Application Verifier - Stop Codes - Networking

The following stop codes are contained in this set of tests.

Illegal networking API called from DllMain

Probable cause

A call was made to a networking API that does not support being called from within DllMain. Many Win32 APIs, not just Win32 networking APIs, cannot be called from DllMain. For more information, read the documentation on DllMain in the MSDN library. To identify the routine that made the call, dump the current stack trace by using the 'k' command in the debugger.

Information displayed by Application Verifier
  • Parameter 1 - Networking function being called from DllMain
  • Parameter 2 - Name of Dll making invalid call if not NULL
  • Parameter 3 - Not used
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: UNSUPPORTED_API_CALL_IN_DLLMAIN
  • Stop code: 0000e000
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Attempt to use a closed SOCKET

Probable cause

A SOCKET was used after it had been closed. To identify the routine that tried to use the closed SOCKET, dump the current stack trace by using the 'k' command in the debugger. To dump the stack trace of the routine that closed the SOCKET, use the dps command with the second parameter of the stop.

Information displayed by Application Verifier
  • Parameter 1 - SOCKET being accessed
  • Parameter 2 - Stack trace of the function that closed the SOCKET. Use dps to dump the stack trace if not NULL
  • Parameter 3 - Not used
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: WSA_SOCKET_ALREADY_CLOSED
  • Stop code: 0000e001
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Attempt to use an unknown SOCKET

Probable cause

An attempt was made to use an unknown value for a SOCKET that was not created by a call to Winsock. To see the stack trace of the routine that attempted this action, use the 'k' command in the debugger.

Information displayed by Application Verifier
  • Parameter 1 - SOCKET being accessed
  • Parameter 2 - Not used
  • Parameter 3 - Not used
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: WSA_INVALID_SOCKET_HANDLE
  • Stop code: 0000e002
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Leaked SOCKET handle detected

Probable cause

An open SOCKET from a Winsock base service provider was detected to have been leaked from a DLL being unloaded. To troubleshoot this stop, dump the stack trace of the thread that opened the SOCKET handle by using the dps command in the debugger on the second parameter of this verifier stop.

Information displayed by Application Verifier
  • Parameter 1 - SOCKET handle being leaked
  • Parameter 2 - Initialization stack trace. Use dps to dump the stack if not NULL
  • Parameter 3 - Thread ID of the thread that opened the handle
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: WSA_LEAKED_SOCKET_HANDLE
  • Stop code: 0000e003
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Attempt to use a closed SOCKET

Probable cause

A SOCKET from a Winsock base provider was used after it had been closed. This generally indicates a fault in a layered service provider (an LSP - a DLL between the application and Winsock). To identify the routine that tried to use the closed SOCKET, dump the current stack trace by using the 'k' command in the debugger. To dump the stack trace of the routine that closed the SOCKET, use the dps command with the second parameter of the stop.

Information displayed by Application Verifier
  • Parameter 1 - SOCKET being accessed.
  • Parameter 2 - Stack trace of the function that closed the SOCKET. Use dps to dump the stack trace if not NULL
  • Parameter 3 - Not used
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: WSP_SOCKET_ALREADY_CLOSED
  • Stop code: 0000e004
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Attempt to use an unknown SOCKET

Probable cause

An unknown SOCKET handle value was used by a Winsock layered service provider (LSP). This is generally pointing to a fault to a specific LSP layered between the application and Winsock. To identify the routine that tried to use the unknown SOCKET, dump the current stack trace by using the 'k' command in the debugger.

Information displayed by Application Verifier
  • Parameter 1 - SOCKET being accessed
  • Parameter 2 - Not used
  • Parameter 3 - Not used
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: WSP_INVALID_SOCKET_HANDLE
  • Stop code: 0000e005
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Leaked SOCKET handle detected

Probable cause

An open SOCKET from a Winsock base service provider was detected to have been leaked. This is generally pointing to a fault to a specific LSP layered between the application and Winsock. To troubleshoot this stop, dump the stack trace of the thread that opened the SOCKET handle by using the dps command in the debugger on the second parameter of this verifier stop.

Information displayed by Application Verifier
  • Parameter 1 - SOCKET handle being leaked
  • Parameter 2 - Initialization stack trace. Use dps to dump the stack if not NULL
  • Parameter 3 - Thread ID of the thread that opened the handle
  • Parameter 4 - Not used

Additional Information
  • Test Layer: Networking
  • Stop ID: WSP_LEAKED_SOCKET_HANDLE
  • Stop code: 0000e006
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

A Winsock API was called before a successful WSAStartup() or after a balancing successful WSACleanup() call was made

Probable cause

A call was made to a networking API before a successful WSAStarup() or after a balancing successful WSACleanup() call. WSAStartup is required to provide a reference count by any component using Winsock to guarantee initialization for Winsock API usage. An unbalance WSAStartup/WSACleanup call pattern by a component can lead to undefined behavior as this can cause the Winsock layer to unload libraries and release resources while still being used.

Information displayed by Application Verifier
  • Parameter 1 - Last successful WSAStartup call by this caller. Use dps to dump the stack if not NULL
  • Parameter 2 - Last successful WSACleanup call by this caller. Use dps to dump the stack if not NULL
  • Parameter 3 - Last successful WSAStartup call in this process. Use dps to dump the stack if not NULL
  • Parameter 4 - Last successful WSACleanup call in this process. Use dps to dump the stack if not NULL

Additional Information
  • Test Layer: Networking
  • Stop ID: WSA_NOT_INITIALIZED
  • Stop code: 0000e007
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Networking API called before a successful WSPStartup() or after a balancing successful WSPCleanup() call made

Probable cause

A call was made to a Winsock service provider API before a successful WSPStarup() or after a balancing successful WSPCleanup() call. This is generally pointing to a fault to a specific Winsock layered service provider (LSP) layered between the application and Winsock. WSPStartup is required to provide a reference count by any LSP using Winsock to guarantee initialization for Winsock service provider API usage. An unbalance WSPStartup/WSPCleanup call pattern by an LSP can lead to undefined behavior as this can cause the Winsock layer to unload libraries and release resources while still being used.

Information displayed by Application Verifier
  • Parameter 1 - Last successful WSPStartup call by this caller. Use dps to dump the stack if not NULL
  • Parameter 2 - Last successful WSPCleanup call by this caller. Use dps to dump the stack if not NULL
  • Parameter 3 - Last successful WSPStartup call in this process. Use dps to dump the stack if not NULL
  • Parameter 4 - Last successful WSPCleanup call in this process. Use dps to dump the stack if not NULL

Additional Information
  • Test Layer: Networking
  • Stop ID: WSP_NOT_INITIALIZED
  • Stop code: 0000e008
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

A Winsock name service provider API was called before a successful NSPStartup() or after a balancing successful NSPCleanup() call was made

Probable cause

A call was made to a Winsock name service provider API before a successful NSPStarup() or after a balancing successful NSPCleanup() call. This is generally pointing to a fault to a specific Winsock name service provider (NSP) layered between the application and Winsock. NSPStartup is required to provide a reference count by any NSP using Winsock to guarantee initialization for Winsock name service provider API usage. An unbalance NSPStartup/NSPCleanup call pattern by an NSP can lead to undefined behavior as this can cause the Winsock layer to unload libraries and release resources while still being used.

Information displayed by Application Verifier
  • Parameter 1 - Last successful NSPStartup call by this caller. Use dps to dump the stack if not NULL
  • Parameter 2 - Last successful NSPCleanup call by this caller. Use dps to dump the stack if not NULL
  • Parameter 3 - Last successful NSPStartup call in this process. Use dps to dump the stack if not NULL
  • Parameter 4 - Last successful NSPCleanup call in this process. Use dps to dump the stack if not NULL

Additional Information
  • Test Layer: Networking
  • Stop ID: NSP_NOT_INITIALIZED
  • Stop code: 0000e009
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

Use of an invalid Winsock extension function pointer detected

Probable cause

Microsoft Winsock Extension functions are callable only by querying Winsock for the function pointer value at runtime. The Winsock runtime has been unloaded since this function pointer was returned. The caller likely kept a copy of the function pointer after calling WSACleanup and tried to reuse it.

Information displayed by Application Verifier
  • Parameter 1 - Last call to get a Winsock function pointer. Use dps to dump the stack if not NULL
  • Parameter 2 - Last call that unloaded mswsock, invalidating the function pointers. Use dps to dump the stack if not NULL
  • Parameter 3 - Not used.
  • Parameter 4 - Not used.

