Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASSERT common/alloc.c:2185: !pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected) #37

Closed
derekbruening opened this issue Nov 28, 2014 · 5 comments
Closed

ASSERT common/alloc.c:2185: !pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected) #37

derekbruening opened this issue Nov 28, 2014 · 5 comments
Labels
Migrated OpSys-Windows Priority-High Status-Fixed

Comments

@derekbruening
Copy link
Contributor

From derek.br...@gmail.com on August 28, 2010 15:30:54

running base_unittests.exe from issue #251 with:
--gtest_filter="-FileVersion*:ProcessUtilTest.GetAppOutput:ReadOnlyFileUtilTest.ContentsEqual:ReadOnlyFileUtilTest.TextContentsEqual:DataPackTest.Load"

...
[----------] 5 tests from ProcessUtilTest
[ RUN ] ProcessUtilTest.SpawnChild
[ OK ] ProcessUtilTest.SpawnChild (203 ms)
[ RUN ] ProcessUtilTest.KillSlowChild
[ OK ] ProcessUtilTest.KillSlowChild (234 ms)
[ RUN ] ProcessUtilTest.SetProcessBackgrounded
[ OK ] ProcessUtilTest.SetProcessBackgrounded (47 ms)
[ RUN ] ProcessUtilTest.EnableLFH
:::Dr.Memory::: ASSERT FAILURE (thread 132132): E:/derek/dr/win32/oss-clients/drmemory/common/alloc.c:2183: !pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected)

but, can't repro by just running --gtest_filter="ProcessUtilTest*:-ProcessUtilTest.GetAppOutput"

heap = 05670000, block = 0567e908

0:000> !heap
Index Address Name Debugging options enabled
1: 00160000
2: 00260000
3: 00270000
4: 00370000
5: 003a0000
6: 019b0000
7: 05670000
8: 02ff0000

it is used as a stack a couple of times:
thread initial stack: 0x05670000-0x0576e000-0x05770000, TOS=0x0576fffc
but not for any current thread

heap_tree does have the heap:
0:000> ?? *heap_tree->root->right->right
struct _rb_node_t
+0x000 parent : 0x18e3ea48
+0x004 right : 0x1a1db400
+0x008 left : 0x19e95424
+0x00c color : 1 ( BLACK )
+0x010 base : 0x05670000 "???"
+0x014 size : 0x100000
+0x018 max : (null)
+0x01c client : 0x1afaa3a4

so it's just missing the alloc

RtlpAllocateFromHeapLookaside does not call RtlAllocateHeap
instead it calls RtlpInterlockedPopEntrySList
but then RtlpActivateLowFragmentationHeap calls RtlFreeHeap w/ the result

also wondering about:
0:000> x ntdll!Rtl_Allocate_Heap*
7c96ceb9 ntdll!RtlDebugAllocateHeap =
7c919b80 ntdll!RtlReAllocateHeap =
7c9101d1 ntdll!RtlpAllocateFromHeapLookaside =
7c9100a4 ntdll!RtlAllocateHeap =
7c918f15 ntdll!RtlAllocateHeapSlowly =
7c96d24f ntdll!RtlDebugReAllocateHeap =
7c9601b0 ntdll!RtlpAllocateHeapUsageEntry =
7c9691e9 ntdll!RtlpDphShouldAllocateInPageHeap =

RtlDebugAllocateHeap calls RtlAllocateHeapSlowly
RtlAllocateHeapSlowly is long, doesn't seem to call RtlAllocateHeap...

p /x ((0x15+0x15*2)<<4) + 0x5670690
$6 = 0x5670a80

so could intercept and use the containing Heap of the arg
except need symbols:
% bin/winsyms.exe -e c:/windows/system32/ntdll.dll -s RtlpAllocateFromHeapLookaside
??

