Random access violations

zd · Post by zd » Tue 10 Aug 2010 08:55

Hello!

There is a strange error that keeps appearing totally randomly, only on Vista/Windows 7 systems (at least I've not seen it XP yet!) and I think it might be related to IBDAC.

I'm getting two kinds of error messages:
1. Access violation at address 057E36EF in module 'fbclient.dll'. Write of address 4F4C09FD.
2. Access violation at address 77996BF0 in module 'ntdll.dll'. Write of address 00000050.

Luckily, I'm using EurekaLog to trace back errors, and I have found the following:

1. The error usually happens when TIBCQuery.Open OR TIBCQuery.ExecSQL is called.
2. The error occurs at totally random times and can't be reproduced intentionally. Sometime it doesn't occur for weeks and sometimes it just strikes out of nowhere.
3. As I mentioned already, the error occurs only on Windows Vista/7, never on XP.

Now here is some more info, that Eurekalog shows:

Call stack for the fbclient.dll error:

Address Module Procedure/Method
057EB30B fbclient.dll gds__free
057EB300 fbclient.dll gds__free
057F2E90 fbclient.dll gds__thread_exit

Assembler for the fbclient.dll error:

Code: Select all

057E36D7  mov     eax, [ecx+$08]
057E36DA  test    eax, eax
057E36DC  push    esi
057E36DD  lea     esi, [ecx+$0C]
057E36E0  push    edi
057E36E1  mov     edi, [esi]
057E36E3  jz      +$13
057E36E5  test    edi, edi
057E36E7  mov     [eax], edi
057E36E9  jz      +$00000089
057E36EF  mov     [edi-$04], eax  ; <-- EXCEPTION
057E36F2  pop     edi
057E36F3  pop     esi
057E36F4  pop     ebp
057E36F5  ret     $04

Call stack for the ntdll error:

Address Module Procedure/Method
77712E7B ntdll.dll RtlEnterCriticalSection
1000BA5D fbclient.dll gds__alloc
1000BA50 fbclient.dll gds__alloc
100132F0 fbclient.dll gds__thread_enter
1001FF60 fbclient.dll isc_dsql_allocate_statement

Assembler for the ntdll error:

Code: Select all

; RtlEnterCriticalSection (Line=0 - Offset=0)
; -------------------------------------------
77712E69  mov     edi, edi
77712E6B  push    ebp
77712E6C  mov     ebp, esp
77712E6E  sub     esp, +$0C
77712E71  push    esi
77712E72  push    edi
77712E73  mov     edi, [ebp+$08]
77712E76  lea     esi, [edi+$04]
77712E79  mov     eax, esi
77712E7B  lock                                                           ; <-- EXCEPTION
77712E7C  DB      $0F, $BA, $30, $00  //           dword ptr [eax], $00
77712E80  jnb     +$00022E6E
77712E86  mov     eax, dword ptr [$0018]
77712E8C  mov     ecx, [eax+$24]
77712E8F  mov     [edi+$0C], ecx
77712E92  mov     dword ptr [edi+$08], $00000001                         ; ''...

More background info:
This happens under Firebird 2.1.1.
I've tried connecting to the server using fbclient.dll of Firebird 2.1.3, but the same keeps happening.

I'm using Delphi7 with an older version of IBDAC (2.50.0.39).

Any ideas?

Thanks!

Dimon · Post by **Dimon** » Thu 12 Aug 2010 07:31

Please, check that you don't free objects (e.g. TIBCConnection) a few times, for example, in the main and secondary threads. IBDAC can work in multithread applications, so it is thread safe. But the restriction is that you cannot use one component for more than one thread simultaneously.

Also please, try to download the latest IBDAC build (3.10.0.15) and check if this problem still exists.

zd · Post by zd » Fri 13 Aug 2010 12:58

Hello!

I'm using only one connection object and it's only freed upon program termination, automatically.

Please note that apart from the main thread, no other thread is using any of the IBDAC components.

