search

intrepidcs / python_ics

Library for interfacing with Intrepid devices in Python
MIT License
62 stars 31 forks source link

Access Violation error when calling ics.set_bit_rate #71

Closed pierreluctg closed 4 years ago

pierreluctg commented 4 years ago

Under certain condition calling ics.set_bit_rate triggers a access violation error and cause Python to crash.

The following code can be use to reproduce the issue.

The loop is there a account for different environment. From my observation modifying the environment variable with this loop cause the issue.

The use of subprocess is simply to be able to trigger the issue without causing the main loop to crash.

PYTHONFAULTHANDLER environment variable is there to cause Python to output the stack trace when hitting the fault (0xC0000005 / Access Violation).

from multiprocessing import Process

def open_and_set_bitrate():
    import ics

    devices = ics.find_devices()
    device = devices[0]
    print(device)
    ics.open_device(device)

    try:
        channel = 1
        bit_rate = 500000
        print("Attempting to set channel {} Bit Rate to {} ...".format(channel, bit_rate))
        ics.set_bit_rate(device, bit_rate, channel)
        print("Bit Rate Set to {}".format(bit_rate))

    finally:
        error_count = ics.close_device(device)
        print("Error Count: {}".format(error_count))

def main():
    import os
    os.environ["PYTHONFAULTHANDLER"] = '1'
    os.environ["ENVABC"] = ''
    os.environ["PYTHONPATH"] = ''

    while len(os.environ["ENVABC"]) < 500:

        os.environ["ENVABC"] += '#' * 10

        print(os.environ["ENVABC"])
        print(len(os.environ["ENVABC"]))

        p = Process(target=open_and_set_bitrate)
        p.start()

        p.join()
        if p.exitcode == 0xC0000005:
            print("Access Violation")
        elif p.exitcode != 0:
            print("Some other error ({})".format(p.exitcode))
        else:
            print("Open and SetBitrate was successful")

if __name__ == '__main__':
    main()
pierreluctg commented 4 years ago

With the code above, we see the issue when using ValueCAN4-2. but not when using ValueCAN3.

drebbe-intrepid commented 4 years ago

@pierreluctg Can you supply me with a few things:

-Stack Trace output -Windows Version (32/64bit) -Intrepid Product being used -icsneo40.dll version

pierreluctg commented 4 years ago

Current thread 0x00013ed4 (most recent call first): File "C:\Users\ptessie3.PyCharm2019.3\config\scratches\scratch_78.py", line 15 in open_and_set_bitrate File "C:\Python36-64\lib\multiprocessing\process.py", line 93 in run File "C:\Python36-64\lib\multiprocessing\process.py", line 258 in _bootstrap File "C:\Python36-64\lib\multiprocessing\spawn.py", line 118 in _main File "C:\Python36-64\lib\multiprocessing\spawn.py", line 105 in spawn_main File "", line 1 in 


- Process dump

*** WARNING: Unable to verify checksum for ics.cp36-win_amd64.pyd

KEY_VALUES_STRING: 1

Key  : AV.Fault
Value: Read

Key  : Timeline.OS.Boot.DeltaSec
Value: 610045

Key  : Timeline.Process.Start.DeltaSec
Value: 6

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start Name: Time: 2020-02-05T19:58:13.657Z Diff: 165657 mSec

Timeline: Dump.Current Name: Time: 2020-02-05T19:55:28.0Z Diff: 0 mSec

Timeline: Process.Start Name: Time: 2020-02-05T19:55:22.0Z Diff: 6000 mSec

Timeline: OS.Boot Name: Time: 2020-01-29T18:28:03.0Z Diff: 610045000 mSec

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT: (.ecxr) rax=0000000000000000 rbx=0000000000000001 rcx=000000ed091edaf0 rdx=0000014383cd1518 rsi=00000230980b6f50 rdi=000002308cebeed0 rip=00007ffec0cacf5a rsp=000000ed091ed908 rbp=000000ed091eda10 r8=0000000000000390 r9=0000000000000016 r10=000002308cebf000 r11=000000ed091eda10 r12=0000000000000001 r13=000000000007a120 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 icsneo40!icsneoClearReflashDisplayCallbacks+0x41a8a: 00007ffec0cacf5a 4c8b540af8 mov r10,qword ptr [rdx+rcx-8] ds:000002308cebf000=???????????????? Resetting default scope

FAULTING_IP: icsneo40!icsneoClearReflashDisplayCallbacks+41a8a 00007ffe`c0cacf5a 4c8b540af8 mov r10,qword ptr [rdx+rcx-8]

EXCEPTION_RECORD: (.exr -1) ExceptionAddress: 00007ffec0cacf5a (icsneo40!icsneoClearReflashDisplayCallbacks+0x0000000000041a8a) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 000002308cebf000 Attempt to read from address 000002308cebf000

DEFAULT_BUCKET_ID: INVALID_POINTER_READ

PROCESS_NAME: python.exe

FOLLOWUP_IP: icsneo40!icsneoClearReflashDisplayCallbacks+41a8a 00007ffe`c0cacf5a 4c8b540af8 mov r10,qword ptr [rdx+rcx-8]

READ_ADDRESS: 000002308cebf000

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000002308cebf000

WATSON_BKT_PROCSTAMP: 5c20260d

WATSON_BKT_PROCVER: 3.6.8150.1013

PROCESS_VER_PRODUCT: Python

WATSON_BKT_MODULE: icsneo40.dll

WATSON_BKT_MODSTAMP: 5d558221

WATSON_BKT_MODOFFSET: 13cf5a

WATSON_BKT_MODVER: 3.9.0.81

MODULE_VER_PRODUCT: Intrepid Hardware DLL Library

BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434

MODLIST_WITH_TSCHKSUM_HASH: e065aae023471be1db93022341fbbb4e1bf2dbeb

MODLIST_SHA1_HASH: 4740ebc49b520422c98820d710202a8da112d6a7

COMMENT:
"c:\tools\SysinternalsSuite\procdump.exe" -accepteula -ma -j "c:\Dumps" 24616 720 0000023098320000 Just-In-Time debugger. PID: 24616 Event Handle: 720 JIT Context: .jdinfo 0x23098320000

NTGLOBALFLAG: 0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS: 0

PRODUCT_TYPE: 1

SUITE_MASK: 272

DUMP_FLAGS: 8000c07

DUMP_TYPE: 3

ANALYSIS_SESSION_HOST: WGC1CV4VX9DH2

ANALYSIS_SESSION_TIME: 02-05-2020 14:58:13.0657

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

THREAD_ATTRIBUTES: OS_LOCALE: ENU

BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ

PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT

PROBLEM_CLASSES: 

ID:     [0n313]
Type:   [@ACCESS_VIOLATION]
Class:  Addendum
Scope:  BUCKET_ID
Name:   Omit
Data:   Omit
PID:    [Unspecified]
TID:    [0x646c]
Frame:  [0] : icsneo40!icsneoClearReflashDisplayCallbacks

ID:     [0n285]
Type:   [INVALID_POINTER_READ]
Class:  Primary
Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
        BUCKET_ID
Name:   Add
Data:   Omit
PID:    [Unspecified]
TID:    [0x646c]
Frame:  [0] : icsneo40!icsneoClearReflashDisplayCallbacks