Original issue: http://code.google.com/p/drmemory/issues/detail?id=37
@derekbruening
Copy link
Contributor Author

From timurrrr@google.com on October 27, 2010 07:20:44

Today we've moved our Chromium bots and the new DrM bot is Vista (AFAIK)
and it has started hitting this assert very often: http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20(DrMemory)/builds/130/steps/memory%20test:%20printing/logs/stdio ...
:::Dr.Memory::: ASSERT FAILURE (thread 3152): C:\drmemory-build\drmemory\common\alloc.c:2185: !pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected)

Summary: ASSERT common/alloc.c:2185: !pt->expect_lib_to_fail || pt->alloc_base == NULL (free() success unexpected)
Labels: -Priority-Medium Priority-High

@derekbruening
Copy link
Contributor Author

From timurrrr@google.com on October 27, 2010 07:41:14

(this is as of r64 / r436 since I couldn't build newer DrM yet)

btw, other tests on Vista hang silently - could be related
(see logs longer than 1200s http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20(DrMemory)/builds/130 )

@derekbruening
Copy link
Contributor Author

From bruen...@google.com on February 11, 2011 12:58:07

I'm seeing this assert on any GUI app's exit on win7. looks like there it's an early alloc from the AV sw and the heap walk doesn't think it's legit.

@derekbruening
Copy link
Contributor Author

From bruen...@google.com on February 14, 2011 16:30:31

the win7 exit-time assert is for different reason: issue #295 the one here is more closely related to issue #51 where the debug CRT should be disabled

@derekbruening
Copy link
Contributor Author

From derek.br...@gmail.com on February 24, 2011 21:15:58

This issue was closed by revision r190 .

Status: Fixed

This was referenced Nov 28, 2014
Closed
Closed
Closed
Open
Open
Closed
Closed
Open
@derekbruening derekbruening mentioned this issue Jan 31, 2015
Open
gregcawthorne added a commit that referenced this issue Apr 17, 2021
@gregcawthorne
slowpath-aarch64-port inital
cab4666 
AArch64 port of drmemory.

Only contains slowpath support with shared_slowpath off.

Pattern mode and fastpath modes are being worked on separately.

Depends on:
https://github.com/DynamoRIO/dynamorio/tree/mem-ref-for-clean-calls-aarch64/core

