I'm the developer for the game Sector's Edge, which uses .NET Framework 4.8.
Lately I have received crash dumps from users stating the game immediately crashes at seemingly random points, sometimes a few minutes after launching and sometimes after hours of gameplay.
I believe it's caused by stack or memory corruption given that the crashes happen at a different point in code each time.
3 crash dumps are available here: https://www.dropbox.com/s/gx7tmksc44zhl9h/sectorsedge-crashdumps.zip?dl=0
The common factor across each crash dump is in the disassembly, each of which points to the instruction after a JIT InlineGetThread call:
Crash Dump A:
Exception Code: 0xC0000005
Exception Information: The thread tried to read from or write to a virtual address for which it does not have the appropriate access.
00007FF90686D214 ?? ??????
00007FF90686D215 ?? ??????
00007FF90686D216 mov rcx,7FF90644EC12h
00007FF90686D220 call JIT_NewArr1VC_MP_InlineGetThread (07FF9653E2620h)
- 00007FF90686D225 mov r14,rax
00007FF90686D228 lea r15d,[rbx-2]
00007FF90686D22C xor r12d,r12d
00007FF90686D22F xor r13d,r13d
00007FF90686D232 mov eax,ebx
00007FF90686D234 ?? ??????
00007FF90686D235 ?? ??????
Crash Dump B:
Exception Code: 0xC0000005
Exception Information: The thread tried to read from or write to a virtual address for which it does not have the appropriate access.
00007FFF14D42A05 ?? ??????
00007FFF14D42A06 ?? ??????
--- f:\dd\ndp\clr\src\BCL\system\collections\generic\list.cs -------------------
00007FFF14D42A07 call JIT_GenericHandleClass (07FFF741546C0h)
00007FFF14D42A0C mov rcx,rax
00007FFF14D42A0F mov edx,edi
00007FFF14D42A11 call JIT_NewArr1OBJ_MP_InlineGetThread (07FFF73F82680h)
- 00007FFF14D42A16 lea rcx,[rsi+8]
00007FFF14D42A1A mov rdx,rax
00007FFF14D42A1D call JIT_WriteBarrier (07FFF73F83FB0h)
00007FFF14D42A22 nop
00007FFF14D42A23 ?? ??????
00007FFF14D42A24 ?? ??????
Crash Dump C:
Exception Code: 0x80000004
Exception Information: A trace trap or other single-instruction mechanism signaled that one instruction has been executed.
00007FFA4A9B6ACE ?? ??????
00007FFA4A9B6ACF ?? ??????
00007FFA4A9B6AD0 mov rcx,7FFA4A236810h
00007FFA4A9B6ADA call JIT_TrialAllocSFastMP_InlineGetThread (07FFAA96F2540h)
- 00007FFA4A9B6ADF lea rcx,[rsi+18h]
00007FFA4A9B6AE3 mov rdx,rax
00007FFA4A9B6AE6 call JIT_WriteBarrier (07FFAA96F3FB0h)
00007FFA4A9B6AEB mov rcx,rsi
00007FFA4A9B6AEE ?? ??????
00007FFA4A9B6AEF ?? ??????
There are sections of my code that are unsafe and use pointers, and the game does use native dependencies (Skia, ENet).
Does anyone have any advice for tracking down code that may be causing memory or stack corruption?
Is there a way to get more detail from a crash dump, or have the application generate a more detailed crash dump?
Thanks in advance.
EDIT 1:
A recent crash dump had a vastly different stack trace to the others, it appears JIT is failing to compile a function at runtime? I have added the crash dump to the Dropbox download above.
Crash Dump D:
Exception Code: 0x80000004
Exception Information: A trace trap or other single-instruction mechanism signaled that one instruction has been executed.
[Inline Frame] clrjit.dll!ArenaAllocator::allocateHostMemory(unsigned __int64) Line 283 C++
clrjit.dll!ArenaAllocator::allocateNewPage(unsigned __int64 size, bool canThrow) Line 189 C++
clrjit.dll!ArenaAllocator::allocateMemory(unsigned __int64 size) Line 130 C++
[Inline Frame] clrjit.dll!Compiler::compGetMem(unsigned __int64) Line 4289 C++
[Inline Frame] clrjit.dll!GenTree::operator new(unsigned __int64) Line 890 C++
clrjit.dll!LIR::Use::ReplaceWithLclVar(Compiler * compiler, unsigned int blockWeight, unsigned int lclNum) Line 277 C++
clrjit.dll!Lowering::ReplaceWithLclVar(LIR::Use & use, unsigned int tempNum) Line 220 C++
clrjit.dll!Lowering::LowerDelegateInvoke(GenTreeCall * call) Line 3205 C++
clrjit.dll!Lowering::LowerCall(GenTree * node) Line 1685 C++
clrjit.dll!Lowering::LowerNode(GenTree * node) Line 170 C++
[Inline Frame] clrjit.dll!Lowering::LowerBlock(BasicBlock *) Line 5482 C++
clrjit.dll!Lowering::DoPhase() Line 5288 C++
clrjit.dll!Phase::Run() Line 32 C++
clrjit.dll!Compiler::compCompile(void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags) Line 5116 C++
clrjit.dll!Compiler::compCompileHelper(CORINFO_MODULE_STRUCT_ * classPtr, ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags, CorInfoInstantiationVerification) Line 6314 C++
clrjit.dll!Compiler::compCompile(CORINFO_METHOD_STRUCT_ * methodHnd, CORINFO_MODULE_STRUCT_ * classPtr, ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags) Line 5644 C++
clrjit.dll!jitNativeCode(CORINFO_METHOD_STRUCT_ * methodHnd, CORINFO_MODULE_STRUCT_ * classPtr, ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, void * * methodCodePtr, unsigned long * methodCodeSize, JitFlags * compileFlags, void * inlineInfoPtr) Line 6953 C++
clrjit.dll!CILJit::compileMethod(ICorJitInfo * compHnd, CORINFO_METHOD_INFO * methodInfo, unsigned int flags, unsigned char * * entryAddress, unsigned long * nativeSizeOfCode) Line 312 C++
[Managed to Native Transition]