Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Violation through reflection not caught as NRE on .NET 6 #61486

Closed
PJB3005 opened this issue Nov 11, 2021 · 19 comments · Fixed by #62719
Closed

Access Violation through reflection not caught as NRE on .NET 6 #61486

PJB3005 opened this issue Nov 11, 2021 · 19 comments · Fixed by #62719
Assignees
@jakobbotsch
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI bug
Milestone
7.0.0

Comments

@PJB3005
Copy link
Contributor

PJB3005 commented Nov 11, 2021
edited
Loading

Description

For some reason, reading a simple tiny property via reflection that should NRE instead crashes the process with an AV (seems the runtime isn't turning it into an NRE correctly?). This start happening with .NET 6 (we migrated two days ago, from .NET 5) and only seems to happen through reflection GetValue()/Invoke(). It's also specific to release mode (debug works fine) and happens consistently on both Linux/Windows.

We have a debugging tool in our game called VV (view variables) which allows us to inspect and modify the fields/properties on objects. Outside of being networked (server connection) it just uses basic reflection stuff to find all properties/fields tagged with [ViewVariables] and uses .GetValue() to view their value, show them nicely, etc... We noticed that this hard crashed the server when looking at certain objects. Accessing the property directly (at least via C# interactive) works fine. Accessing it via reflection crashes (it's not specific to our VV tool).

The problematic code (that's being invoked and causes the crash) is this tiny property. The objects in question being looked at do have a null Owner, so an NRE is expected. Yeah, it's that simple. There's no IL rewriting, unsafe optimizations, anything going on.

Rickbrew on Discord suggested setting COMPlus_legacyCorruptedStateExceptionsPolicy=1. If I do that the AV gets thrown as AccessViolationException but can at least be caught with a try catch (it's wrapped in an InvocationTargetException of course). I don't know how relevant that is.
Ræin on Discord suggested using a function pointer like so: ((delegate*<[YourObjectType], EntityUid>)property.GetMethod.Handle.GetFunctionPointer())(Object). This worked fine (NRE thrown and caught). Other things they suggested like property.GetMethod.Invoke(...) exhibit the same AV behavior.

Reproduction Steps

I tried reproducing this in a tiny test project and couldn't get it to happen, in fact a separate test game project on our own (same) engine doesn't even trigger it. It is consistent in our game however. I understand these aren't very lightweight instructions but anyways:

  1. Clone repo (also we have a setup guide in case it doesn't work).
  2. git submodule update --init --recursive
  3. dotnet run -c Release in the Content.Client project
  4. [edit] I just realized this appears to be related to optimization tiers or something, running a bad code sample straight away doesn't trigger it. Going in game proper so the JIT warms up I guess and then running the code does.
  5. dotnet run -c Release in the Content.Server project to start the server
  6. Hit the big connect button on the client, wait for it to connect.
  7. Open dev console (tilde/grave, below escape)
  8. Run csi for C# interactive console.
  9. Run the following code:
var c = new TransformComponent(); // Literally any component instance works here. These components have no constructors, nothing funny here.
c.GetType().GetProperty("OwnerUid").GetValue(c); // Will cause AV.

I tried debugging this in SOS but didn't really know what I was doing all that much. Tell me if I need to do something specific). I can supply a dump if necessary.

Expected behavior

The runtime should simply throw an NRE which our code will handle (admittedly our VV code doesn't handle it nicely but the packet handler catches it so it won't crash the whole process like it does now).

Actual behavior

The runtime seems to fail to detect the AV as an NRE and crashes the process.

Regression?

Yes, I rolled back to .NET 5 (we switched .NET 6 two days ago) and it stopped happening. The exception is correctly thrown as an NRE and caught.

Known Workarounds

No response

Configuration

.NET Runtime: 6.0.0
OS: Windows 10.0.19042 for my dev machine, but it also happens on our Linux servers.
Architecture: x64
Specific: Happens on Linux and Windows, does not happen on .NET 5, only happens on Release build configuration (not Debug).

Other information

No response
@dotnet-issue-labeler dotnet-issue-labeler bot added area-System.Reflection untriaged New issue has not been triaged by the area owner labels Nov 11, 2021
@ghost
Copy link

ghost commented Nov 11, 2021

Tagging subscribers to this area: @buyaa-n
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

For some reason, reading a simple tiny property via reflection that should NRE instead crashes the process with an AV (seems the runtime isn't turning it into an NRE correctly?). This start happening with .NET 6 (we migrated two days ago, from .NET 5) and only seems to happen through reflection GetValue(). It's also specific to release mode (debug works fine) and happens consistently on both Linux/Windows.

We have a debugging tool in our game called VV (view variables) which allows us to inspect and modify the fields/properties on objects. Outside of being networked (server connection) it just uses basic reflection stuff to find all properties/fields tagged with [ViewVariables] and uses .GetValue() to view their value, show them nicely, etc... We noticed that this hard crashed the server when looking at certain objects. Accessing the property directly (at least via C# interactive) works fine. Accessing it via reflection crashes (it's not specific to our VV tool).

The problematic code (that's being invoked and causes the crash) is this tiny property. Yeah, it's that simple. There's no IL rewriting, unsafe optimizations, anything going on.

Rickbrew on Discord suggested setting COMPlus_legacyCorruptedStateExceptionsPolicy=1. If I do that the AV gets thrown as AccessViolationException but can at least be caught with a try catch (it's wrapped in an InvocationTargetException of course). I don't know how relevant that is.
Ræin on Discord suggested using a function pointer like so: ((delegate*<[YourObjectType], EntityUid>)property.GetMethod.Handle.GetFunctionPointer())(Object). This worked fine (NRE thrown and caught). Other things they suggested like property.GetMethod.Invoke(...) exhibit the same AV behavior.

Reproduction Steps

I tried reproducing this in a tiny test project and couldn't get it to happen. It is consistent in our game. I understand these aren't very lightweight instructions but anyways:

  1. Clone repo (also we have a setup guide in case it doesn't work).
  2. git submodule update --init --recursive
  3. dotnet run -c Release in the Content.Client project
  4. Open dev console (tilde/grave, below escape)
  5. Run csi for C# interactive console.
  6. Run the following code:
var c = new TagComponent(); // Literally any component instance works here. These components have no constructors, nothing funny here.
c.GetType().GetProperty("OwnerUid").GetValue(c); // Will cause AV.

I tried debugging this in SOS but didn't really know what I was doing all that much. Tell me if I need to do something specific).

Expected behavior

The runtime should simply throw an NRE which our code will handle (admittedly our VV code doesn't handle it nicely but the packet handler catches it so it won't crash the whole process like it does now).

Actual behavior

The runtime seems to fail to detect the AV as an NRE and crashes the process.

Regression?

Yes, I rolled back to .NET 5 (we switched .NET 6 two days ago) and it stopped happening. The exception is correctly thrown as an NRE and caught.

Known Workarounds

No response

Configuration

.NET Runtime: 6.0.0
OS: Windows 10.0.19042 for my dev machine, but it also happens on our Linux servers.
Architecture: x64
Specific: Happens on Linux and Windows, does not happen on .NET 5, only happens on Release build configuration (not Debug).

Other information

No response

Author: PJB3005
Assignees: -
Labels:

area-System.Reflection, untriaged
Milestone: -

@danmoseley
Copy link
Member

@PJB3005 did you happen to get a stack trace when debugging? including the native frames.

@rickbrew
Copy link
Contributor

Rickbrew on Discord

reporting in on GitHub

@PJB3005
Copy link
Contributor Author

PJB3005 commented Nov 11, 2021

@PJB3005 did you happen to get a stack trace when debugging? including the native frames.

From windbg/SOS:

(9e3c.a688): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ChangeEngineState
00007ffa`5280e06a 483901          cmp     qword ptr [rcx],rax ds:00000000`00000000=????????????????
0:016> !clrstack
OS Thread Id: 0xa688 (16)
        Child SP               IP Call Site
00000059E0AFE058 00007ffa5280e06a [DebuggerU2MCatchHandlerFrame: 00000059e0afe058] 
00000059E0AFE3E8 00007ffa5280e06a [HelperMethodFrame_PROTECTOBJ: 00000059e0afe3e8] System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Span`1<System.Object> ByRef, System.Signature, Boolean, Boolean)
00000059E0AFE530 00007ffa549beeb5 System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) [/_/src/coreclr/System.Private.CoreLib/src/System/Reflection/RuntimeMethodInfo.cs @ 435]
00000059E0AFE600 00007ffaa9611b09 System.Reflection.RuntimePropertyInfo.GetValue(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) [/_/src/coreclr/System.Private.CoreLib/src/System/Reflection/RuntimePropertyInfo.cs @ 343]
00000059E0AFE660 00007ffaa961703c System.Reflection.PropertyInfo.GetValue(System.Object)
00000059E0AFE6A0 00007ffa5699f08b Submission#0+<>d__0.MoveNext()
00000059E0AFE720 00007ffaa97c9eeb System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncMethodBuilderCore.cs @ 38]
00000059E0AFE780 00007ffaa97cd2d2 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncTaskMethodBuilderT.cs @ 36]
00000059E0AFE7C0 00007ffa5699ef1f Submission#0.()
00000059E0AFE830 00007ffa5699ed71 Submission#0.(System.Object[])
00000059E0AFE870 00007ffa569586fe Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+d__9`1[[System.__Canon, System.Private.CoreLib]].MoveNext() [/_/src/Scripting/Core/ScriptExecutionState.cs @ 112]
00000059E0AFE940 00007ffa56957631 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](d__9`1<System.__Canon> ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncMethodBuilderCore.cs @ 38]
00000059E0AFE9B0 00007ffa5695755f System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](d__9`1<System.__Canon> ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncTaskMethodBuilderT.cs @ 36]
00000059E0AFE9F0 00007ffa56957481 Microsoft.CodeAnalysis.Scripting.ScriptExecutionState.RunSubmissionsAsync[[System.__Canon, System.Private.CoreLib]](System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Runtime.CompilerServices.StrongBox`1<System.Exception>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)
00000059E0AFEAB0 00007ffa56956a20 Microsoft.CodeAnalysis.Scripting.Script`1+d__21[[System.__Canon, System.Private.CoreLib]].MoveNext()
00000059E0AFECA0 00007ffa569566f1 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.Script`1+d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](d__21<System.__Canon> ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncMethodBuilderCore.cs @ 38]
00000059E0AFED10 00007ffa5695661f System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.Script`1+d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](d__21<System.__Canon> ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncTaskMethodBuilderT.cs @ 36]
00000059E0AFED50 00007ffa5695641b Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunSubmissionsAsync(Microsoft.CodeAnalysis.Scripting.ScriptExecutionState, System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)
00000059E0AFEE20 00007ffa55bff190 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken) [/_/src/Scripting/Core/Script.cs @ 468]
00000059E0AFEE90 00007ffa5699eca9 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].CommonRunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken) [/_/src/Scripting/Core/Script.cs @ 352]
00000059E0AFEEE0 00007ffa568acfe7 Robust.Client.Console.ScriptConsoleClient+d__9.MoveNext() [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\Console\ScriptConsoleClient.cs @ 146]
00000059E0AFF050 00007ffa568a9dd3 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Robust.Client.Console.ScriptConsoleClient+d__9, Robust.Client]](d__9 ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncMethodBuilderCore.cs @ 38]
00000059E0AFF0B0 00007ffa568a9d4b System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[Robust.Client.Console.ScriptConsoleClient+d__9, Robust.Client]](d__9 ByRef) [/_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/AsyncVoidMethodBuilder.cs @ 40]
00000059E0AFF0E0 00007ffa568a9d0c Robust.Client.Console.ScriptConsoleClient.Run()
00000059E0AFF150 00007ffa568a9ca4 Robust.Client.UserInterface.CustomControls.ScriptConsole.<.ctor>b__12_2(LineEditEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\UserInterface\CustomControls\ScriptConsole.cs @ 55]
00000059E0AFF180 00007ffa544984bc ILStubClass.IL_STUB_MulticastDelegate_Invoke(System.__Canon)
00000059E0AFF1D0 00007ffa54f396e6 Robust.Client.UserInterface.Controls.LineEdit.KeyBindDown(Robust.Client.UserInterface.GUIBoundKeyEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\UserInterface\Controls\LineEdit.cs @ 464]
00000059E0AFF410 00007ffa54f388f8 Robust.Client.UserInterface.Controls.HistoryLineEdit.KeyBindDown(Robust.Client.UserInterface.GUIBoundKeyEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\UserInterface\Controls\HistoryLineEdit.cs @ 49]
00000059E0AFF4A0 00007ffa549ca9df Robust.Client.UserInterface.UserInterfaceManager._doGuiInput[[System.__Canon, System.Private.CoreLib]](Robust.Client.UserInterface.Control, System.__Canon, System.Action`2<Robust.Client.UserInterface.Control,System.__Canon>, Boolean) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\UserInterface\UserInterfaceManager.cs @ 841]
00000059E0AFF540 00007ffa549c74c9 Robust.Client.UserInterface.UserInterfaceManager.KeyBindDown(Robust.Shared.Input.BoundKeyEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\UserInterface\UserInterfaceManager.cs @ 416]
00000059E0AFF690 00007ffa54f910ae Robust.Client.UserInterface.UserInterfaceManager.OnUIKeyBindStateChanged(Robust.Shared.Input.BoundKeyEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\UserInterface\UserInterfaceManager.cs @ 982]
00000059E0AFF6D0 00007ffa54f90f1a Robust.Client.Input.InputManager.SetBindState(KeyBinding, Robust.Shared.Input.BoundKeyState, Boolean) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\Input\InputManager.cs @ 392]
00000059E0AFF760 00007ffa549c59e1 Robust.Client.Input.InputManager.KeyDown(Robust.Client.Input.KeyEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\Input\InputManager.cs @ 267]
00000059E0AFF860 00007ffa549c3f02 Robust.Client.Graphics.Clyde.Clyde.DispatchSingleEvent(DEventBase) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\Graphics\Clyde\Clyde.Events.cs @ 47]
00000059E0AFF900 00007ffa543f2a8e Robust.Client.Graphics.Clyde.Clyde.DispatchEvents() [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\Graphics\Clyde\Clyde.Events.cs @ 31]
00000059E0AFF980 00007ffa549b2276 Robust.Client.GameController.b__45_2(System.Object, Robust.Shared.Timing.FrameEventArgs) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\GameController\GameController.cs @ 180]
00000059E0AFF9C0 00007ffa543e31d0 Robust.Shared.Timing.GameLoop.Run() [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Shared\Timing\GameLoop.cs @ 159]
00000059E0AFFA40 00007ffa5322b1c8 Robust.Client.GameController.ContinueStartupAndLoop(DisplayMode) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\GameController\GameController.Standalone.cs @ 129]
00000059E0AFFA70 00007ffa5322b402 Robust.Client.GameController.GameThreadMain(DisplayMode) [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\GameController\GameController.Standalone.cs @ 114]
00000059E0AFFAA0 00007ffa5322b4b3 Robust.Client.GameController+c__DisplayClass79_0.b__0() [C:\Users\Pieter-Jan Briers\Projects\space-station-14\RobustToolbox\Robust.Client\GameController\GameController.Standalone.cs @ 81]
00000059E0AFFAD0 00007ffaa9581c6f System.Threading.Thread.StartCallback() [/_/src/coreclr/System.Private.CoreLib/src/System/Threading/Thread.CoreCLR.cs @ 105]
00000059E0AFFD60 00007ffab24aa243 [DebuggerU2MCatchHandlerFrame: 00000059e0affd60] 
0:016> !dumpstack
OS Thread Id: 0xa688 (16)
Current frame: 00007ffa5280e06a
Child-SP         RetAddr          Caller, Callee
00000059E0AFDE10 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFDE50 00007ffab23d01b0 coreclr!CallDescrWorkerReflectionWrapper + 0x48 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:472], calling coreclr!CallDescrWorkerInternal
00000059E0AFDE70 00007ffab23d01fa coreclr!MethodTable::Allocate + 0xe [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:3550], calling coreclr!MethodTable::EnsureInstanceActive [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:8791]
00000059E0AFDEA0 00007ffab23d1f0c coreclr!RuntimeMethodHandle::InvokeMethod + 0x91c [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:1067], calling coreclr!CallDescrWorkerReflectionWrapper [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:455]
00000059E0AFDEE0 00007ffab23d2c2a coreclr!ArgIteratorForMethodInvoke::ArgIteratorForMethodInvoke + 0x52 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:623], calling coreclr!IsActivationNeededForMethodInvoke [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:520]
00000059E0AFDF10 00007ffab23d1892 coreclr!RuntimeMethodHandle::InvokeMethod + 0x2a2 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:822], calling coreclr!__chkstk [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm:67]
00000059E0AFDF20 00007ffab235a996 coreclr!HashTypeHandle + 0x86 [D:\a\_work\1\s\src\coreclr\vm\typehash.cpp:255], calling coreclr!HashPossiblyInstantiatedType [D:\a\_work\1\s\src\coreclr\vm\typehash.cpp:152]
00000059E0AFE070 00007ffab23d1083 coreclr!ClassLoader::LoadArrayTypeThrowing + 0xdf [D:\a\_work\1\s\src\coreclr\vm\clsload.cpp:4023], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE100 00007ffab239be87 coreclr!SignatureNative::GetSignature + 0x3d7 [D:\a\_work\1\s\src\coreclr\vm\runtimehandles.cpp:2169], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE230 00007ffab239c9eb coreclr!MethodTable::CanCastTo + 0x8b [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:1752], calling coreclr!CastCache::TrySet [D:\a\_work\1\s\src\coreclr\vm\castcache.cpp:208]
00000059E0AFE260 00007ffab239c907 coreclr!ObjIsInstanceOfCore + 0xd3 [D:\a\_work\1\s\src\coreclr\vm\jithelpers.cpp:2179], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE350 00007ffab2461b1c coreclr!ObjIsInstanceOf + 0x3c [D:\a\_work\1\s\src\coreclr\vm\jithelpers.cpp:2200], calling coreclr!ObjIsInstanceOfCore [D:\a\_work\1\s\src\coreclr\vm\jithelpers.cpp:2094]
00000059E0AFE380 00007ffab2461abb coreclr!IsInstanceOfTypeHelper + 0xf3 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:402], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE418 00007ffab239bb90 coreclr!SignatureNative::GetSignature + 0xe0 [D:\a\_work\1\s\src\coreclr\vm\runtimehandles.cpp:2101], calling coreclr!LazyMachStateCaptureState
00000059E0AFE480 00007ffa548e6b85 (MethodDesc 00007ffa52b911a8 + 0x45 System.Reflection.RuntimeMethodInfo.<get_Signature>g__LazyCreateSignature|24_0()), calling coreclr!JIT_CheckedWriteBarrier
00000059E0AFE490 00007ffa544069b6 (MethodDesc 00007ffa528f8d58 + 0x56 System.RuntimeType.get_ContainsGenericParameters()), calling 00007ffab24648c0 (stub for System.RuntimeTypeHandle.ContainsGenericVariables(System.RuntimeType))
00000059E0AFE4A8 00007ffab23d16b2 coreclr!RuntimeMethodHandle::InvokeMethod + 0xc2 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:770], calling coreclr!LazyMachStateCaptureState
00000059E0AFE4D0 00007ffaa960d63f (MethodDesc 00007ffa52b91190 + 0xdf System.Reflection.RuntimeMethodInfo.<get_InvocationFlags>g__LazyCreateInvocationFlags|13_0()), calling 00007ffab2482ce0 (stub for System.RuntimeTypeHandle.IsByRefLike(System.RuntimeType))
00000059E0AFE520 00007ffa549beeb5 (MethodDesc 00007ffa52b91050 + 0xf5 System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)), calling 00007ffab23d15f0 (stub for System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Span`1<System.Object> ByRef, System.Signature, Boolean, Boolean))
00000059E0AFE5F0 00007ffaa9611b09 (MethodDesc 00007ffa52d1ce78 + 0x59 System.Reflection.RuntimePropertyInfo.GetValue(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)), calling (MethodDesc 00007ffa52b91050 + 0 System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo))
00000059E0AFE650 00007ffaa961703c (MethodDesc 00007ffa52d1c8c0 + 0x2c System.Reflection.PropertyInfo.GetValue(System.Object)), calling 00007ffa55204648
00000059E0AFE690 00007ffa5699f08b (MethodDesc 00007ffa56d174b8 + 0xcb Submission#0+<<Initialize>>d__0.MoveNext()), calling (MethodDesc 00007ffa52d1c8c0 + 0 System.Reflection.PropertyInfo.GetValue(System.Object))
00000059E0AFE710 00007ffaa97c9eeb (MethodDesc 00007ffa56c72be8 + 0x4b System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef)), calling System_Private_CoreLib!System.Tuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.Tuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.Tuple`7[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon]]] System.TupleExtensions::ToTuple(System.ValueTuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.ValueTuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.ValueTuple`7[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon]]])$##6001F76 + 0xb6b0
00000059E0AFE770 00007ffaa97cd2d2 (MethodDesc 00007ffa56c72a50 + 0x22 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef)), calling (MethodDesc 00007ffa56c72be8 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef))
00000059E0AFE7B0 00007ffa5699ef1f (MethodDesc 00007ffa56c5b148 + 0xbf Submission#0.<Initialize>()), calling (MethodDesc 00007ffa56c72a50 + 0 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef))
00000059E0AFE820 00007ffa5699ed71 (MethodDesc 00007ffa56c5b178 + 0x51 Submission#0.<Factory>(System.Object[])), calling (MethodDesc 00007ffa56c5b148 + 0 Submission#0.<Initialize>())
00000059E0AFE860 00007ffa569586fe (MethodDesc 00007ffa56c5eae8 + 0x2be Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]].MoveNext())
00000059E0AFE930 00007ffa56957631 (MethodDesc 00007ffa56c5f7c8 + 0xb1 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef))
00000059E0AFE9A0 00007ffa5695755f (MethodDesc 00007ffa56c5f500 + 0x5f System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef)), calling (MethodDesc 00007ffa56c5f7c8 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef))
00000059E0AFE9E0 00007ffa56957481 (MethodDesc 00007ffa56c5ca28 + 0x131 Microsoft.CodeAnalysis.Scripting.ScriptExecutionState.RunSubmissionsAsync[[System.__Canon, System.Private.CoreLib]](System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Runtime.CompilerServices.StrongBox`1<System.Exception>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa56c5f500 + 0 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef))
00000059E0AFEAA0 00007ffa56956a20 (MethodDesc 00007ffa56c5b828 + 0x1f0 Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]].MoveNext()), calling (MethodDesc 00007ffa56c5ca28 + 0 Microsoft.CodeAnalysis.Scripting.ScriptExecutionState.RunSubmissionsAsync[[System.__Canon, System.Private.CoreLib]](System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Runtime.CompilerServices.StrongBox`1<System.Exception>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken))
00000059E0AFEC90 00007ffa569566f1 (MethodDesc 00007ffa56c5c4d8 + 0xb1 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef))
00000059E0AFED00 00007ffa5695661f (MethodDesc 00007ffa56c5c080 + 0x5f System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef)), calling (MethodDesc 00007ffa56c5c4d8 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef))
00000059E0AFED40 00007ffa5695641b (MethodDesc 00007ffa55f929b8 + 0x15b Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunSubmissionsAsync(Microsoft.CodeAnalysis.Scripting.ScriptExecutionState, System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa56c5c080 + 0 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef))
00000059E0AFEE10 00007ffa55bff190 (MethodDesc 00007ffa55f92978 + 0xb0 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa55f929b8 + 0 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunSubmissionsAsync(Microsoft.CodeAnalysis.Scripting.ScriptExecutionState, System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken))
00000059E0AFEE80 00007ffa5699eca9 (MethodDesc 00007ffa55f92908 + 0x39 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].CommonRunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa55f92978 + 0 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken))
00000059E0AFEED0 00007ffa568acfe7 (MethodDesc 00007ffa530afd68 + 0x8c7 Robust.Client.Console.ScriptConsoleClient+<Run>d__9.MoveNext())
00000059E0AFF040 00007ffa568a9dd3 (MethodDesc 00007ffa56abd290 + 0x63 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef)), calling (MethodDesc 00007ffa530afd68 + 0 Robust.Client.Console.ScriptConsoleClient+<Run>d__9.MoveNext())
00000059E0AFF0A0 00007ffa568a9d4b (MethodDesc 00007ffa56abd118 + 0x1b System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef)), calling (MethodDesc 00007ffa56abd290 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef))
00000059E0AFF0D0 00007ffa568a9d0c (MethodDesc 00007ffa530aeb48 + 0x4c Robust.Client.Console.ScriptConsoleClient.Run()), calling (MethodDesc 00007ffa56abd118 + 0 System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef))
00000059E0AFF140 00007ffa568a9ca4 (MethodDesc 00007ffa52e895c8 + 0x24 Robust.Client.UserInterface.CustomControls.ScriptConsole.<.ctor>b__12_2(LineEditEventArgs))
00000059E0AFF170 00007ffa544984bc (MethodDesc 00007ffa5481f5c0 + 0x3c ILStubClass.IL_STUB_MulticastDelegate_Invoke(System.__Canon))
00000059E0AFF1C0 00007ffa54f396e6 (MethodDesc 00007ffa5304b830 + 0xb86 Robust.Client.UserInterface.Controls.LineEdit.KeyBindDown(Robust.Client.UserInterface.GUIBoundKeyEventArgs))
00000059E0AFF400 00007ffa54f388f8 (MethodDesc 00007ffa5304bcf8 + 0x48 Robust.Client.UserInterface.Controls.HistoryLineEdit.KeyBindDown(Robust.Client.UserInterface.GUIBoundKeyEventArgs)), calling 00007ffa55200ac0
00000059E0AFF490 00007ffa549ca9df (MethodDesc 00007ffa54724dd8 + 0x5f Robust.Client.UserInterface.UserInterfaceManager._doGuiInput[[System.__Canon, System.Private.CoreLib]](Robust.Client.UserInterface.Control, System.__Canon, System.Action`2<Robust.Client.UserInterface.Control,System.__Canon>, Boolean))
00000059E0AFF530 00007ffa549c74c9 (MethodDesc 00007ffa52af1238 + 0x429 Robust.Client.UserInterface.UserInterfaceManager.KeyBindDown(Robust.Shared.Input.BoundKeyEventArgs)), calling (MethodDesc 00007ffa54724dd8 + 0 Robust.Client.UserInterface.UserInterfaceManager._doGuiInput[[System.__Canon, System.Private.CoreLib]](Robust.Client.UserInterface.Control, System.__Canon, System.Action`2<Robust.Client.UserInterface.Control,System.__Canon>, Boolean))
00000059E0AFF550 00007ffb8bf802c9 ntdll!LdrGetProcedureAddressForCaller + 0x509, calling ntdll!_security_check_cookie
00000059E0AFF680 00007ffa54f910ae (MethodDesc 00007ffa52af1558 + 0x1e Robust.Client.UserInterface.UserInterfaceManager.OnUIKeyBindStateChanged(Robust.Shared.Input.BoundKeyEventArgs)), calling (MethodDesc 00007ffa52af1238 + 0 Robust.Client.UserInterface.UserInterfaceManager.KeyBindDown(Robust.Shared.Input.BoundKeyEventArgs))
00000059E0AFF6A0 00007ffa549cabcb (MethodDesc 00007ffa54727730 + 0x4b System.Array.IndexOf[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]](Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32)), calling (MethodDesc 00007ffa541d4bf8 + 0 System.Collections.Generic.GenericEqualityComparer`1[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]].IndexOf(Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32))
00000059E0AFF6C0 00007ffa54f90f1a (MethodDesc 00007ffa52afb7a0 + 0x10a Robust.Client.Input.InputManager.SetBindState(KeyBinding, Robust.Shared.Input.BoundKeyState, Boolean))
00000059E0AFF6D0 00007ffa549ca888 (MethodDesc 00007ffa52e64cc8 + 0x28 Robust.Shared.Input.InputCmdContext.FunctionExistsHierarchy(Robust.Shared.Input.BoundKeyFunction)), calling (MethodDesc 00007ffa54727730 + 0 System.Array.IndexOf[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]](Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32))
00000059E0AFF6E0 00007ffa549cabcb (MethodDesc 00007ffa54727730 + 0x4b System.Array.IndexOf[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]](Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32)), calling (MethodDesc 00007ffa541d4bf8 + 0 System.Collections.Generic.GenericEqualityComparer`1[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]].IndexOf(Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32))
00000059E0AFF750 00007ffa549c59e1 (MethodDesc 00007ffa52afb738 + 0x3e1 Robust.Client.Input.InputManager.KeyDown(Robust.Client.Input.KeyEventArgs)), calling (MethodDesc 00007ffa52afb770 + 0 Robust.Client.Input.InputManager.DownBind(KeyBinding, Boolean, Boolean))
00000059E0AFF760 00007ffa54342e76 (MethodDesc 00007ffa529a8308 + 0x96 System.Runtime.CompilerServices.CastHelpers.StelemRef_Helper(System.Object ByRef, Void*, System.Object)), calling coreclr!JIT_WriteBarrier_Callable
00000059E0AFF7A0 00007ffa54f9886e (MethodDesc 00007ffa5307f7f8 + 0xee Robust.Client.Graphics.Clyde.Clyde+GlfwWindowingImpl.EmitKeyEvent(Key, OpenToolkit.GraphicsLibraryFramework.InputAction, OpenToolkit.GraphicsLibraryFramework.KeyModifiers, Int32)), calling (MethodDesc 00007ffa529a82f0 + 0 System.Runtime.CompilerServices.CastHelpers.StelemRef(System.Array, Int32, System.Object))
00000059E0AFF850 00007ffa549c3f02 (MethodDesc 00007ffa52b41210 + 0x1f2 Robust.Client.Graphics.Clyde.Clyde.DispatchSingleEvent(DEventBase))
00000059E0AFF868 00007ffa549b1fbf (MethodDesc 00007ffa5307fbe8 + 0x8f Robust.Client.Graphics.Clyde.Clyde+GlfwWindowingImpl.WindowSwapBuffers(WindowReg)), calling *** WARNING: Unable to verify checksum for C:\Users\Pieter-Jan Briers\Projects\space-station-14\bin\Content.Client\runtimes\win-x64\native\glfw3.dll
glfw3!thunk@7ffb69ff179e + 0x3c2
00000059E0AFF8F0 00007ffa543f2a8e (MethodDesc 00007ffa52b411f8 + 0x4e Robust.Client.Graphics.Clyde.Clyde.DispatchEvents()), calling (MethodDesc 00007ffa52b41210 + 0 Robust.Client.Graphics.Clyde.Clyde.DispatchSingleEvent(DEventBase))
00000059E0AFF970 00007ffa549b2276 (MethodDesc 00007ffa52a2acf0 + 0x46 Robust.Client.GameController.<StartupContinue>b__45_2(System.Object, Robust.Shared.Timing.FrameEventArgs)), calling 00007ffa5280ca40
00000059E0AFF980 00007ffa549b216c (MethodDesc 00007ffa52abe1c8 + 0x1c Robust.Shared.Timing.GameTiming.StartFrame()), calling 00007ffa52808c40
00000059E0AFF9B0 00007ffa543e31d0 (MethodDesc 00007ffa530e5a30 + 0x230 Robust.Shared.Timing.GameLoop.Run())
00000059E0AFFA30 00007ffa5322b1c8 (MethodDesc 00007ffa52a2ac98 + 0x58 Robust.Client.GameController.ContinueStartupAndLoop(DisplayMode)), calling 00007ffa528009e0
00000059E0AFFA60 00007ffa5322b402 (MethodDesc 00007ffa52a2ac80 + 0x32 Robust.Client.GameController.GameThreadMain(DisplayMode)), calling 00007ffa52912cd8 (stub for Robust.Client.GameController.ContinueStartupAndLoop(DisplayMode))
00000059E0AFFA90 00007ffa5322b4b3 (MethodDesc 00007ffa52fcc720 + 0x23 Robust.Client.GameController+<>c__DisplayClass79_0.<Run>b__0()), calling 00007ffa52912cd0 (stub for Robust.Client.GameController.GameThreadMain(DisplayMode))
00000059E0AFFAC0 00007ffaa9581c6f (MethodDesc 00007ffa529af870 + 0x3f System.Threading.Thread.StartCallback())
00000059E0AFFB00 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFFB10 00007ffab23f8e09 coreclr!Thread::AllocateIOCompletionContext + 0x25 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:1987], calling ntdll!RtlAllocateHeap
00000059E0AFFB40 00007ffab239d29c coreclr!DispatchCallSimple + 0x80 [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp:220], calling coreclr!CallDescrWorkerWithHandler [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp:54]
00000059E0AFFBD0 00007ffab248bb43 coreclr!ThreadNative::KickOffThread_Worker + 0x63 [D:\a\_work\1\s\src\coreclr\vm\comsynchronizable.cpp:158], calling coreclr!DispatchCallSimple [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp:173]
00000059E0AFFC00 00007ffab23f8e09 coreclr!Thread::AllocateIOCompletionContext + 0x25 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:1987], calling ntdll!RtlAllocateHeap
00000059E0AFFC30 00007ffab23f84c5 coreclr!ManagedThreadBase_DispatchMiddle + 0x85 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7361], calling ntdll!LdrpDispatchUserCallTarget
00000059E0AFFC50 00007ffab23f897e coreclr!ETW::ThreadLog::FireThreadCreated + 0x36 [D:\a\_work\1\s\src\coreclr\vm\eventtrace.cpp:2604], calling coreclr!FireEtwThreadCreated [D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\inc\clretwallmain.h:1660]
00000059E0AFFC60 00007ffab23f8aa5 coreclr!Thread::PrepareApartmentAndContext + 0x3d [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:4810], calling coreclr!Thread::SetApartment [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:4981]
00000059E0AFFC70 00007ffab23f8b25 coreclr!ThreadStore::TransferStartedThread + 0x69 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:5479], calling coreclr!ThreadSuspend::UnlockThreadStore [D:\a\_work\1\s\src\coreclr\vm\threadsuspend.cpp:1905]
00000059E0AFFD10 00007ffab23f83ca coreclr!ManagedThreadBase_DispatchOuter + 0xae [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7520], calling coreclr!ManagedThreadBase_DispatchMiddle [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7321]
00000059E0AFFDB0 00007ffab23f81e9 coreclr!ThreadNative::KickOffThread + 0x79 [D:\a\_work\1\s\src\coreclr\vm\comsynchronizable.cpp:230], calling coreclr!ManagedThreadBase_DispatchOuter [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7472]
00000059E0AFFE10 00007ffb8ad57034 KERNEL32!BaseThreadInitThunk + 0x14, calling ntdll!LdrpDispatchUserCallTarget
00000059E0AFFE40 00007ffb8bfa2651 ntdll!RtlUserThreadStart + 0x21, calling ntdll!LdrpDispatchUserCallTarget

The stack from !dumpstack is really jumbled (showing stack frames from what I can only assume is memory that didn't get initialized when subsequent calls started using the space?) but that might be normal? I'm not very experienced with windbg. Crash was initiated through C# interactive so look for the "submission" stack frame.

Also this appears to be opt tier related, if I run the csi code snippet (var c = new TransformComponent(); c.GetType().GetProperty("OwnerUid").GetValue(c);) right after starting the client it catches just fine, if I run it after connecting to the game server it crashes.

I guess I should also mention we use [module: SkipLocalsInit] on most of the Robust.* projects, in case it's relevant.

@danmoseley
Copy link
Member

@PJB3005 thanks. Yes, I'm not a debugger person, but !dumpstack seems to use heuristics that sometimes make it jumbled. I just do ~kp for the native stacks too.

@jkotas should this go to the VM? seems like it.

@PJB3005
Copy link
Contributor Author

PJB3005 commented Nov 11, 2021

~kp in case it's useful to discern the noise or something.

0:016> ~kp
 # Child-SP          RetAddr               Call Site
00 00000059`e0afde18 00007ffa`b24aa243     0x00007ffa`5280e06a
01 00000059`e0afde20 00007ffa`b23d01b0     coreclr!CallDescrWorkerInternal+0x83
02 (Inline Function) --------`--------     coreclr!CallDescrWorkerWithHandler(void)+0x30 [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp @ 67] 
03 00000059`e0afde60 00007ffa`b23d1f0c     coreclr!CallDescrWorkerReflectionWrapper(struct CallDescrData * pCallDescrData = 0x00000059`e0afe3b0, class Frame * pFrame = 0x00007ffa`52ad4da0)+0x48 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp @ 472] 
04 00000059`e0afdeb0 00007ffa`549beeb5     coreclr!RuntimeMethodHandle::InvokeMethod(class Object * target = 0x00000000`0000003c, class Span<Object *> * objs = 0x00000059`e0afe588, class SignatureNative * pSigUNSAFE = 0x00007ffa`52d1c768, bool fConstructor = false, bool fWrapExceptions = true)+0x91c [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp @ 1067] 
05 00000059`e0afe530 00007ffa`a9611b09     0x00007ffa`549beeb5
06 00000059`e0afe600 00007ffa`a961703c     System_Private_CoreLib!System.Object System.Reflection.RuntimePropertyInfo::GetValue+0x59
07 00000059`e0afe660 00007ffa`5699f08b     System_Private_CoreLib!System.Object System.Reflection.PropertyInfo::GetValue+0x2c
08 00000059`e0afe6a0 00007ffa`a97c9eeb     0x00007ffa`5699f08b
09 00000059`e0afe720 00007ffa`a97cd2d2     System_Private_CoreLib!System.Runtime.CompilerServices.AsyncIteratorMethodBuilder::MoveNext+0x7b
0a 00000059`e0afe780 00007ffa`5699ef1f     System_Private_CoreLib!System.Threading.Tasks.Task`1[System.__Canon] System.Threading.Tasks.TaskFactory`1[System.__Canon]::ContinueWhenAny+0x212
0b 00000059`e0afe7c0 00007ffa`5699ed71     0x00007ffa`5699ef1f
0c 00000059`e0afe830 00007ffa`569586fe     0x00007ffa`5699ed71
0d 00000059`e0afe870 00007ffa`56957631     0x00007ffa`569586fe
0e 00000059`e0afe940 00007ffa`5695755f     0x00007ffa`56957631
0f 00000059`e0afe9b0 00007ffa`56957481     0x00007ffa`5695755f
10 00000059`e0afe9f0 00007ffa`56956a20     0x00007ffa`56957481
11 00000059`e0afeab0 00007ffa`569566f1     0x00007ffa`56956a20
12 00000059`e0afeca0 00007ffa`5695661f     0x00007ffa`569566f1
13 00000059`e0afed10 00007ffa`5695641b     0x00007ffa`5695661f
14 00000059`e0afed50 00007ffa`55bff190     0x00007ffa`5695641b
15 00000059`e0afee20 00007ffa`5699eca9     0x00007ffa`55bff190
16 00000059`e0afee90 00007ffa`568acfe7     0x00007ffa`5699eca9
17 00000059`e0afeee0 00007ffa`568a9dd3     0x00007ffa`568acfe7
18 00000059`e0aff050 00007ffa`568a9d4b     0x00007ffa`568a9dd3
19 00000059`e0aff0b0 00007ffa`568a9d0c     0x00007ffa`568a9d4b
1a 00000059`e0aff0e0 00007ffa`568a9ca4     0x00007ffa`568a9d0c
1b 00000059`e0aff150 00007ffa`544984bc     0x00007ffa`568a9ca4
1c 00000059`e0aff180 00007ffa`54f396e6     0x00007ffa`544984bc
1d 00000059`e0aff1d0 00007ffa`54f388f8     0x00007ffa`54f396e6
1e 00000059`e0aff410 00007ffa`549ca9df     0x00007ffa`54f388f8
1f 00000059`e0aff4a0 00007ffa`549c74c9     0x00007ffa`549ca9df
20 00000059`e0aff540 00007ffa`54f910ae     0x00007ffa`549c74c9
21 00000059`e0aff690 00007ffa`54f90f1a     0x00007ffa`54f910ae
22 00000059`e0aff6d0 00007ffa`549c59e1     0x00007ffa`54f90f1a
23 00000059`e0aff760 00007ffa`549c3f02     0x00007ffa`549c59e1
24 00000059`e0aff860 00007ffa`543f2a8e     0x00007ffa`549c3f02
25 00000059`e0aff900 00007ffa`549b2276     0x00007ffa`543f2a8e
26 00000059`e0aff980 00007ffa`543e31d0     0x00007ffa`549b2276
27 00000059`e0aff9c0 00007ffa`5322b1c8     0x00007ffa`543e31d0
28 00000059`e0affa40 00007ffa`5322b402     0x00007ffa`5322b1c8
29 00000059`e0affa70 00007ffa`5322b4b3     0x00007ffa`5322b402
2a 00000059`e0affaa0 00007ffa`a9581c6f     0x00007ffa`5322b4b3
2b 00000059`e0affad0 00007ffa`b24aa243     System_Private_CoreLib!System.Threading.Thread::StartCallback+0x3f
2c 00000059`e0affb10 00007ffa`b239d29c     coreclr!CallDescrWorkerInternal+0x83
2d 00000059`e0affb50 00007ffa`b248bb43     coreclr!DispatchCallSimple(unsigned int64 * pSrc = 0x00000059`e0affc00, unsigned long numStackSlotsToCopy = 4, unsigned int64 pTargetAddress = 0x00007ffa`529094d0, unsigned long dwDispatchCallSimpleFlags = 0)+0x80 [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp @ 220] 
2e 00000059`e0affbe0 00007ffa`b23f84c5     coreclr!ThreadNative::KickOffThread_Worker(void * ptr = <Value unavailable error>)+0x63 [D:\a\_work\1\s\src\coreclr\vm\comsynchronizable.cpp @ 158] 
2f (Inline Function) --------`--------     coreclr!ManagedThreadBase_DispatchInner(void)+0xd [D:\a\_work\1\s\src\coreclr\vm\threads.cpp @ 7317] 
30 00000059`e0affc40 00007ffa`b23f83ca     coreclr!ManagedThreadBase_DispatchMiddle(struct ManagedThreadCallState * pCallState = 0x00000000`00000000)+0x85 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp @ 7361] 
31 00000059`e0affd20 00007ffa`b23f81e9     coreclr!ManagedThreadBase_DispatchOuter(struct ManagedThreadCallState * pCallState = <Value unavailable error>)+0xae [D:\a\_work\1\s\src\coreclr\vm\threads.cpp @ 7520] 
32 (Inline Function) --------`--------     coreclr!ManagedThreadBase_FullTransition(void)+0x2d [D:\a\_work\1\s\src\coreclr\vm\threads.cpp @ 7565] 
33 (Inline Function) --------`--------     coreclr!ManagedThreadBase::KickOff(void)+0x2d [D:\a\_work\1\s\src\coreclr\vm\threads.cpp @ 7600] 
34 00000059`e0affdc0 00007ffb`8ad57034     coreclr!ThreadNative::KickOffThread(void * pass = 0x00000243`f88a9720)+0x79 [D:\a\_work\1\s\src\coreclr\vm\comsynchronizable.cpp @ 230] 
35 00000059`e0affe20 00007ffb`8bfa2651     KERNEL32!BaseThreadInitThunk+0x14
36 00000059`e0affe50 00000000`00000000     ntdll!RtlUserThreadStart+0x21

@jkotas
Copy link
Member

jkotas commented Nov 12, 2021

cmp qword ptr [rcx],rax ds:00000000`00000000=????????????????

This looks like the first chance exception. There are likely subsequent exceptions that are actually causing the crash.

Can you try continuing in the debugger (g command) to see whether you hit more exceptions?

@PJB3005
Copy link
Contributor Author

PJB3005 commented Nov 12, 2021

Second exception:

