Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Appverifier reports memory with active critical section freed when fbclient.dll is unloaded [CORE4818] #5115

Open
firebird-automations opened this issue May 29, 2015 · 0 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Dave Heberer (dheberer)

Set up machine to run tableau 9.0 (http://www.tableau.com/products/desktop/download?os=windows) under appverifier. Launch the application, and after it starts up close the application. app crashes with the following stack:

-------------------------------------------------------------------------------------------------------------------------------------------------
APPLICATION_VERIFIER_LOCKS_LOCK_IN_FREED_VMEM (212)
Freeing virtual memory containing an active critical section.
This stop is generated if the current thread is calling VirtualFree on a
memory block that contains an active critical section. The application should call
DeleteCriticalSection on this critical section before if frees this memory.
$ kb - to display the current stack trace, that is calling VirtualFree.
The probable culprit is the DLL that calls VirtualFree.
$ !cs -s parameter1 - dump information about this critical section.
$ dps parameter2 - to identify the code path for the initialization
of this critical section.
Arguments:
Arg1: 000007ffbc80a8d0, Critical section address.
Arg2: 0000000000000000, Critical section initialization stack trace.
Arg3: 000007ffbc800000, Memory block address.
Arg4: 0000000000010000, Memory block size.
FAULTING_IP:
vrfcore!VerifierStopMessageEx+6f4
000007fe`e8d83a00 cc int 3
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fee8d83a00 (vrfcore!VerifierStopMessageEx+0x00000000000006f4)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 0000000000000000
FAULTING_THREAD: 0000000000002298
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: tableau.exe
CRITICAL_SECTION: 000007ffbc80a8d0 -- (!cs -s 000007ffbc80a8d0)
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_PARAMETER1: 0000000000000000
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 80043007
APP: tableau.exe
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fee446a31f to 000007fee8d83a00
STACK_TEXT:
00000000`002fef30 000007fe`e446a31f : 00000000`00000000 000007fe`e4469f36 000007fe`e449fc20 000007fe`e446963d : vrfcore!VerifierStopMessageEx+0x6f4
00000000`002ff290 000007fe`e4468688 : 00000000`00010000 00000000`00000001 00000000`00000000 00000000`76edb2c9 : vfbasics!AVrfpFreeMemLockChecks+0xef
00000000`002ff2f0 000007fe`e4472b20 : 000007ff`bc800000 ffffffff`ffffffff 000007ff`bc800000 000007fe`e8d87cee : vfbasics!AVrfpFreeMemNotify+0x38
00000000`002ff320 000007fe`e447250f : 00000000`002ff448 ffffffff`ffffffff 00000000`00000000 00000000`002ff440 : vfbasics!AVrfpFreeVirtualMemNotify+0x1f4
00000000`002ff3c0 000007fe`fcf465d0 : 00000000`00008000 00000000`00000000 00000000`00000000 00000000`00000000 : vfbasics!AVrfpNtFreeVirtualMemory+0xa3
00000000`002ff410 000007fe`e4473269 : 00000000`00000000 000007ff`bc800000 00000000`00000000 00000000`73f39178 : KERNELBASE!VirtualFree+0x30
00000000`002ff440 00000000`73a85d7e : 00000000`002ff508 00000000`00001000 000007ff`bc800000 00000000`00000000 : vfbasics!AVrfpVirtualFree+0xb1
00000000`002ff480 00000000`73a89aed : 00000000`00000000 00000000`00000000 00000000`00000000 000007fe`e446abb8 : fbclient!Firebird::MemoryPool::external_free+0xce
00000000`002ff4c0 00000000`73a89d00 : 00000000`00000000 00000000`00010000 00000001`02629f20 00000001`02629f00 : fbclient!Firebird::MemoryPool::deletePool+0x10d
00000000`002ff500 00000000`73a95f8e : 00000001`02629f20 00000000`00000001 00000000`00000000 00000000`cba2e8f8 : fbclient!Firebird::MemoryPool::cleanup+0x10
00000000`002ff530 00000000`73cbb13f : 00000001`02629f30 00000001`02629f20 00000000`00000000 00000000`00000000 : fbclient!`anonymous namespace'::allClean+0x1e
00000000`002ff570 00000000`73cbb363 : 00000000`00000001 00000000`00000000 00000000`00000000 000007fe`e44736e6 : fbclient!_CRT_INIT+0xcf
00000000`002ff5b0 000007fe`e41d3eb8 : 00000000`03a96fb0 00000000`00000000 000007fe`e4200df0 000007fe`e446d5ca : fbclient!__DllMainCRTStartup+0xe3
00000000`002ff5f0 000007fe`e8d8bae5 : 00000001`037acf90 000007fe`00000000 00000000`00000000 00000000`e15472d8 : verifier!AVrfpStandardDllEntryPointRoutine+0xbc
00000000`002ff670 000007fe`e4466f62 : 00000000`8f2bafb0 00000000`00000000 00000000`00000000 00000001`037acf90 : vrfcore!VfCoreStandardDllEntryPointRoutine+0x151
00000000`002ff6f0 00000000`76ef1d8f : 00000001`0738af20 00000000`00000000 00000000`76f260f0 00000000`76ffd670 : vfbasics!AVrfpStandardDllEntryPointRoutine+0xbe
