Issue Details (XML | Word | Printable)

Key: CORE-4818
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Unassigned
Reporter: Dave Heberer
Votes: 0
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Appverifier reports memory with active critical section freed when fbclient.dll is unloaded

Created: 29/May/15 06:05 PM   Updated: 29/May/15 06:05 PM
Component/s: API / Client Library
Affects Version/s: 2.5.2
Fix Version/s: None

Environment: AMD64 machine, Windows 7, running Tableau desktop client under appverifier

QA Status: No test


 Description  « Hide
Set up machine to run tableau 9.0 (http://www.tableau.com/products/desktop/download?os=windows) under appverifier. Launch the application, and after it starts up close the application. app crashes with the following stack:

-------------------------------------------------------------------------------------------------------------------------------------------------
APPLICATION_VERIFIER_LOCKS_LOCK_IN_FREED_VMEM (212)
Freeing virtual memory containing an active critical section.
This stop is generated if the current thread is calling VirtualFree on a
memory block that contains an active critical section. The application should call
DeleteCriticalSection on this critical section before if frees this memory.
$ kb - to display the current stack trace, that is calling VirtualFree.
The probable culprit is the DLL that calls VirtualFree.
$ !cs -s parameter1 - dump information about this critical section.
$ dps parameter2 - to identify the code path for the initialization
of this critical section.
Arguments:
Arg1: 000007ffbc80a8d0, Critical section address.
Arg2: 0000000000000000, Critical section initialization stack trace.
Arg3: 000007ffbc800000, Memory block address.
Arg4: 0000000000010000, Memory block size.
FAULTING_IP:
vrfcore!VerifierStopMessageEx+6f4
000007fe`e8d83a00 cc int 3
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fee8d83a00 (vrfcore!VerifierStopMessageEx+0x00000000000006f4)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 0000000000000000
FAULTING_THREAD: 0000000000002298
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: tableau.exe
CRITICAL_SECTION: 000007ffbc80a8d0 -- (!cs -s 000007ffbc80a8d0)
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 80043007
APP: tableau.exe
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fee446a31f to 000007fee8d83a00
STACK_TEXT:
00000000`002fef30 000007fe`e446a31f : 00000000`00000000 000007fe`e4469f36 000007fe`e449fc20 000007fe`e446963d : vrfcore!VerifierStopMessageEx+0x6f4
00000000`002ff290 000007fe`e4468688 : 00000000`00010000 00000000`00000001 00000000`00000000 00000000`76edb2c9 : vfbasics!AVrfpFreeMemLockChecks+0xef
00000000`002ff2f0 000007fe`e4472b20 : 000007ff`bc800000 ffffffff`ffffffff 000007ff`bc800000 000007fe`e8d87cee : vfbasics!AVrfpFreeMemNotify+0x38
00000000`002ff320 000007fe`e447250f : 00000000`002ff448 ffffffff`ffffffff 00000000`00000000 00000000`002ff440 : vfbasics!AVrfpFreeVirtualMemNotify+0x1f4
00000000`002ff3c0 000007fe`fcf465d0 : 00000000`00008000 00000000`00000000 00000000`00000000 00000000`00000000 : vfbasics!AVrfpNtFreeVirtualMemory+0xa3
00000000`002ff410 000007fe`e4473269 : 00000000`00000000 000007ff`bc800000 00000000`00000000 00000000`73f39178 : KERNELBASE!VirtualFree+0x30
00000000`002ff440 00000000`73a85d7e : 00000000`002ff508 00000000`00001000 000007ff`bc800000 00000000`00000000 : vfbasics!AVrfpVirtualFree+0xb1
00000000`002ff480 00000000`73a89aed : 00000000`00000000 00000000`00000000 00000000`00000000 000007fe`e446abb8 : fbclient!Firebird::MemoryPool::external_free+0xce
00000000`002ff4c0 00000000`73a89d00 : 00000000`00000000 00000000`00010000 00000001`02629f20 00000001`02629f00 : fbclient!Firebird::MemoryPool::deletePool+0x10d
00000000`002ff500 00000000`73a95f8e : 00000001`02629f20 00000000`00000001 00000000`00000000 00000000`cba2e8f8 : fbclient!Firebird::MemoryPool::cleanup+0x10
00000000`002ff530 00000000`73cbb13f : 00000001`02629f30 00000001`02629f20 00000000`00000000 00000000`00000000 : fbclient!`anonymous namespace'::allClean+0x1e
00000000`002ff570 00000000`73cbb363 : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`e44736e6 : fbclient!_CRT_INIT+0xcf
00000000`002ff5b0 000007fe`e41d3eb8 : 00000000`03a96fb0 00000000`00000000 000007fe`e4200df0 000007fe`e446d5ca : fbclient!__DllMainCRTStartup+0xe3
00000000`002ff5f0 000007fe`e8d8bae5 : 00000001`037acf90 000007fe`00000000 00000000`00000000 00000000`e15472d8 : verifier!AVrfpStandardDllEntryPointRoutine+0xbc
00000000`002ff670 000007fe`e4466f62 : 00000000`8f2bafb0 00000000`00000000 00000000`00000000 00000001`037acf90 : vrfcore!VfCoreStandardDllEntryPointRoutine+0x151
00000000`002ff6f0 00000000`76ef1d8f : 00000001`0738af20 00000000`00000000 00000000`76f260f0 00000000`76ffd670 : vfbasics!AVrfpStandardDllEntryPointRoutine+0xbe
00000000`002ff770 00000000`76ef325a : 00000000`73a50000 00000000`002ff8d0 00000000`00000000 00000001`0738af20 : ntdll!LdrpUnloadDll+0x27d
00000000`002ff890 000007fe`fcf5ac25 : 00000000`73a50000 00000000`e90aef00 00000000`00000000 000007fe`e447351c : ntdll!LdrUnloadDll+0x4a
00000000`002ff8c0 00000000`663c855e : 00000000`e16faff0 00000000`00000000 00000000`01b00000 000007fe`e4475147 : KERNELBASE!FreeLibrary+0x1d
00000000`002ff8f0 00000000`663c7538 : 00000000`00000000 00000000`1f96ffb0 00000000`002ffa38 00000000`26bf3ff8 : Qt5Core!QLibraryPrivate::unload_sys+0x1e
00000000`002ff970 000007fe`cd76a5c6 : 00000000`00000008 00000000`e3ce1e90 00000000`002ffd99 00000000`00000001 : Qt5Core!QLibraryPrivate::unload+0x78
00000000`002ff9d0 000007fe`ca3d83f7 : 00000000`e3ce1e90 00000000`e3ce1e70 00000000`002ffd99 00000000`00000001 : tabcore!TLibrary::~TLibrary+0x22
00000000`002ffa10 000007fe`c6938cbb : 00000000`e3ce1e70 00000000`e0d1ef80 00000000`e3ce1e70 00000000`1f96ffb0 : tabdata!DllProxy::~DllProxy+0x93
00000000`002ffa90 000007fe`e8d305de : 00000000`e3ce1e70 00000000`002ffc20 00000000`ffffffff 00000000`00000000 : tabmixins!FBProxy::`vector deleting destructor'+0x4b
00000000`002ffac0 000007fe`c6938d0c : 00000000`f322dff0 00000000`002ffc20 00000000`00000000 00000000`1f96ffb0 : tabsys!RefCntObject::RemoveReference+0xba
00000000`002ffb10 000007fe`cd72b7a6 : 00000000`f322dff0 00000000`92ea6fd0 00000000`f7067fd0 00000000`00000000 : tabmixins!boost::any::holder<RefCntPtr<FBProxy,RefCntObject> >::`scalar deleting destructor'+0x2c
00000000`002ffb50 000007fe`cd72bd8d : 00000000`043b7fa0 000007fe`e446a13a 00000000`1f967fd0 00000000`00000001 : tabcore!std::_Ref_count_obj<LazyWrite<boost::any> >::_Destroy+0x1e
00000000`002ffb80 000007fe`cd72bca8 : 00000000`002ffc20 00000000`00000001 00000000`1f9e3fd0 00000000`00000000 : tabcore!std::list<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWrite<boost::any> > >,std::allocator<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWrite<boost::any> > > > >::erase+0x51
00000000`002ffbb0 000007fe`cd72bd1e : 00000000`2608eff0 00000000`1f96fff8 00000000`92ea6fd0 00000000`1f967fd0 : tabcore!std::_Hash<std::_Umap_traits<void * __ptr64 * __ptr64,std::shared_ptr<LazyWrite<boost::any> >,std::_Uhash_compare<void * __ptr64 * __ptr64,std::hash<void * __ptr64 * __ptr64>,std::equal_to<void * __ptr64 * __ptr64> >,std::allocator<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWrite<boost::any> > > >,0> >::erase+0xac
00000000`002ffbe0 000007fe`cd72b1c5 : 00000000`1f9e3fd0 00000000`2608eff0 00000000`1f96ffb0 00000000`00002298 : tabcore!std::_Hash<std::_Umap_traits<void * __ptr64 * __ptr64,std::shared_ptr<LazyWrite<boost::any> >,std::_Uhash_compare<void * __ptr64 * __ptr64,std::hash<void * __ptr64 * __ptr64>,std::equal_to<void * __ptr64 * __ptr64> >,std::allocator<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWrite<boost::any> > > >,0> >::erase+0x6a
00000000`002ffc20 000007fe`cd72aef8 : 000007fe`c6ecae38 00000000`1f96fff8 00000000`1f96ffb0 00000000`e1ad3fe0 : tabcore!OrderedAnyRegistry::Purge+0x49
00000000`002ffc70 000007fe`cd72b047 : 00000000`1f96ffb0 00000000`1f96ffb0 00000000`e7424fe0 00000000`1e589fb8 : tabcore!OrderedAnyRegistry::~OrderedAnyRegistry+0x20
00000000`002ffcb0 00000001`3fd0179a : 00000000`e5dd7fa0 00000000`00000000 00000000`00000000 00000000`00000000 : tabcore!DeinitializeStaticRepository+0x4f
00000000`002ffcf0 00000001`3fd01fe8 : 00000000`002ffd78 00000000`2742ff80 00000000`3100bf00 00000000`00000000 : tableau!mainShutdown+0x5e
00000000`002ffd20 00000001`3feb9e2c : 00000000`00000001 00000000`00000000 00000000`00000022 00000000`00000000 : tableau!main+0x1c8
00000000`002ffe00 00000001`3feb6a69 : 00000000`02ae7ffb 00000000`00000000 00000000`0000000a 01d081e4`e06c0bf2 : tableau!WinMain+0x13c
00000000`002ffe70 00000000`76cc59cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tableau!__tmainCRTStartup+0x149
00000000`002ffeb0 00000000`76efb891 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`002ffee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

FOLLOWUP_IP:
fbclient!Firebird::MemoryPool::cleanup+10 [d:\builds\3rdpartyfull\firebird\2.5.2\local\src\common\classes\alloc.cpp @ 337]
00000000`73a89d00 488b05b9f34a00 mov rax,qword ptr [fbclient!extents_cache (00000000`73f390c0)]

------------------------------------------------------------------------------------------------------

Found a bug http://tracker.firebirdsql.org/browse/CORE-1265 that seemed to match this problem, but the version on the dll we have says 2.5.2, so bug CORE-1265 is reported fixed in this version.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.