There is an OLE automation server in the program but it uses the "tmSingle" threading model - thus its DB calls should be executed in the program's main thread. And you also have to know that when these errors occured in the past, nothing was using the automation server.

The problem with upgrading to a newer version of IBDAC is that it could likely introduce new bugs (in the past upon upgrading to newer versions certain issues came up from time to time) and I can't go through the whole application right now to test it for possible problems caused by the upgrade.

The other problem is that sometimes the problem doesn't occur for weeks on the test computers, but I do get Eurekalog error reports with this issue from users of the program.

BTW: The program relies heavily TIBCAlerter, is there a chance the it could be causing these problems?

Any other ideas?

Thanks!

Dimon · Post by **Dimon** » Fri 13 Aug 2010 14:00

I can not reproduce the problem.
Please, try to download the latest IBDAC build (3.10.0.15) and check if this problem still exists.

zd · Post by zd » Sat 14 Aug 2010 18:43

Is there anything that makes you believe that this bug has been corrected in the newest release? Because I'd really hate to invest expensive days of testing due to the upgrade just to have the same issue come up...

Thanks!

zd · Post by zd » Sat 14 Aug 2010 18:49

BTW: Here is a memory dump for the ntdll.dll issue. Who knows, it might be able to help!

Code: Select all

Registers:
-----------------------------
EAX: 00000050   EDI: 0000004C
EBX: 00000000   ESI: 00000050
ECX: 0000004C   ESP: 0012F38C
EDX: 00001638   EIP: 77996BF0

Stack:               Memory Dump:
------------------   ---------------------------------------------------------------------------
0012F38C: FFFFFFFF   77996BF0: F0 0F BA 30 00 0F 83 B0 F3 00 00 64 A1 18 00 00  ...0.......d....
0012F390: 01F70014   77996C00: 00 8B 48 24 89 4F 0C C7 47 08 01 00 00 00 5F 33  ..H$.O..G....._3
0012F394: 02201CE0   77996C10: C0 5E 8B E5 5D C2 04 00 68 5D D7 96 77 64 FF 35  .^..]...h]..wd.5
0012F398: 00000000   77996C20: 00 00 00 00 8B 44 24 10 89 6C 24 10 8D 6C 24 10  .....D$..l$..l$.
0012F39C: 0012F468   77996C30: 2B E0 53 56 57 A1 E8 71 A2 77 31 45 FC 33 C5 50  +.SVW..q.w1E.3.P
0012F3A0: 00000024   77996C40: 89 65 E8 FF 75 F8 8B 45 FC C7 45 FC FE FF FF FF  .e..u..E..E.....
0012F3A4: 10003DC0   77996C50: 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0  .E..E.d.......M.
0012F3A8: 0000004C   77996C60: 64 89 0D 00 00 00 00 59 5F 5F 5E 5B 8B E5 5D 51  d......Y__^[..]Q
0012F3AC: FFFFFFFF   77996C70: C3 CC 41 00 70 00 69 00 50 00 6F 00 72 00 74 00  ..A.p.i.P.o.r.t.
0012F3B0: 00000000   77996C80: 00 00 53 00 68 00 61 00 72 00 65 00 64 00 53 00  ..S.h.a.r.e.d.S.
0012F3B4: 0012F408   77996C90: 65 00 63 00 74 00 69 00 6F 00 6E 00 00 00 43 00  e.c.t.i.o.n...C.
0012F3B8: 00000000   77996CA0: 53 00 52 00 50 00 4F 00 52 00 54 00 21 00 00 00  S.R.P.O.R.T.!...
0012F3BC: 00000000   77996CB0: 43 00 41 00 50 00 54 00 55 00 52 00 45 00 00 00  C.A.P.T.U.R.E...
0012F3C0: 000000F5   77996CC0: 00 00 5C 00 53 00 65 00 73 00 73 00 69 00 6F 00  ..\.S.e.s.s.i.o.
0012F3C4: 1000BA62   77996CD0: 6E 00 73 00 5C 00 25 00 6C 00 64 00 5C 00 57 00  n.s.\.%.l.d.\.W.
0012F3C8: 00000024   77996CE0: 69 00 6E 00 64 00 6F 00 77 00 73 00 5C 00 53 00  i.n.d.o.w.s.\.

