How to catch this error Access Violation

I have a crash; I know that crash is in the following code

0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
It is because the VariantClear tries to release a COM Object that is
not long valid.

Because I did not know how to prevent this error from happening,,
(Please see
http://groups.google.com/group/microsoft.public.dotnet.framework.clr/browse_thread/thread/4ea4df87b0f2e13c/87efbc010c5ab61a?hl=en#87efbc010c5ab61a
if you want to know why) The only option I have now is to catch the
error (Access Violation), but it looks like the system create a
endless loop on the following code

0012cf58 7c90e96c ntdll!KiFastSystemCallRet
0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
0012d060 77513442 kernel32!FreeLibrary+0x3f
0012d06c 77513456 ole32!
CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d


It ran the above code again and again, even I have SEH in
0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
+0x1c5, the error never returned to my SEH

Would anyone please show me how to catch this particular error?
Thanks in advance.

John

the stack trace is as following,

0:000> kL 200
ChildEBP RetAddr
0012cf58 7c90e96c ntdll!KiFastSystemCallRet
0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
0012d060 77513442 kernel32!FreeLibrary+0x3f
0012d06c 77513456 ole32!
CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
0012d228 77513578 ole32!CClassCache::FreeUnused+0x19d
0012d238 775133a2 ole32!CoFreeUnusedLibrariesEx+0x36
0012d244 6605a01e ole32!CoFreeUnusedLibraries+0x9
0012d258 6605b4d1 MSVBVM60!CCreDestroyCtlStruct+0x387
0012d27c 6601c56a MSVBVM60!CCreDestroyCtl+0x195
0012d2c0 6601bc56 MSVBVM60!CCreFUnloadForm+0x1c9
0012d2cc 660c9ed5 MSVBVM60!CUnkDesk::Release+0x23
0012d2e4 6600e720 MSVBVM60!BASIC_CLASS::PRIVATE_UNKNOWN::Release+0x11c
0012d2ec 77124918 MSVBVM60!SCM_MsoStdCompMgr::Release+0xd
0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
0012d35c 12d715d4 AppContainer!_variant_t::~_variant_t+0x29
0012d3c0 12d74b25 AppContainer!std::pair<_bstr_t
const ,_variant_t>::~pair<_bstr_t const ,_variant_t>+0x44
0012d418 12d749b2 AppContainer!std::pair<_bstr_t
const ,_variant_t>::`scalar deleting destructor'+0x25
0012d470 12d73d46 AppContainer!std::_Destroy+0x22
0012d4cc 12d72cb5 AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
const ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::_Destval+0x26
0012d550 12d78e2d AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
const ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::erase+0x825
0012d5b0 12d78af5 AppContainer!
std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>::erase+0x2d
0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
+0x1c5
0012d6b8 12d796b0 AppContainer!CPropertyContainer::~CPropertyContainer
+0x41
0012d71c 12d77335 AppContainer!
ATL::CComObject<CPropertyContainer>::~CComObject<CPropertyContainer>
+0x70
0012d774 12d79758 AppContainer!
ATL::CComObject<CPropertyContainer>::`scalar deleting destructor'+0x25
0012d7dc 79e8dbde AppContainer!
ATL::CComObject<CPropertyContainer>::Release+0x48
0012d830 79e8db4a mscorwks!ReleaseTransitionHelper+0x5f
0012d878 79e8dac5 mscorwks!SafeReleaseHelper+0x89
0012d8ac 79f27983 mscorwks!SafeRelease+0x2f
0012d8c4 79f2792e mscorwks!RCW::ReleaseAllInterfaces+0x49
0012d8f4 79f279dc mscorwks!RCW::ReleaseAllInterfacesCallBack+0xbd
0012d924 79f279b0 mscorwks!RCW::Cleanup+0x22
0012d92c 79f27997 mscorwks!RCWCleanupList::ReleaseRCWListRaw+0x14
0012d95c 79f277e5 mscorwks!RCWCleanupList::ReleaseRCWListInCorrectCtx
+0x97
0012d96c 77525fbe mscorwks!CtxEntry::EnterContextCallback+0x94
0012d988 77e7a19c ole32!CRemoteUnknown::DoCallback+0x7a
0012d9a4 77ef321a RPCRT4!Invoke+0x30
0012dda8 77ef3bf3 RPCRT4!NdrStubCall2+0x297
0012de00 77600c31 RPCRT4!CStdStubBuffer_Invoke+0xc6
0012de40 77600bdb ole32!SyncStubInvoke+0x33
0012de88 7750f237 ole32!StubInvoke+0xa7
0012df60 7750f15c ole32!CCtxComChnl::ContextInvoke+0xe3
0012df7c 7750fc79 ole32!MTAInvoke+0x1a
0012dfa8 77600e3b ole32!STAInvoke+0x4a
0012dfdc 776009bc ole32!AppInvoke+0x7e
0012e0b0 77600df2 ole32!ComInvokeWithLockAndIPID+0x2e0
0012e0dc 7750fcb3 ole32!ComInvoke+0x60
0012e0f0 7750fae9 ole32!ThreadDispatch+0x23
0012e108 77d48744 ole32!ThreadWndProc+0xfe
0012e134 77d48826 USER32!InternalCallWinProc+0x28
0012e19c 77d489dd USER32!UserCallWinProcCheckWow+0x150
0012e1fc 77d48a20 USER32!DispatchMessageWorker+0x306
0012e20c 77512c02 USER32!DispatchMessageW+0xf
0012e23c 77512761 ole32!CCliModalLoop::PeekRPCAndDDEMessage+0x4c
0012e250 77557227 ole32!CCliModalLoop::BlockFn+0x5e
0012e2c4 79f27b88 ole32!CoWaitForMultipleHandles+0xcf
0012e2e4 79f27acf mscorwks!NT5WaitRoutine+0x51
0012e350 79f27a33 mscorwks!MsgWaitHelper+0xa5
0012e370 79f17493 mscorwks!Thread::DoAppropriateAptStateWait+0x28
0012e3f4 79f1732f mscorwks!Thread::DoAppropriateWaitWorker+0x144
0012e444 79f27cf0 mscorwks!Thread::DoAppropriateWait+0x40
0012e494 79f27c76 mscorwks!Thread::JoinEx+0x86
0012e4a0 79f27c52 mscorwks!Thread::Join+0x13
0012e4f0 79f20743 mscorwks!
RCWCleanupList::CleanupWrappersInCurrentCtxThread+0x15a
0012e4f8 79f20665 mscorwks!RCW::Initialize+0x77
0012e52c 79f1dc99 mscorwks!RCW::CreateRCW+0x51
0012e59c 79f1c9a5 mscorwks!COMInterfaceMarshaler::CreateObjectRef+0x4d
0012e5fc 79f1c110 mscorwks!COMInterfaceMarshaler::FindOrCreateObjectRef
+0xb4
0012eabc 79f82a1c mscorwks!GetObjectRefFromComIP+0x1b4
0012eadc 79f82a01 mscorwks!UnmarshalObjectFromInterface+0x19
0012eaf8 79f1e19d mscorwks!
InterfaceMarshalerBase::ConvertSpaceNativeToCLR+0x30
0012eb00 79f1e0b2 mscorwks!
DefaultMarshalOverrides<InterfaceMarshalerBase>::MarshalNativeToCLROut
+0x11
0012ed3c 79f1f206 mscorwks!RunML+0x4f9
0012ee58 79f1ed6a mscorwks!COMToCLRWorkerBody+0x10f
0012eeb4 79f1ec81 mscorwks!COMToCLRWorkerDebuggerWrapper+0x37
0012f088 0173a271 mscorwks!COMToCLRWorker+0x164
WARNING: Frame IP not in any known module. Following frames may be
wrong.
0012f0b0 1425fac3 0x173a271
0012f1e0 142672fd AppController!CAppController::Display+0x184
0012f2d0 142504d2 AppController!CAppController::Create+0x683
0012f398 14236181 AppController!CAppController::CreateComponents+0x2da
0012f534 4599c7be AppController!CAppController::Open+0x607
0012f704 0108654d StateMgr!StateMgr::IState_Ope+0xded
0012f8c8 79f21268 TestMenu!Multiple::INotify_Notify+0xcc7
0012f9a8 045a0dd6 mscorwks!CLRToCOMWorker+0x196
0012f9e4 0ff37e88 0x45a0dd6
0012fa40 0ce5a340 0xff37e88
0012fa74 0ce59f28 0xce5a340
0012fac0 010ed2e2 0xce59f28
*** WARNING: Unable to verify checksum for C:\WINDOWS\assembly
\NativeImages_v2.0.50727_32\System.Windows.Forms
\5892bc4805482546977cc303fe56856e\System.Windows.Forms.ni.dll
0012fc28 7b0d02da 0x10ed2e2
0012fc48 7b0d02da System_Windows_Forms_ni+0x1002da
0012fc8c 7b072c44 System_Windows_Forms_ni+0x1002da
0012fcf8 7b07a73d System_Windows_Forms_ni+0xa2c44
0012fd74 77d48744 System_Windows_Forms_ni+0xaa73d
0012fda0 77d48826 USER32!InternalCallWinProc+0x28
0012fe08 77d489dd USER32!UserCallWinProcCheckWow+0x150
0012fe68 77d496d7 USER32!DispatchMessageWorker+0x306
0012fe78 6600a4a3 USER32!DispatchMessageA+0xf
0012feb8 6600a41a MSVBVM60!ThunderMsgLoop+0xfd
0012fecc 6600a3bc MSVBVM60!CMsoCMHandler::FPushMessageLoop+0x19
0012fefc 6600a2f8 MSVBVM60!SCM::FPushMessageLoop+0xb9
0012ff18 6600a2c3 MSVBVM60!SCM_MsoCompMgr::FPushMessageLoop+0x2b
0012ff3c 6600361c MSVBVM60!CMsoComponent::PushMsgLoop+0x26
0012ffb8 00404dba MSVBVM60!ThunRTMain+0x9b
0012fff0 00000000 AppMain!__vbaS+0xa

Heinz
Sat Feb 24 01:51:12 CST 2007

<johnxhc@gmail.com> schrieb im Newsbeitrag
news:1172286097.766239.12550@q2g2000cwa.googlegroups.com...
>I have a crash; I know that crash is in the following code
>
> 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> It is because the VariantClear tries to release a COM Object that is
> not long valid.
>
> Because I did not know how to prevent this error from happening,,
> (Please see
> http://groups.google.com/group/microsoft.public.dotnet.framework.clr/browse_thread/thread/4ea4df87b0f2e13c/87efbc010c5ab61a?hl=en#87efbc010c5ab61a
> if you want to know why) The only option I have now is to catch the
> error (Access Violation), but it looks like the system create a
> endless loop on the following code

When you make a copy of an interface pointer, you have to call AddRef on
that pointer, and you have to call Release on the same interface when it is
no longer used through that copy of the pointer, no matter what kind of
variable is used to store the pointer. If you follow those rules, and if you
release all interfaces before calling CoUninitialize, there should be no
such errors in the first place.

HTH
Heinz

Ivan
Sat Feb 24 14:27:37 CST 2007

Could you post the output of the `r;~*kb` command ?
I'd like to see the registers (the `r` part) and the exact
instruction that causes the AV. On average, I would not expect
to see an AV to happen upon return from a system call,
unless you have unmapped ntdll.dll, that is never going to happen.

On top of the other suggestions of debugging your component ref-count,
module refcount, and Com-Initialization ref-count for each apartment,
I'd also suggest to enable PageHeap, so that you can leverege
it's ability to capture the stack backtrace of the thread who deleted the
block
of memory that is likely to be the cause of the AV.

--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


<johnxhc@gmail.com> wrote in message
news:1172286097.766239.12550@q2g2000cwa.googlegroups.com...
>I have a crash; I know that crash is in the following code
>
> 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> It is because the VariantClear tries to release a COM Object that is
> not long valid.
>
> Because I did not know how to prevent this error from happening,,
> (Please see
> http://groups.google.com/group/microsoft.public.dotnet.framework.clr/browse_thread/thread/4ea4df87b0f2e13c/87efbc010c5ab61a?hl=en#87efbc010c5ab61a
> if you want to know why) The only option I have now is to catch the
> error (Access Violation), but it looks like the system create a
> endless loop on the following code
>
> 0012cf58 7c90e96c ntdll!KiFastSystemCallRet
> 0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
> 0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
> 0012d060 77513442 kernel32!FreeLibrary+0x3f
> 0012d06c 77513456 ole32!
> CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
> 0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
>
>
> It ran the above code again and again, even I have SEH in
> 0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
> +0x1c5, the error never returned to my SEH
>
> Would anyone please show me how to catch this particular error?
> Thanks in advance.
>
> John
>
> the stack trace is as following,
>
> 0:000> kL 200
> ChildEBP RetAddr
> 0012cf58 7c90e96c ntdll!KiFastSystemCallRet
> 0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
> 0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
> 0012d060 77513442 kernel32!FreeLibrary+0x3f
> 0012d06c 77513456 ole32!
> CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
> 0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
> 0012d228 77513578 ole32!CClassCache::FreeUnused+0x19d
> 0012d238 775133a2 ole32!CoFreeUnusedLibrariesEx+0x36
> 0012d244 6605a01e ole32!CoFreeUnusedLibraries+0x9
> 0012d258 6605b4d1 MSVBVM60!CCreDestroyCtlStruct+0x387
> 0012d27c 6601c56a MSVBVM60!CCreDestroyCtl+0x195
> 0012d2c0 6601bc56 MSVBVM60!CCreFUnloadForm+0x1c9
> 0012d2cc 660c9ed5 MSVBVM60!CUnkDesk::Release+0x23
> 0012d2e4 6600e720 MSVBVM60!BASIC_CLASS::PRIVATE_UNKNOWN::Release+0x11c
> 0012d2ec 77124918 MSVBVM60!SCM_MsoStdCompMgr::Release+0xd
> 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> 0012d35c 12d715d4 AppContainer!_variant_t::~_variant_t+0x29
> 0012d3c0 12d74b25 AppContainer!std::pair<_bstr_t
> const ,_variant_t>::~pair<_bstr_t const ,_variant_t>+0x44
> 0012d418 12d749b2 AppContainer!std::pair<_bstr_t
> const ,_variant_t>::`scalar deleting destructor'+0x25
> 0012d470 12d73d46 AppContainer!std::_Destroy+0x22
> 0012d4cc 12d72cb5 AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
> const
> ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::_Destval+0x26
> 0012d550 12d78e2d AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
> const
> ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::erase+0x825
> 0012d5b0 12d78af5 AppContainer!
> std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>>::erase+0x2d
> 0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
> +0x1c5
> 0012d6b8 12d796b0 AppContainer!CPropertyContainer::~CPropertyContainer
> +0x41
> 0012d71c 12d77335 AppContainer!
> ATL::CComObject<CPropertyContainer>::~CComObject<CPropertyContainer>
> +0x70
> 0012d774 12d79758 AppContainer!
> ATL::CComObject<CPropertyContainer>::`scalar deleting destructor'+0x25
> 0012d7dc 79e8dbde AppContainer!
> ATL::CComObject<CPropertyContainer>::Release+0x48
> 0012d830 79e8db4a mscorwks!ReleaseTransitionHelper+0x5f
> 0012d878 79e8dac5 mscorwks!SafeReleaseHelper+0x89
> 0012d8ac 79f27983 mscorwks!SafeRelease+0x2f
> 0012d8c4 79f2792e mscorwks!RCW::ReleaseAllInterfaces+0x49
> 0012d8f4 79f279dc mscorwks!RCW::ReleaseAllInterfacesCallBack+0xbd
> 0012d924 79f279b0 mscorwks!RCW::Cleanup+0x22
> 0012d92c 79f27997 mscorwks!RCWCleanupList::ReleaseRCWListRaw+0x14
> 0012d95c 79f277e5 mscorwks!RCWCleanupList::ReleaseRCWListInCorrectCtx
> +0x97
> 0012d96c 77525fbe mscorwks!CtxEntry::EnterContextCallback+0x94
> 0012d988 77e7a19c ole32!CRemoteUnknown::DoCallback+0x7a
> 0012d9a4 77ef321a RPCRT4!Invoke+0x30
> 0012dda8 77ef3bf3 RPCRT4!NdrStubCall2+0x297
> 0012de00 77600c31 RPCRT4!CStdStubBuffer_Invoke+0xc6
> 0012de40 77600bdb ole32!SyncStubInvoke+0x33
> 0012de88 7750f237 ole32!StubInvoke+0xa7
> 0012df60 7750f15c ole32!CCtxComChnl::ContextInvoke+0xe3
> 0012df7c 7750fc79 ole32!MTAInvoke+0x1a
> 0012dfa8 77600e3b ole32!STAInvoke+0x4a
> 0012dfdc 776009bc ole32!AppInvoke+0x7e
> 0012e0b0 77600df2 ole32!ComInvokeWithLockAndIPID+0x2e0
> 0012e0dc 7750fcb3 ole32!ComInvoke+0x60
> 0012e0f0 7750fae9 ole32!ThreadDispatch+0x23
> 0012e108 77d48744 ole32!ThreadWndProc+0xfe
> 0012e134 77d48826 USER32!InternalCallWinProc+0x28
> 0012e19c 77d489dd USER32!UserCallWinProcCheckWow+0x150
> 0012e1fc 77d48a20 USER32!DispatchMessageWorker+0x306
> 0012e20c 77512c02 USER32!DispatchMessageW+0xf
> 0012e23c 77512761 ole32!CCliModalLoop::PeekRPCAndDDEMessage+0x4c
> 0012e250 77557227 ole32!CCliModalLoop::BlockFn+0x5e
> 0012e2c4 79f27b88 ole32!CoWaitForMultipleHandles+0xcf
> 0012e2e4 79f27acf mscorwks!NT5WaitRoutine+0x51
> 0012e350 79f27a33 mscorwks!MsgWaitHelper+0xa5
> 0012e370 79f17493 mscorwks!Thread::DoAppropriateAptStateWait+0x28
> 0012e3f4 79f1732f mscorwks!Thread::DoAppropriateWaitWorker+0x144
> 0012e444 79f27cf0 mscorwks!Thread::DoAppropriateWait+0x40
> 0012e494 79f27c76 mscorwks!Thread::JoinEx+0x86
> 0012e4a0 79f27c52 mscorwks!Thread::Join+0x13
> 0012e4f0 79f20743 mscorwks!
> RCWCleanupList::CleanupWrappersInCurrentCtxThread+0x15a
> 0012e4f8 79f20665 mscorwks!RCW::Initialize+0x77
> 0012e52c 79f1dc99 mscorwks!RCW::CreateRCW+0x51
> 0012e59c 79f1c9a5 mscorwks!COMInterfaceMarshaler::CreateObjectRef+0x4d
> 0012e5fc 79f1c110 mscorwks!COMInterfaceMarshaler::FindOrCreateObjectRef
> +0xb4
> 0012eabc 79f82a1c mscorwks!GetObjectRefFromComIP+0x1b4
> 0012eadc 79f82a01 mscorwks!UnmarshalObjectFromInterface+0x19
> 0012eaf8 79f1e19d mscorwks!
> InterfaceMarshalerBase::ConvertSpaceNativeToCLR+0x30
> 0012eb00 79f1e0b2 mscorwks!
> DefaultMarshalOverrides<InterfaceMarshalerBase>::MarshalNativeToCLROut
> +0x11
> 0012ed3c 79f1f206 mscorwks!RunML+0x4f9
> 0012ee58 79f1ed6a mscorwks!COMToCLRWorkerBody+0x10f
> 0012eeb4 79f1ec81 mscorwks!COMToCLRWorkerDebuggerWrapper+0x37
> 0012f088 0173a271 mscorwks!COMToCLRWorker+0x164
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 0012f0b0 1425fac3 0x173a271
> 0012f1e0 142672fd AppController!CAppController::Display+0x184
> 0012f2d0 142504d2 AppController!CAppController::Create+0x683
> 0012f398 14236181 AppController!CAppController::CreateComponents+0x2da
> 0012f534 4599c7be AppController!CAppController::Open+0x607
> 0012f704 0108654d StateMgr!StateMgr::IState_Ope+0xded
> 0012f8c8 79f21268 TestMenu!Multiple::INotify_Notify+0xcc7
> 0012f9a8 045a0dd6 mscorwks!CLRToCOMWorker+0x196
> 0012f9e4 0ff37e88 0x45a0dd6
> 0012fa40 0ce5a340 0xff37e88
> 0012fa74 0ce59f28 0xce5a340
> 0012fac0 010ed2e2 0xce59f28
> *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly
> \NativeImages_v2.0.50727_32\System.Windows.Forms
> \5892bc4805482546977cc303fe56856e\System.Windows.Forms.ni.dll
> 0012fc28 7b0d02da 0x10ed2e2
> 0012fc48 7b0d02da System_Windows_Forms_ni+0x1002da
> 0012fc8c 7b072c44 System_Windows_Forms_ni+0x1002da
> 0012fcf8 7b07a73d System_Windows_Forms_ni+0xa2c44
> 0012fd74 77d48744 System_Windows_Forms_ni+0xaa73d
> 0012fda0 77d48826 USER32!InternalCallWinProc+0x28
> 0012fe08 77d489dd USER32!UserCallWinProcCheckWow+0x150
> 0012fe68 77d496d7 USER32!DispatchMessageWorker+0x306
> 0012fe78 6600a4a3 USER32!DispatchMessageA+0xf
> 0012feb8 6600a41a MSVBVM60!ThunderMsgLoop+0xfd
> 0012fecc 6600a3bc MSVBVM60!CMsoCMHandler::FPushMessageLoop+0x19
> 0012fefc 6600a2f8 MSVBVM60!SCM::FPushMessageLoop+0xb9
> 0012ff18 6600a2c3 MSVBVM60!SCM_MsoCompMgr::FPushMessageLoop+0x2b
> 0012ff3c 6600361c MSVBVM60!CMsoComponent::PushMsgLoop+0x26
> 0012ffb8 00404dba MSVBVM60!ThunRTMain+0x9b
> 0012fff0 00000000 AppMain!__vbaS+0xa
>

johnxhc
Sat Feb 24 21:31:04 CST 2007

Thanks for your help ,
1) About reference counting, The COM Comoponent was created in .NET,
the is is passed to another COM Component in the .NET Code, so there
should not be any explicit reference count here. please see the
following post for detail
http://groups.google.com/group/microsoft.public.dotnet.framework.interop/br=
owse_thread/thread/27e2734aa6cb0056/e3fa5c323c8e00db?hl=3Den#e3fa5c323c8e00=
db

2) Would you please tell me how to use PageHeap could help in this
case? since I already have the stack trace, and it is tricked by a
gabage colletion
3) Here is the result of r;~kb 100

0:000> r;~kb 100
eax=3D102fb404 ebx=3D125e6b83 ecx=3D66029f10 edx=3D0012cfdc esi=3D0024bd68
edi=3D0012cfa8
eip=3D7c90eb94 esp=3D0012cee4 ebp=3D0012cfd4 iopl=3D0 nv up ei pl zr
na pe nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b gs=3D0000
efl=3D00000246
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
ChildEBP RetAddr Args to Child
0012cee0 7c90e96c 7c91e7d3 ffffffff 125e0000 ntdll!KiFastSystemCallRet
0012cee4 7c91e7d3 ffffffff 125e0000 0012d0d0 ntdll!NtUnmapViewOfSection
+0xc
0012cfd4 7c80abf7 125e0000 0012d100 0012d208 ntdll!LdrUnloadDll+0x31a
0012cfe8 77513442 125e0000 0012d228 77513456 kernel32!FreeLibrary+0x3f
0012cff4 77513456 0012d10c 776067e0 00000000 ole32!
CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
0012d008 775135fe 774e1ab0 00000000 00000000 ole32!
CClassCache::CFinishComposite::Finish+0x1d
0012d228 77513578 ffffffff 001460b0 102fb080 ole32!
CClassCache::FreeUnused+0x19d
0012d238 775133a2 ffffffff 00000000 6605a01e ole32!
CoFreeUnusedLibrariesEx+0x36
0012d244 6605a01e 08000000 102fafec 0012d27c ole32!
CoFreeUnusedLibraries+0x9
0012d258 6605b4d1 00ee546c 00000000 102f5084 MSVBVM60!
CCreDestroyCtlStruct+0x387
0012d27c 6601c56a 102eb660 00000000 00000000 MSVBVM60!CCreDestroyCtl
+0x195
0012d2c0 6601bc56 00021f64 00000000 660c9ed5 MSVBVM60!CCreFUnloadForm
+0x1c9
0012d2cc 660c9ed5 102f4e74 00000009 101d2150 MSVBVM60!CUnkDesk::Release
+0x23
0012d2e4 6600e720 14432af4 77124918 14432ad8 MSVBVM60!
BASIC_CLASS::PRIVATE_UNKNOWN::Release+0x11c
0012d2ec 77124918 14432ad8 0012d35c 0012d30c MSVBVM60!
SCM_MsoStdCompMgr::Release+0xd
0012d300 12d75f49 101d2150 0012d3b4 101d1ff8 OLEAUT32!VariantClear
+0xb1
0012d35c 12d715d4 0012d418 101d1ff8 00000000 AppContainer!
_variant_t::~_variant_t+0x29 [c:\program files\microsoft visual studio
\vc98\include\comutil.h @ 1736]
0012d3c0 12d74b25 0012d470 101d1ff8 00000000 AppContainer!
std::pair<_bstr_t const ,_variant_t>::~pair<_bstr_t const ,_variant_t>
+0x44
0012d418 12d749b2 00000000 0012d4cc 101d1ff8 AppContainer!
std::pair<_bstr_t const ,_variant_t>::`scalar deleting
destructor'+0x25
0012d470 12d73d46 101d2148 0012d544 101d1ff8 AppContainer!std::_Destroy
+0x22 [c:\program files\microsoft visual studio\vc98\include\xmemory @
38]
0012d4cc 12d72cb5 101d2148 0012d5b0 0012d5c0 AppContainer!
std::_Tree<_bstr_t,std::pair<_bstr_t
const ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allo=
cator<_variant_t>

>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::_Destval+0x26 [c:\=
program files\microsoft visual studio\vc98\include\xtree @ 585]
0012d550 12d78ebd 0012d60c 101d1ff8 0012d63c AppContainer!
std::_Tree<_bstr_t,std::pair<_bstr_t
const ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allo=
cator<_variant_t>

>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::erase+0x825 [c:\pr=
ogram files\microsoft visual studio\vc98\include\xtree @ 359]
0012d5b0 12d78b88 0012d60c 101d2138 0012d6ac AppContainer!
std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>::erase+0x2d [c:\program files\microsoft visual studio\vc98\include
\map @ 104]
0012d654 12d78901 0012d710 0017a980 00000000 AppContainer!
Mycontainer::RemoveMapObject+0x238 [c:\Source\AppContainer
\Mycontainer.h @ 120]
0012d6b8 12d79740 0012d774 0017a980 00000000 AppContainer!
Mycontainer::~Mycontainer+0x41 [c:\Source\AppContainer\Mycontainer.h @
137]
0012d71c 12d774f5 0012d7dc 0017a980 00000000 AppContainer!
ATL::CComObject<Mycontainer>::~CComObject<Mycontainer>+0x70 [c:
\program files\microsoft visual studio\vc98\atl\include\atlcom.h @
2411]
0012d774 12d79dd8 00000001 00000000 0017a980 AppContainer!
ATL::CComObject<Mycontainer>::`scalar deleting destructor'+0x25
0012d7dc 79e8dbde 101d4f80 824869f1 00000008 AppContainer!
ATL::CComObject<Mycontainer>::Release+0x48 [c:\program files\microsoft
visual studio\vc98\atl\include\atlcom.h @ 2419]
0012d830 79e8db4a 101d4f80 824869b9 00000008 mscorwks!
ReleaseTransitionHelper+0x5f
0012d878 79e8dac5 101d4f80 1437a628 8248696d mscorwks!SafeReleaseHelper
+0x89
0012d8ac 79f27983 101d4f80 1437a628 00000001 mscorwks!SafeRelease+0x2f
0012d8c4 79f2792e 82486935 00000001 1437a628 mscorwks!
RCW::ReleaseAllInterfaces+0x49
0012d8f4 79f279dc 1437a628 824868e5 00000001 mscorwks!
RCW::ReleaseAllInterfacesCallBack+0xbd
0012d924 79f279b0 01a1fb7c 79f27997 14440ee0 mscorwks!RCW::Cleanup
+0x22
0012d92c 79f27997 14440ee0 8248689d 0012d978 mscorwks!
RCWCleanupList::ReleaseRCWListRaw+0x14
0012d95c 79f277e5 001466d8 001466d8 0012d988 mscorwks!
RCWCleanupList::ReleaseRCWListInCorrectCtx+0x97
0012d96c 77525fbe 01a1fa18 0012d98c 0012d9b4 mscorwks!
CtxEntry::EnterContextCallback+0x94
0012d988 77e7a19c 0015b340 14405700 02020202 ole32!
CRemoteUnknown::DoCallback+0x7a
0012d9a4 77ef321a 77525f83 0012d9b8 00000002 RPCRT4!Invoke+0x30
0012dda8 77ef3bf3 0015eef8 0015d320 00233f14 RPCRT4!NdrStubCall2+0x297
0012de00 77600c31 0015eef8 00233f14 0015d320 RPCRT4!
CStdStubBuffer_Invoke+0xc6
0012de40 77600bdb 00233f14 00238024 00000000 ole32!SyncStubInvoke+0x33
0012de88 7750f237 00233f14 0015d238 0015eef8 ole32!StubInvoke+0xa7
0012df60 7750f15c 0015d320 00000000 0015eef8 ole32!
CCtxComChnl::ContextInvoke+0xe3
0012df7c 7750fc79 00233f14 00000001 0015eef8 ole32!MTAInvoke+0x1a
0012dfa8 77600e3b 00233f14 00000001 0015eef8 ole32!STAInvoke+0x4a
0012dfdc 776009bc 00233ec0 0015d320 0015eef8 ole32!AppInvoke+0x7e
0012e0b0 77600df2 00233ec0 0015d580 00000000 ole32!
ComInvokeWithLockAndIPID+0x2e0
0012e0dc 7750fcb3 00233ec0 00000400 001464d8 ole32!ComInvoke+0x60
0012e0f0 7750fae9 00233ec0 0012e170 7750fa56 ole32!ThreadDispatch+0x23
0012e108 77d48744 001d0632 001460b0 0000babe ole32!ThreadWndProc+0xfe
0012e134 77d48826 7750fa56 001d0632 00000400 USER32!InternalCallWinProc
+0x28
0012e19c 77d489dd 00000000 7750fa56 001d0632 USER32!
UserCallWinProcCheckWow+0x150
0012e1fc 77d48a20 0012e220 00000000 0012e23c USER32!
DispatchMessageWorker+0x306
0012e20c 77512c02 0012e220 00000102 0012e280 USER32!DispatchMessageW
+0xf
0012e23c 77512761 80010116 80010115 00000000 ole32!
CCliModalLoop::PeekRPCAndDDEMessage+0x4c
0012e250 77557227 0012e484 00000001 0012e27c ole32!
CCliModalLoop::BlockFn+0x5e
0012e2c4 79f27b88 00000002 00000001 00000001 ole32!
CoWaitForMultipleHandles+0xcf
0012e2e4 79f27acf 00000000 00000001 00000001 mscorwks!NT5WaitRoutine
+0x51
0012e350 79f27a33 00000001 0012e484 00000000 mscorwks!MsgWaitHelper
+0xa5
0012e370 79f17493 00000001 0012e484 00000000 mscorwks!
Thread::DoAppropriateAptStateWait+0x28
0012e3f4 79f1732f 00000001 0012e484 00000000 mscorwks!
Thread::DoAppropriateWaitWorker+0x144
0012e444 79f27cf0 00000001 0012e484 00000000 mscorwks!
Thread::DoAppropriateWait+0x40
0012e494 79f27c76 00000001 0017a980 79f27c52 mscorwks!Thread::JoinEx
+0x86
0012e4a0 79f27c52 00000001 00000001 82485531 mscorwks!Thread::Join
+0x13
0012e4f0 79f20743 00000001 79f20665 13932db4 mscorwks!
RCWCleanupList::CleanupWrappersInCurrentCtxThread+0x15a
0012e4f8 79f20665 13932db4 0012e58c 824854ed mscorwks!RCW::Initialize
+0x77
0012e52c 79f1dc99 13932db4 0012e58c 8248545d mscorwks!RCW::CreateRCW
+0x51
0012e59c 79f1c9a5 00000000 0012e5ec 8248543d mscorwks!
COMInterfaceMarshaler::CreateObjectRef+0x4d
0012e5fc 79f1c110 82485759 0012ed8c 0012ed64 mscorwks!
COMInterfaceMarshaler::FindOrCreateObjectRef+0xb4
0012eabc 79f82a1c 13932db4 00000000 00000000 mscorwks!
GetObjectRefFromComIP+0x1b4
0012eadc 79f82a01 00195528 13932db4 00000000 mscorwks!
UnmarshalObjectFromInterface+0x19
0012eaf8 79f1e19d 0012ed64 79f1e0b2 0012f0dc mscorwks!
InterfaceMarshalerBase::ConvertSpaceNativeToCLR+0x30
0012eb00 79f1e0b2 0012f0dc 0012ed5c 82485a09 mscorwks!
DefaultMarshalOverrides<InterfaceMarshalerBase>::MarshalNativeToCLROut
+0x11
0012ed3c 79f1f206 0145258c 0012f0dc 0012ed5c mscorwks!RunML+0x4f9
0012ee58 79f1ed6a 0017a980 0012f060 0012f0c8 mscorwks!
COMToCLRWorkerBody+0x10f
0012eeb4 79f1ec81 0017a980 0012f060 0012f0c8 mscorwks!
COMToCLRWorkerDebuggerWrapper+0x37
0012f088 0173a271 0017a980 0012f0c8 99f79cfd mscorwks!COMToCLRWorker
+0x164
WARNING: Frame IP not in any known module. Following frames may be
wrong.
0012f0b0 1425fac3 0012f558 0012f65c 00000001 0x173a271
0012f1e0 142672fd 0edc9060 0012f2b4 0012f4cc AppController!
CAppController::DisplayComponentExists+0x184 [c:\Source\AppController
\CAppController.cls @ 7666]
0012f2d0 142504d2 0edc9060 00000000 0012f4cc AppController!
CAppController::CreateAllViewsDisplayComps+0x683 [c:\Source
\AppController\CAppController.cls @ 9202]
0012f398 14236181 0edc9060 0012f4cc 00000000 AppController!
CAppController::CreateRouteComponents+0x2da [c:\Source\AppController
\CAppController.cls @ 5136]
0012f534 4599c7be 0edc9060 00000001 00000000 AppController!
CAppController::IDataController_Open+0x607 [c:\Source\AppController
\CAppController.cls @ 864]
0012f704 0cd8654d 04936a28 0cd82ee4 1443f4c4 StateMgr!
CSessionMgr::ISession_OpenDataFile+0xded [c:\Source\SessionMgr
\SessionMgr.cls @ 4474]
0012f8c8 79f21268 0efcb230 00000001 0000200c TestMenu!
Multiple::INotify_Notify+0xcc7 [C:\Project\TestMenu\Multiple.cls @
126]
0012f9a8 04590e96 0017a980 0012f9fc 99f79cfd mscorwks!CLRToCOMWorker
+0x196
0012f9e4 0cec8b28 0012fa50 0211ee60 01d477ac 0x4590e96aascv
0012fa40 0ceaa340 0012fa50 01d4175c 01dfcd88 0xcec8b28
0012fa74 0cea9f28 0211ed74 01e0a768 0211ed74 0xceaa340
0012fac0 0cdfbbf2 0211ed74 020d80a0 0012fb10 0xcea9f28
*** WARNING: Unable to verify checksum for C:\WINDOWS\assembly
\NativeImages_v2.0.50727_32\System.Windows.Forms
\5892bc4805482546977cc303fe56856e\System.Windows.Forms.ni.dll
0012fc28 7b0d02da 0012fd1c 00000000 00000000 0xcdfbbf2
0012fc48 7b0d02da 001a1ad4 02079a68 00000042 System_Windows_Forms_ni
+0x1002da
0012fc8c 7b072c44 00000001 00100000 99f79cfd System_Windows_Forms_ni
+0x1002da
0012fcf8 7b07a73d 7b07a716 0012fd50 00000000 System_Windows_Forms_ni
+0xa2c44
0012fd74 77d48744 001a1ad4 00000202 00000000 System_Windows_Forms_ni
+0xaa73d
0012fda0 77d48826 01452d8a 001a1ad4 00000202 USER32!InternalCallWinProc
+0x28
0012fe08 77d489dd 00000000 01452d8a 001a1ad4 USER32!
UserCallWinProcCheckWow+0x150
0012fe68 77d496d7 0012fe90 00000001 0012feb8 USER32!
DispatchMessageWorker+0x306
0012fe78 6600a4a3 0012fe90 ffffffff 00e0379c USER32!DispatchMessageA
+0xf
0012feb8 6600a41a ffffffff 00e037c4 00e00000 MSVBVM60!ThunderMsgLoop
+0xfd
0012fecc 6600a3bc 00e0379c ffffffff 00e03894 MSVBVM60!
CMsoCMHandler::FPushMessageLoop+0x19
0012fefc 6600a2f8 00e03894 ffffffff 0000151c MSVBVM60!
SCM::FPushMessageLoop+0xb9
0012ff18 6600a2c3 00e037c0 00e03894 ffffffff MSVBVM60!
SCM_MsoCompMgr::FPushMessageLoop+0x2b
0012ff3c 6600361c ffffffff 80000001 00e6d230 MSVBVM60!
CMsoComponent::PushMsgLoop+0x26
0012ffb8 00404dba 004051e4 7c816fd7 80000001 MSVBVM60!ThunRTMain+0x9b
0012fff0 00000000 00404db0 00000000 78746341 AppMain!__vbaS+0xa
On Feb 24, 12:27 pm, "Ivan Brugiolo [MSFT]"
<ivanb...@online.microsoft.com> wrote:
> Could you post the output of the `r;~*kb` command ?
> I'd like to see the registers (the `r` part) and the exact
> instruction that causes the AV. On average, I would not expect
> to see an AV to happen upon return from a system call,
> unless you have unmapped ntdll.dll, that is never going to happen.
>
> On top of the other suggestions of debugging your component ref-count,
> module refcount, and Com-Initialization ref-count for each apartment,
> I'd also suggest to enable PageHeap, so that you can leverege
> it's ability to capture the stack backtrace of the thread who deleted the
> block
> of memory that is likely to be the cause of the AV.
>
> --
> --
> This posting is provided "AS IS" with no warranties, and confers no right=
s=2E
> Use of any included script samples are subject to the terms specified ath=
ttp://www.microsoft.com/info/cpyright.htm
>
> <john...@gmail.com> wrote in message
>
> news:1172286097.766239.12550@q2g2000cwa.googlegroups.com...
>
>
>
> >I have a crash; I know that crash is in the following code
>
> > 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> > It is because the VariantClear tries to release a COM Object that is
> > not long valid.
>
> > Because I did not know how to prevent this error from happening,,
> > (Please see
> >http://groups.google.com/group/microsoft.public.dotnet.framework.clr/...
> > if you want to know why) The only option I have now is to catch the
> > error (Access Violation), but it looks like the system create a
> > endless loop on the following code
>
> > 0012cf58 7c90e96c ntdll!KiFastSystemCallRet
> > 0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
> > 0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
> > 0012d060 77513442 kernel32!FreeLibrary+0x3f
> > 0012d06c 77513456 ole32!
> > CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
> > 0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
>
> > It ran the above code again and again, even I have SEH in
> > 0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
> > +0x1c5, the error never returned to my SEH
>
> > Would anyone please show me how to catch this particular error?
> > Thanks in advance.
>
> > John
>
> > the stack trace is as following,
>
> > 0:000> kL 200
> > ChildEBP RetAddr
> > 0012cf58 7c90e96c ntdll!KiFastSystemCallRet
> > 0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
> > 0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
> > 0012d060 77513442 kernel32!FreeLibrary+0x3f
> > 0012d06c 77513456 ole32!
> > CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
> > 0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
> > 0012d228 77513578 ole32!CClassCache::FreeUnused+0x19d
> > 0012d238 775133a2 ole32!CoFreeUnusedLibrariesEx+0x36
> > 0012d244 6605a01e ole32!CoFreeUnusedLibraries+0x9
> > 0012d258 6605b4d1 MSVBVM60!CCreDestroyCtlStruct+0x387
> > 0012d27c 6601c56a MSVBVM60!CCreDestroyCtl+0x195
> > 0012d2c0 6601bc56 MSVBVM60!CCreFUnloadForm+0x1c9
> > 0012d2cc 660c9ed5 MSVBVM60!CUnkDesk::Release+0x23
> > 0012d2e4 6600e720 MSVBVM60!BASIC_CLASS::PRIVATE_UNKNOWN::Release+0x11c
> > 0012d2ec 77124918 MSVBVM60!SCM_MsoStdCompMgr::Release+0xd
> > 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> > 0012d35c 12d715d4 AppContainer!_variant_t::~_variant_t+0x29
> > 0012d3c0 12d74b25 AppContainer!std::pair<_bstr_t
> > const ,_variant_t>::~pair<_bstr_t const ,_variant_t>+0x44
> > 0012d418 12d749b2 AppContainer!std::pair<_bstr_t
> > const ,_variant_t>::`scalar deleting destructor'+0x25
> > 0012d470 12d73d46 AppContainer!std::_Destroy+0x22
> > 0012d4cc 12d72cb5 AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
> > const
> > ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::alloca=
tor<=AD_variant_t>
> >>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::_Destval+0x26
> > 0012d550 12d78e2d AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
> > const
> > ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::alloca=
tor<=AD_variant_t>
> >>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::erase+0x825
> > 0012d5b0 12d78af5 AppContainer!
> > std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_=
t>
> >>::erase+0x2d
> > 0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
> > +0x1c5
> > 0012d6b8 12d796b0 AppContainer!CPropertyContainer::~CPropertyContainer
> > +0x41
> > 0012d71c 12d77335 AppContainer!
> > ATL::CComObject<CPropertyContainer>::~CComObject<CPropertyContainer>
> > +0x70
> > 0012d774 12d79758 AppContainer!
> > ATL::CComObject<CPropertyContainer>::`scalar deleting destructor'+0x25
> > 0012d7dc 79e8dbde AppContainer!
> > ATL::CComObject<CPropertyContainer>::Release+0x48
> > 0012d830 79e8db4a mscorwks!ReleaseTransitionHelper+0x5f
> > 0012d878 79e8dac5 mscorwks!SafeReleaseHelper+0x89
> > 0012d8ac 79f27983 mscorwks!SafeRelease+0x2f
> > 0012d8c4 79f2792e mscorwks!RCW::ReleaseAllInterfaces+0x49
> > 0012d8f4 79f279dc mscorwks!RCW::ReleaseAllInterfacesCallBack+0xbd
> > 0012d924 79f279b0 mscorwks!RCW::Cleanup+0x22
> > 0012d92c 79f27997 mscorwks!RCWCleanupList::ReleaseRCWListRaw+0x14
> > 0012d95c 79f277e5 mscorwks!RCWCleanupList::ReleaseRCWListInCorrectCtx
> > +0x97
> > 0012d96c 77525fbe mscorwks!CtxEntry::EnterContextCallback+0x94
> > 0012d988 77e7a19c ole32!CRemoteUnknown::DoCallback+0x7a
> > 0012d9a4 77ef321a RPCRT4!Invoke+0x30
> > 0012dda8 77ef3bf3 RPCRT4!NdrStubCall2+0x297
> > 0012de00 77600c31 RPCRT4!CStdStubBuffer_Invoke+0xc6
> > 0012de40 77600bdb ole32!SyncStubInvoke+0x33
> > 0012de88 7750f237 ole32!StubInvoke+0xa7
> > 0012df60 7750f15c ole32!CCtxComChnl::ContextInvoke+0xe3
> > 0012df7c 7750fc79 ole32!MTAInvoke+0x1a
> > 0012dfa8 77600e3b ole32!STAInvoke+0x4a
> > 0012dfdc 776009bc ole32!AppInvoke+0x7e
> > 0012e0b0 77600df2 ole32!ComInvokeWithLockAndIPID+0x2e0
> > 0012e0dc 7750fcb3 ole32!ComInvoke+0x60
> > 0012e0f0 7750fae9 ole32!ThreadDispatch+0x23
> > 0012e108 77d48744 ole32!ThreadWndProc+0xfe
> > 0012e134 77d48826 USER32!InternalCallWinProc+0x28
> > 0012e19c 77d489dd USER32!UserCallWinProcCheckWow+0x150
> > 0012e1fc 77d48a20 USER32!DispatchMessageWorker+0x306
> > 0012e20c 77512c02 USER32!DispatchMessageW+0xf
> > 0012e23c 77512761 ole32!CCliModalLoop::PeekRPCAndDDEMessage+0x4c
> > 0012e250 77557227 ole32!CCliModalLoop::BlockFn+0x5e
> > 0012e2c4 79f27b88 ole32!CoWaitForMultipleHandles+0xcf
> > 0012e2e4 79f27acf mscorwks!NT5WaitRoutine+0x51
> > 0012e350 79f27a33 mscorwks!MsgWaitHelper+0xa5
> > 0012e370 79f17493 mscorwks!Thread::DoAppropriateAptStateWait+0x28
> > 0012e3f4 79f1732f mscorwks!Thread::DoAppropriateWaitWorker+0x144
> > 0012e444 79f27cf0 mscorwks!Thread::DoAppropriateWait+0x40
> > 0012e494 79f27c76 mscorwks!Thread::JoinEx+0x86
> > 0012e4a0 79f27c52 mscorwks!Thread::Join+0x13
> > 0012e4f0 79f20743 mscorwks!
> > RCWCleanupList::CleanupWrappersInCurrentCtxThread+0x15a
> > 0012e4f8 79f20665 mscorwks!RCW::Initialize+0x77
> > 0012e52c 79f1dc99 mscorwks!RCW::CreateRCW+0x51
> > 0012e59c 79f1c9a5 mscorwks!COMInterfaceMarshaler::CreateObjectRef+0x4d
> > 0012e5fc 79f1c110 mscorwks!COMInterfaceMarshaler::FindOrCreateObjectRef
> > +0xb4
> > 0012eabc 79f82a1c mscorwks!GetObjectRefFromComIP+0x1b4
> > 0012eadc 79f82a01 mscorwks!UnmarshalObjectFromInterface+0x19
> > 0012eaf8 79f1e19d mscorwks!
> > InterfaceMarshalerBase::ConvertSpaceNativeToCLR+0x30
> > 0012eb00 79f1e0b2 mscorwks!
> > DefaultMarshalOverrides<InterfaceMarshalerBase>::MarshalNativeToCLROut
> > +0x11
> > 0012ed3c 79f1f206 mscorwks!RunML+0x4f9
> > 0012ee58 79f1ed6a mscorwks!COMToCLRWorkerBody+0x10f
> > 0012eeb4 79f1ec81 mscorwks!COMToCLRWorkerDebuggerWrapper+0x37
> > 0012f088 0173a271 mscorwks!COMToCLRWorker+0x164
> > WARNING: Frame IP not in any known module. Following frames may be
> > wrong.
> > 0012f0b0 1425fac3 0x173a271
> > 0012f1e0 142672fd AppController!CAppController::Display+0x184
> > 0012f2d0 142504d2 AppController!CAppController::Create+0x683
> > 0012f398 14236181 AppController!CAppController::CreateComponents+0x2da
> > 0012f534 4599c7be AppController!CAppController::Open+0x607
> > 0012f704 0108654d StateMgr!StateMgr::IState_Ope+0xded
> > 0012f8c8 79f21268 TestMenu!Multiple::INotify_Notify+0xcc7
> > 0012f9a8 045a0dd6 mscorwks!CLRToCOMWorker+0x196
> > 0012f9e4 0ff37e88 0x45a0dd6
> > 0012fa40 0ce5a340 0xff37e88
> > 0012fa74 0ce59f28 0xce5a340
> > 0012fac0 010ed2e2 0xce59f28
> > *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly
> > \NativeImages_v2.0.50727_32\System.Windows.Forms
> > \5892bc4805482546977cc303fe56856e\System.Windows.Forms.ni.dll
> > 0012fc28 7b0d02da 0x10ed2e2
> > 0012fc48 7b0d02da System_Windows_Forms_ni+0x1002da
> > 0012fc8c 7b072c44 System_Windows_Forms_ni+0x1002da
> > 0012fcf8 7b07a73d System_Windows_Forms_ni+0xa2c44
> > 0012fd74 77d48744 System_Windows_Forms_ni+0xaa73d
> > 0012fda0 77d48826 USER32!InternalCallWinProc+0x28
> > 0012fe08 77d489dd USER32!UserCallWinProcCheckWow+0x150
> > 0012fe68 77d496d7 USER32!DispatchMessageWorker+0x306
> > 0012fe78 6600a4a3 USER32!DispatchMessageA+0xf
> > 0012feb8 6600a41a MSVBVM60!ThunderMsgLoop+0xfd
> > 0012fecc 6600a3bc MSVBVM60!CMsoCMHandler::FPushMessageLoop+0x19
> > 0012fefc 6600a2f8 MSVBVM60!SCM::FPushMessageLoop+0xb9
> > 0012ff18 6600a2c3 MSVBVM60!SCM_MsoCompMgr::FPushMessageLoop+0x2b
> > 0012ff3c 6600361c MSVBVM60!CMsoComponent::PushMsgLoop+0x26
> > 0012ffb8 00404dba MSVBVM60!ThunRTMain+0x9b
> > 0012fff0 00000000 AppMain!__vbaS+0xa- Hide quoted text -
>
> - Show quoted text -