Current tests we have analysed:
Test project /home/grecaw01/APD-testing/drmem-upstream3/drmemory/build
      Start  1: drmf_proj
 1/49 Test  #1: drmf_proj .........................   Passed    0.45 sec
      Start  2: unit_tests
 2/49 Test  #2: unit_tests ........................   Passed    0.02 sec
      Start  3: hello
 3/49 Test  #3: hello .............................   Passed    3.55 sec
      Start  4: free
 4/49 Test  #4: free ..............................   Passed    3.67 sec
      Start  5: malloc
 5/49 Test  #5: malloc ............................   Passed    3.88 sec
      Start  6: leak_indirect
 6/49 Test  #6: leak_indirect .....................   Passed    3.52 sec
      Start  7: patterns
 7/49 Test  #7: patterns ..........................   Passed    3.93 sec
      Start  8: free.exitcode
 8/49 Test  #8: free.exitcode .....................   Passed    3.64 sec
      Start  9: track_origins
 9/49 Test  #9: track_origins .....................***Failed    0.34 sec
      Start 10: free.pattern
10/49 Test #10: free.pattern ......................***Failed    0.35 sec
      Start 11: malloc.pattern
11/49 Test #11: malloc.pattern ....................***Failed    0.34 sec
      Start 12: track_origins.pattern
12/49 Test #12: track_origins.pattern .............***Failed    0.34 sec
      Start 13: fuzz_corpus
13/49 Test #13: fuzz_corpus .......................   Passed    3.56 sec
      Start 14: fuzz_buffer
14/49 Test #14: fuzz_buffer .......................   Passed    4.62 sec
      Start 15: fuzz_buffer.replace_buffer
15/49 Test #15: fuzz_buffer.replace_buffer ........   Passed    4.62 sec
      Start 16: fuzz_buffer.overflow
16/49 Test #16: fuzz_buffer.overflow ..............***Failed    0.34 sec
      Start 17: fuzz_buffer.mutator.o-b-s-3
17/49 Test #17: fuzz_buffer.mutator.o-b-s-3 .......   Passed    4.59 sec
      Start 18: fuzz_buffer.mutator.r-b-s-3
18/49 Test #18: fuzz_buffer.mutator.r-b-s-3 .......   Passed    4.63 sec
      Start 19: fuzz_buffer.mutator.o-b-3
19/49 Test #19: fuzz_buffer.mutator.o-b-3 .........   Passed    4.60 sec
      Start 20: fuzz_buffer.mutator.r-n
20/49 Test #20: fuzz_buffer.mutator.r-n ...........   Passed    4.54 sec
      Start 21: fuzz_buffer.mutator.random_seed
21/49 Test #21: fuzz_buffer.mutator.random_seed ...   Passed    4.57 sec
      Start 22: fuzz_buffer.one-input
22/49 Test #22: fuzz_buffer.one-input .............   Passed    3.82 sec
      Start 23: fuzz_buffer.load_input
23/49 Test #23: fuzz_buffer.load_input ............   Passed    3.81 sec
      Start 24: fuzz_buffer.skip_initial
24/49 Test #24: fuzz_buffer.skip_initial ..........   Passed    4.01 sec
      Start 25: fuzz_buffer.fixed_size
25/49 Test #25: fuzz_buffer.fixed_size ............   Passed    5.36 sec
      Start 26: fuzz_buffer.offset
26/49 Test #26: fuzz_buffer.offset ................   Passed    5.42 sec
      Start 27: fuzz_buffer.module_name
27/49 Test #27: fuzz_buffer.module_name ...........   Passed    4.58 sec
      Start 28: fuzz_buffer.dictionary
28/49 Test #28: fuzz_buffer.dictionary ............   Passed    4.20 sec
      Start 29: fuzz_buffer.cpp
29/49 Test #29: fuzz_buffer.cpp ...................   Passed   17.77 sec
      Start 30: fuzz_custom_mutator
30/49 Test #30: fuzz_custom_mutator ...............   Passed    4.57 sec
      Start 31: drsyscall_test
31/49 Test #31: drsyscall_test ....................   Passed    0.22 sec
      Start 32: strace_test
32/49 Test #32: strace_test .......................   Passed    0.22 sec
      Start 33: drfuzz_test_empty
33/49 Test #33: drfuzz_test_empty .................   Passed    0.22 sec
      Start 34: drfuzz_test_mutator
34/49 Test #34: drfuzz_test_mutator ...............   Passed    2.38 sec
      Start 35: drfuzz_test_repeat
35/49 Test #35: drfuzz_test_repeat ................***Failed
      Start 36: drfuzz_test_segfault
36/49 Test #36: drfuzz_test_segfault ..............   Passed    0.20 sec
      Start 37: drfuzz_test_app_abort
37/49 Test #37: drfuzz_test_app_abort .............   Passed    0.22 sec
      Start 38: drfuzz_test_no_crash
38/49 Test #38: drfuzz_test_no_crash ..............   Passed    0.22 sec
      Start 39: umbra_test_empty
39/49 Test #39: umbra_test_empty ..................   Passed    0.22 sec
      Start 40: umbra_test_overlap
40/49 Test #40: umbra_test_overlap ................   Passed    0.23 sec
      Start 41: umbra_test_shadow_mem
41/49 Test #41: umbra_test_shadow_mem .............   Passed    0.30 sec
      Start 42: umbra_test_insert_app_to_shadow
42/49 Test #42: umbra_test_insert_app_to_shadow ...   Passed    0.29 sec
      Start 43: umbra_test_consistency
43/49 Test #43: umbra_test_consistency ............   Passed    0.30 sec
      Start 44: umbra_test_allscales
44/49 Test #44: umbra_test_allscales ..............   Passed    0.39 sec
      Start 45: drltrace
45/49 Test #45: drltrace ..........................   Passed    0.35 sec
      Start 46: drltrace_libcalls
46/49 Test #46: drltrace_libcalls .................   Passed    0.36 sec
      Start 47: drltrace_symargs
47/49 Test #47: drltrace_symargs ..................   Passed    0.36 sec
      Start 48: drltrace_libargs
48/49 Test #48: drltrace_libargs ..................   Passed    0.35 sec
      Start 49: strace_sample
49/49 Test #49: strace_sample .....................   Passed    0.22 sec

88% tests passed, 6 tests failed out of 49
gregcawthorne added a commit that referenced this issue Apr 17, 2021
@gregcawthorne
slowpath-aarch64-port inital
43fca9e 
AArch64 port of drmemory.

Only contains slowpath support with shared_slowpath off.

Pattern mode and fastpath modes are being worked on separately.

Currently this build does break some x86 functionality.

Depends on:
https://github.com/DynamoRIO/dynamorio/tree/mem-ref-for-clean-calls-aarch64/core

Current tests we have analysed:
Test project /home/grecaw01/APD-testing/drmem-upstream3/drmemory/build
      Start  1: drmf_proj
 1/49 Test  #1: drmf_proj .........................   Passed    0.45 sec
      Start  2: unit_tests
 2/49 Test  #2: unit_tests ........................   Passed    0.02 sec
      Start  3: hello
 3/49 Test  #3: hello .............................   Passed    3.55 sec
      Start  4: free
 4/49 Test  #4: free ..............................   Passed    3.67 sec
      Start  5: malloc
 5/49 Test  #5: malloc ............................   Passed    3.88 sec
      Start  6: leak_indirect
 6/49 Test  #6: leak_indirect .....................   Passed    3.52 sec
      Start  7: patterns
 7/49 Test  #7: patterns ..........................   Passed    3.93 sec
      Start  8: free.exitcode
 8/49 Test  #8: free.exitcode .....................   Passed    3.64 sec
      Start  9: track_origins
 9/49 Test  #9: track_origins .....................***Failed    0.34 sec
      Start 10: free.pattern
10/49 Test #10: free.pattern ......................***Failed    0.35 sec
      Start 11: malloc.pattern
11/49 Test #11: malloc.pattern ....................***Failed    0.34 sec
      Start 12: track_origins.pattern
12/49 Test #12: track_origins.pattern .............***Failed    0.34 sec
      Start 13: fuzz_corpus
13/49 Test #13: fuzz_corpus .......................   Passed    3.56 sec
      Start 14: fuzz_buffer
14/49 Test #14: fuzz_buffer .......................   Passed    4.62 sec
      Start 15: fuzz_buffer.replace_buffer
15/49 Test #15: fuzz_buffer.replace_buffer ........   Passed    4.62 sec
      Start 16: fuzz_buffer.overflow
16/49 Test #16: fuzz_buffer.overflow ..............***Failed    0.34 sec
      Start 17: fuzz_buffer.mutator.o-b-s-3
17/49 Test #17: fuzz_buffer.mutator.o-b-s-3 .......   Passed    4.59 sec
      Start 18: fuzz_buffer.mutator.r-b-s-3
18/49 Test #18: fuzz_buffer.mutator.r-b-s-3 .......   Passed    4.63 sec
      Start 19: fuzz_buffer.mutator.o-b-3
19/49 Test #19: fuzz_buffer.mutator.o-b-3 .........   Passed    4.60 sec
      Start 20: fuzz_buffer.mutator.r-n
20/49 Test #20: fuzz_buffer.mutator.r-n ...........   Passed    4.54 sec
      Start 21: fuzz_buffer.mutator.random_seed
21/49 Test #21: fuzz_buffer.mutator.random_seed ...   Passed    4.57 sec
      Start 22: fuzz_buffer.one-input
22/49 Test #22: fuzz_buffer.one-input .............   Passed    3.82 sec
      Start 23: fuzz_buffer.load_input
23/49 Test #23: fuzz_buffer.load_input ............   Passed    3.81 sec
      Start 24: fuzz_buffer.skip_initial
24/49 Test #24: fuzz_buffer.skip_initial ..........   Passed    4.01 sec
      Start 25: fuzz_buffer.fixed_size
25/49 Test #25: fuzz_buffer.fixed_size ............   Passed    5.36 sec
      Start 26: fuzz_buffer.offset
26/49 Test #26: fuzz_buffer.offset ................   Passed    5.42 sec
      Start 27: fuzz_buffer.module_name
27/49 Test #27: fuzz_buffer.module_name ...........   Passed    4.58 sec
      Start 28: fuzz_buffer.dictionary
28/49 Test #28: fuzz_buffer.dictionary ............   Passed    4.20 sec
      Start 29: fuzz_buffer.cpp
29/49 Test #29: fuzz_buffer.cpp ...................   Passed   17.77 sec
      Start 30: fuzz_custom_mutator
30/49 Test #30: fuzz_custom_mutator ...............   Passed    4.57 sec
      Start 31: drsyscall_test
31/49 Test #31: drsyscall_test ....................   Passed    0.22 sec
      Start 32: strace_test
32/49 Test #32: strace_test .......................   Passed    0.22 sec
      Start 33: drfuzz_test_empty
33/49 Test #33: drfuzz_test_empty .................   Passed    0.22 sec
      Start 34: drfuzz_test_mutator
34/49 Test #34: drfuzz_test_mutator ...............   Passed    2.38 sec
      Start 35: drfuzz_test_repeat
35/49 Test #35: drfuzz_test_repeat ................***Failed
      Start 36: drfuzz_test_segfault
36/49 Test #36: drfuzz_test_segfault ..............   Passed    0.20 sec
      Start 37: drfuzz_test_app_abort
37/49 Test #37: drfuzz_test_app_abort .............   Passed    0.22 sec
      Start 38: drfuzz_test_no_crash
38/49 Test #38: drfuzz_test_no_crash ..............   Passed    0.22 sec
      Start 39: umbra_test_empty
39/49 Test #39: umbra_test_empty ..................   Passed    0.22 sec
      Start 40: umbra_test_overlap
40/49 Test #40: umbra_test_overlap ................   Passed    0.23 sec
      Start 41: umbra_test_shadow_mem
41/49 Test #41: umbra_test_shadow_mem .............   Passed    0.30 sec
      Start 42: umbra_test_insert_app_to_shadow
42/49 Test #42: umbra_test_insert_app_to_shadow ...   Passed    0.29 sec
      Start 43: umbra_test_consistency
43/49 Test #43: umbra_test_consistency ............   Passed    0.30 sec
      Start 44: umbra_test_allscales
44/49 Test #44: umbra_test_allscales ..............   Passed    0.39 sec
      Start 45: drltrace
45/49 Test #45: drltrace ..........................   Passed    0.35 sec
      Start 46: drltrace_libcalls
46/49 Test #46: drltrace_libcalls .................   Passed    0.36 sec
      Start 47: drltrace_symargs
47/49 Test #47: drltrace_symargs ..................   Passed    0.36 sec
      Start 48: drltrace_libargs
48/49 Test #48: drltrace_libargs ..................   Passed    0.35 sec
      Start 49: strace_sample
49/49 Test #49: strace_sample .....................   Passed    0.22 sec

88% tests passed, 6 tests failed out of 49
@gregcawthorne gregcawthorne mentioned this issue Jun 30, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Migrated OpSys-Windows Priority-High Status-Fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening