2

我有一个 .NET 应用程序在退出时有时会崩溃。引擎盖下也有一堆 COM 和原生的东西。它是在 Windows 7 x64 上运行的 x86 应用程序。

我已经浏览了一些 WinDbg 教程,并且我认为我正在执行合理的步骤来获取有用的信息,但是堆栈跟踪本身并没有响起任何铃声。

其他一些花絮:

  • 我可以非常一致地重现这一点,比如说 75% 的时间
  • 如果我清理线程(很多Thread.Abort()),它可能有 20% 的时间可以重现
  • 运行相同的过程,我也看到了与下面的完全不同的堆栈跟踪

我正在使用 32 位 WinDbg。这是我一直在使用的一般过程:

  • 直接从 WinDbg 打开可执行文件
  • 将符号路径设置为:SRV*c:\sym*http://msdl.microsoft.com/download/symbols
  • 类型:.loadby sos clr
  • 使用应用程序,让它崩溃

崩溃后,我得到输出:

(a38.1424): CLR exception - code e0434352 (first chance)
(a38.1424): CLR exception - code e0434352 (first chance)
(a38.1fd0): Unknown exception - code c000000d (first chance)
(a38.1fd0): Unknown exception - code c000000d (!!! second chance !!!)
eax=00000000 ebx=004dea1c ecx=7efdd000 edx=00000057 esi=7264d0c0 edi=07f2a248
eip=778715de esp=004dea08 ebp=004def50 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwRaiseException+0x12:
778715de 83c404          add     esp,4

如果我输入,~我只会得到一个线程: . 0 Id: a38.1fd0 Suspend: 1 Teb: 7efdd000 Unfrozen

现在,如果我输入,!analyze -v我会得到一个很大的堆栈跟踪:

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************
[ a bunch of symbol stuff loading here ]

FAULTING_IP: 
ntdll!TpReleaseCleanupGroupMembers+276
778e4f52 a1b4009577      mov     eax,dword ptr [ntdll!TppLogpRoutine (779500b4)]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 778e4f52 (ntdll!TpReleaseCleanupGroupMembers+0x00000276)
   ExceptionCode: c000000d
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  00001fd0

PROCESS_NAME:  XXXXX.exe

ERROR_CODE: (NTSTATUS) 0xc000000d - An invalid parameter was passed to a service or function.

EXCEPTION_CODE: (NTSTATUS) 0xc000000d - An invalid parameter was passed to a service or function.

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  004dea6c -- (.cxr 0x4dea6c)
eax=004deee0 ebx=00000001 ecx=7efdd000 edx=00000057 esi=7264d0c0 edi=07f2a248
eip=778e4f52 esp=004deed0 ebp=004def50 iopl=0         nv up ei ng nz ac pe cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000297
ntdll!TpReleaseCleanupGroupMembers+0x276:
778e4f52 a1b4009577      mov     eax,dword ptr [ntdll!TppLogpRoutine (779500b4)] ds:002b:779500b4=00000000
Resetting default scope

STACK_ADDR_RAW_STACK_SYMBOL: 4deb4c

ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[ffffffff]

LAST_CONTROL_TRANSFER:  from 00000000 to 77883c04

DEFAULT_BUCKET_ID:  STATUS_INVALID_PARAMETER

PRIMARY_PROBLEM_CLASS:  STATUS_INVALID_PARAMETER

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_INVALID_PARAMETER

STACK_TEXT:  
778e4f52 ntdll!TpReleaseCleanupGroupMembers+0x276
72630d69 AUDIOSES!DllCanUnloadNow+0x42
7565b5f4 ole32!CClassCache::CDllPathEntry::CanUnload_rl+0x3b
7565b771 ole32!CClassCache::FreeUnused+0x83
7565b68f ole32!CoFreeUnusedLibrariesEx+0x36
756a0ccb ole32!CoFreeUnusedLibraries+0x9
15e2f549 GxMetadata+0xf549
15e45e3d GxMetadata!DllCanUnloadNow+0x1686d
77889950 ntdll!LdrpCallInitRoutine+0x14
7789d6b2 ntdll!LdrShutdownProcess+0x1aa
7789d554 ntdll!RtlExitUserProcess+0x74
754279f4 KERNEL32!ExitProcessStub+0x12
720642f0 mscoreei!RuntimeDesc::ShutdownAllActiveRuntimes+0x29c
72064321 mscoreei!CLRRuntimeHostInternalImpl::ShutdownAllRuntimesThenExit+0x15
5ea18580 clr!EEPolicy::ExitProcessViaShim+0x66
5ea1862f clr!SafeExitProcess+0x122
5e9638a9 clr!DisableRuntime+0x120
5e963905 clr!EEPolicy::HandleExitProcess+0x5c
5e9b8af8 clr!_CorExeMainInternal+0xdd
5e9b3a30 clr!_CorExeMain+0x4e
720555ab mscoreei!_CorExeMain+0x38
72f67f16 MSCOREE!ShellShim__CorExeMain+0x99
72f64de3 MSCOREE!_CorExeMain_Exported+0x8
7542339a KERNEL32!BaseThreadInitThunk+0xe
77889ef2 ntdll!__RtlUserThreadStart+0x70
77889ec5 ntdll!_RtlUserThreadStart+0x1b


FOLLOWUP_IP: 
AUDIOSES!DllCanUnloadNow+42
72630d69 ff3514d06472    push    dword ptr [AUDIOSES!_AudioClientThreadpoolCleanupGroup (7264d014)]

编辑1:(附加信息)

!clrstack

OS Thread Id: 0x1fd0 (0)
Child SP IP       Call Site
GetFrameContext failed: 1

!线程

ThreadCount:      7
UnstartedThread:  0
BackgroundThread: 4
PendingThread:    0
DeadThread:       3
Hosted Runtime:   no
                                   PreEmptive   GC Alloc                Lock
       ID  OSID ThreadOBJ    State GC           Context       Domain   Count APT Exception
   0    1  1fd0 005afe88     16220 Enabled  03051294:03051e6c 00578550     0 STA
XXXX    2   e5c 005801d0      b220 Enabled  0305a22c:0305be6c 00578550     0 MTA (Finalizer)
XXXX    3       00641258     19820 Enabled  00000000:00000000 00578550     0 Ukn
XXXX    4       06e4b800    819820 Enabled  00000000:00000000 00578550     0 Ukn
XXXX    5  18a0 081be620   200b220 Enabled  00000000:00000000 00578550     1 MTA
XXXX    8       081d5e18    819820 Enabled  00000000:00000000 00578550     0 Ukn
XXXX    7   158 07ed78d8       220 Enabled  00000000:00000000 00578550     0 Ukn
4

1 回答 1

5

看起来ntdll!TpReleaseCleanupGroupMembers(与kernel32!CloseThreadpoolCleanupGroupMembers- 您可以在 msdn 上查找相同)函数(从故障堆栈顶部)不喜欢在进程关闭时被调用 - 它抛出您看到的异常(无效参数) 在这种情况下。

从堆栈上还有两个库(audiosesgxmetadata)的存在来看,我猜有些对象被销毁/释放得太晚了。audioses.dll似乎是 Core Audio API 库,不确定 gxmetadata.dll - 你能解释一下这些的用法吗?

于 2012-08-29T14:22:28.247 回答