LAST_CONTROL_TRANSFER: from 00007ffec0bcd704 to 00007ffec0cacf5a

STACK_TEXT:
000000ed091ed908 00007ffec0bcd704 : 000000ed091eda10 0000000000000001 00000230980b6f50 0000000000000000 : icsneo40!icsneoClearReflashDisplayCallbacks+0x41a8a 000000ed091ed910 00007ffec0bcd871 : 000000ed091ee398 00007fff21b9d997 000000ed00000040 00000230980b6f50 : icsneo40!Ordinal60+0x5d704 000000ed091ee180 00007ffec0caa27a : 0000023000000002 0000000000000000 0000000000000000 0000000074c3c921 : icsneo40!Ordinal60+0x5d871 000000ed091ee1c0 00007ffec0c6abf8 : 000002308cdcee98 0000000000000000 000002308a7e6410 000000000007a120 : icsneo40!icsneoClearReflashDisplayCallbacks+0x3edaa 000000ed091ee2f0 00007ffeec7135ae : 000002308a7ef3e0 000002308cdcee98 0000000000000000 000000ed091ee354 : icsneo40!neoCM_DownloadDPSApp+0x1ce8 000000ed091ee320 0000000074c57a45 : 000002308cc43c60 0000000000000000 0000000000000000 000002308a7a7630 : ics_cp36_win_amd64!PyInit_ics+0xe50e 000000ed091ee5f0 0000000074c58119 : 000002308cc06948 000000ed091ee7e8 000002308c732c08 000002308cc06948 : python36!PyCFunction_FastCallDict+0x195 000000ed091ee670 0000000074c58b4e : 0000000074ef7d30 000000ed091ee7f9 000002308cc0af60 000002308c7cdc68 : python36!PyObject_GetAttr+0x399 000000ed091ee750 0000000074c55728 : 000002308c732a38 000002308c9ba198 00000230ffffffff 00000230ffffffff : python36!PyEval_EvalFrameDefault+0x2ae 000000ed091ee860 0000000074c42df5 : 0000000000000000 000002308a740048 0000000000000000 000002308a740060 : python36!PyObject_Free+0x3e8 000000ed091ee910 0000000074c4d7b0 : 000002308cc02400 000002308a740048 0000000000000000 0000000000000000 : python36!PyCompile_OpcodeStackEffect+0x4e9 000000ed091ee9e0 0000000074c59955 : 000002308cbe6af8 000000ed091eead9 000002308cc02400 000002308a740048 : python36!PyObject_IsSubclass+0x248 000000ed091eea30 0000000074c582e0 : 000002308cc01048 000002308a7ef3e0 00000230ffffffff 00000230ffffffff : python36!PyEval_EvalFrameDefault+0x10b5 000000ed091eeb40 0000000074c58b4e : 000002308c9bb318 000000ed091eecc9 0000000074ef7d30 000002308a777438 : python36!PyObject_GetAttr+0x560 000000ed091eec20 0000000074c582e0 : 000002308a7c58a8 000002308a7ef3e0 00000230ffffffff 00000230ffffffff : python36!PyEval_EvalFrameDefault+0x2ae 000000ed091eed30 0000000074c58b4e : 000002308c9c7318 0000000074ef7d30 0000000074ef7d30 0000000074ef7d30 : python36!PyObject_GetAttr+0x560 000000ed091eee10 0000000074c582e0 : 000002308c7ce568 000002308a7ef3e0 00000230ffffffff 00000230ffffffff : python36!PyEval_EvalFrameDefault+0x2ae 000000ed091eef20 0000000074c58b4e : 000002308c6f0f10 000000ed091ef0a9 000002308c7a3f80 0000000000000000 : python36!PyObject_GetAttr+0x560 000000ed091ef000 0000000074c55728 : 000002308a8a5258 0000000000000000 00000230ffffffff 00000230ffffffff : python36!PyEval_EvalFrameDefault+0x2ae 000000ed091ef110 0000000074c58587 : 0000000000000003 000002308c80b230 000000ed091ef340 000002308a868b08 : python36!PyObject_Free+0x3e8 000000ed091ef1c0 0000000074c597a2 : 000002308c810fa0 000002308c6ebdb8 000002308c5849b0 000000ed091ef349 : python36!PyObject_GetAttr+0x807 000000ed091ef2a0 0000000074c55728 : 000002308a868988 0000000000000000 000000edffffffff 00000000ffffffff : python36!PyEval_EvalFrameDefault+0xf02 000000ed091ef3b0 0000000074c2b45f : 0000000000000000 000000ed091ef778 0000000000000000 0000000000000000 : python36!PyObject_Free+0x3e8 000000ed091ef460 0000000074c2b3bd : 000002308c577930 000002308aa86870 000002308a79f550 000000ed091ef778 : python36!PyEval_EvalCodeEx+0x9b 000000ed091ef4f0 0000000074c2b367 : 0000000000000000 000002308aa86870 000002308aa86870 0000000000000000 : python36!PyEval_EvalCode+0x2d 000000ed091ef560 0000000074c2b291 : 0000000000000000 000002308c5844f0 000002308c5844f0 0000023000000000 : python36!PyArena_Free+0xa7 000000ed091ef5a0 0000000074c6344d : 000000ed091ef778 000000ed091ef778 000002308c577930 000002308c577930 : python36!PyRun_StringFlags+0x89 000000ed091ef600 0000000074c633d7 : 000002308c5a36b0 0000000000000001 0000000000000001 0000000000000002 : python36!PyRun_SimpleStringFlags+0x45 000000ed091ef640 0000000074c6315e : 0000000000000000 0000000000000000 0000000000000000 0000000000000200 : python36!PyOS_GetOpt+0x1ff 000000ed091ef670 000000001c061258 : 0000000000000004 0000000000000000 0000000000000000 0000000000000000 : python36!Py_Main+0x3ba 000000ed091ef770 00007fff21a07974 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : python+0x1258 000000ed091ef7b0 00007fff21bfa271 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0x14 000000ed091ef7e0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21

THREAD_SHA1_HASH_MOD_FUNC: be4dfad5707f930bcc627c6383edecfdf00dbe1a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a313da5a0aa5ee4bd9aebc394bfa350d7dc5ee41

THREAD_SHA1_HASH_MOD: 11510c7033a17639a22a22bbbb5a9e3a900cacb1

FAULT_INSTR_CODE: a548b4c

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: icsneo40!icsneoClearReflashDisplayCallbacks+41a8a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: icsneo40

IMAGE_NAME: icsneo40.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 5d558221

STACK_COMMAND: ~0s ; .ecxr ; kb

FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_icsneo40.dll!icsneoClearReflashDisplayCallbacks

BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_icsneo40!icsneoClearReflashDisplayCallbacks+41a8a

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: icsneo40.dll

BUCKET_ID_IMAGE_STR: icsneo40.dll

FAILURE_MODULE_NAME: icsneo40

BUCKET_ID_MODULE_STR: icsneo40

FAILURE_FUNCTION_NAME: icsneoClearReflashDisplayCallbacks

BUCKET_ID_FUNCTION_STR: icsneoClearReflashDisplayCallbacks

BUCKET_ID_OFFSET: 41a8a

BUCKET_ID_MODTIMEDATESTAMP: 5d558221

BUCKET_ID_MODCHECKSUM: 385724d

BUCKET_ID_MODVER_STR: 3.9.0.81

BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_INVALID_POINTERREAD

FAILURE_PROBLEM_CLASS: APPLICATION_FAULT

FAILURE_SYMBOL_NAME: icsneo40.dll!icsneoClearReflashDisplayCallbacks

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/python.exe/3.6.8150.1013/5c20260d/icsneo40.dll/3.9.0.81/5d558221/c0000005/0013cf5a.htm?Retriage=1

TARGET_TIME: 2020-02-05T19:55:28.000Z

OSBUILD: 17763

OSSERVICEPACK: 475

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt SingleUserTS

USER_LCID: 0

OSBUILD_TIMESTAMP: 1989-09-10 02:58:46

BUILDDATESTAMP_STR: 180914-1434

BUILDLAB_STR: rs5_release

BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME: 7b4

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:invalid_pointer_read_c0000005_icsneo40.dll!icsneoclearreflashdisplaycallbacks

FAILURE_ID_HASH: {f4cfaa5b-2a28-e78a-aa41-91b73a66542b}

Followup: MachineOwner


- Windows Version (32/64bit)
    Windows 10 64 bit (1809)
- Intrepid Product being used
    What we observe is that ValueCAN4-2 is affected but not the ValueCAN3.
- icsneo40.dll version
    We have tried 3.8.3.104 and 3.9.0.81
- python-ics version
    Tried 3.2.post2, 4.3 and 5.0 (master branch)
- Python version
    Tried 3.6 and 3.7
drebbe-intrepid commented 4 years ago

@pierreluctg Thanks, I'll look into this ASAP, at first look this seems to be something internal to icsneo40 dll. I'll let you know what I find.

drebbe-intrepid commented 4 years ago

@pierreluctg I was able to reproduce it here. I'll let you know what I find.

pierreluctg commented 4 years ago

Not a python-ics issue. @drebbe-intrepid is pushing a fix in the driver.

Thank you @drebbe-intrepid