Dimon · Post by **Dimon** » Mon 16 Aug 2010 09:39

Unfortunately, the information you have provided is not enough to reproduce your issue.

zd · Post by zd » Fri 15 Oct 2010 15:09

Hello Dimon!

I've upgraded to the latest version of IBDAC and unfortunately, the same problem has just reappeared.

It appears totally hectically (sometimes the problem doesn't appear for days), but always when my program is trying to execute a query using IBDAC. (The exact query doesn't matter, it usually happens at different parts of the program)

Please note that this time it's you who'll need to look into the IBDAC code as there is no way I can consistently reproduct this.

Here are two error logs, the first appeared after executing a query, the second one in the same session after executing another one!

Code: Select all

  2.2 Address       : 100036EF
  2.3 Module Name   : fbclient.dll - (Firebird SQL Server)
  2.4 Module Version: 2.1.3.18185
  2.5 Type          : EAccessViolation
  2.6 Message       : Access violation at address 100036EF in module 'fbclient.dll'. Write of address 4F4C09FD.

--------------------------------------------------------------------------------------------------------------------
|Address |Module      |Unit                     |Class                   |Procedure/Method               |Line     |
--------------------------------------------------------------------------------------------------------------------
|Running Thread: ID=4536; Priority=0; Class=; [Main]                                                               |
|------------------------------------------------------------------------------------------------------------------|
|1000B30B|fbclient.dll|                         |                        |gds__free                      |         |
|1000B300|fbclient.dll|                         |                        |gds__free                      |         |
|77A87C91|ntdll.dll   |                         |                        |RtlMultiByteToUnicodeN         |         |
|77A848CE|ntdll.dll   |                         |                        |NtFindAtom                     |         |
|76FAA299|user32.dll  |                         |                        |EndPaint                       |         |
|76FB1020|user32.dll  |                         |                        |PtInRect                       |         |
|76FB0B31|user32.dll  |                         |                        |SendMessageW                   |         |
|76FBB754|user32.dll  |                         |                        |CallWindowProcA                |         |
|76FBB73E|user32.dll  |                         |                        |CallWindowProcA                |         |
|77A68AB0|ntdll.dll   |                         |                        |RtlLeaveCriticalSection        |         |
|76F9A986|user32.dll  |                         |                        |GetCapture                     |         |
|76FA8B77|user32.dll  |                         |                        |DispatchMessageA               |         |
|76FA8B6D|user32.dll  |                         |                        |DispatchMessageA               |         |
|77BED0E7|kernel32.dll|                         |                        |BaseThreadInitThunk            |         |
|------------------------------------------------------------------------------------------------------------------|


  2.2 Address       : 77A68B02
  2.3 Module Name   : ntdll.dll - (NT réteg DLL)
  2.4 Module Version: 6.0.6002.18005
  2.5 Type          : EAccessViolation
  2.6 Message       : Access violation at address 77A68B02 in module 'ntdll.dll'. Write of address 00000050.
  2.7 ID            : 4C99

----------------------------------------------------------------------------------------------------------------
|Address |Module      |Unit                     |Class                   |Procedure/Method           |Line     |
----------------------------------------------------------------------------------------------------------------
|*Exception Thread: ID=4536; Priority=0; Class=; [Main]                                                        |
|--------------------------------------------------------------------------------------------------------------|
|77A68B02|ntdll.dll   |                         |                        |RtlEnterCriticalSection    |         |
|76FA6B3C|user32.dll  |                         |                        |CharUpperBuffA             |         |
|1000BA5D|fbclient.dll|                         |                        |gds__alloc                 |         |
|1000BA50|fbclient.dll|                         |                        |gds__alloc                 |         |
|100132F0|fbclient.dll|                         |                        |gds__thread_enter          |         |
|1001FF60|fbclient.dll|                         |                        |isc_dsql_allocate_statement|         |
|77A87C91|ntdll.dll   |                         |                        |RtlMultiByteToUnicodeN     |         |
|77A848CE|ntdll.dll   |                         |                        |NtFindAtom                 |         |
|76FB1020|user32.dll  |                         |                        |PtInRect                   |         |
|76FB0B31|user32.dll  |                         |                        |SendMessageW               |         |
|76FBB754|user32.dll  |                         |                        |CallWindowProcA            |         |
|76FBB73E|user32.dll  |                         |                        |CallWindowProcA            |         |
|77A8427E|ntdll.dll   |                         |                        |NtAlpcSendWaitReceivePort  |         |
|77A68AB0|ntdll.dll   |                         |                        |RtlLeaveCriticalSection    |         |
|76F9A986|user32.dll  |                         |                        |GetCapture                 |         |
|76FA8B77|user32.dll  |                         |                        |DispatchMessageA           |         |
|76FA8B6D|user32.dll  |                         |                        |DispatchMessageA           |         |
|77BED0E7|kernel32.dll|                         |                        |BaseThreadInitThunk        |         |
|--------------------------------------------------------------------------------------------------------------|

Thank you!

zd · Post by zd » Thu 21 Oct 2010 17:00

Hello! Any news about this?

I'm in desperate need of solving this problem as today it arise again.

I believe this must be an error in the IBCAlerter component!

Attaching newer details:

Code: Select all

 2.3 Module Name   : fbclient.dll - (Firebird SQL Server)
  2.4 Module Version: 2.1.3.18185
  2.5 Type          : EAccessViolation
  2.6 Message       : Access violation at address 04BC36EF in module 'fbclient.dll'. Write of address 4F4C09FD.
  2.7 ID            : 096B


|04BCB30B|fbclient.dll|                         |                        |gds__free                  |         |
|04BCB300|fbclient.dll|                         |                        |gds__free                  |         |
|007A8EDE|MyProg.exe|mainmenu.pas             |TMain                   |DBAlerterEvent             |5899[45] |
|76B28B77|user32.dll  |                         |                        |DispatchMessageA           |         |
|76B28B6D|user32.dll  |                         |                        |DispatchMessageA           |         |
|0085AE82|MyProg.exe|MyProg.dpr             |                        |                           |369[215] |
|7648D0E7|kernel32.dll|                         |                        |BaseThreadInitThunk        |         |
|--------------------------------------------------------------------------------------------------------------|

  2.3 Module Name   : ntdll.dll - (NT réteg DLL)
  2.4 Module Version: 6.0.6002.18005
  2.5 Type          : EAccessViolation
  2.6 Message       : Access violation at address 77A68B02 in module 'ntdll.dll'. Write of address 00000050.
  2.7 ID            : E2EC


|77A68B02|ntdll.dll   |                         |                        |RtlEnterCriticalSection    |         |
|04BCBA5D|fbclient.dll|                         |                        |gds__alloc                 |         |
|04BCBA50|fbclient.dll|                         |                        |gds__alloc                 |         |
|04BD32F0|fbclient.dll|                         |                        |gds__thread_enter          |         |
|76489C43|kernel32.dll|                         |                        |CompareStringW             |         |
|76489BEB|kernel32.dll|                         |                        |CompareStringW             |         |
|04BDFF60|fbclient.dll|                         |                        |isc_dsql_allocate_statement|         |

...

Please let me know if I have started investing this issue!

Thanks

Dimon · Post by **Dimon** » Thu 28 Oct 2010 12:43

Please specify the IBDAC version you are using.

zd · Post by zd » Fri 29 Oct 2010 07:20

Hello Dimon!

I'm using 3.50.0.17.

Any ideas?

Dimon · Post by **Dimon** » Tue 02 Nov 2010 11:08

We have fixed this problem. This fix will be included in the next IBDAC build.

zd · Post by zd » Wed 10 Nov 2010 22:43

Thanks, I'm currently testing the new version and I'll report back if the problem is gone!