[Firebird-devel] [FB-Tracker] Created: (CORE-4818) Appverifier reports memory with active critical section freed when fbclient.dll is unloaded

Dave Heberer (JIRA) Fri, 29 May 2015 11:09:01 -0700

Appverifier reports memory with active critical section freed when fbclient.dll 
is unloaded
-------------------------------------------------------------------------------------------


                 Key: CORE-4818
                 URL: http://tracker.firebirdsql.org/browse/CORE-4818
             Project: Firebird Core
          Issue Type: Bug
          Components: API / Client Library
    Affects Versions: 2.5.2
         Environment: AMD64 machine, Windows 7, running Tableau desktop client 
under appverifier
            Reporter: Dave Heberer


Set up machine to run tableau 9.0 
(http://www.tableau.com/products/desktop/download?os=windows) under 
appverifier. Launch the application, and after it starts up close the 
application.  app crashes with the following stack:

-------------------------------------------------------------------------------------------------------------------------------------------------
APPLICATION_VERIFIER_LOCKS_LOCK_IN_FREED_VMEM (212)
Freeing virtual memory containing an active critical section.
This stop is generated if the current thread is calling VirtualFree on a
memory block that contains an active critical section. The application should 
call
DeleteCriticalSection on this critical section before if frees this memory.
$ kb - to display the current stack trace, that is calling VirtualFree.
The probable culprit is the DLL that calls VirtualFree.
$ !cs -s parameter1 - dump information about this critical section.
$ dps parameter2 - to identify the code path for the initialization
of this critical section. 
Arguments:
Arg1: 000007ffbc80a8d0, Critical section address. 
Arg2: 0000000000000000, Critical section initialization stack trace. 
Arg3: 000007ffbc800000, Memory block address. 
Arg4: 0000000000010000, Memory block size.
FAULTING_IP: 
vrfcore!VerifierStopMessageEx+6f4
000007fe`e8d83a00 cc              int     3
EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fee8d83a00 
(vrfcore!VerifierStopMessageEx+0x00000000000006f4)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 0000000000000000
FAULTING_THREAD:  0000000000002298
DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT
PROCESS_NAME:  tableau.exe
CRITICAL_SECTION:  000007ffbc80a8d0 -- (!cs -s 000007ffbc80a8d0)
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has 
been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are 
invalid
EXCEPTION_PARAMETER1:  0000000000000000
NTGLOBALFLAG:  2000100
APPLICATION_VERIFIER_FLAGS:  80043007
APP:  tableau.exe
PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT
BUGCHECK_STR:  APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER:  from 000007fee446a31f to 000007fee8d83a00
STACK_TEXT:  
00000000`002fef30 000007fe`e446a31f : 00000000`00000000 000007fe`e4469f36 
000007fe`e449fc20 000007fe`e446963d : vrfcore!VerifierStopMessageEx+0x6f4
00000000`002ff290 000007fe`e4468688 : 00000000`00010000 00000000`00000001 
00000000`00000000 00000000`76edb2c9 : vfbasics!AVrfpFreeMemLockChecks+0xef
00000000`002ff2f0 000007fe`e4472b20 : 000007ff`bc800000 ffffffff`ffffffff 
000007ff`bc800000 000007fe`e8d87cee : vfbasics!AVrfpFreeMemNotify+0x38
00000000`002ff320 000007fe`e447250f : 00000000`002ff448 ffffffff`ffffffff 
