F83FB0h)  
 00007FFF14D42A22  nop  
 00007FFF14D42A23  ?? ?????? 
 00007FFF14D42A24  ?? ??????


Crash Dump C:
Exception Code: 0x80000004
Exception Information: A trace trap or other single-instruction mechanism signaled that one instruction has been executed.

 00007FFA4A9B6ACE  ?? ?????? 
 00007FFA4A9B6ACF  ?? ?????? 
 00007FFA4A9B6AD0  mov         rcx,7FFA4A236810h  
 00007FFA4A9B6ADA  call        JIT_TrialAllocSFastMP_InlineGetThread (07FFAA96F2540h)  
 - 00007FFA4A9B6ADF  lea         rcx,[rsi+18h]  
 00007FFA4A9B6AE3  mov         rdx,rax  
 00007FFA4A9B6AE6  call        JIT_WriteBarrier (07FFAA96F3FB0h)  
 00007FFA4A9B6AEB  mov         rcx,rsi  
 00007FFA4A9B6AEE  ?? ?????? 
 00007FFA4A9B6AEF  ?? ??????


There are sections of my code that are unsafe and use pointers, and the game does use native dependencies (Skia, ENet).

Does anyone have any advice for tracking down code that may be causing memory or stack corruption?
Is there a way to get more detail from a crash dump, or have the application generate a more detailed crash dump?

Thanks in advance.



EDIT 1:

A recent crash dump had a vastly different stack trace to the others, it appears JIT is failing to compile a function at runtime? I have added the crash dump to the Dropbox download above.

Crash Dump D:
Exception Code: 0x80000004
Exception Information: A trace trap or other single-instruction mechanism signaled that one instruction has been executed.

 [Inline Frame] clrjit.dll!ArenaAllocator::allocateHostMemory(unsigned __int64) Line 283    C++
 clrjit.dll!ArenaAllocator::allocateNewPage(unsigned __int64 size, bool canThrow) Line 189    C++
 clrjit.dll!ArenaAllocator::allocateMemory(unsigned __int64 size) Line 130    C++
 [Inline Frame] clrjit.dll!Compiler::compGetMem(unsigned __int64) Line 4289    C++
 [Inline Frame] clrjit.dll!GenTree::operator new(unsigned __int64) Line 890    C++
 clrjit.dll!LIR::Use::ReplaceWithLclVar(Compiler * compiler, unsigned int blockWeight, unsigned int lclNum) Line 277    C++
 clrjit.dll!Lowering::ReplaceWithLclVar(LIR::Use & use, unsigned int tempNum) Line 220    C++
 clrjit.dll!Lowering::LowerDelegateInvoke(GenTreeCall * call) Line 3205    C++
 clrjit.dll!Lowering::LowerCall(GenTree * node) Line 1685    C++
 clrjit.dll!Lowering::LowerNode(GenTree * node) Line 170    C++
 [Inline Frame] clrjit.dll!Lowering::LowerBlock(BasicBlock *) Line 5482    C++
 clrjit.dll!Lowering::DoPhase() Line 5288    C++
 clrjit.dll!Phase::Run() Line 32    C++
 clrjit.dll!Compiler::compCompile(void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags) Line 5116    C++
 clrjit.dll!Compiler::compCompileHelper(CORINFO_MODULE_STRUCT_ * classPtr, ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags, CorInfoInstantiationVerification) Line 6314    C++
 clrjit.dll!Compiler::compCompile(CORINFO_METHOD_STRUCT_ * methodHnd, CORINFO_MODULE_STRUCT_ * classPtr, ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags) Line 5644    C++
 clrjit.dll!jitNativeCode(CORINFO_METHOD_STRUCT_ * methodHnd, CORINFO_MODULE_STRUCT_ * classPtr, ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags, void * inlineInfoPtr) Line 6953    C++
 clrjit.dll!CILJit::compileMethod(ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, unsigned int flags, unsigned char * * entryAddress, unsigned long * nativeSizeOfCode) Line 312    C++
 [Managed to Native Transition]








dotnet-runtime
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Native memory issues are much more complex to troubleshoot, and the causes vary. Especially on client machines for your game, there can be too many things out of your control (third party software that injects into the process and so on). If you don't plan to study dump analysis yourself, buy analysis services from various vendors who can help (like Microsoft support).

1 Vote 1 ·

I would like to study these dumps myself, can you please point me in the right direction?

0 Votes 0 ·

That's unrealistic. Dump analysis has a sharp learning curve, and almost impossible to master without mentorship by experts. There definitely are great resources on the internet like https://dumpanalysis.org/ or https://www.tessferrandez.com/posts/ but without very basic knowledge people won't understand naturally what's been discussed there. Again, if you want to solve the problems right now, buy professional services.

0 Votes 0 ·

Maybe you must add some GC.KeepAlive, but dump files will not indicate the problematic places.

0 Votes 0 ·

0 Answers