The application hangs and then crashes (unmanaged heap corruption)

[dongzhaosheng73]

Description

describe：
I have a commercial application that is still under development using WPF. When it crashes under certain circumstances, I capture a dump file.

`*** WARNING: Check Image - Checksum mismatch - Dump: 0x1b0447, File: 0x1b5518 - C:\ProgramData\Dbg\sym\ntdll.dll\FC3ED07C1B1000\ntdll.dll
ClrmaManagedAnalysis::GetThread 4dc8
ClrmaThread::Initialize 4dc8
~ClrmaThread
ClrmaManagedAnalysis::get_ProviderName
ClrmaManagedAnalysis::GetThread ffffffff
ClrmaThread::Initialize 4dc8
ClrmaThread::get_CurrentException
ClrmaThread::get_NestedExceptionCount
~ClrmaThread

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 421

Key  : Analysis.Elapsed.mSec
Value: 41976

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 1

Key  : Analysis.IO.Write.Mb
Value: 10

Key  : Analysis.Init.CPU.mSec
Value: 62

Key  : Analysis.Init.Elapsed.mSec
Value: 19668

Key  : Analysis.Memory.CommitPeak.Mb
Value: 151

Key  : Analysis.Version.DbgEng
Value: 10.0.29482.1003

Key  : Analysis.Version.Description
Value: 10.2509.29.03 x86fre

Key  : Analysis.Version.Ext
Value: 1.2509.29.3

Key  : CLR.Engine
Value: CORECLR

Key  : CLR.Version
Value: 6.0.1322.58009

Key  : Failure.Bucket
Value: HEAP_CORRUPTION_c0000374_op.exe!heap_corruption

Key  : Failure.Exception.Code
Value: 0xc0000374

Key  : Failure.Exception.IP.Address
Value: 0x777fd2ef

Key  : Failure.Exception.IP.Module
Value: ntdll

Key  : Failure.Exception.IP.Offset
Value: 0xed2ef

Key  : Failure.Hash
Value: {60809386-2672-8daa-67ad-e26308d5e9b4}

Key  : Failure.ProblemClass.Primary
Value: HEAP_CORRUPTION

Key  : Faulting.IP.Type
Value: Paged

Key  : Timeline.OS.Boot.DeltaSec
Value: 2193

Key  : Timeline.Process.Start.DeltaSec
Value: 22

Key  : WER.OS.Branch
Value: ni_release

Key  : WER.OS.Version
Value: 10.0.22621.1

Key  : WER.Process.Version
Value: 2.4.9494.32766

FILE_IN_CAB: op.exe.14400.dmp

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

CONTEXT: (.ecxr)
eax=09f6e7b0 ebx=15a098b8 ecx=09f6e7e0 edx=7783b918 esi=00000002 edi=008c0000
eip=777fd2ef esp=09f6e788 ebp=09f6e7c0 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!RtlReportFatalFailure+0x16:
777fd2ef eb33 jmp ntdll!RtlReportFatalFailure+0x4b (777fd324)
Resetting default scope

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 777fd2ef (ntdll!RtlReportFatalFailure+0x00000016)
ExceptionCode: c0000374
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 7783b918

PROCESS_NAME: op.exe

ERROR_CODE: (NTSTATUS) 0xc0000374 -

EXCEPTION_CODE_STR: c0000374

EXCEPTION_PARAMETER1: 7783b918

ADDITIONAL_DEBUG_TEXT: Enable Pageheap/AutoVerifer

FAULTING_THREAD: 4dc8

STACK_TEXT:
00000000 00000000 op.exe!heap_corruption+0x0
00000000 00000000 unknown![~7s]+0x0
09f6e788 777fd2ef ntdll!RtlReportFatalFailure+0x0
09f6e7c8 777fd2c1 ntdll!RtlReportCriticalFailure+0x0
09f6e85c 77806523 ntdll!RtlpReportHeapFailure+0x0
09f6e868 7780435e ntdll!RtlpHpHeapHandleError+0x0
09f6e898 7780ce9b ntdll!RtlpLogHeapFailure+0x0
09f6e8b0 7775dc2d ntdll!RtlpAllocateHeap+0x0
09f6ea48 7775cf92 ntdll!RtlpAllocateHeapInternal+0x0
09f6ead8 7775bf8e ntdll!RtlAllocateHeap+0x0
09f6eaf4 706a2016 coreclr!ClrMalloc+0x0
09f6eaf4 706a2016 coreclr!operator new[]+0x0
09f6eaf4 706a2016 coreclr!SBuffer::NewBuffer+0x0
09f6eaf4 706a2016 coreclr!SBuffer::ReallocateBuffer+0x0
09f6eb14 706fd998 coreclr!SBuffer::Preallocate+0x0
09f6eb14 706fd998 coreclr!SArrayICorJitInfo::PgoInstrumentationSchema,1::Preallocate+0x0
09f6eb14 706fd998 coreclr!SArrayICorJitInfo::PgoInstrumentationSchema,1::Append+0x0
09f6eb30 706412c7 coreclr!SArrayICorJitInfo::PgoInstrumentationSchema,1::Append+0x0
09f6eb30 706412c7 coreclr!R2RInstrumentationDataReader::operator+0x0
09f6eb6c 706a3feb coreclr!<lambda_1d26e9e4050a24736ac6a0420dcac393>::operator+0x0
09f6eb90 706a3f0b coreclr!ReadCompressedInts<<lambda_1d26e9e4050a24736ac6a0420dcac393> >+0x0
09f6ebb4 706a3ea coreclr!ReadInstrumentationData+0x0
09f6ec38 706a380b coreclr!PgoManager::getPgoInstrumentationResultsFromR2RFormat+0x0
09f6eea8 70689dca coreclr!ReadyToRunInfo::GetPgoInstrumentationData+0x0
09f6ef08 7068a15a coreclr!PgoManager::getPgoInstrumentationResultsInstance+0x0
09f6f090 7068a03d coreclr!PgoManager::getPgoInstrumentationResults+0x0
09f6f4b0 70689ef coreclr!CEEJitInfo::getPgoInstrumentationResults+0x0
09f6f50c 6fb5ebe8 clrjit!Compiler::compInitOptions+0x0
09f6f53c 6fb5e4ab clrjit!Compiler::compCompileHelper+0x0
09f6f594 6fb5e33b clrjit!Compiler::compCompile+0x0
09f6f600 6fb5d5e8 clrjit!jitNativeCode+0x0
09f6f6d0 6fb5cada clrjit!CILJit::compileMethod+0x0
09f6f71c 09f726d6 unknown!unknown+0x0
09f6f720 09f6f8c8 unknown!unknown+0x0
09f6f9d0 70647750 coreclr!MethodDesc::JitCompileCodeLocked+0x0
09f6fad8 7064702e coreclr!MethodDesc::JitCompileCodeLockedEventWrapper+0x0
09f6fb98 7069b8ac coreclr!MethodDesc::JitCompileCode+0x0
09f6fbf4 7069b6f3 coreclr!MethodDesc::PrepareILBasedCode+0x0
09f6fc24 7069b533 coreclr!MethodDesc::PrepareCode+0x0
09f6fc24 7069b533 coreclr!TieredCompilationManager::CompileCodeVersion+0x0
09f6fcd8 7069b48f coreclr!TieredCompilationManager::OptimizeMethod+0x0
09f6fcec 7069ae49 coreclr!TieredCompilationManager::DoBackgroundWork+0x0
09f6fddc 7070e235 coreclr!TieredCompilationManager::BackgroundWorkerStart+0x0
09f6fe40 7070e0f2 coreclr!TieredCompilationManager::BackgroundWorkerBootstrapper1+0x0
09f6fe6c 7069c7df coreclr!ManagedThreadBase_DispatchInner+0x0
09f6fe6c 7069c7df coreclr!ManagedThreadBase_DispatchMiddle+0x0
09f6fef0 7069c70f coreclr!ManagedThreadBase_DispatchOuter+0x0
09f6ff48 70720216 coreclr!ManagedThreadBase_FullTransition+0x0
09f6ff48 70720216 coreclr!ManagedThreadBase::KickOff+0x0
09f6ff48 70720216 coreclr!TieredCompilationManager::BackgroundWorkerBootstrapper0+0x0
09f6ff7c 761b7ba9 kernel32!BaseThreadInitThunk+0x0
09f6ff8c 7777bd2b ntdll!__RtlUserThreadStart+0x0
09f6ffe4 7777bcaf ntdll!_RtlUserThreadStart+0x0

STACK_COMMAND: ** Pseudo Context ** Pseudo ** Value: ffffffff ** ; kb

IP_IN_PAGED_CODE:
ntdll!RtlReportFatalFailure+16
777fd2ef eb33 jmp ntdll!RtlReportFatalFailure+0x4b (777fd324)

SYMBOL_NAME: op.exe!heap_corruption

MODULE_NAME: op_exe

IMAGE_NAME: op.exe

FAILURE_BUCKET_ID: HEAP_CORRUPTION_c0000374_op.exe!heap_corruption

OS_VERSION: 10.0.22621.1

BUILDLAB_STR: ni_release

OSPLATFORM_TYPE: x86

OSNAME: Windows 10

IMAGE_VERSION: 2.4.9494.32766

FAILURE_ID_HASH: {60809386-2672-8daa-67ad-e26308d5e9b4}

Followup: MachineOwner`

op.exe.14400.dmp

Reproduction Steps

The application hangs and then crashes after executing in a specific scenario.

Expected behavior

should not crash

Actual behavior

app carsh

Regression?

No response

Known Workarounds

none

Configuration

.net 6
win11 10.0.22000.2538
x64

Other information

No response

[MihuBot]

I'm a bot. Here is a possible related and/or duplicate issue (I may be wrong):

• Unmanaged crashes (heap corruption) on Windows 11 #68225

[jkotas]

.net 6

.NET 6 is out of support for more than a year. Could you please update to a supported .NET version? https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core

heap_corruption

This is unmanaged heap corruption. It is likely a bug in a 3rd party library that your app depends on. It is not possible to diagnose it from the crash dump. The stacktrace of the crash is unrelated to the code that corrupted the unmanaged heap. The first step to diagnose unmanaged heap corruptions on Windows is by enabling page heap and try to reproduce the crash. You can use your favorite LLM to guide you through that (prompt "How to diagnose heap corruption on Windows").

[dotnet-policy-service]

This issue has been marked needs-author-action and may be missing some important information.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/interop-contrib
See info in area-owners.md if you want to be subscribed.

[dotnet-policy-service]

This issue has been automatically marked no-recent-activity because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will remove no-recent-activity.