0:016> g
(9e3c.a688): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ChangeEngineState
KERNELBASE!RaiseException+0x69:
00007ffb`89d04f99 0f1f440000      nop     dword ptr [rax+rax]
0:016> !dumpstack
OS Thread Id: 0xa688 (16)
Current frame: KERNELBASE!RaiseException + 0x69
Child-SP         RetAddr          Caller, Callee
00000059E0AFD808 00007ffb89d04f99 KERNELBASE!RaiseException + 0x69, calling ntdll!RtlRaiseException
00000059E0AFD880 00007ffab2564d2f coreclr!LinkFrameAndThrow + 0x3f [D:\a\_work\1\s\src\coreclr\vm\excep.cpp:6940], calling coreclr!memcpy [d:\a01\_work\2\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm:68]
00000059E0AFD8B0 00007ffab24ab1b9 coreclr!NakedThrowHelper2 + 0x9, calling coreclr!LinkFrameAndThrow [D:\a\_work\1\s\src\coreclr\vm\excep.cpp:6934]
00000059E0AFD8E0 00007ffab24ab1eb coreclr!NakedThrowHelper_RspAligned + 0x1e, calling coreclr!NakedThrowHelper2
00000059E0AFD930 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFDA30 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFDA40 00007ffab235d3a3 coreclr!MemberLoader::GetMethodDescFromMethodDef + 0x63 [D:\a\_work\1\s\src\coreclr\vm\memberload.cpp:640], calling coreclr!MethodDesc::CheckRestore [D:\a\_work\1\s\src\coreclr\vm\method.cpp:3953]
00000059E0AFDAB0 00007ffab2461699 coreclr!GetRuntimeTypeHelper + 0x6d [D:\a\_work\1\s\src\coreclr\vm\runtimehandles.cpp:179], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFDAD0 00007ffab23cbe07 coreclr!MemberLoader::GetMethodDescFromMemberDefOrRefOrSpec + 0xe3 [D:\a\_work\1\s\src\coreclr\vm\memberload.cpp:779], calling coreclr!MethodDesc::FindOrCreateAssociatedMethodDesc [D:\a\_work\1\s\src\coreclr\vm\genmeth.cpp:749]
00000059E0AFDB20 00007ffab23cb9a6 coreclr!MethodDesc::FindOrCreateAssociatedMethodDescForReflection + 0x4a [D:\a\_work\1\s\src\coreclr\vm\genmeth.cpp:1281], calling coreclr!TypeHandle::HasInstantiation [D:\a\_work\1\s\src\coreclr\vm\typehandle.cpp:1241]
00000059E0AFDB78 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFDCB0 00007ffab2389670 coreclr!CMiniMdBase::FindPropertyMapFor + 0x54 [D:\a\_work\1\s\src\coreclr\md\runtime\metamodel.cpp:1007], calling ntdll!LdrpDispatchUserCallTarget
00000059E0AFDCE0 00007ffab2405731 coreclr!ILCodeVersion::GetActiveNativeCodeVersion + 0xc9 [D:\a\_work\1\s\src\coreclr\vm\codeversion.cpp:795], calling coreclr!MethodTable::GetModule [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:372]
00000059E0AFDDA0 00007ffab237974a coreclr!CrstBase::Enter + 0x5a [D:\a\_work\1\s\src\coreclr\vm\crst.cpp:328], calling ntdll!RtlEnterCriticalSection
00000059E0AFDDB0 00007ffab247d721 coreclr!ILCodeVersion::GetOrCreateActiveNativeCodeVersion + 0x25 [D:\a\_work\1\s\src\coreclr\vm\codeversion.cpp:988], calling coreclr!ILCodeVersion::GetActiveNativeCodeVersion [D:\a\_work\1\s\src\coreclr\vm\codeversion.cpp:790]
00000059E0AFDDD0 00007ffab239edc3 coreclr!CrstBase::Leave + 0x13 [D:\a\_work\1\s\src\coreclr\vm\crst.cpp:358], calling ntdll!RtlLeaveCriticalSection
00000059E0AFDDF0 00007ffab235a8bc coreclr!TypeHandle::GetSize + 0xc [D:\a\_work\1\s\src\coreclr\vm\typehandle.cpp:65], calling coreclr!TypeHandle::GetInternalCorElementType [D:\a\_work\1\s\src\coreclr\vm\typehandle.cpp:1231]
00000059E0AFDE00 00007ffab23d1456 coreclr!Alloc + 0x96 [D:\a\_work\1\s\src\coreclr\vm\gchelpers.cpp:239], calling ntdll!LdrpDispatchUserCallTarget
00000059E0AFDE08 00007ffab24ab1f5 coreclr!NakedThrowHelper_FixRsp + 0x5, calling coreclr!NakedThrowHelper_RspAligned
00000059E0AFDE10 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFDE50 00007ffab23d01b0 coreclr!CallDescrWorkerReflectionWrapper + 0x48 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:472], calling coreclr!CallDescrWorkerInternal
00000059E0AFDE70 00007ffab23d01fa coreclr!MethodTable::Allocate + 0xe [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:3550], calling coreclr!MethodTable::EnsureInstanceActive [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:8791]
00000059E0AFDEA0 00007ffab23d1f0c coreclr!RuntimeMethodHandle::InvokeMethod + 0x91c [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:1067], calling coreclr!CallDescrWorkerReflectionWrapper [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:455]
00000059E0AFDEE0 00007ffab23d2c2a coreclr!ArgIteratorForMethodInvoke::ArgIteratorForMethodInvoke + 0x52 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:623], calling coreclr!IsActivationNeededForMethodInvoke [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:520]
00000059E0AFDF10 00007ffab23d1892 coreclr!RuntimeMethodHandle::InvokeMethod + 0x2a2 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:822], calling coreclr!__chkstk [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm:67]
00000059E0AFDF20 00007ffab235a996 coreclr!HashTypeHandle + 0x86 [D:\a\_work\1\s\src\coreclr\vm\typehash.cpp:255], calling coreclr!HashPossiblyInstantiatedType [D:\a\_work\1\s\src\coreclr\vm\typehash.cpp:152]
00000059E0AFE070 00007ffab23d1083 coreclr!ClassLoader::LoadArrayTypeThrowing + 0xdf [D:\a\_work\1\s\src\coreclr\vm\clsload.cpp:4023], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE100 00007ffab239be87 coreclr!SignatureNative::GetSignature + 0x3d7 [D:\a\_work\1\s\src\coreclr\vm\runtimehandles.cpp:2169], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE230 00007ffab239c9eb coreclr!MethodTable::CanCastTo + 0x8b [D:\a\_work\1\s\src\coreclr\vm\methodtable.cpp:1752], calling coreclr!CastCache::TrySet [D:\a\_work\1\s\src\coreclr\vm\castcache.cpp:208]
00000059E0AFE260 00007ffab239c907 coreclr!ObjIsInstanceOfCore + 0xd3 [D:\a\_work\1\s\src\coreclr\vm\jithelpers.cpp:2179], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE350 00007ffab2461b1c coreclr!ObjIsInstanceOf + 0x3c [D:\a\_work\1\s\src\coreclr\vm\jithelpers.cpp:2200], calling coreclr!ObjIsInstanceOfCore [D:\a\_work\1\s\src\coreclr\vm\jithelpers.cpp:2094]
00000059E0AFE380 00007ffab2461abb coreclr!IsInstanceOfTypeHelper + 0xf3 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:402], calling coreclr!__security_check_cookie [d:\a01\_work\2\s\src\vctools\crt\vcstartup\src\gs\amd64\amdsecgs.asm:45]
00000059E0AFE418 00007ffab239bb90 coreclr!SignatureNative::GetSignature + 0xe0 [D:\a\_work\1\s\src\coreclr\vm\runtimehandles.cpp:2101], calling coreclr!LazyMachStateCaptureState
00000059E0AFE480 00007ffa548e6b85 (MethodDesc 00007ffa52b911a8 + 0x45 System.Reflection.RuntimeMethodInfo.<get_Signature>g__LazyCreateSignature|24_0()), calling coreclr!JIT_CheckedWriteBarrier
00000059E0AFE490 00007ffa544069b6 (MethodDesc 00007ffa528f8d58 + 0x56 System.RuntimeType.get_ContainsGenericParameters()), calling 00007ffab24648c0 (stub for System.RuntimeTypeHandle.ContainsGenericVariables(System.RuntimeType))
00000059E0AFE4A8 00007ffab23d16b2 coreclr!RuntimeMethodHandle::InvokeMethod + 0xc2 [D:\a\_work\1\s\src\coreclr\vm\reflectioninvocation.cpp:770], calling coreclr!LazyMachStateCaptureState
00000059E0AFE4D0 00007ffaa960d63f (MethodDesc 00007ffa52b91190 + 0xdf System.Reflection.RuntimeMethodInfo.<get_InvocationFlags>g__LazyCreateInvocationFlags|13_0()), calling 00007ffab2482ce0 (stub for System.RuntimeTypeHandle.IsByRefLike(System.RuntimeType))
00000059E0AFE520 00007ffa549beeb5 (MethodDesc 00007ffa52b91050 + 0xf5 System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)), calling 00007ffab23d15f0 (stub for System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Span`1<System.Object> ByRef, System.Signature, Boolean, Boolean))
00000059E0AFE5F0 00007ffaa9611b09 (MethodDesc 00007ffa52d1ce78 + 0x59 System.Reflection.RuntimePropertyInfo.GetValue(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)), calling (MethodDesc 00007ffa52b91050 + 0 System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo))
00000059E0AFE650 00007ffaa961703c (MethodDesc 00007ffa52d1c8c0 + 0x2c System.Reflection.PropertyInfo.GetValue(System.Object)), calling 00007ffa55204648
00000059E0AFE690 00007ffa5699f08b (MethodDesc 00007ffa56d174b8 + 0xcb Submission#0+<<Initialize>>d__0.MoveNext()), calling (MethodDesc 00007ffa52d1c8c0 + 0 System.Reflection.PropertyInfo.GetValue(System.Object))
00000059E0AFE710 00007ffaa97c9eeb (MethodDesc 00007ffa56c72be8 + 0x4b System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef)), calling System_Private_CoreLib!System.Tuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.Tuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.Tuple`7[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon]]] System.TupleExtensions::ToTuple(System.ValueTuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.ValueTuple`8[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.ValueTuple`7[System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon, System.__Canon]]])$##6001F76 + 0xb6b0
00000059E0AFE770 00007ffaa97cd2d2 (MethodDesc 00007ffa56c72a50 + 0x22 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef)), calling (MethodDesc 00007ffa56c72be8 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef))
00000059E0AFE7B0 00007ffa5699ef1f (MethodDesc 00007ffa56c5b148 + 0xbf Submission#0.<Initialize>()), calling (MethodDesc 00007ffa56c72a50 + 0 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[System.__Canon, System.Private.CoreLib]](System.__Canon ByRef))
00000059E0AFE820 00007ffa5699ed71 (MethodDesc 00007ffa56c5b178 + 0x51 Submission#0.<Factory>(System.Object[])), calling (MethodDesc 00007ffa56c5b148 + 0 Submission#0.<Initialize>())
00000059E0AFE860 00007ffa569586fe (MethodDesc 00007ffa56c5eae8 + 0x2be Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]].MoveNext())
00000059E0AFE930 00007ffa56957631 (MethodDesc 00007ffa56c5f7c8 + 0xb1 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef))
00000059E0AFE9A0 00007ffa5695755f (MethodDesc 00007ffa56c5f500 + 0x5f System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef)), calling (MethodDesc 00007ffa56c5f7c8 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef))
00000059E0AFE9E0 00007ffa56957481 (MethodDesc 00007ffa56c5ca28 + 0x131 Microsoft.CodeAnalysis.Scripting.ScriptExecutionState.RunSubmissionsAsync[[System.__Canon, System.Private.CoreLib]](System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Runtime.CompilerServices.StrongBox`1<System.Exception>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa56c5f500 + 0 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.ScriptExecutionState+<RunSubmissionsAsync>d__9`1[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__9`1<System.__Canon> ByRef))
00000059E0AFEAA0 00007ffa56956a20 (MethodDesc 00007ffa56c5b828 + 0x1f0 Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]].MoveNext()), calling (MethodDesc 00007ffa56c5ca28 + 0 Microsoft.CodeAnalysis.Scripting.ScriptExecutionState.RunSubmissionsAsync[[System.__Canon, System.Private.CoreLib]](System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Runtime.CompilerServices.StrongBox`1<System.Exception>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken))
00000059E0AFEC90 00007ffa569566f1 (MethodDesc 00007ffa56c5c4d8 + 0xb1 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef))
00000059E0AFED00 00007ffa5695661f (MethodDesc 00007ffa56c5c080 + 0x5f System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef)), calling (MethodDesc 00007ffa56c5c4d8 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef))
00000059E0AFED40 00007ffa5695641b (MethodDesc 00007ffa55f929b8 + 0x15b Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunSubmissionsAsync(Microsoft.CodeAnalysis.Scripting.ScriptExecutionState, System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa56c5c080 + 0 System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.__Canon, System.Private.CoreLib]].Start[[Microsoft.CodeAnalysis.Scripting.Script`1+<RunSubmissionsAsync>d__21[[System.__Canon, System.Private.CoreLib]], Microsoft.CodeAnalysis.Scripting]](<RunSubmissionsAsync>d__21<System.__Canon> ByRef))
00000059E0AFEE10 00007ffa55bff190 (MethodDesc 00007ffa55f92978 + 0xb0 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa55f929b8 + 0 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunSubmissionsAsync(Microsoft.CodeAnalysis.Scripting.ScriptExecutionState, System.Collections.Immutable.ImmutableArray`1<System.Func`2<System.Object[],System.Threading.Tasks.Task>>, System.Func`2<System.Object[],System.Threading.Tasks.Task>, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken))
00000059E0AFEE80 00007ffa5699eca9 (MethodDesc 00007ffa55f92908 + 0x39 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].CommonRunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken)), calling (MethodDesc 00007ffa55f92978 + 0 Microsoft.CodeAnalysis.Scripting.Script`1[[System.__Canon, System.Private.CoreLib]].RunAsync(System.Object, System.Func`2<System.Exception,Boolean>, System.Threading.CancellationToken))
00000059E0AFEED0 00007ffa568acfe7 (MethodDesc 00007ffa530afd68 + 0x8c7 Robust.Client.Console.ScriptConsoleClient+<Run>d__9.MoveNext())
00000059E0AFF040 00007ffa568a9dd3 (MethodDesc 00007ffa56abd290 + 0x63 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef)), calling (MethodDesc 00007ffa530afd68 + 0 Robust.Client.Console.ScriptConsoleClient+<Run>d__9.MoveNext())
00000059E0AFF0A0 00007ffa568a9d4b (MethodDesc 00007ffa56abd118 + 0x1b System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef)), calling (MethodDesc 00007ffa56abd290 + 0 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef))
00000059E0AFF0D0 00007ffa568a9d0c (MethodDesc 00007ffa530aeb48 + 0x4c Robust.Client.Console.ScriptConsoleClient.Run()), calling (MethodDesc 00007ffa56abd118 + 0 System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[Robust.Client.Console.ScriptConsoleClient+<Run>d__9, Robust.Client]](<Run>d__9 ByRef))
00000059E0AFF140 00007ffa568a9ca4 (MethodDesc 00007ffa52e895c8 + 0x24 Robust.Client.UserInterface.CustomControls.ScriptConsole.<.ctor>b__12_2(LineEditEventArgs))
00000059E0AFF170 00007ffa544984bc (MethodDesc 00007ffa5481f5c0 + 0x3c ILStubClass.IL_STUB_MulticastDelegate_Invoke(System.__Canon))
00000059E0AFF1C0 00007ffa54f396e6 (MethodDesc 00007ffa5304b830 + 0xb86 Robust.Client.UserInterface.Controls.LineEdit.KeyBindDown(Robust.Client.UserInterface.GUIBoundKeyEventArgs))
00000059E0AFF400 00007ffa54f388f8 (MethodDesc 00007ffa5304bcf8 + 0x48 Robust.Client.UserInterface.Controls.HistoryLineEdit.KeyBindDown(Robust.Client.UserInterface.GUIBoundKeyEventArgs)), calling 00007ffa55200ac0
00000059E0AFF490 00007ffa549ca9df (MethodDesc 00007ffa54724dd8 + 0x5f Robust.Client.UserInterface.UserInterfaceManager._doGuiInput[[System.__Canon, System.Private.CoreLib]](Robust.Client.UserInterface.Control, System.__Canon, System.Action`2<Robust.Client.UserInterface.Control,System.__Canon>, Boolean))
00000059E0AFF530 00007ffa549c74c9 (MethodDesc 00007ffa52af1238 + 0x429 Robust.Client.UserInterface.UserInterfaceManager.KeyBindDown(Robust.Shared.Input.BoundKeyEventArgs)), calling (MethodDesc 00007ffa54724dd8 + 0 Robust.Client.UserInterface.UserInterfaceManager._doGuiInput[[System.__Canon, System.Private.CoreLib]](Robust.Client.UserInterface.Control, System.__Canon, System.Action`2<Robust.Client.UserInterface.Control,System.__Canon>, Boolean))
00000059E0AFF550 00007ffb8bf802c9 ntdll!LdrGetProcedureAddressForCaller + 0x509, calling ntdll!_security_check_cookie
00000059E0AFF680 00007ffa54f910ae (MethodDesc 00007ffa52af1558 + 0x1e Robust.Client.UserInterface.UserInterfaceManager.OnUIKeyBindStateChanged(Robust.Shared.Input.BoundKeyEventArgs)), calling (MethodDesc 00007ffa52af1238 + 0 Robust.Client.UserInterface.UserInterfaceManager.KeyBindDown(Robust.Shared.Input.BoundKeyEventArgs))
00000059E0AFF6A0 00007ffa549cabcb (MethodDesc 00007ffa54727730 + 0x4b System.Array.IndexOf[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]](Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32)), calling (MethodDesc 00007ffa541d4bf8 + 0 System.Collections.Generic.GenericEqualityComparer`1[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]].IndexOf(Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32))
00000059E0AFF6C0 00007ffa54f90f1a (MethodDesc 00007ffa52afb7a0 + 0x10a Robust.Client.Input.InputManager.SetBindState(KeyBinding, Robust.Shared.Input.BoundKeyState, Boolean))
00000059E0AFF6D0 00007ffa549ca888 (MethodDesc 00007ffa52e64cc8 + 0x28 Robust.Shared.Input.InputCmdContext.FunctionExistsHierarchy(Robust.Shared.Input.BoundKeyFunction)), calling (MethodDesc 00007ffa54727730 + 0 System.Array.IndexOf[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]](Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32))
00000059E0AFF6E0 00007ffa549cabcb (MethodDesc 00007ffa54727730 + 0x4b System.Array.IndexOf[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]](Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32)), calling (MethodDesc 00007ffa541d4bf8 + 0 System.Collections.Generic.GenericEqualityComparer`1[[Robust.Shared.Input.BoundKeyFunction, Robust.Shared]].IndexOf(Robust.Shared.Input.BoundKeyFunction[], Robust.Shared.Input.BoundKeyFunction, Int32, Int32))
00000059E0AFF750 00007ffa549c59e1 (MethodDesc 00007ffa52afb738 + 0x3e1 Robust.Client.Input.InputManager.KeyDown(Robust.Client.Input.KeyEventArgs)), calling (MethodDesc 00007ffa52afb770 + 0 Robust.Client.Input.InputManager.DownBind(KeyBinding, Boolean, Boolean))
00000059E0AFF760 00007ffa54342e76 (MethodDesc 00007ffa529a8308 + 0x96 System.Runtime.CompilerServices.CastHelpers.StelemRef_Helper(System.Object ByRef, Void*, System.Object)), calling coreclr!JIT_WriteBarrier_Callable
00000059E0AFF7A0 00007ffa54f9886e (MethodDesc 00007ffa5307f7f8 + 0xee Robust.Client.Graphics.Clyde.Clyde+GlfwWindowingImpl.EmitKeyEvent(Key, OpenToolkit.GraphicsLibraryFramework.InputAction, OpenToolkit.GraphicsLibraryFramework.KeyModifiers, Int32)), calling (MethodDesc 00007ffa529a82f0 + 0 System.Runtime.CompilerServices.CastHelpers.StelemRef(System.Array, Int32, System.Object))
00000059E0AFF850 00007ffa549c3f02 (MethodDesc 00007ffa52b41210 + 0x1f2 Robust.Client.Graphics.Clyde.Clyde.DispatchSingleEvent(DEventBase))
00000059E0AFF868 00007ffa549b1fbf (MethodDesc 00007ffa5307fbe8 + 0x8f Robust.Client.Graphics.Clyde.Clyde+GlfwWindowingImpl.WindowSwapBuffers(WindowReg)), calling glfw3!thunk@7ffb69ff179e + 0x3c2
00000059E0AFF8F0 00007ffa543f2a8e (MethodDesc 00007ffa52b411f8 + 0x4e Robust.Client.Graphics.Clyde.Clyde.DispatchEvents()), calling (MethodDesc 00007ffa52b41210 + 0 Robust.Client.Graphics.Clyde.Clyde.DispatchSingleEvent(DEventBase))
00000059E0AFF970 00007ffa549b2276 (MethodDesc 00007ffa52a2acf0 + 0x46 Robust.Client.GameController.<StartupContinue>b__45_2(System.Object, Robust.Shared.Timing.FrameEventArgs)), calling 00007ffa5280ca40
00000059E0AFF980 00007ffa549b216c (MethodDesc 00007ffa52abe1c8 + 0x1c Robust.Shared.Timing.GameTiming.StartFrame()), calling 00007ffa52808c40
00000059E0AFF9B0 00007ffa543e31d0 (MethodDesc 00007ffa530e5a30 + 0x230 Robust.Shared.Timing.GameLoop.Run())
00000059E0AFFA30 00007ffa5322b1c8 (MethodDesc 00007ffa52a2ac98 + 0x58 Robust.Client.GameController.ContinueStartupAndLoop(DisplayMode)), calling 00007ffa528009e0
00000059E0AFFA60 00007ffa5322b402 (MethodDesc 00007ffa52a2ac80 + 0x32 Robust.Client.GameController.GameThreadMain(DisplayMode)), calling 00007ffa52912cd8 (stub for Robust.Client.GameController.ContinueStartupAndLoop(DisplayMode))
00000059E0AFFA90 00007ffa5322b4b3 (MethodDesc 00007ffa52fcc720 + 0x23 Robust.Client.GameController+<>c__DisplayClass79_0.<Run>b__0()), calling 00007ffa52912cd0 (stub for Robust.Client.GameController.GameThreadMain(DisplayMode))
00000059E0AFFAC0 00007ffaa9581c6f (MethodDesc 00007ffa529af870 + 0x3f System.Threading.Thread.StartCallback())
00000059E0AFFB00 00007ffab24aa243 coreclr!CallDescrWorkerInternal + 0x83
00000059E0AFFB10 00007ffab23f8e09 coreclr!Thread::AllocateIOCompletionContext + 0x25 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:1987], calling ntdll!RtlAllocateHeap
00000059E0AFFB40 00007ffab239d29c coreclr!DispatchCallSimple + 0x80 [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp:220], calling coreclr!CallDescrWorkerWithHandler [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp:54]
00000059E0AFFBD0 00007ffab248bb43 coreclr!ThreadNative::KickOffThread_Worker + 0x63 [D:\a\_work\1\s\src\coreclr\vm\comsynchronizable.cpp:158], calling coreclr!DispatchCallSimple [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp:173]
00000059E0AFFC00 00007ffab23f8e09 coreclr!Thread::AllocateIOCompletionContext + 0x25 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:1987], calling ntdll!RtlAllocateHeap
00000059E0AFFC30 00007ffab23f84c5 coreclr!ManagedThreadBase_DispatchMiddle + 0x85 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7361], calling ntdll!LdrpDispatchUserCallTarget
00000059E0AFFC50 00007ffab23f897e coreclr!ETW::ThreadLog::FireThreadCreated + 0x36 [D:\a\_work\1\s\src\coreclr\vm\eventtrace.cpp:2604], calling coreclr!FireEtwThreadCreated [D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\inc\clretwallmain.h:1660]
00000059E0AFFC60 00007ffab23f8aa5 coreclr!Thread::PrepareApartmentAndContext + 0x3d [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:4810], calling coreclr!Thread::SetApartment [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:4981]
00000059E0AFFC70 00007ffab23f8b25 coreclr!ThreadStore::TransferStartedThread + 0x69 [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:5479], calling coreclr!ThreadSuspend::UnlockThreadStore [D:\a\_work\1\s\src\coreclr\vm\threadsuspend.cpp:1905]
00000059E0AFFD10 00007ffab23f83ca coreclr!ManagedThreadBase_DispatchOuter + 0xae [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7520], calling coreclr!ManagedThreadBase_DispatchMiddle [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7321]
00000059E0AFFDB0 00007ffab23f81e9 coreclr!ThreadNative::KickOffThread + 0x79 [D:\a\_work\1\s\src\coreclr\vm\comsynchronizable.cpp:230], calling coreclr!ManagedThreadBase_DispatchOuter [D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7472]
00000059E0AFFE10 00007ffb8ad57034 KERNEL32!BaseThreadInitThunk + 0x14, calling ntdll!LdrpDispatchUserCallTarget
00000059E0AFFE40 00007ffb8bfa2651 ntdll!RtlUserThreadStart + 0x21, calling ntdll!LdrpDispatchUserCallTarget

@jkotas
Copy link
Member

jkotas commented Nov 12, 2021

Is there third or fourth exception after that?

@PJB3005
Copy link
Contributor Author

PJB3005 commented Nov 12, 2021

No, that's the last of it.

@jkotas
Copy link
Member

jkotas commented Nov 12, 2021
edited
Loading

Here is a small repro - compile and run with optimizations on:

var i = new My(new My(null));
var m = i.GetType().GetMethod("M");
for (;;)
{
    try
    {
        m.Invoke(i, null);
    }
    catch
    {
    }
}

public interface IFace
{
    void M();
}

public class My : IFace
{
    IFace _face;

    public My(IFace face)
    {
        _face = face;
    }

    public void M() => _face.M();
}

Expected behavior: Runs forever
Actual behavior: Crashes with AccessViolationException

@jkotas
Copy link
Member

jkotas commented Nov 12, 2021

@janvorli Could you please take a look? It looks like a bug in stackwalking from tail-called VSD stub.

@janvorli
Copy link
Member

@jkotas thank you for the simple repro. I am taking a look now.

@janvorli
Copy link
Member

The culprit is quite nasty, as it breaks our assumption that when a NRE happens in the VSD stub, we can simply manually unwind to the caller to get to a managed frame. In this problematic case, the direct caller based on the stack trace is the CallDescrWorkerInternal asm helper, as it was the caller of the managed method that tail called into the VSD stub.
I have investigated possible ways to fix that and while I have found a fix that works on Windows, fixing it on Unix seems to be going to be quite involved due to the differences in the EH processing on native / managed boundaries.

@PJB3005 PJB3005 mentioned this issue Nov 23, 2021
Closed
@janvorli janvorli mentioned this issue Nov 29, 2021
Closed
@janvorli janvorli removed the untriaged New issue has not been triaged by the area owner label Nov 29, 2021
@janvorli
Copy link
Member

janvorli commented Dec 3, 2021

I was thinking about it more and I have come to a conclusion that we should rather fix this in the JIT and let it generate null check instruction before tail calling the VSD. The reason is diagnosability of such exceptions. If I made it work only by runtime changes, then the real location of the NullReferenceException would be lost, as when the VSD stub is entered via tail call and we try to access the null reference, the frame of the managed function that invoked it is not on the stack anymore.
@jkotas what do you think about this idea?

@jkotas
Copy link
Member

jkotas commented Dec 4, 2021
edited
Loading

I was thinking about it more and I have come to a conclusion that we should rather fix this in the JIT and let it generate null check instruction before tail calling the VSD.

I agree.

@jkotas jkotas added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Dec 4, 2021
@ghost
Copy link

ghost commented Dec 4, 2021

Tagging subscribers to this area: @JulieLeeMSFT
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

For some reason, reading a simple tiny property via reflection that should NRE instead crashes the process with an AV (seems the runtime isn't turning it into an NRE correctly?). This start happening with .NET 6 (we migrated two days ago, from .NET 5) and only seems to happen through reflection GetValue()/Invoke(). It's also specific to release mode (debug works fine) and happens consistently on both Linux/Windows.

We have a debugging tool in our game called VV (view variables) which allows us to inspect and modify the fields/properties on objects. Outside of being networked (server connection) it just uses basic reflection stuff to find all properties/fields tagged with [ViewVariables] and uses .GetValue() to view their value, show them nicely, etc... We noticed that this hard crashed the server when looking at certain objects. Accessing the property directly (at least via C# interactive) works fine. Accessing it via reflection crashes (it's not specific to our VV tool).

The problematic code (that's being invoked and causes the crash) is this tiny property. The objects in question being looked at do have a null Owner, so an NRE is expected. Yeah, it's that simple. There's no IL rewriting, unsafe optimizations, anything going on.

Rickbrew on Discord suggested setting COMPlus_legacyCorruptedStateExceptionsPolicy=1. If I do that the AV gets thrown as AccessViolationException but can at least be caught with a try catch (it's wrapped in an InvocationTargetException of course). I don't know how relevant that is.
Ræin on Discord suggested using a function pointer like so: ((delegate*<[YourObjectType], EntityUid>)property.GetMethod.Handle.GetFunctionPointer())(Object). This worked fine (NRE thrown and caught). Other things they suggested like property.GetMethod.Invoke(...) exhibit the same AV behavior.

Reproduction Steps

I tried reproducing this in a tiny test project and couldn't get it to happen, in fact a separate test game project on our own (same) engine doesn't even trigger it. It is consistent in our game however. I understand these aren't very lightweight instructions but anyways:

  1. Clone repo (also we have a setup guide in case it doesn't work).
  2. git submodule update --init --recursive
  3. dotnet run -c Release in the Content.Client project
  4. [edit] I just realized this appears to be related to optimization tiers or something, running a bad code sample straight away doesn't trigger it. Going in game proper so the JIT warms up I guess and then running the code does.
  5. dotnet run -c Release in the Content.Server project to start the server
  6. Hit the big connect button on the client, wait for it to connect.
  7. Open dev console (tilde/grave, below escape)
  8. Run csi for C# interactive console.
  9. Run the following code:
var c = new TransformComponent(); // Literally any component instance works here. These components have no constructors, nothing funny here.
c.GetType().GetProperty("OwnerUid").GetValue(c); // Will cause AV.

I tried debugging this in SOS but didn't really know what I was doing all that much. Tell me if I need to do something specific). I can supply a dump if necessary.

Expected behavior

The runtime should simply throw an NRE which our code will handle (admittedly our VV code doesn't handle it nicely but the packet handler catches it so it won't crash the whole process like it does now).

Actual behavior

The runtime seems to fail to detect the AV as an NRE and crashes the process.

Regression?

Yes, I rolled back to .NET 5 (we switched .NET 6 two days ago) and it stopped happening. The exception is correctly thrown as an NRE and caught.

Known Workarounds

No response

Configuration

.NET Runtime: 6.0.0
OS: Windows 10.0.19042 for my dev machine, but it also happens on our Linux servers.
Architecture: x64
Specific: Happens on Linux and Windows, does not happen on .NET 5, only happens on Release build configuration (not Debug).

Other information

No response

Author: PJB3005
Assignees: -
Labels:

bug, area-CodeGen-coreclr, area-ExceptionHandling-coreclr, regression-from-last-release
Milestone: -

@jkotas jkotas added this to the .NET 7.0 milestone Dec 4, 2021
@jkotas
Copy link
Member

jkotas commented Dec 4, 2021

@jakobbotsch Could you please take a look? It is in the area you have been working on.

@jakobbotsch
Copy link
Member

I'm OOF next week, but I will take a look once I am back. Removed the regression badge since the reduced example does seem to repro on .NET 5 as well.

@karelz karelz modified the milestones: .NET 7.0, 7.0.0 Dec 6, 2021
jakobbotsch added a commit to jakobbotsch/runtime that referenced this issue Dec 13, 2021
@jakobbotsch
Add explicit null-check for tailcalls to VSD
da9da5e 
There is already a comment that this is necessary, but it is only being
done for x86 tailcalls via jit helper. Do it for normal tailcalls to VSD
as well.

Fix dotnet#61486
@jakobbotsch jakobbotsch mentioned this issue Dec 13, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Dec 13, 2021
jkotas pushed a commit that referenced this issue Dec 14, 2021
@jakobbotsch
Add explicit null-check for tailcalls to VSD (#62719)
c0c4125 
There is already a comment that this is necessary, but it is only being
done for x86 tailcalls via jit helper. Do it for normal tailcalls to VSD
as well.

Fix #61486
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Dec 14, 2021
github-actions bot pushed a commit that referenced this issue Dec 14, 2021
@jakobbotsch
Add explicit null-check for tailcalls to VSD
b63403b 
There is already a comment that this is necessary, but it is only being
done for x86 tailcalls via jit helper. Do it for normal tailcalls to VSD
as well.

Fix #61486
@jakobbotsch jakobbotsch mentioned this issue Dec 14, 2021
Merged
jeffschwMSFT pushed a commit that referenced this issue Jan 7, 2022
@github-actions @jakobbotsch
[release/6.0] Add explicit null-check for tailcalls to VSD (#62769)
d575a6f 
* Add explicit null-check for tailcalls to VSD

There is already a comment that this is necessary, but it is only being
done for x86 tailcalls via jit helper. Do it for normal tailcalls to VSD
as well.

Fix #61486

* Revert cleanup to make potential backport easier

Co-authored-by: Jakob Botsch Nielsen <[email protected]>
@ghost ghost locked as resolved and limited conversation to collaborators Jan 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jakobbotsch jakobbotsch

Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI bug
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

Add explicit null-check for tailcalls to VSD jakobbotsch/runtime
7 participants
@karelz @danmoseley @jkotas @jakobbotsch @PJB3005 @janvorli @rickbrew