00000000`002ff770 00000000`76ef325a : 00000000`73a50000 00000000`002ff8d0 00000000`00000000 00000001`0738af20 : ntdll!LdrpUnloadDll+0x27d
00000000`002ff890 000007fe`fcf5ac25 : 00000000`73a50000 00000000`e90aef00 00000000`00000000 000007fe`e447351c : ntdll!LdrUnloadDll+0x4a
00000000`002ff8c0 00000000`663c855e : 00000000`e16faff0 00000000`00000000 00000000`01b00000 000007fe`e4475147 : KERNELBASE!FreeLibrary+0x1d
00000000`002ff8f0 00000000`663c7538 : 00000000`00000000 00000000`1f96ffb0 00000000`002ffa38 00000000`26bf3ff8 : Qt5Core!QLibraryPrivate::unload_sys+0x1e
00000000`002ff970 000007fe`cd76a5c6 : 00000000`00000008 00000000`e3ce1e90 00000000`002ffd99 00000000`00000001 : Qt5Core!QLibraryPrivate::unload+0x78
00000000`002ff9d0 000007fe`ca3d83f7 : 00000000`e3ce1e90 00000000`e3ce1e70 00000000`002ffd99 00000000`00000001 : tabcore!TLibrary::~TLibrary+0x22
00000000`002ffa10 000007fe`c6938cbb : 00000000`e3ce1e70 00000000`e0d1ef80 00000000`e3ce1e70 00000000`1f96ffb0 : tabdata!DllProxy::~DllProxy+0x93
00000000`002ffa90 000007fe`e8d305de : 00000000`e3ce1e70 00000000`002ffc20 00000000`ffffffff 00000000`00000000 : tabmixins!FBProxy::`vector deleting destructor'+0x4b
00000000`002ffac0 000007fe`c6938d0c : 00000000`f322dff0 00000000`002ffc20 00000000`00000000 00000000`1f96ffb0 : tabsys!RefCntObject::RemoveReference+0xba
00000000`002ffb10 000007fe`cd72b7a6 : 00000000`f322dff0 00000000`92ea6fd0 00000000`f7067fd0 00000000`00000000 : tabmixins!boost::any::holder<RefCntPtr<FBProxy,RefCntObject> >::`scalar deleting destructor'+0x2c
00000000`002ffb50 000007fe`cd72bd8d : 00000000`043b7fa0 000007fe`e446a13a 00000000`1f967fd0 00000000`00000001 : tabcore!std::_Ref_count_obj<LazyWriteboost::any\ >::_Destroy+0x1e
00000000`002ffb80 000007fe`cd72bca8 : 00000000`002ffc20 00000000`00000001 00000000`1f9e3fd0 00000000`00000000 : tabcore!std::list<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWriteboost::any\ > >,std::allocator<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWriteboost::any\ > > > >::erase+0x51
00000000`002ffbb0 000007fe`cd72bd1e : 00000000`2608eff0 00000000`1f96fff8 00000000`92ea6fd0 00000000`1f967fd0 : tabcore!std::_Hash<std::_Umap_traits<void * __ptr64 * __ptr64,std::shared_ptr<LazyWriteboost::any\ >,std::_Uhash_compare<void * __ptr64 * __ptr64,std::hash<void * __ptr64 * __ptr64>,std::equal_to<void * __ptr64 * __ptr64> >,std::allocator<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWriteboost::any\ > > >,0> >::erase+0xac
00000000`002ffbe0 000007fe`cd72b1c5 : 00000000`1f9e3fd0 00000000`2608eff0 00000000`1f96ffb0 00000000`00002298 : tabcore!std::_Hash<std::_Umap_traits<void * __ptr64 * __ptr64,std::shared_ptr<LazyWriteboost::any\ >,std::_Uhash_compare<void * __ptr64 * __ptr64,std::hash<void * __ptr64 * __ptr64>,std::equal_to<void * __ptr64 * __ptr64> >,std::allocator<std::pair<void * __ptr64 * __ptr64 const,std::shared_ptr<LazyWriteboost::any\ > > >,0> >::erase+0x6a
00000000`002ffc20 000007fe`cd72aef8 : 000007fe`c6ecae38 00000000`1f96fff8 00000000`1f96ffb0 00000000`e1ad3fe0 : tabcore!OrderedAnyRegistry::Purge+0x49
00000000`002ffc70 000007fe`cd72b047 : 00000000`1f96ffb0 00000000`1f96ffb0 00000000`e7424fe0 00000000`1e589fb8 : tabcore!OrderedAnyRegistry::~OrderedAnyRegistry+0x20
00000000`002ffcb0 00000001`3fd0179a : 00000000`e5dd7fa0 00000000`00000000 00000000`00000000 00000000`00000000 : tabcore!DeinitializeStaticRepository+0x4f
00000000`002ffcf0 00000001`3fd01fe8 : 00000000`002ffd78 00000000`2742ff80 00000000`3100bf00 00000000`00000000 : tableau!mainShutdown+0x5e
00000000`002ffd20 00000001`3feb9e2c : 00000000`00000001 00000000`00000000 00000000`00000022 00000000`00000000 : tableau!main+0x1c8
00000000`002ffe00 00000001`3feb6a69 : 00000000`02ae7ffb 00000000`00000000 00000000`0000000a 01d081e4`e06c0bf2 : tableau!WinMain+0x13c
00000000`002ffe70 00000000`76cc59cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tableau!__tmainCRTStartup+0x149
00000000`002ffeb0 00000000`76efb891 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`002ffee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

FOLLOWUP_IP:
fbclient!Firebird::MemoryPool::cleanup+10 [d:\builds\3rdpartyfull\firebird\2.5.2\local\src\common\classes\alloc.cpp @ 337]
00000000`73a89d00 488b05b9f34a00 mov rax,qword ptr [fbclient!extents_cache (00000000`73f390c0)]

------------------------------------------------------------------------------------------------------

Found a bug CORE1265 that seemed to match this problem, but the version on the dll we have says 2.5.2, so bug CORE1265 is reported fixed in this version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant