Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASSERT alloc.c:3166 "!pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected)" with -no_check_uninitialized #534

Closed
derekbruening opened this issue Nov 28, 2014 · 4 comments
Closed

ASSERT alloc.c:3166 "!pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected)" with -no_check_uninitialized #534

derekbruening opened this issue Nov 28, 2014 · 4 comments
Labels
Bug-Assert Hotlist-Chrome Migrated OpSys-Windows Priority-High Status-Duplicate

Comments

@derekbruening
Copy link
Contributor

From timurrrr@google.com on August 02, 2011 09:19:01

[ r438 /Win7]
observed on Chromium net_unittests --gtest_filter="CertVerifierTest.CacheHit"

kn

ChildEBP RetAddr

00 170f8ae4 72042f5c ntdll!NtRaiseHardError+0x12
01 170f8b28 7202ca8b dynamorio!nt_messagebox+0x7c [dynamorio\core\win32\ntdll.c @ 3296]
02 170f9b70 1011eb4c dynamorio!dr_messagebox+0x8b [dynamorio\core\x86\instrument.c @ 3134]
03 170f9b7c 1011eb93 drmemorylib!wait_for_user+0xc [common\utils.c @ 82]
04 170f9bc8 100c0555 drmemorylib!drmemory_abort+0x33 [common\utils.c @ 110]
05 170f9c04 100bf882 drmemorylib!handle_free_post+0x495 [common\alloc.c @ 3166]
06 170f9eb0 1b6f6b2c drmemorylib!handle_alloc_post+0x1512 [common\alloc.c @ 4418]
WARNING: Frame IP not in any known module. Following frames may be wrong.
07 003ef65c 019b61be <Unloaded_???CFGMGR32.dll>+0x1b696b2b
08 003ef6a0 01986532 net_unittests!_free_base+0xee [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 109]
09 003ef6b0 01986180 net_unittests!_free_dbg_nolock+0x382 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c @ 1384]
0a 003ef6e8 01970d59 net_unittests!_free_dbg+0x50 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c @ 1258]
0b 003ef724 01629eb0 net_unittests!operator delete+0xb9 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgdel.cpp @ 54]
0c 003ef734 01132fb6 net_unittests!base::internal::InvokerStorage1<...>::`scalar deleting destructor'+0x20
0d 003ef74c 01132f3c net_unittests!base::RefCountedThreadSafe<...>::DeleteInternal+0x26 [base\memory\ref_counted.h @ 149]
0e 003ef758 011312f9 net_unittests!base::DefaultRefCountedThreadSafeTraitsbase::internal::InvokerStorageBase::Destruct+0xc [base\memory\ref_counted.h @ 115]
0f 003ef76c 0113086c net_unittests!base::RefCountedThreadSafe<...> >::Release+0x39 [base\memory\ref_counted.h @ 143]
10 003ef778 0164011f net_unittests!scoped_refptrbase::internal::InvokerStorageBase::~scoped_refptr<...>+0x1c [base\memory\ref_counted.h @ 242]
11 003ef784 0143f4af net_unittests!base::internal::CallbackBase::~CallbackBase+0xf [base\callback_internal.cc @ 33]
12 003ef790 01623faf net_unittests!base::Callback<void __cdecl(void)>::~Callback<void __cdecl(void)>+0xf
13 003ef79c 01623e19 net_unittests!MessageLoop::PendingTask::~PendingTask+0xf [base\message_loop.cc @ 756]

dv
drcontext = 0x170a5a80
mc = 0x170f9d48
routine = 0x170f9e90
pt = 0x17104ac8

dt routine
Local var @ 0x170f9c14 Type _alloc_routine_entry_t*
0x170f9e90
+0x000 pc : 0x77dedfa5 "???"
+0x004 type : 18 ( RTL_ROUTINE_FREE )
+0x008 name : 0x10199b50 "RtlFreeHeap"
+0x00c set : 0x171d87ac

Before the crash I've seen a few reports like this which look a bit strange:
UNADDRESSABLE ACCESS: 0x000046dc-0x000046dd 1 byte(s) within 0x000046dc-0x000046e0 [xref issue #533 ? - see address]
#1 RtlGetCurrentProcessorNumberEx ntdll.dll+0x341de
#2 RtlInterlockedFlushSList ntdll.dll+0x32c59
#3 RtlInterlockedFlushSList ntdll.dll+0x32bf2
#4 LocalReAlloc KERNELBASE.dll+0x151c5
#5 I_CryptGetTls CRYPT32.dll+0xa4bb
#6 I_CertSyncStore CRYPT32.dll+0x209d6
#7 I_CertSyncStore CRYPT32.dll+0x20952
#8 I_CertSyncStore CRYPT32.dll+0x20912
#9 I_CryptFindLruEntryData CRYPT32.dll+0x23adc
#10 CryptMsgClose CRYPT32.dll+0x205b5
#11 CertControlStore CRYPT32.dll+0x11642
#12 I_CertSyncStore CRYPT32.dll+0x20899
#13 I_CertSyncStore CRYPT32.dll+0x2082c
#14 I_CertSyncStore CRYPT32.dll+0x20899
#15 I_CertSyncStore CRYPT32.dll+0x2082c
#16 I_CertSyncStore CRYPT32.dll+0x20899
#17 I_CertSyncStore CRYPT32.dll+0x2082c
#18 I_CertSyncStore CRYPT32.dll+0x20899
#19 I_CertSyncStore CRYPT32.dll+0x2082c
#20 I_CryptFindLruEntryData CRYPT32.dll+0x240c2
#21 I_CryptFindLruEntryData CRYPT32.dll+0x236c0
#22 CertCreateCertificateChainEngine CRYPT32.dll+0x24232
#23 net::TestRootCerts::GetChainEngine net\base\test_root_certs_win.cc:189
#24 net::X509Certificate::VerifyInternal net\base\x509_certificate_win.cc:741
#25 net::X509Certificate::Verify net\base\x509_certificate.cc:601
#26 net::CertVerifierWorker::Run net\base\cert_verifier.cc:157

UNADDRESSABLE ACCESS: 0x0410d744-0x0410d745 1 byte(s) within 0x0410d744-0x0410d748 [why only 1 byte?!]
Note: next higher malloc: 0x0410db60-0x0410db80
Note: prev lower malloc: 0x0410d610-0x0410d630
#1 _free_dbg_nolock crt\src\dbgheap.c:1323
#2 _free_dbg crt\src\dbgheap.c:1258
#3 operator delete crt\src\dbgdel.cpp:54

...

INVALID HEAP ARGUMENT: RtlFreeHeap 0x0410d730
#1 HeapFree KERNEL32.dll+0x114cb
#2 _free_base crt\src\free.c:109
#3 _free_dbg_nolock crt\src\dbgheap.c:1384
#4 _free_dbg crt\src\dbgheap.c:1258
#5 operator delete crt\src\dbgdel.cpp:54

Original issue: http://code.google.com/p/drmemory/issues/detail?id=534
@derekbruening
Copy link
Contributor Author

From timurrrr@google.com on August 02, 2011 06:37:39

Looks like the crash is flaky and not always reproduces with --gtest_filter="CertVerifierTest.CacheHit"

FTR, when I first saw the crash I was running net_unittests w/o gtest_filter and it crashed on the CacheHit test.

@derekbruening
Copy link
Contributor Author

From timurrrr@google.com on October 14, 2011 08:45:58

could be caused by issue #533 ?

Labels: Hotlist-Chrome

@derekbruening
Copy link
Contributor Author

From bruen...@google.com on July 10, 2012 14:16:34

** TODO shorter repro, but of course may be different underlying bug: create_process.exe hello.exe

% ~/drmemory/git/build_x86_dbg/bin/drmemory.exe -dr_debug -dr_ops "-stderr_mask 15" -batch -dr d:/derek/dr/git/exports -light -- bin32/create_process.exe d:/derek/dr/test/hello.exe 4
<Starting application D:\derek\dr\git\build_x86_dbg\bin32\create_process.exe (3932)>
<Initial options = -client_lib 'D:\derek\drmemory\git\build_x86_dbg/bin/debug/drmemorylib.dll;0;-light -logdir D:\derek\drmemory\git\build_x86_dbg/logs -resfile 3932 ' -code_api -probe_api -stderr_mask 15 -stack_size 56K -disable_traces -no_enable_traces -max_elide_jmp 0 -max_elide_call 0 -max_bb_instrs 256 -no_shared_traces -bb_ibl_targets -bb_single_restore_prefix -no_shared_trace_ibl_routine -no_early_inject -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct -no_aslr_dr -pad_jmps_mark_no_trace >

Dr.M Dr. Memory version 1.4.906
Dr.M Running ""D:\derek\dr\git\build_x86_dbg\bin32\create_process.exe" "d:/derek/dr/test/hello.exe" "4""
<Handling our fault in a TRY at 0x739f5d94>
creating subprocess "d:/derek/dr/test/hello.exe 4"

<syscall_while_native: using NtCreateSection - maybe hooked?>
<Starting application d:\derek\dr\test\hello.exe (2452)>
<Initial options = -client_lib 'D:\derek\drmemory\git\build_x86_dbg/bin/debug/drmemorylib.dll;0;-light -logdir D:\derek\drmemory\git\build_x86_dbg/logs -resfile 3932 ' -code_api -probe_api -stderr_mask 15 -stack_size 56K -disable_traces -no_enable_traces -max_elide_jmp 0 -max_elide_call 0 -max_bb_instrs 256 -no_shared_traces -bb_ibl_targets -bb_single_restore_prefix -no_shared_trace_ibl_routine -no_early_inject -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct -no_aslr_dr -pad_jmps_mark_no_trace >

Dr.M Dr. Memory version 1.4.906
Dr.M Running "d:/derek/dr/test/hello.exe 4"
<Handling our fault in a TRY at 0x739f5d94>
Hello world!
<syscall_while_native: using NtClose - maybe hooked?>
Dr.M
Dr.M Error #1: INVALID HEAP ARGUMENT to RtlFreeHeap() 0x0068a740
Dr.M # 0 KERNEL32.dll!_BaseDllInitialize +0x47dc (0x76707ac5 <KERNEL32.dll+0x17ac5>)
Dr.M # 1 ntdll.dll!LdrpCallInitRoutine +0x13 (0x77189950 <ntdll.dll+0x39950>)
Dr.M # 2 ntdll.dll!LdrShutdownProcess +0x140 (0x7719d6b2 <ntdll.dll+0x4d6b2>)
Dr.M # 3 ntdll.dll!RtlExitUserProcess +0x73 (0x7719d554 <ntdll.dll+0x4d554>)
Dr.M # 4 KERNEL32.dll!ExitProcessStub +0x12 (0x767079f5 <KERNEL32.dll+0x179f5>)
Dr.M # 5 _except_handler4 +0x50 (0x00fd26c1 <hello.exe+0x26c1>)
Dr.M # 6 vprintf [f:\dd\vctools\crt_bld\self_x86\crt\src\vprintf.c:102]
Dr.M # 7 vprintf_s [f:\dd\vctools\crt_bld\self_x86\crt\src\vprintf.c:110]
Dr.M # 8 __tmainCRTStartup [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c:210]
Dr.M # 9 KERNEL32.dll!BaseThreadInitThunk
Dr.M #10 ntdll.dll!__RtlUserThreadStart
Dr.M #11 ntdll.dll!_RtlUserThreadStart
Dr.M Note: @0:00:01.492 in thread 7964
Dr.M ASSERT FAILURE (thread 7964): D:\derek\drmemory\git\src\common\alloc.c:4342: !pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected)parent done
<Stopping application D:\derek\dr\git\build_x86_dbg\bin32\create_process.exe (3932)>
Dr.M
Dr.M NO ERRORS FOUND:
Dr.M 0 unique, 0 total unaddressable access(es)
Dr.M 0 unique, 0 total invalid heap argument(s)
Dr.M 0 unique, 0 total warning(s)
Dr.M ERRORS IGNORED:
Dr.M Details: D:\derek\drmemory\git\build_x86_dbg/logs/DrMemory-create_process.exe.3932.000/results.txt

@derekbruening
Copy link
Contributor Author

From bruen...@google.com on August 28, 2012 14:22:26

I ran unit_tests on CertVerifierTest.CacheHit and the whole set of tests on win7 and I can't repro this. the hello.exe repro also shows no bug. I'm going to assume this was fixed by the issue #962 fix.

Status: Duplicate
Mergedinto: 962

This was referenced Nov 28, 2014
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug-Assert Hotlist-Chrome Migrated OpSys-Windows Priority-High Status-Duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening