From: cataphract Operating system: Vista amd64 PHP version: trunk-SVN-2010-10-07 (SVN) Package: Scripting Engine problem Bug Type: Bug Bug description:On shared module unload: Unloading DLL containing an active critical section.
Description: ------------ When running PHP with App verifier, there's an exception on module unload. Test script: --------------- This happens with an empty script Expected result: ---------------- No exception. Actual result: -------------- CommandLine: C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\php.exe Symbol search path is: SRV*C:\Users\Cataphract\AppData\Local\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: ModLoad: 00000000`00400000 00000000`00421000 php.exe ModLoad: 00000000`77950000 00000000`77ad6000 ntdll.dll ModLoad: 00000000`77b10000 00000000`77c70000 ntdll32.dll ModLoad: 00000000`75260000 00000000`752a5000 C:\Windows\system32\wow64.dll ModLoad: 00000000`75210000 00000000`7525e000 C:\Windows\system32\wow64win.dll ModLoad: 00000000`753e0000 00000000`753e9000 C:\Windows\system32\wow64cpu.dll (2e40.3150): Break instruction exception - code 80000003 (first chance) ntdll!DbgBreakPoint: 00000000`77996060 cc int 3 0:000> g ModLoad: 00000000`77320000 00000000`7744d000 WOW64_IMAGE_SECTION ModLoad: 00000000`76a40000 00000000`76b50000 WOW64_IMAGE_SECTION ModLoad: 00000000`77320000 00000000`7744d000 NOT_AN_IMAGE ModLoad: 00000000`77250000 00000000`7731d000 NOT_AN_IMAGE ModLoad: 00000000`71ab0000 00000000`71ae1000 C:\Windows\syswow64\verifier.dll Page heap: pid 0x2E40: page heap enabled with flags 0x3. AVRF: php.exe: pid 0x2E40: flags 0x80C43027: application verifier enabled ModLoad: 00000000`72130000 00000000`72159000 C:\Windows\SysWOW64\vrfcore.dll ModLoad: 00000000`71900000 00000000`71951000 C:\Windows\SysWOW64\vfbasics.dll ModLoad: 00000000`76a40000 00000000`76b50000 C:\Windows\syswow64\kernel32.dll ModLoad: 00000000`10000000 00000000`106b9000 C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\php5ts_debug.dll ModLoad: 00000000`76f20000 00000000`77065000 C:\Windows\syswow64\ole32.dll ModLoad: 00000000`77140000 00000000`771ea000 C:\Windows\syswow64\msvcrt.dll ModLoad: 00000000`76b50000 00000000`76be0000 C:\Windows\syswow64\GDI32.dll ModLoad: 00000000`75630000 00000000`75700000 C:\Windows\syswow64\USER32.dll ModLoad: 00000000`77070000 00000000`77136000 C:\Windows\syswow64\ADVAPI32.dll ModLoad: 00000000`76e00000 00000000`76ef0000 C:\Windows\syswow64\RPCRT4.dll ModLoad: 00000000`755a0000 00000000`75600000 C:\Windows\syswow64\Secur32.dll ModLoad: 00000000`76ef0000 00000000`76f1d000 C:\Windows\syswow64\WS2_32.dll ModLoad: 00000000`77ae0000 00000000`77ae6000 C:\Windows\syswow64\NSI.dll ModLoad: 00000000`74ce0000 00000000`74d0c000 C:\Windows\SysWOW64\DNSAPI.dll ModLoad: 00000000`71980000 00000000`71aa4000 C:\Windows\WinSxS\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_2a4cbfc25558bcd3\MSVCR90D.dll (2e40.3150): WOW64 breakpoint - code 4000001f (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll32!DbgBreakPoint: 77b20004 cc int 3 0:000:x86> g ModLoad: 771f0000 77250000 C:\Windows\SysWOW64\IMM32.DLL ModLoad: 75ba0000 75c68000 C:\Windows\syswow64\MSCTF.dll ModLoad: 76df0000 76df9000 C:\Windows\syswow64\LPK.DLL ModLoad: 75eb0000 75f2d000 C:\Windows\syswow64\USP10.dll ModLoad: 751d0000 7520b000 C:\Windows\SysWOW64\rsaenh.dll ModLoad: 74d70000 74d8e000 C:\Windows\SysWOW64\USERENV.dll ModLoad: 01d30000 01d96000 C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\php_intl.dll ModLoad: 4a800000 4a925000 C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icuuc42.dll ModLoad: 4ad00000 4bc48000 C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icudt42.dll ModLoad: 71350000 713f3000 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCR90.dll ModLoad: 712c0000 7134e000 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCP90.dll ModLoad: 06c10000 06d69000 C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icuin42.dll ======================================= VERIFIER STOP 00000201: pid 0x2E40: Unloading DLL containing an active critical section. 4A91D150 : Critical section address. 00C418C0 : Critical section initialization stack trace. 04F56FE8 : DLL name address. 4A800000 : DLL base address. ======================================= This verifier stop is continuable. After debugging it use `go' to continue. ======================================= (2e40.3150): WOW64 breakpoint - code 4000001f (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. vrfcore!VerifierStopMessageEx+0x4ca: 72133b61 cc int 3 0:000:x86> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icuuc42.dll - APPLICATION_VERIFIER_LOCKS_LOCK_IN_UNLOADED_DLL (201) Unloading DLL containing an active critical section. This stop is generated if a DLL has a global variable containing a critical section and the DLL is unloaded but the critical section has not been deleted. To debug this stop use the following debugger commands: $ du parameter3 - to dump the name of the culprit DLL. $ .reload dllname or .reload dllname = parameter4 - to reload the symbols for that DLL. $ !cs -s parameter1 - dump information about this critical section. $ ln parameter1 - to show symbols near the address of the critical section. This should help identify the leaked critical section. $ dps parameter2 - to dump the stack trace for this critical section initialization. Arguments: Arg1: 04f56fe800c418c0, Critical section address. Arg2: 000000004a800000, Critical section initialization stack trace. Arg3: 0000000000000000, DLL name address. Arg4: 0000000000000000, DLL base address. FAULTING_IP: vrfcore!VerifierStopMessageEx+4ca [d:\avrf\source\base\avrf\avrf30\vrfcore\sdk.cpp @ 549] 72133b61 cc int 3 EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 0000000072133b61 (vrfcore!VerifierStopMessageEx+0x00000000000004ca) ExceptionCode: 4000001f (WOW64 breakpoint) ExceptionFlags: 00000000 NumberParameters: 1 Parameter[0]: 0000000000000000 FAULTING_THREAD: 0000000000003150 PROCESS_NAME: php.exe ERROR_CODE: (NTSTATUS) 0x4000001f - Exception status code used by Win32 x86 emulation subsystem. EXCEPTION_CODE: (Win32) 0x4000001f (1073741855) - <Unable to get error code text> EXCEPTION_PARAMETER1: 0000000000000000 NTGLOBALFLAG: 70 APPLICATION_VERIFIER_FLAGS: 0 CRITICAL_SECTION: 04f56fe800c418c0 -- (!cs -s 04f56fe800c418c0) DEFAULT_BUCKET_ID: VERIFIER_STOP_00000201 PRIMARY_PROBLEM_CLASS: VERIFIER_STOP_00000201 BUGCHECK_STR: APPLICATION_FAULT_VERIFIER_STOP_00000201_VERIFIER_STOP_00000201 LAST_CONTROL_TRANSFER: from 000000007190cb39 to 0000000072133b61 STACK_TEXT: 00c2f468 7190cb39 7191b0c8 00000201 4a91d150 vrfcore!VerifierStopMessageEx+0x4ca [d:\avrf\source\base\avrf\avrf30\vrfcore\sdk.cpp @ 549] 00c2f49c 71906f60 00000002 4a800000 00125000 vfbasics!AVrfpFreeMemLockChecks+0xd0 [d:\avrf\source\base\avrf\vrfcommon\critsect.c @ 1086] 00c2f4c0 7190fb9e 00000002 4a800000 00125000 vfbasics!AVrfpFreeMemNotify+0x2b [d:\avrf\source\base\avrf\vrfcommon\support.c @ 1489] 00c2f4ec 77b86a68 04f56fe8 4a800000 00125000 vfbasics!AVrfpDllUnloadCallback+0x1a [d:\avrf\source\base\avrf\vrfcommon\dlls.c @ 514] 00c2f510 77b64f3e 05b04f98 4a3b9f11 01d30000 ntdll32!AVrfDllUnloadNotification+0x7c 00c2f5b4 77b42deb 01d30000 00c2f5d8 4a3b9f5d ntdll32!LdrpUnloadDll+0x225 00c2f5f8 7190fb79 01d30000 00c2f700 00c2f628 ntdll32!LdrUnloadDll+0x46 00c2f60c 76a523c1 04f6bfe0 7efde000 00c2f700 vfbasics!AVrfpLdrUnloadDll+0x5d [d:\avrf\source\base\avrf\vrfcommon\dlls.c @ 1374] 00c2f61c 101f21e4 01d30000 00c2f7f4 00c2f70c kernel32!FreeLibrary+0x76 00c2f700 1030205c 06bc6fa0 00c2f8e0 00c2f8ec php5ts_debug!module_destructor+0xf4 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_api.c @ 2247] 00c2f7f4 10302224 10686040 06bc4fd0 00c2f9b8 php5ts_debug!zend_hash_apply_deleter+0x12c [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_hash.c @ 634] 00c2f8e0 101efe1c 10686040 00c2fa8c 00c2fa98 php5ts_debug!zend_hash_graceful_reverse_destroy+0x54 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_hash.c @ 671] 00c2f9b8 101e4a49 00c2fb70 00c2fa98 7efde000 php5ts_debug!zend_destroy_modules+0x5c [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_api.c @ 1782] 00c2fa8c 10376cc6 0566afe8 00c2fb78 00c2fb7c php5ts_debug!zend_shutdown+0x49 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend.c @ 783] 00c2fb70 00413d4a 0566afe8 00000000 00000000 php5ts_debug!php_module_shutdown+0x66 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\main\main.c @ 2202] 00c2ff30 00416258 00000001 05662fa0 055e8f10 php!main+0x1e7a [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\sapi\cli\php_cli.c @ 1452] 00c2ff80 0041609f 00c2ff94 76aceccb 7efde000 php!__tmainCRTStartup+0x1a8 [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 586] 00c2ff88 76aceccb 7efde000 00c2ffd4 77b8d24d php!mainCRTStartup+0xf [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 403] 00c2ff94 77b8d24d 7efde000 4a3b9571 00000000 kernel32!BaseThreadInitThunk+0xe 00c2ffd4 77b8d45f 0041123f 7efde000 00000000 ntdll32!__RtlUserThreadStart+0x23 00c2ffec 00000000 0041123f 7efde000 00000000 ntdll32!_RtlUserThreadStart+0x1b FOLLOWUP_IP: ntdll32!AVrfDllUnloadNotification+7c 77b86a68 3bf3 cmp esi,ebx SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: ntdll32!AVrfDllUnloadNotification+7c FOLLOWUP_NAME: MachineOwner MODULE_NAME: ntdll32 IMAGE_NAME: ntdll32.dll DEBUG_FLR_IMAGE_TIMESTAMP: 49e03824 STACK_COMMAND: ~0s ; kb FAILURE_BUCKET_ID: VERIFIER_STOP_00000201_4000001f_ntdll32.dll!AVrfDllUnloadNotification BUCKET_ID: X64_APPLICATION_FAULT_VERIFIER_STOP_00000201_VERIFIER_STOP_00000201_ntdll32!AVrfDllUnloadNotification+7c WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/php_exe/5_3_99_0/4cadd28a/vrfcore_dll/4_0_917_0/4a3653db/4000001f/00003b61.htm?Retriage=1 Followup: MachineOwner --------- 0:000:x86> !cs -s 04f56fe800c418c0 Cannot read DebugInfo adddress at 0x04f56fe800c418c0. Possible causes: - The critical section is not initialized, deleted or corrupted - The critical section was a global variable in a DLL that was unloaded - The memory is paged out Cannot read structure field value at 0x04f56fe800c418c4, error 0 Cannot determine if the critical section is locked or not. ----------------------------------------- Critical section = 0x04f56fe800c418c0 (+0x4F56FE800C418C0) DebugInfo = 0x0000000000c418c0 No stack trace found. -- Edit bug report at http://bugs.php.net/bug.php?id=53012&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=53012&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=53012&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=53012&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=53012&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=53012&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=53012&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=53012&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=53012&r=needscript Try newer version: http://bugs.php.net/fix.php?id=53012&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=53012&r=support Expected behavior: http://bugs.php.net/fix.php?id=53012&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=53012&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=53012&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=53012&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53012&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=53012&r=dst IIS Stability: http://bugs.php.net/fix.php?id=53012&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=53012&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=53012&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=53012&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=53012&r=mysqlcfg
