ASSERT alloc_drmem.c:1933 "app is using tool's memory: please report this!" on Chromium base_unittests with -no_check_uninitialized

[derekbruening]

From timurrrr@google.com on August 02, 2011 08:17:46

As of r438 on
$ drmemory.exe base_unittests --gtest_filter="Logging*"
on Windows 7

kn

ChildEBP RetAddr

00 24c47c68 71e92f5c ntdll!NtRaiseHardError+0x12
01 24c47cac 71e7ca8b dynamorio!nt_messagebox+0x7c [dynamorio\core\win32\ntdll.c @ 3296]
02 24c48cf4 1011eb4c dynamorio!dr_messagebox+0x8b [dynamorio\core\x86\instrument.c @ 3134]
03 24c48d00 1011eb93 drmemorylib!wait_for_user+0xc [common\utils.c @ 82]
04 24c48d4c 100e7fcd drmemorylib!drmemory_abort+0x33 [common\utils.c @ 110]
05 24c48e30 1001cfa2 drmemorylib!check_unaddressable_exceptions+0xc3d [drmemory\alloc_drmem.c @ 1933]
06 24c490e8 1001b618 drmemorylib!handle_mem_ref+0x1612 [drmemory\readwrite.c @ 2921]
07 24c49240 1000e0d4 drmemorylib!check_mem_opnd+0x18d8 [drmemory\readwrite.c @ 2833]
08 24c49324 1000fcda drmemorylib!slow_path_without_uninitialized+0x424 [drmemory\readwrite.c @ 1661]
09 24c4980c 100398e4 drmemorylib!slow_path_with_mc+0x195a [drmemory\readwrite.c @ 1853]
0a 24c498b0 10035e4f drmemorylib!handle_slowpath_fault+0x284 [drmemory\fastpath.c @ 3434]
0b 24c498cc 10008620 drmemorylib!event_exception_instrument+0x10f [drmemory\fastpath.c @ 3519]
0c 24c498dc 71e7bb5e drmemorylib!event_exception+0x10 [drmemory\drmemory.c @ 1186]
0d 24c49910 71e8bf45 dynamorio!instrument_exception+0x7e [dynamorio\core\x86\instrument.c @ 1723]
0e 24c49bec 71e8d3a0 dynamorio!client_exception_event+0x115 [dynamorio\core\win32\callback.c @ 4359]
0f 24c49ef0 71e33c20 dynamorio!intercept_exception+0x560 [dynamorio\core\win32\callback.c @ 5103]
10 24c49f84 71e1fa45 dynamorio!heap_free+0x40 [dynamorio\core\heap.c @ 3561]
11 24c49fb4 71e2b40b dynamorio!enter_nolinking+0xe5 [dynamorio\core\fragment.c @ 5881]
12 24bf5a80 00000005 dynamorio!dispatch+0x44b [dynamorio\core\dispatch.c @ 210]

dv
sz = 0x8000000 // looks insane?
base = 0x1cd20000 ""
write = 0 ''
loc = 0x1cda9798
addr = 0x1f263a74 ""
sz = 2
addr_on_stack = 0 ''
addr_in_heap = 0 ''
drcontext = 0x1cd55a80
pt = 0x1cdb4ac8
teb = 0x7efdd000
peb = 0x7efde000

Original issue: http://code.google.com/p/drmemory/issues/detail?id=532

[derekbruening]

From timurrrr@google.com on August 02, 2011 05:50:36

$ drmemory.exe base_unittests --gtest_filter="Logging_"
Pardon, I meant
$ drmemory.exe -no_check_uninitialized -- base_unittests --gtest_filter="Logging_"

[derekbruening]

From timurrrr@google.com on August 02, 2011 08:13:14

Reduced the repro to a simple test case:

C:\chromium\src>svn diff base\logging_unittest.cc
Index: base/logging_unittest.cc

--- base/logging_unittest.cc ( revision 94295 )
+++ base/logging_unittest.cc (working copy)
@@ -245,6 +245,14 @@
DCHECK_EQ(some_variable, 1) << "test";
}

+TEST_F(LoggingTest, DrMemoryCrash) {

• MockLogSource mock_log_source;
• EXPECT_CALL(mock_log_source, Log()).

•  WillRepeatedly(Return("log message"));
  

• PLOG(INFO) << mock_log_source.Log();
• PLOG_IF(INFO, true) << mock_log_source.Log();
  +}

} // namespace

} // namespace logging

[derekbruening]

From timurrrr@google.com on August 03, 2011 03:34:31

Looks like the crash happens on "fflush(stderr);" in base/logging.cc
Investigating...

[derekbruening]

From timurrrr@google.com on August 03, 2011 05:38:09

I was wrong: the crash happens on FormatMessageA with the following stack
[printed out by DrM when I've added "report_invalid_heap_arg" call right before the assertion:

[extracted from the global.log file]
...
WARNING: unknown region 0x1dfe0000-0x25fe0000 (size=0x08000000): marking as defined
INVALID HEAP ARGUMENT: GONNACRASH

1 RtlImageNtHeaderEx ntdll.dll+0x2f50f

2 RtlImageNtHeader ntdll.dll+0x347ff

3 LdrpGetFromMUIMemCache ntdll.dll+0x419ae

4 LdrLoadAlternateResourceModuleEx ntdll.dll+0x43a75

5 LdrpLoadResourceFromAlternativeModule ntdll.dll+0x43be0

6 LdrpSearchResourceSection_U ntdll.dll+0x437dc

7 RtlFindMessage ntdll.dll+0x4ac1e

8 BaseDllFormatMessage KERNELBASE.dll+0x13dd3

9 FormatMessageA KERNELBASE.dll+0x142b2

#10 logging::Win32ErrorLogMessage::~Win32ErrorLogMessage base\logging.cc:785
#11 logging::`anonymous namespace'::LoggingTest_DrMemoryCrash_Test::TestBody base\logging_unittest.cc:251
#12 testing::internal::HandleExceptionsInMethodIfSupportedtesting::Test,void testing\gtest\src\gtest.cc:2145

ASSERT FAILURE (thread 2584): ..\drmemory\alloc_drmem.c:1936: !dr_memory_is_dr_internal(addr) && !dr_memory_is_in_client(addr) (app is using tool's memory: please report this!)

[derekbruening]

From timurrrr@google.com on August 03, 2011 05:45:20

Short repro here:

#include <windows.h>
#include

int main() {
std::string str("Hello\n");
OutputDebugStringA(str.c_str());
char buff[256];
FormatMessageA(0x00001200, NULL, 0, 0, buff, 256, NULL);
}

Reminder: this is a -no_check_uninitialized-specific crash

[derekbruening]

From timurrrr@google.com on August 03, 2011 05:58:29

Also, from global.log file:
thread initial stack: 0x00090000-0x00189000-0x00190000, TOS=0x0018fff0
WARNING: unknown region 0x00090000-0x00190000: marking as defined
<- is it sane that the initial stack is an unknown region?

The warning line isn't there w/o -no_check_uninitialized

Status: Accepted

[derekbruening]

From bruen...@google.com on August 03, 2011 11:12:48

problem 1: NtContinue stack adjust doesn't check options.check_stack_bounds
problem 2: state restoration bug for repstr-to-loop (triggered by problem 1 here)

[derekbruening]

From derek.br...@gmail.com on August 03, 2011 14:30:29

This issue was closed by revision r451 .

Status: Fixed