php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53012 On shared module unload: Unloading DLL containing an active critical section.
Submitted: 2010-10-07 16:06 UTC Modified: -
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: cataphract@php.net Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: trunk-SVN-2010-10-07 (SVN) OS: Vista amd64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-10-07 16:06 UTC] cataphract@php.net 
Description:
------------
When running PHP with App verifier, there's an exception on module unload.

Test script:
---------------
This happens with an empty script

Expected result:
----------------
No exception.

Actual result:
--------------
CommandLine: C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\php.exe
Symbol search path is: SRV*C:\Users\Cataphract\AppData\Local\SYMBOLS*http://msdl.microsoft.com/download/symbols
Executable search path is: 
ModLoad: 00000000`00400000 00000000`00421000   php.exe 
ModLoad: 00000000`77950000 00000000`77ad6000   ntdll.dll
ModLoad: 00000000`77b10000 00000000`77c70000   ntdll32.dll
ModLoad: 00000000`75260000 00000000`752a5000   C:\Windows\system32\wow64.dll
ModLoad: 00000000`75210000 00000000`7525e000   C:\Windows\system32\wow64win.dll
ModLoad: 00000000`753e0000 00000000`753e9000   C:\Windows\system32\wow64cpu.dll
(2e40.3150): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00000000`77996060 cc              int     3
0:000> g
ModLoad: 00000000`77320000 00000000`7744d000   WOW64_IMAGE_SECTION
ModLoad: 00000000`76a40000 00000000`76b50000   WOW64_IMAGE_SECTION
ModLoad: 00000000`77320000 00000000`7744d000   NOT_AN_IMAGE
ModLoad: 00000000`77250000 00000000`7731d000   NOT_AN_IMAGE
ModLoad: 00000000`71ab0000 00000000`71ae1000   C:\Windows\syswow64\verifier.dll
Page heap: pid 0x2E40: page heap enabled with flags 0x3.
AVRF: php.exe: pid 0x2E40: flags 0x80C43027: application verifier enabled
ModLoad: 00000000`72130000 00000000`72159000   C:\Windows\SysWOW64\vrfcore.dll
ModLoad: 00000000`71900000 00000000`71951000   C:\Windows\SysWOW64\vfbasics.dll
ModLoad: 00000000`76a40000 00000000`76b50000   C:\Windows\syswow64\kernel32.dll
ModLoad: 00000000`10000000 00000000`106b9000   C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\php5ts_debug.dll
ModLoad: 00000000`76f20000 00000000`77065000   C:\Windows\syswow64\ole32.dll
ModLoad: 00000000`77140000 00000000`771ea000   C:\Windows\syswow64\msvcrt.dll
ModLoad: 00000000`76b50000 00000000`76be0000   C:\Windows\syswow64\GDI32.dll
ModLoad: 00000000`75630000 00000000`75700000   C:\Windows\syswow64\USER32.dll
ModLoad: 00000000`77070000 00000000`77136000   C:\Windows\syswow64\ADVAPI32.dll
ModLoad: 00000000`76e00000 00000000`76ef0000   C:\Windows\syswow64\RPCRT4.dll
ModLoad: 00000000`755a0000 00000000`75600000   C:\Windows\syswow64\Secur32.dll
ModLoad: 00000000`76ef0000 00000000`76f1d000   C:\Windows\syswow64\WS2_32.dll
ModLoad: 00000000`77ae0000 00000000`77ae6000   C:\Windows\syswow64\NSI.dll
ModLoad: 00000000`74ce0000 00000000`74d0c000   C:\Windows\SysWOW64\DNSAPI.dll
ModLoad: 00000000`71980000 00000000`71aa4000   C:\Windows\WinSxS\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_2a4cbfc25558bcd3\MSVCR90D.dll
(2e40.3150): WOW64 breakpoint - code 4000001f (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll32!DbgBreakPoint:
77b20004 cc              int     3
0:000:x86> g
ModLoad: 771f0000 77250000   C:\Windows\SysWOW64\IMM32.DLL
ModLoad: 75ba0000 75c68000   C:\Windows\syswow64\MSCTF.dll
ModLoad: 76df0000 76df9000   C:\Windows\syswow64\LPK.DLL
ModLoad: 75eb0000 75f2d000   C:\Windows\syswow64\USP10.dll
ModLoad: 751d0000 7520b000   C:\Windows\SysWOW64\rsaenh.dll
ModLoad: 74d70000 74d8e000   C:\Windows\SysWOW64\USERENV.dll
ModLoad: 01d30000 01d96000   C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\php_intl.dll
ModLoad: 4a800000 4a925000   C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icuuc42.dll
ModLoad: 4ad00000 4bc48000   C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icudt42.dll
ModLoad: 71350000 713f3000   C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCR90.dll
ModLoad: 712c0000 7134e000   C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCP90.dll
ModLoad: 06c10000 06d69000   C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icuin42.dll


=======================================
VERIFIER STOP 00000201: pid 0x2E40: Unloading DLL containing an active critical section. 

	4A91D150 : Critical section address.
	00C418C0 : Critical section initialization stack trace.
	04F56FE8 : DLL name address.
	4A800000 : DLL base address.


=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

(2e40.3150): WOW64 breakpoint - code 4000001f (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
vrfcore!VerifierStopMessageEx+0x4ca:
72133b61 cc              int     3
0:000:x86> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\icuuc42.dll - 
APPLICATION_VERIFIER_LOCKS_LOCK_IN_UNLOADED_DLL (201)
Unloading DLL containing an active critical section.
This stop is generated if a DLL has a global variable containing a critical section
and the DLL is unloaded but the critical section has not been deleted. To debug
this stop use the following debugger commands:
$ du parameter3 - to dump the name of the culprit DLL.
$ .reload dllname or .reload dllname = parameter4 - to reload the symbols for that DLL.
$ !cs -s parameter1 - dump information about this critical section.
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the leaked critical section.
$ dps parameter2 - to dump the stack trace for this critical section initialization. 
Arguments:
Arg1: 04f56fe800c418c0, Critical section address. 
Arg2: 000000004a800000, Critical section initialization stack trace. 
Arg3: 0000000000000000, DLL name address. 
Arg4: 0000000000000000, DLL base address. 

FAULTING_IP: 
vrfcore!VerifierStopMessageEx+4ca [d:\avrf\source\base\avrf\avrf30\vrfcore\sdk.cpp @ 549]
72133b61 cc              int     3

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000072133b61 (vrfcore!VerifierStopMessageEx+0x00000000000004ca)
   ExceptionCode: 4000001f (WOW64 breakpoint)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 0000000000000000

FAULTING_THREAD:  0000000000003150

PROCESS_NAME:  php.exe

ERROR_CODE: (NTSTATUS) 0x4000001f - Exception status code used by Win32 x86 emulation subsystem.

EXCEPTION_CODE: (Win32) 0x4000001f (1073741855) - <Unable to get error code text>

EXCEPTION_PARAMETER1:  0000000000000000

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

CRITICAL_SECTION:  04f56fe800c418c0 -- (!cs -s 04f56fe800c418c0)

DEFAULT_BUCKET_ID:  VERIFIER_STOP_00000201

PRIMARY_PROBLEM_CLASS:  VERIFIER_STOP_00000201

BUGCHECK_STR:  APPLICATION_FAULT_VERIFIER_STOP_00000201_VERIFIER_STOP_00000201

LAST_CONTROL_TRANSFER:  from 000000007190cb39 to 0000000072133b61

STACK_TEXT:  
00c2f468 7190cb39 7191b0c8 00000201 4a91d150 vrfcore!VerifierStopMessageEx+0x4ca [d:\avrf\source\base\avrf\avrf30\vrfcore\sdk.cpp @ 549]
00c2f49c 71906f60 00000002 4a800000 00125000 vfbasics!AVrfpFreeMemLockChecks+0xd0 [d:\avrf\source\base\avrf\vrfcommon\critsect.c @ 1086]
00c2f4c0 7190fb9e 00000002 4a800000 00125000 vfbasics!AVrfpFreeMemNotify+0x2b [d:\avrf\source\base\avrf\vrfcommon\support.c @ 1489]
00c2f4ec 77b86a68 04f56fe8 4a800000 00125000 vfbasics!AVrfpDllUnloadCallback+0x1a [d:\avrf\source\base\avrf\vrfcommon\dlls.c @ 514]
00c2f510 77b64f3e 05b04f98 4a3b9f11 01d30000 ntdll32!AVrfDllUnloadNotification+0x7c
00c2f5b4 77b42deb 01d30000 00c2f5d8 4a3b9f5d ntdll32!LdrpUnloadDll+0x225
00c2f5f8 7190fb79 01d30000 00c2f700 00c2f628 ntdll32!LdrUnloadDll+0x46
00c2f60c 76a523c1 04f6bfe0 7efde000 00c2f700 vfbasics!AVrfpLdrUnloadDll+0x5d [d:\avrf\source\base\avrf\vrfcommon\dlls.c @ 1374]
00c2f61c 101f21e4 01d30000 00c2f7f4 00c2f70c kernel32!FreeLibrary+0x76
00c2f700 1030205c 06bc6fa0 00c2f8e0 00c2f8ec php5ts_debug!module_destructor+0xf4 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_api.c @ 2247]
00c2f7f4 10302224 10686040 06bc4fd0 00c2f9b8 php5ts_debug!zend_hash_apply_deleter+0x12c [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_hash.c @ 634]
00c2f8e0 101efe1c 10686040 00c2fa8c 00c2fa98 php5ts_debug!zend_hash_graceful_reverse_destroy+0x54 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_hash.c @ 671]
00c2f9b8 101e4a49 00c2fb70 00c2fa98 7efde000 php5ts_debug!zend_destroy_modules+0x5c [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend_api.c @ 1782]
00c2fa8c 10376cc6 0566afe8 00c2fb78 00c2fb7c php5ts_debug!zend_shutdown+0x49 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\zend\zend.c @ 783]
00c2fb70 00413d4a 0566afe8 00000000 00000000 php5ts_debug!php_module_shutdown+0x66 [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\main\main.c @ 2202]
00c2ff30 00416258 00000001 05662fa0 055e8f10 php!main+0x1e7a [c:\users\cataphract\documents\sdk\php54dev\vc9\x86\php54-trunk\sapi\cli\php_cli.c @ 1452]
00c2ff80 0041609f 00c2ff94 76aceccb 7efde000 php!__tmainCRTStartup+0x1a8 [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 586]
00c2ff88 76aceccb 7efde000 00c2ffd4 77b8d24d php!mainCRTStartup+0xf [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 403]
00c2ff94 77b8d24d 7efde000 4a3b9571 00000000 kernel32!BaseThreadInitThunk+0xe
00c2ffd4 77b8d45f 0041123f 7efde000 00000000 ntdll32!__RtlUserThreadStart+0x23
00c2ffec 00000000 0041123f 7efde000 00000000 ntdll32!_RtlUserThreadStart+0x1b


FOLLOWUP_IP: 
ntdll32!AVrfDllUnloadNotification+7c
77b86a68 3bf3            cmp     esi,ebx

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  ntdll32!AVrfDllUnloadNotification+7c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntdll32

IMAGE_NAME:  ntdll32.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  49e03824

STACK_COMMAND:  ~0s ; kb

FAILURE_BUCKET_ID:  VERIFIER_STOP_00000201_4000001f_ntdll32.dll!AVrfDllUnloadNotification

BUCKET_ID:  X64_APPLICATION_FAULT_VERIFIER_STOP_00000201_VERIFIER_STOP_00000201_ntdll32!AVrfDllUnloadNotification+7c

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/php_exe/5_3_99_0/4cadd28a/vrfcore_dll/4_0_917_0/4a3653db/4000001f/00003b61.htm?Retriage=1

Followup: MachineOwner
---------

0:000:x86> !cs -s 04f56fe800c418c0
Cannot read DebugInfo adddress at 0x04f56fe800c418c0. Possible causes:
	- The critical section is not initialized, deleted or corrupted
	- The critical section was a global variable in a DLL that was unloaded
	- The memory is paged out
Cannot read structure field value at 0x04f56fe800c418c4, error 0
Cannot determine if the critical section is locked or not.
-----------------------------------------
Critical section   = 0x04f56fe800c418c0 (+0x4F56FE800C418C0)
DebugInfo          = 0x0000000000c418c0
No stack trace found.

Patches

Add a Patch

Pull Requests

Add a Pull Request
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved. 		Last updated: Thu Dec 12 16:01:24 2019 UTC