Additional Information
  • Test Layer: Networking
  • Stop ID: INVALID_FUNCTION_POINTER_DETECTED
  • Stop code: 0000e00A
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

WSACleanup aborted and closed existing SOCKET handles underneath the code that owned those SOCKETs

Probable cause

WSACleanup was called decrementing the Winsock reference count to 0 while opened SOCKET handles existed in this process. Winsock closes any opened SOCKET handles when the reference count reaches zero. This is typically a bug in whomever is decrementing the Winsock reference count via WSACleanup too often (unbalanced with WSAStartup), or the SOCKET handles were no longer correctly being tracked by the caller (leaked). Type k in the debugger to show who is currently calling WSACleanup taking the Winsock reference count to 0.

Information displayed by Application Verifier
  • Parameter 1 - Number of sockets that were outstanding
  • Parameter 2 - Not used.
  • Parameter 3 - Not used.
  • Parameter 4 - Not used.

Additional Information
  • Test Layer: Networking
  • Stop ID: WSA_SOCKETS_ABORTED
  • Stop code: 0000e00B
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

WSPCleanup aborted and closed existing service provider SOCKET handles underneath the code that owned those SOCKETs

Probable cause

WSPCleanup was called by a layered service provider (LSP) decrementing the Winsock reference count to 0 while opened SOCKET handles existed in this process. Winsock closes any opened SOCKET handles when the reference count reaches zero. This is typically a bug in the LSP decrementing the Winsock reference count via WSPCleanup too often (unbalanced with WSPStartup), or the SOCKET handles were no longer correctly being tracked by the caller (leaked). Type k in the debugger to show who is currently calling WSPCleanup taking the Winsock reference count to 0.

Information displayed by Application Verifier
  • Parameter 1 - Number of service provider sockets that were outstanding
  • Parameter 2 - Not used.
  • Parameter 3 - Not used.
  • Parameter 4 - Not used.

Additional Information
  • Test Layer: Networking
  • Stop ID: WSP_SOCKETS_ABORTED
  • Stop code: 0000e00C
  • Severity: Error
  • One-time error: no
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The immediate return value, or GetLastError, is invalid for the current Winsock call. This generally points to a fault in a Service Provider

Probable cause

The value that is being returned, or the current value in GetLastError, is not following the specified Winsock 2 specification. This generally points to a bug in a layered service provider (LSP) - a DLL layered between the application and Winsock. In these cases, an LSP has broken the Winsock API contract and is returning a bogus value to the caller. Use ln on parameter 3 in the debugger to find the function in the DLL which returned the incorrect return code. View parameters 1 and 2 to see what the incorrect value was with respect to the Winsock call made. View parameter 4 if the call was to any Winsock send or recv function to see the actual number of bytes requested to be sent or received. It is invalid for the returned number of bytes to be greater than the number of bytes requested to be sent or received.

Information displayed by Application Verifier
  • Parameter 1 - Return Value
  • Parameter 2 - GetLastError
  • Parameter 3 - Function pointer to the next service provider. Use ln to see who just returned this value
  • Parameter 4 - For sending/receiving data, the actual number of bytes posted to the API

Additional Information
  • Test Layer: Networking
  • Stop ID: WSA_RETURN_INVALID
  • Stop code: 0000e00D
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

The return value, or lpError, is invalid for the current Winsock call. This generally points to a fault in a Base Service Provider or in the networking stack

Probable cause

The value that is being returned, or the current value in lpError, is not following the specified Winsock 2 specification. This generally points to a bug in a loaded Base Service Provider (generally mswsock.dll), or the networking stack. Use ln on parameter 3 in the debugger to find the function in the DLL which returned the incorrect return code. View parameters 1 and 2 to see what the incorrect value was with respect to the Winsock call made. View parameter 4 if the call was to any Winsock send or recv function to see the actual number of bytes requested to be sent or received. It is invalid for the returned number of bytes to be greater than the number of bytes requested to be sent or received.

Information displayed by Application Verifier
  • Parameter 1 - Return Value
  • Parameter 2 - GetLastError
  • Parameter 3 - Function pointer to the next service provider. Use ln to see who just returned this value
  • Parameter 4 - For sending/receiving data, the actual number of bytes posted to the API

Additional Information
  • Test Layer: Networking
  • Stop ID: WSP_RETURN_INVALID
  • Stop code: 0000e00E
  • Severity: Error
  • One-time error: no
  • Error report: Break
  • Log to file: yes
  • Create backtrace: yes

See Also

Application Verifier - Stop Codes and Definitions

Application Verifier - Overview

Application Verifier - Features

Application Verifier - Testing Applications

Application Verifier - Tests within Application Verifier

Application Verifier - Debugging Application Verifier Stops

Application Verifier - Frequently Asked Questions