00000000`00000000 00000000`002ff440 : vfbasics!AVrfpFreeVirtualMemNotify+0x1f4
00000000`002ff3c0 000007fe`fcf465d0 : 00000000`00008000 00000000`00000000 
00000000`00000000 00000000`00000000 : vfbasics!AVrfpNtFreeVirtualMemory+0xa3
00000000`002ff410 000007fe`e4473269 : 00000000`00000000 000007ff`bc800000 
00000000`00000000 00000000`73f39178 : KERNELBASE!VirtualFree+0x30
00000000`002ff440 00000000`73a85d7e : 00000000`002ff508 00000000`00001000 
000007ff`bc800000 00000000`00000000 : vfbasics!AVrfpVirtualFree+0xb1
00000000`002ff480 00000000`73a89aed : 00000000`00000000 00000000`00000000 
00000000`00000000 000007fe`e446abb8 : 
fbclient!Firebird::MemoryPool::external_free+0xce
00000000`002ff4c0 00000000`73a89d00 : 00000000`00000000 00000000`00010000 
00000001`02629f20 00000001`02629f00 : 
fbclient!Firebird::MemoryPool::deletePool+0x10d
00000000`002ff500 00000000`73a95f8e : 00000001`02629f20 00000000`00000001 
00000000`00000000 00000000`cba2e8f8 : 
fbclient!Firebird::MemoryPool::cleanup+0x10
00000000`002ff530 00000000`73cbb13f : 00000001`02629f30 00000001`02629f20 
00000000`00000000 00000000`00000000 : fbclient!`anonymous 
namespace'::allClean+0x1e
00000000`002ff570 00000000`73cbb363 : 00000000`00000001 00000000`00000000 
00000000`00000000 000007fe`e44736e6 : fbclient!_CRT_INIT+0xcf
00000000`002ff5b0 000007fe`e41d3eb8 : 00000000`03a96fb0 00000000`00000000 
000007fe`e4200df0 000007fe`e446d5ca : fbclient!__DllMainCRTStartup+0xe3
00000000`002ff5f0 000007fe`e8d8bae5 : 00000001`037acf90 000007fe`00000000 
00000000`00000000 00000000`e15472d8 : 
verifier!AVrfpStandardDllEntryPointRoutine+0xbc
00000000`002ff670 000007fe`e4466f62 : 00000000`8f2bafb0 00000000`00000000 
00000000`00000000 00000001`037acf90 : 
vrfcore!VfCoreStandardDllEntryPointRoutine+0x151
00000000`002ff6f0 00000000`76ef1d8f : 00000001`0738af20 00000000`00000000 
00000000`76f260f0 00000000`76ffd670 : 
vfbasics!AVrfpStandardDllEntryPointRoutine+0xbe
00000000`002ff770 00000000`76ef325a : 00000000`73a50000 00000000`002ff8d0 
00000000`00000000 00000001`0738af20 : ntdll!LdrpUnloadDll+0x27d
00000000`002ff890 000007fe`fcf5ac25 : 00000000`73a50000 00000000`e90aef00 
00000000`00000000 000007fe`e447351c : ntdll!LdrUnloadDll+0x4a
00000000`002ff8c0 00000000`663c855e : 00000000`e16faff0 00000000`00000000 
00000000`01b00000 000007fe`e4475147 : KERNELBASE!FreeLibrary+0x1d
00000000`002ff8f0 00000000`663c7538 : 00000000`00000000 00000000`1f96ffb0 
00000000`002ffa38 00000000`26bf3ff8 : Qt5Core!QLibraryPrivate::unload_sys+0x1e
00000000`002ff970 000007fe`cd76a5c6 : 00000000`00000008 00000000`e3ce1e90 
00000000`002ffd99 00000000`00000001 : Qt5Core!QLibraryPrivate::unload+0x78
00000000`002ff9d0 000007fe`ca3d83f7 : 00000000`e3ce1e90 00000000`e3ce1e70 
00000000`002ffd99 00000000`00000001 : tabcore!TLibrary::~TLibrary+0x22
00000000`002ffa10 000007fe`c6938cbb : 00000000`e3ce1e70 00000000`e0d1ef80 
00000000`e3ce1e70 00000000`1f96ffb0 : tabdata!DllProxy::~DllProxy+0x93
00000000`002ffa90 000007fe`e8d305de : 00000000`e3ce1e70 00000000`002ffc20 
00000000`ffffffff 00000000`00000000 : tabmixins!FBProxy::`vector deleting 
destructor'+0x4b
00000000`002ffac0 000007fe`c6938d0c : 00000000`f322dff0 00000000`002ffc20 
00000000`00000000 00000000`1f96ffb0 : tabsys!RefCntObject::RemoveReference+0xba
00000000`002ffb10 000007fe`cd72b7a6 : 00000000`f322dff0 00000000`92ea6fd0 
00000000`f7067fd0 00000000`00000000 : 
tabmixins!boost::any::holder<RefCntPtr<FBProxy,RefCntObject> >::`scalar 
deleting destructor'+0x2c
00000000`002ffb50 000007fe`cd72bd8d : 00000000`043b7fa0 000007fe`e446a13a 
00000000`1f967fd0 00000000`00000001 : 
tabcore!std::_Ref_count_obj<LazyWrite<boost::any> >::_Destroy+0x1e
00000000`002ffb80 000007fe`cd72bca8 : 00000000`002ffc20 00000000`00000001 
00000000`1f9e3fd0 00000000`00000000 : tabcore!std::list<std::pair<void * 
__ptr64 * __ptr64 const,std::shared_ptr<LazyWrite<boost::any> > 
>,std::allocator<std::pair<void * __ptr64 * __ptr64 
const,std::shared_ptr<LazyWrite<boost::any> > > > >::erase+0x51
00000000`002ffbb0 000007fe`cd72bd1e : 00000000`2608eff0 00000000`1f96fff8 
00000000`92ea6fd0 00000000`1f967fd0 : tabcore!std::_Hash<std::_Umap_traits<void 
* __ptr64 * __ptr64,std::shared_ptr<LazyWrite<boost::any> 
>,std::_Uhash_compare<void * __ptr64 * __ptr64,std::hash<void * __ptr64 * 
__ptr64>,std::equal_to<void * __ptr64 * __ptr64> 
>,std::allocator<std::pair<void * __ptr64 * __ptr64 
const,std::shared_ptr<LazyWrite<boost::any> > > >,0> >::erase+0xac
00000000`002ffbe0 000007fe`cd72b1c5 : 00000000`1f9e3fd0 00000000`2608eff0 
00000000`1f96ffb0 00000000`00002298 : tabcore!std::_Hash<std::_Umap_traits<void 
* __ptr64 * __ptr64,std::shared_ptr<LazyWrite<boost::any> 
>,std::_Uhash_compare<void * __ptr64 * __ptr64,std::hash<void * __ptr64 * 
__ptr64>,std::equal_to<void * __ptr64 * __ptr64> 
>,std::allocator<std::pair<void * __ptr64 * __ptr64 
const,std::shared_ptr<LazyWrite<boost::any> > > >,0> >::erase+0x6a
00000000`002ffc20 000007fe`cd72aef8 : 000007fe`c6ecae38 00000000`1f96fff8 
00000000`1f96ffb0 00000000`e1ad3fe0 : tabcore!OrderedAnyRegistry::Purge+0x49
00000000`002ffc70 000007fe`cd72b047 : 00000000`1f96ffb0 00000000`1f96ffb0 
00000000`e7424fe0 00000000`1e589fb8 : 
tabcore!OrderedAnyRegistry::~OrderedAnyRegistry+0x20
00000000`002ffcb0 00000001`3fd0179a : 00000000`e5dd7fa0 00000000`00000000 
00000000`00000000 00000000`00000000 : tabcore!DeinitializeStaticRepository+0x4f
00000000`002ffcf0 00000001`3fd01fe8 : 00000000`002ffd78 00000000`2742ff80 
00000000`3100bf00 00000000`00000000 : tableau!mainShutdown+0x5e
00000000`002ffd20 00000001`3feb9e2c : 00000000`00000001 00000000`00000000 
00000000`00000022 00000000`00000000 : tableau!main+0x1c8
00000000`002ffe00 00000001`3feb6a69 : 00000000`02ae7ffb 00000000`00000000 
00000000`0000000a 01d081e4`e06c0bf2 : tableau!WinMain+0x13c
00000000`002ffe70 00000000`76cc59cd : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00000000 : tableau!__tmainCRTStartup+0x149
00000000`002ffeb0 00000000`76efb891 : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`002ffee0 00000000`00000000 : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

FOLLOWUP_IP: 
fbclient!Firebird::MemoryPool::cleanup+10 
[d:\builds\3rdpartyfull\firebird\2.5.2\local\src\common\classes\alloc.cpp @ 337]
00000000`73a89d00 488b05b9f34a00  mov     rax,qword ptr [fbclient!extents_cache 
(00000000`73f390c0)]

------------------------------------------------------------------------------------------------------

Found a bug http://tracker.firebirdsql.org/browse/CORE-1265 that seemed to 
match this problem, but the version on the dll we have says 2.5.2, so bug 
CORE-1265 is reported fixed in this version.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

[Firebird-devel] [FB-Tracker] Created: (CORE-4818) Appverifier reports memory with active critical section freed when fbclient.dll is unloaded

Reply via email to