johnxhc
Sat Feb 24 21:34:03 CST 2007

Thanks for your help ,
About reference counting, The COM Comoponent was created in .NET,
Assigned to a property in another COM Component in the .NET Code, so
there should not be any explicit reference count here. please see the
following post for detail
http://groups.google.com/group/microsoft.public.dotnet.framework.interop/browse_thread/thread/27e2734aa6cb0056/e3fa5c323c8e00db?hl=en#e3fa5c323c8e00db

On Feb 23, 11:51 pm, "Heinz Ozwirk" <SPAMhozw...@arcor.de> wrote:
> <john...@gmail.com> schrieb im Newsbeitragnews:1172286097.766239.12550@q2g2000cwa.googlegroups.com...
>
> >I have a crash; I know that crash is in the following code
>
> > 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> > It is because the VariantClear tries to release a COM Object that is
> > not long valid.
>
> > Because I did not know how to prevent this error from happening,,
> > (Please see
> >http://groups.google.com/group/microsoft.public.dotnet.framework.clr/...
> > if you want to know why) The only option I have now is to catch the
> > error (Access Violation), but it looks like the system create a
> > endless loop on the following code
>
> When you make a copy of an interface pointer, you have to call AddRef on
> that pointer, and you have to call Release on the same interface when it is
> no longer used through that copy of the pointer, no matter what kind of
> variable is used to store the pointer. If you follow those rules, and if you
> release all interfaces before calling CoUninitialize, there should be no
> such errors in the first place.
>
> HTH
> Heinz

Ivan
Sat Feb 24 22:29:03 CST 2007

Suspecting the reference counting makes sense, because your thread is dying
while
some form premature unload is happening.
For example, Which dll was supposed to be loaded at base address 125e0000 ?
Can you monitor the DLL-unloads with `sxe ud` ?

Still, the debugger outout does not tell me the real problem.
What is really happening ? Is the process dying ?
The stack below is not an AV. Can you do a `.lastevent` in the debugger ?
It should tell what was really going on.
Maybe the process died in a different thread, and,
what you have there is what is left of the process.
In this case, could you set a breakkpoint in
mscorwks!CorExitProcess and ntdll!NtTeminateProcess ?
Did you have any swallowed-through exceptions before all of this happened ?


<johnxhc@gmail.com> wrote in message
news:1172374264.709349.286330@p10g2000cwp.googlegroups.com...
Thanks for your help ,
1) About reference counting, The COM Comoponent was created in .NET,
the is is passed to another COM Component in the .NET Code, so there
should not be any explicit reference count here. please see the
following post for detail
http://groups.google.com/group/microsoft.public.dotnet.framework.interop/browse_thread/thread/27e2734aa6cb0056/e3fa5c323c8e00db?hl=en#e3fa5c323c8e00db

2) Would you please tell me how to use PageHeap could help in this
case? since I already have the stack trace, and it is tricked by a
gabage colletion
3) Here is the result of r;~kb 100

0:000> r;~kb 100
eax=102fb404 ebx=125e6b83 ecx=66029f10 edx=0012cfdc esi=0024bd68
edi=0012cfa8
eip=7c90eb94 esp=0012cee4 ebp=0012cfd4 iopl=0 nv up ei pl zr
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
ChildEBP RetAddr Args to Child
0012cee0 7c90e96c 7c91e7d3 ffffffff 125e0000 ntdll!KiFastSystemCallRet
0012cee4 7c91e7d3 ffffffff 125e0000 0012d0d0 ntdll!NtUnmapViewOfSection
+0xc
0012cfd4 7c80abf7 125e0000 0012d100 0012d208 ntdll!LdrUnloadDll+0x31a
0012cfe8 77513442 125e0000 0012d228 77513456 kernel32!FreeLibrary+0x3f
0012cff4 77513456 0012d10c 776067e0 00000000 ole32!
CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
0012d008 775135fe 774e1ab0 00000000 00000000 ole32!
CClassCache::CFinishComposite::Finish+0x1d
0012d228 77513578 ffffffff 001460b0 102fb080 ole32!
CClassCache::FreeUnused+0x19d
0012d238 775133a2 ffffffff 00000000 6605a01e ole32!
CoFreeUnusedLibrariesEx+0x36
0012d244 6605a01e 08000000 102fafec 0012d27c ole32!
CoFreeUnusedLibraries+0x9
0012d258 6605b4d1 00ee546c 00000000 102f5084 MSVBVM60!
CCreDestroyCtlStruct+0x387
0012d27c 6601c56a 102eb660 00000000 00000000 MSVBVM60!CCreDestroyCtl
+0x195
0012d2c0 6601bc56 00021f64 00000000 660c9ed5 MSVBVM60!CCreFUnloadForm
+0x1c9
0012d2cc 660c9ed5 102f4e74 00000009 101d2150 MSVBVM60!CUnkDesk::Release
+0x23
0012d2e4 6600e720 14432af4 77124918 14432ad8 MSVBVM60!
BASIC_CLASS::PRIVATE_UNKNOWN::Release+0x11c
0012d2ec 77124918 14432ad8 0012d35c 0012d30c MSVBVM60!
SCM_MsoStdCompMgr::Release+0xd
0012d300 12d75f49 101d2150 0012d3b4 101d1ff8 OLEAUT32!VariantClear
+0xb1
0012d35c 12d715d4 0012d418 101d1ff8 00000000 AppContainer!
_variant_t::~_variant_t+0x29 [c:\program files\microsoft visual studio
\vc98\include\comutil.h @ 1736]
0012d3c0 12d74b25 0012d470 101d1ff8 00000000 AppContainer!
std::pair<_bstr_t const ,_variant_t>::~pair<_bstr_t const ,_variant_t>
+0x44
0012d418 12d749b2 00000000 0012d4cc 101d1ff8 AppContainer!
std::pair<_bstr_t const ,_variant_t>::`scalar deleting
destructor'+0x25
0012d470 12d73d46 101d2148 0012d544 101d1ff8 AppContainer!std::_Destroy
+0x22 [c:\program files\microsoft visual studio\vc98\include\xmemory @
38]
0012d4cc 12d72cb5 101d2148 0012d5b0 0012d5c0 AppContainer!
std::_Tree<_bstr_t,std::pair<_bstr_t
const
,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>

>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::_Destval+0x26
>[c:\program files\microsoft visual studio\vc98\include\xtree @ 585]
0012d550 12d78ebd 0012d60c 101d1ff8 0012d63c AppContainer!
std::_Tree<_bstr_t,std::pair<_bstr_t
const
,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>

>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::erase+0x825
>[c:\program files\microsoft visual studio\vc98\include\xtree @ 359]
0012d5b0 12d78b88 0012d60c 101d2138 0012d6ac AppContainer!
std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
>::erase+0x2d [c:\program files\microsoft visual studio\vc98\include
\map @ 104]
0012d654 12d78901 0012d710 0017a980 00000000 AppContainer!
Mycontainer::RemoveMapObject+0x238 [c:\Source\AppContainer
\Mycontainer.h @ 120]
0012d6b8 12d79740 0012d774 0017a980 00000000 AppContainer!
Mycontainer::~Mycontainer+0x41 [c:\Source\AppContainer\Mycontainer.h @
137]
0012d71c 12d774f5 0012d7dc 0017a980 00000000 AppContainer!
ATL::CComObject<Mycontainer>::~CComObject<Mycontainer>+0x70 [c:
\program files\microsoft visual studio\vc98\atl\include\atlcom.h @
2411]
0012d774 12d79dd8 00000001 00000000 0017a980 AppContainer!
ATL::CComObject<Mycontainer>::`scalar deleting destructor'+0x25
0012d7dc 79e8dbde 101d4f80 824869f1 00000008 AppContainer!
ATL::CComObject<Mycontainer>::Release+0x48 [c:\program files\microsoft
visual studio\vc98\atl\include\atlcom.h @ 2419]
0012d830 79e8db4a 101d4f80 824869b9 00000008 mscorwks!
ReleaseTransitionHelper+0x5f
0012d878 79e8dac5 101d4f80 1437a628 8248696d mscorwks!SafeReleaseHelper
+0x89
0012d8ac 79f27983 101d4f80 1437a628 00000001 mscorwks!SafeRelease+0x2f
0012d8c4 79f2792e 82486935 00000001 1437a628 mscorwks!
RCW::ReleaseAllInterfaces+0x49
0012d8f4 79f279dc 1437a628 824868e5 00000001 mscorwks!
RCW::ReleaseAllInterfacesCallBack+0xbd
0012d924 79f279b0 01a1fb7c 79f27997 14440ee0 mscorwks!RCW::Cleanup
+0x22
0012d92c 79f27997 14440ee0 8248689d 0012d978 mscorwks!
RCWCleanupList::ReleaseRCWListRaw+0x14
0012d95c 79f277e5 001466d8 001466d8 0012d988 mscorwks!
RCWCleanupList::ReleaseRCWListInCorrectCtx+0x97
0012d96c 77525fbe 01a1fa18 0012d98c 0012d9b4 mscorwks!
CtxEntry::EnterContextCallback+0x94
0012d988 77e7a19c 0015b340 14405700 02020202 ole32!
CRemoteUnknown::DoCallback+0x7a
0012d9a4 77ef321a 77525f83 0012d9b8 00000002 RPCRT4!Invoke+0x30
0012dda8 77ef3bf3 0015eef8 0015d320 00233f14 RPCRT4!NdrStubCall2+0x297
0012de00 77600c31 0015eef8 00233f14 0015d320 RPCRT4!
CStdStubBuffer_Invoke+0xc6
0012de40 77600bdb 00233f14 00238024 00000000 ole32!SyncStubInvoke+0x33
0012de88 7750f237 00233f14 0015d238 0015eef8 ole32!StubInvoke+0xa7
0012df60 7750f15c 0015d320 00000000 0015eef8 ole32!
CCtxComChnl::ContextInvoke+0xe3
0012df7c 7750fc79 00233f14 00000001 0015eef8 ole32!MTAInvoke+0x1a
0012dfa8 77600e3b 00233f14 00000001 0015eef8 ole32!STAInvoke+0x4a
0012dfdc 776009bc 00233ec0 0015d320 0015eef8 ole32!AppInvoke+0x7e
0012e0b0 77600df2 00233ec0 0015d580 00000000 ole32!
ComInvokeWithLockAndIPID+0x2e0
0012e0dc 7750fcb3 00233ec0 00000400 001464d8 ole32!ComInvoke+0x60
0012e0f0 7750fae9 00233ec0 0012e170 7750fa56 ole32!ThreadDispatch+0x23
0012e108 77d48744 001d0632 001460b0 0000babe ole32!ThreadWndProc+0xfe
0012e134 77d48826 7750fa56 001d0632 00000400 USER32!InternalCallWinProc
+0x28
0012e19c 77d489dd 00000000 7750fa56 001d0632 USER32!
UserCallWinProcCheckWow+0x150
0012e1fc 77d48a20 0012e220 00000000 0012e23c USER32!
DispatchMessageWorker+0x306
0012e20c 77512c02 0012e220 00000102 0012e280 USER32!DispatchMessageW
+0xf
0012e23c 77512761 80010116 80010115 00000000 ole32!
CCliModalLoop::PeekRPCAndDDEMessage+0x4c
0012e250 77557227 0012e484 00000001 0012e27c ole32!
CCliModalLoop::BlockFn+0x5e
0012e2c4 79f27b88 00000002 00000001 00000001 ole32!
CoWaitForMultipleHandles+0xcf
0012e2e4 79f27acf 00000000 00000001 00000001 mscorwks!NT5WaitRoutine
+0x51
0012e350 79f27a33 00000001 0012e484 00000000 mscorwks!MsgWaitHelper
+0xa5
0012e370 79f17493 00000001 0012e484 00000000 mscorwks!
Thread::DoAppropriateAptStateWait+0x28
0012e3f4 79f1732f 00000001 0012e484 00000000 mscorwks!
Thread::DoAppropriateWaitWorker+0x144
0012e444 79f27cf0 00000001 0012e484 00000000 mscorwks!
Thread::DoAppropriateWait+0x40
0012e494 79f27c76 00000001 0017a980 79f27c52 mscorwks!Thread::JoinEx
+0x86
0012e4a0 79f27c52 00000001 00000001 82485531 mscorwks!Thread::Join
+0x13
0012e4f0 79f20743 00000001 79f20665 13932db4 mscorwks!
RCWCleanupList::CleanupWrappersInCurrentCtxThread+0x15a
0012e4f8 79f20665 13932db4 0012e58c 824854ed mscorwks!RCW::Initialize
+0x77
0012e52c 79f1dc99 13932db4 0012e58c 8248545d mscorwks!RCW::CreateRCW
+0x51
0012e59c 79f1c9a5 00000000 0012e5ec 8248543d mscorwks!
COMInterfaceMarshaler::CreateObjectRef+0x4d
0012e5fc 79f1c110 82485759 0012ed8c 0012ed64 mscorwks!
COMInterfaceMarshaler::FindOrCreateObjectRef+0xb4
0012eabc 79f82a1c 13932db4 00000000 00000000 mscorwks!
GetObjectRefFromComIP+0x1b4
0012eadc 79f82a01 00195528 13932db4 00000000 mscorwks!
UnmarshalObjectFromInterface+0x19
0012eaf8 79f1e19d 0012ed64 79f1e0b2 0012f0dc mscorwks!
InterfaceMarshalerBase::ConvertSpaceNativeToCLR+0x30
0012eb00 79f1e0b2 0012f0dc 0012ed5c 82485a09 mscorwks!
DefaultMarshalOverrides<InterfaceMarshalerBase>::MarshalNativeToCLROut
+0x11
0012ed3c 79f1f206 0145258c 0012f0dc 0012ed5c mscorwks!RunML+0x4f9
0012ee58 79f1ed6a 0017a980 0012f060 0012f0c8 mscorwks!
COMToCLRWorkerBody+0x10f
0012eeb4 79f1ec81 0017a980 0012f060 0012f0c8 mscorwks!
COMToCLRWorkerDebuggerWrapper+0x37
0012f088 0173a271 0017a980 0012f0c8 99f79cfd mscorwks!COMToCLRWorker
+0x164
WARNING: Frame IP not in any known module. Following frames may be
wrong.
0012f0b0 1425fac3 0012f558 0012f65c 00000001 0x173a271
0012f1e0 142672fd 0edc9060 0012f2b4 0012f4cc AppController!
CAppController::DisplayComponentExists+0x184 [c:\Source\AppController
\CAppController.cls @ 7666]
0012f2d0 142504d2 0edc9060 00000000 0012f4cc AppController!
CAppController::CreateAllViewsDisplayComps+0x683 [c:\Source
\AppController\CAppController.cls @ 9202]
0012f398 14236181 0edc9060 0012f4cc 00000000 AppController!
CAppController::CreateRouteComponents+0x2da [c:\Source\AppController
\CAppController.cls @ 5136]
0012f534 4599c7be 0edc9060 00000001 00000000 AppController!
CAppController::IDataController_Open+0x607 [c:\Source\AppController
\CAppController.cls @ 864]
0012f704 0cd8654d 04936a28 0cd82ee4 1443f4c4 StateMgr!
CSessionMgr::ISession_OpenDataFile+0xded [c:\Source\SessionMgr
\SessionMgr.cls @ 4474]
0012f8c8 79f21268 0efcb230 00000001 0000200c TestMenu!
Multiple::INotify_Notify+0xcc7 [C:\Project\TestMenu\Multiple.cls @
126]
0012f9a8 04590e96 0017a980 0012f9fc 99f79cfd mscorwks!CLRToCOMWorker
+0x196
0012f9e4 0cec8b28 0012fa50 0211ee60 01d477ac 0x4590e96aascv
0012fa40 0ceaa340 0012fa50 01d4175c 01dfcd88 0xcec8b28
0012fa74 0cea9f28 0211ed74 01e0a768 0211ed74 0xceaa340
0012fac0 0cdfbbf2 0211ed74 020d80a0 0012fb10 0xcea9f28
*** WARNING: Unable to verify checksum for C:\WINDOWS\assembly
\NativeImages_v2.0.50727_32\System.Windows.Forms
\5892bc4805482546977cc303fe56856e\System.Windows.Forms.ni.dll
0012fc28 7b0d02da 0012fd1c 00000000 00000000 0xcdfbbf2
0012fc48 7b0d02da 001a1ad4 02079a68 00000042 System_Windows_Forms_ni
+0x1002da
0012fc8c 7b072c44 00000001 00100000 99f79cfd System_Windows_Forms_ni
+0x1002da
0012fcf8 7b07a73d 7b07a716 0012fd50 00000000 System_Windows_Forms_ni
+0xa2c44
0012fd74 77d48744 001a1ad4 00000202 00000000 System_Windows_Forms_ni
+0xaa73d
0012fda0 77d48826 01452d8a 001a1ad4 00000202 USER32!InternalCallWinProc
+0x28
0012fe08 77d489dd 00000000 01452d8a 001a1ad4 USER32!
UserCallWinProcCheckWow+0x150
0012fe68 77d496d7 0012fe90 00000001 0012feb8 USER32!
DispatchMessageWorker+0x306
0012fe78 6600a4a3 0012fe90 ffffffff 00e0379c USER32!DispatchMessageA
+0xf
0012feb8 6600a41a ffffffff 00e037c4 00e00000 MSVBVM60!ThunderMsgLoop
+0xfd
0012fecc 6600a3bc 00e0379c ffffffff 00e03894 MSVBVM60!
CMsoCMHandler::FPushMessageLoop+0x19
0012fefc 6600a2f8 00e03894 ffffffff 0000151c MSVBVM60!
SCM::FPushMessageLoop+0xb9
0012ff18 6600a2c3 00e037c0 00e03894 ffffffff MSVBVM60!
SCM_MsoCompMgr::FPushMessageLoop+0x2b
0012ff3c 6600361c ffffffff 80000001 00e6d230 MSVBVM60!
CMsoComponent::PushMsgLoop+0x26
0012ffb8 00404dba 004051e4 7c816fd7 80000001 MSVBVM60!ThunRTMain+0x9b
0012fff0 00000000 00404db0 00000000 78746341 AppMain!__vbaS+0xa
On Feb 24, 12:27 pm, "Ivan Brugiolo [MSFT]"
<ivanb...@online.microsoft.com> wrote:
> Could you post the output of the `r;~*kb` command ?
> I'd like to see the registers (the `r` part) and the exact
> instruction that causes the AV. On average, I would not expect
> to see an AV to happen upon return from a system call,
> unless you have unmapped ntdll.dll, that is never going to happen.
>
> On top of the other suggestions of debugging your component ref-count,
> module refcount, and Com-Initialization ref-count for each apartment,
> I'd also suggest to enable PageHeap, so that you can leverege
> it's ability to capture the stack backtrace of the thread who deleted the
> block
> of memory that is likely to be the cause of the AV.
>
> --
> --
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> Use of any included script samples are subject to the terms specified
> athttp://www.microsoft.com/info/cpyright.htm
>
> <john...@gmail.com> wrote in message
>
> news:1172286097.766239.12550@q2g2000cwa.googlegroups.com...
>
>
>
> >I have a crash; I know that crash is in the following code
>
> > 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> > It is because the VariantClear tries to release a COM Object that is
> > not long valid.
>
> > Because I did not know how to prevent this error from happening,,
> > (Please see
> >http://groups.google.com/group/microsoft.public.dotnet.framework.clr/...
> > if you want to know why) The only option I have now is to catch the
> > error (Access Violation), but it looks like the system create a
> > endless loop on the following code
>
> > 0012cf58 7c90e96c ntdll!KiFastSystemCallRet
> > 0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
> > 0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
> > 0012d060 77513442 kernel32!FreeLibrary+0x3f
> > 0012d06c 77513456 ole32!
> > CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
> > 0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
>
> > It ran the above code again and again, even I have SEH in
> > 0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
> > +0x1c5, the error never returned to my SEH
>
> > Would anyone please show me how to catch this particular error?
> > Thanks in advance.
>
> > John
>
> > the stack trace is as following,
>
> > 0:000> kL 200
> > ChildEBP RetAddr
> > 0012cf58 7c90e96c ntdll!KiFastSystemCallRet
> > 0012cf5c 7c91e7d3 ntdll!NtUnmapViewOfSection+0xc
> > 0012d04c 7c80abf7 ntdll!LdrUnloadDll+0x31a
> > 0012d060 77513442 kernel32!FreeLibrary+0x3f
> > 0012d06c 77513456 ole32!
> > CClassCache::CDllPathEntry::CFinishObject::Finish+0x2f
> > 0012d080 775135fe ole32!CClassCache::CFinishComposite::Finish+0x1d
> > 0012d228 77513578 ole32!CClassCache::FreeUnused+0x19d
> > 0012d238 775133a2 ole32!CoFreeUnusedLibrariesEx+0x36
> > 0012d244 6605a01e ole32!CoFreeUnusedLibraries+0x9
> > 0012d258 6605b4d1 MSVBVM60!CCreDestroyCtlStruct+0x387
> > 0012d27c 6601c56a MSVBVM60!CCreDestroyCtl+0x195
> > 0012d2c0 6601bc56 MSVBVM60!CCreFUnloadForm+0x1c9
> > 0012d2cc 660c9ed5 MSVBVM60!CUnkDesk::Release+0x23
> > 0012d2e4 6600e720 MSVBVM60!BASIC_CLASS::PRIVATE_UNKNOWN::Release+0x11c
> > 0012d2ec 77124918 MSVBVM60!SCM_MsoStdCompMgr::Release+0xd
> > 0012d300 12d75f49 OLEAUT32!VariantClear+0xb1
> > 0012d35c 12d715d4 AppContainer!_variant_t::~_variant_t+0x29
> > 0012d3c0 12d74b25 AppContainer!std::pair<_bstr_t
> > const ,_variant_t>::~pair<_bstr_t const ,_variant_t>+0x44
> > 0012d418 12d749b2 AppContainer!std::pair<_bstr_t
> > const ,_variant_t>::`scalar deleting destructor'+0x25
> > 0012d470 12d73d46 AppContainer!std::_Destroy+0x22
> > 0012d4cc 12d72cb5 AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
> > const
> > ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<­_variant_t>
> >>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::_Destval+0x26
> > 0012d550 12d78e2d AppContainer!std::_Tree<_bstr_t,std::pair<_bstr_t
> > const
> > ,_variant_t>,std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<­_variant_t>
> >>::_Kfn,std::less<_bstr_t>,std::allocator<_variant_t> >::erase+0x825
> > 0012d5b0 12d78af5 AppContainer!
> > std::map<_bstr_t,_variant_t,std::less<_bstr_t>,std::allocator<_variant_t>
> >>::erase+0x2d
> > 0012d654 12d788f1 AppContainer!CPropertyContainer::RemoveMapObject
> > +0x1c5
> > 0012d6b8 12d796b0 AppContainer!CPropertyContainer::~CPropertyContainer
> > +0x41
> > 0012d71c 12d77335 AppContainer!
> > ATL::CComObject<CPropertyContainer>::~CComObject<CPropertyContainer>
> > +0x70
> > 0012d774 12d79758 AppContainer!
> > ATL::CComObject<CPropertyContainer>::`scalar deleting destructor'+0x25
> > 0012d7dc 79e8dbde AppContainer!
> > ATL::CComObject<CPropertyContainer>::Release+0x48
> > 0012d830 79e8db4a mscorwks!ReleaseTransitionHelper+0x5f
> > 0012d878 79e8dac5 mscorwks!SafeReleaseHelper+0x89
> > 0012d8ac 79f27983 mscorwks!SafeRelease+0x2f
> > 0012d8c4 79f2792e mscorwks!RCW::ReleaseAllInterfaces+0x49
> > 0012d8f4 79f279dc mscorwks!RCW::ReleaseAllInterfacesCallBack+0xbd
> > 0012d924 79f279b0 mscorwks!RCW::Cleanup+0x22
> > 0012d92c 79f27997 mscorwks!RCWCleanupList::ReleaseRCWListRaw+0x14
> > 0012d95c 79f277e5 mscorwks!RCWCleanupList::ReleaseRCWListInCorrectCtx
> > +0x97
> > 0012d96c 77525fbe mscorwks!CtxEntry::EnterContextCallback+0x94
> > 0012d988 77e7a19c ole32!CRemoteUnknown::DoCallback+0x7a
> > 0012d9a4 77ef321a RPCRT4!Invoke+0x30
> > 0012dda8 77ef3bf3 RPCRT4!NdrStubCall2+0x297
> > 0012de00 77600c31 RPCRT4!CStdStubBuffer_Invoke+0xc6
> > 0012de40 77600bdb ole32!SyncStubInvoke+0x33
> > 0012de88 7750f237 ole32!StubInvoke+0xa7
> > 0012df60 7750f15c ole32!CCtxComChnl::ContextInvoke+0xe3
> > 0012df7c 7750fc79 ole32!MTAInvoke+0x1a
> > 0012dfa8 77600e3b ole32!STAInvoke+0x4a
> > 0012dfdc 776009bc ole32!AppInvoke+0x7e
> > 0012e0b0 77600df2 ole32!ComInvokeWithLockAndIPID+0x2e0
> > 0012e0dc 7750fcb3 ole32!ComInvoke+0x60
> > 0012e0f0 7750fae9 ole32!ThreadDispatch+0x23
> > 0012e108 77d48744 ole32!ThreadWndProc+0xfe
> > 0012e134 77d48826 USER32!InternalCallWinProc+0x28
> > 0012e19c 77d489dd USER32!UserCallWinProcCheckWow+0x150
> > 0012e1fc 77d48a20 USER32!DispatchMessageWorker+0x306
> > 0012e20c 77512c02 USER32!DispatchMessageW+0xf
> > 0012e23c 77512761 ole32!CCliModalLoop::PeekRPCAndDDEMessage+0x4c
> > 0012e250 77557227 ole32!CCliModalLoop::BlockFn+0x5e
> > 0012e2c4 79f27b88 ole32!CoWaitForMultipleHandles+0xcf
> > 0012e2e4 79f27acf mscorwks!NT5WaitRoutine+0x51
> > 0012e350 79f27a33 mscorwks!MsgWaitHelper+0xa5
> > 0012e370 79f17493 mscorwks!Thread::DoAppropriateAptStateWait+0x28
> > 0012e3f4 79f1732f mscorwks!Thread::DoAppropriateWaitWorker+0x144
> > 0012e444 79f27cf0 mscorwks!Thread::DoAppropriateWait+0x40
> > 0012e494 79f27c76 mscorwks!Thread::JoinEx+0x86
> > 0012e4a0 79f27c52 mscorwks!Thread::Join+0x13
> > 0012e4f0 79f20743 mscorwks!
> > RCWCleanupList::CleanupWrappersInCurrentCtxThread+0x15a
> > 0012e4f8 79f20665 mscorwks!RCW::Initialize+0x77
> > 0012e52c 79f1dc99 mscorwks!RCW::CreateRCW+0x51
> > 0012e59c 79f1c9a5 mscorwks!COMInterfaceMarshaler::CreateObjectRef+0x4d
> > 0012e5fc 79f1c110 mscorwks!COMInterfaceMarshaler::FindOrCreateObjectRef
> > +0xb4
> > 0012eabc 79f82a1c mscorwks!GetObjectRefFromComIP+0x1b4
> > 0012eadc 79f82a01 mscorwks!UnmarshalObjectFromInterface+0x19
> > 0012eaf8 79f1e19d mscorwks!
> > InterfaceMarshalerBase::ConvertSpaceNativeToCLR+0x30
> > 0012eb00 79f1e0b2 mscorwks!
> > DefaultMarshalOverrides<InterfaceMarshalerBase>::MarshalNativeToCLROut
> > +0x11
> > 0012ed3c 79f1f206 mscorwks!RunML+0x4f9
> > 0012ee58 79f1ed6a mscorwks!COMToCLRWorkerBody+0x10f
> > 0012eeb4 79f1ec81 mscorwks!COMToCLRWorkerDebuggerWrapper+0x37
> > 0012f088 0173a271 mscorwks!COMToCLRWorker+0x164
> > WARNING: Frame IP not in any known module. Following frames may be
> > wrong.
> > 0012f0b0 1425fac3 0x173a271
> > 0012f1e0 142672fd AppController!CAppController::Display+0x184
> > 0012f2d0 142504d2 AppController!CAppController::Create+0x683
> > 0012f398 14236181 AppController!CAppController::CreateComponents+0x2da
> > 0012f534 4599c7be AppController!CAppController::Open+0x607
> > 0012f704 0108654d StateMgr!StateMgr::IState_Ope+0xded
> > 0012f8c8 79f21268 TestMenu!Multiple::INotify_Notify+0xcc7
> > 0012f9a8 045a0dd6 mscorwks!CLRToCOMWorker+0x196
> > 0012f9e4 0ff37e88 0x45a0dd6
> > 0012fa40 0ce5a340 0xff37e88
> > 0012fa74 0ce59f28 0xce5a340
> > 0012fac0 010ed2e2 0xce59f28
> > *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly
> > \NativeImages_v2.0.50727_32\System.Windows.Forms
> > \5892bc4805482546977cc303fe56856e\System.Windows.Forms.ni.dll
> > 0012fc28 7b0d02da 0x10ed2e2
> > 0012fc48 7b0d02da System_Windows_Forms_ni+0x1002da
> > 0012fc8c 7b072c44 System_Windows_Forms_ni+0x1002da
> > 0012fcf8 7b07a73d System_Windows_Forms_ni+0xa2c44
> > 0012fd74 77d48744 System_Windows_Forms_ni+0xaa73d
> > 0012fda0 77d48826 USER32!InternalCallWinProc+0x28
> > 0012fe08 77d489dd USER32!UserCallWinProcCheckWow+0x150
> > 0012fe68 77d496d7 USER32!DispatchMessageWorker+0x306
> > 0012fe78 6600a4a3 USER32!DispatchMessageA+0xf
> > 0012feb8 6600a41a MSVBVM60!ThunderMsgLoop+0xfd
> > 0012fecc 6600a3bc MSVBVM60!CMsoCMHandler::FPushMessageLoop+0x19
> > 0012fefc 6600a2f8 MSVBVM60!SCM::FPushMessageLoop+0xb9
> > 0012ff18 6600a2c3 MSVBVM60!SCM_MsoCompMgr::FPushMessageLoop+0x2b
> > 0012ff3c 6600361c MSVBVM60!CMsoComponent::PushMsgLoop+0x26
> > 0012ffb8 00404dba MSVBVM60!ThunRTMain+0x9b
> > 0012fff0 00000000 AppMain!__vbaS+0xa- Hide quoted text -
>
> - Show quoted text -

johnxhc
Sun Feb 25 02:21:58 CST 2007

Sorry I send the wrong stack trace, here is the AV Stack Trace and
also the Code causing the AV

I agrees that the reference count is the problem, but my point is that
there is not much I could do, because the COM component is created
in .NET 2.0, passed to another COM Component (Also created in .NET
2=2E0), SO the .NET is suppose to manage the reference count.

Here is the second COM Component which take the first COM Component
and stored it in a variant_t (later stored in a STL Map)
b
The error happend when in the destructor of the second Component, when
I tries to erase the entries in the stl map, that eventualy casuing
the VariantClear to be called, it them tries to free a COM Component
which is not long valid, causing AV

Here is my Code , here the map stored the COM Object Name and the COM
Object Instance.
typedef map<_bstr_t,_variant_t> PropertyMap;
typedef pair<_bstr_t,_variant_t> Pair;

//the map of names to properties
PropertyMap m_Props;
private:
_variant_t tmp;

vector<_bstr_t> vecNames;
void RemoveMapObject()
{
int currentCount=3D0;
int lsize=3Dm_Props.size();

vector<_bstr_t>::iterator vecit;
PropertyMap::iterator mapit;
for (mapit =3D m_Props.begin();mapit!=3Dm_Props.end();mapit++)
{
OutputDebugString(mapit->first);
vecNames.push_back(mapit->first);
}
__try
{

int j=3D0;

for ( vecit=3DvecNames.begin();vecit!=3DvecNames.end();vecit++)
{
mapit=3Dm_Props.find(*vecit);
if (mapit!=3Dm_Props.end())
{
m_Props.erase(mapit);
}
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
}

}


0:028> bl
0 e 79f0c367 0001 (0001) 0:**** mscorwks!CorExitProcess
1 e 7c90e88e 0001 (0001) 0:**** ntdll!NtTerminateProcess
0:028> g
(1d0c.778): Unknown exception - code c000008f (first chance)
Message 0x101 queued at 483297875. Character ID found =3D 0xD/13.
(1d0c.778): Unknown exception - code c000008f (first chance)
Unload module c:\AppDir\SDExtender.dll at 18730000
eax=3D0012b0cc ebx=3D18733441 ecx=3D00000000 edx=3D0012c300 esi=3D151020b0
edi=3D0012ebfc
eip=3D7c90eb94 esp=3D0012eb38 ebp=3D0012ec28 iopl=3D0 nv up ei pl zr
na pe nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b gs=3D0000
efl=3D00000246
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
0:000> g
Unload module c:\AppDir\SDLgCmd.dll at 33700000
eax=3D0012b0cc ebx=3D3370ac41 ecx=3D00000000 edx=3D0012c300 esi=3D15101ba8
edi=3D0012ebfc
eip=3D7c90eb94 esp=3D0012eb38 ebp=3D0012ec28 iopl=3D0 nv up ei pl zr
na pe nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b gs=3D0000
efl=3D00000246
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
0:000> g
Unload module c:\AppDir\STCD.dll at 33a80000
eax=3D0012b0cc ebx=3D33a8cb85 ecx=3D00000000 edx=3D0012c300 esi=3D0024e400
edi=3D0012ebfc
eip=3D7c90eb94 esp=3D0012eb38 ebp=3D0012ec28 iopl=3D0 nv up ei pl zr
na pe nc
cs=3D001b ss=3D0023 ds=3D0023 es=3D0023 fs=3D003b gs=3D0000
efl=3D00000246
ntdll!KiFa