Skip to content
GitLab
Open
Issue created by Derek Bruening@derekbrueningContributor

CRASH (browser_tests while persisting) entrance_stub_target_tag()

From bruen...@google.com on July 07, 2013 22:20:59

Unrecoverable Error at PC 0x682bd739. Program aborted. 0xc0000005 0x00000000 0x682bd739 0x682bd739 0x00000000 0xe7ce3006 Base: 0x68250000 Registers: eax=0x198a3428 ebx=0xe7ce3000 ecx=0xe7ce3000 edx=0x1a884df4 esi=0x1c6fe7c4 edi=0x1c096440 esp=0x1c6fe71c ebp=0x1c701838

0:011> U 0x682bd739 dynamorio!entrance_stub_target_tag+0x9 [d:\derek\dr\git\src\core\x86\emit_utils.c @ 1891]: 682bd739 8b7106 mov esi,dword ptr [ecx+6]

0:011> kn =1c701838 1c6fe71c 682bd739

ChildEBP RetAddr

00 1c6fe71c 682ab91f dynamorio!entrance_stub_target_tag+0x9 [d:\derek\dr\git\src\core\x86\emit_utils.c @ 1891] 01 1c6fe74c 682abccd dynamorio!coarse_merge_process_stub+0x1f [d:\derek\dr\git\src\core\perscache.c @ 1328] 02 1c6fe778 682ad4d4 dynamorio!coarse_merge_update_jmps+0x20d [d:\derek\dr\git\src\core\perscache.c @ 1490] 03 1c6fe7e0 682adfc9 dynamorio!coarse_unit_merge+0x1e4 [d:\derek\dr\git\src\core\perscache.c @ 1996] 04 1c6fe808 682ae33a dynamorio!coarse_unit_merge_with_disk+0x99 [d:\derek\dr\git\src\core\perscache.c @ 2626] 05 1c6fef14 682a4510 dynamorio!coarse_unit_persist+0x28a [d:\derek\dr\git\src\core\perscache.c @ 3382] 06 1c6fef34 682a4600 dynamorio!vm_area_coarse_region_freeze+0xf0 [d:\derek\dr\git\src\core\vmareas.c @ 10091] 07 1c6fef58 682aafb7 dynamorio!vm_area_coarse_units_freeze+0x70 [d:\derek\dr\git\src\core\vmareas.c @ 10148] 08 1c6fef80 682ad100 dynamorio!coarse_units_freeze_all+0x227 [d:\derek\dr\git\src\core\perscache.c @ 548] 09 1c6fef88 6827e7fd dynamorio!perscache_fast_exit+0x10 [d:\derek\dr\git\src\core\perscache.c @ 437]

0:011> dds esp 1c6fe71c 1c6fe7c4 1c6fe720 682ab91f dynamorio!coarse_merge_process_stub+0x1f [d:\derek\dr\git\src\core\perscache.c @ 1328] 1c6fe724 e7ce3000 1c6fe728 198a3428

     next_pc = 0x07f87df8 ">???"

07f87dc5 85d2 test edx,edx 07f87dc7 0f8663820000 jbe 07f90030 07f87dcd 8d7e34 lea edi,[esi+34h] 07f87dd0 57 push edi 07f87dd1 8d45ec lea eax,[ebp-14h] 07f87dd4 50 push eax 07f87dd5 682b7ef176 push offset ntdll!SbpUpdateCache+0xe3 (76f17e2b) 07f87dda 8bff mov edi,edi 07f87ddc 55 push ebp 07f87ddd 8bec mov ebp,esp 07f87ddf 56 push esi 07f87de0 8b750c mov esi,dword ptr [ebp+0Ch] 07f87de3 57 push edi 07f87de4 8b7d08 mov edi,dword ptr [ebp+8] 07f87de7 6a04 push 4 07f87de9 83c620 add esi,20h 07f87dec 59 pop ecx 07f87ded 33c0 xor eax,eax 07f87def e302 jecxz 07f87df3 07f87df1 eb05 jmp 07f87df8 07f87df3 e908b2d5df jmp e7ce3000 <--- bogus target ==> 07f87df8 3e813efdf1fdf1 cmp dword ptr ds:[esi],0F1FDF1FDh 07f87dff 7502 jne 07f87e03 07f87e01 0f0b ud2 07f87e03 26813ffdf1fdf1 cmp dword ptr es:[edi],0F1FDF1FDh 07f87e0a 7502 jne 07f87e0e 07f87e0c 0f0b ud2 07f87e0e a7 cmps dword ptr [esi],dword ptr es:[edi] 07f87e0f e1e7 loope 07f87df8 07f87e11 5f pop edi 07f87e12 0f94c0 sete al

0:011> dds 1c6fe7e0 1c6fe7e0 00000000 1c6fe7e4 682adfc9 dynamorio!coarse_unit_merge_with_disk+0x99 [d:\derek\dr\git\src\core\perscache.c @ 2626] 1c6fe7e8 1c096440 1c6fe7ec 198a3528 1c6fe7f0 198a3428 1c6fe7f4 00000000 0:011> dt dynamorio!coarse_info_t 198a3428 +0x000 frozen : 0y1 +0x000 persisted : 0y1 +0x000 in_use : 0y0 +0x000 has_persist_info : 0y1 +0x000 primary_for_module : 0y0 +0x000 stubs_readonly : 0y1 +0x004 cache : 0x194592b4 Void +0x008 htable : 0x194087c4 Void +0x00c th_htable : 0x194089f4 Void +0x010 pclookup_last_htable : (null) +0x014 stubs : 0x1a39102c Void +0x018 fcache_return_prefix : 0x07f90000 "d???" +0x01c trace_head_return_prefix : 0x07f90011 "???" +0x020 ibl_ret_prefix : 0x07f90016 "???" +0x024 ibl_call_prefix : 0x07f9001b "???" +0x028 ibl_jmp_prefix : 0x07f90020 "???" +0x02c incoming : (null) +0x030 cache_start_pc : 0x07f64000 "???" +0x034 cache_end_pc : 0x07f8f537 "" +0x038 stubs_start_pc : 0x07f90030 "gd???" +0x03c stubs_end_pc : 0x07f96eb0 "???" +0x040 mmap_size : 0x77000 +0x044 pclookup_htable : (null) +0x048 flags : 0x109 +0x04c mmap_pc : 0x07f20000 "RIO$." +0x050 mmap_ro_size : 0x70000 +0x054 fd : 0x00000204 Void +0x058 persisted_source_mmap_size : 0 +0x05c stubs_write_count : 0 +0x060 non_frozen : (null) +0x064 lock : _mutex_t +0x06c incoming_lock : _mutex_t +0x074 base_pc : 0x76ee0000 "???" +0x078 end_pc : 0x76fb6000 "--- memory read error at address 0x76fb6000 ---" +0x07c module_md5 : module_digest_t +0x09c persist_base : 0x76ed0000 "MZ???" +0x0a0 mod_shift : 0n0 0:011> dt dynamorio!coarse_info_t 198a3528 +0x000 frozen : 0y1 +0x000 persisted : 0y0 +0x000 in_use : 0y0 +0x000 has_persist_info : 0y1 +0x000 primary_for_module : 0y1 +0x000 stubs_readonly : 0y0 +0x004 cache : 0x1940940c Void +0x008 htable : 0x199b0034 Void +0x00c th_htable : 0x19408840 Void +0x010 pclookup_last_htable : (null) +0x014 stubs : 0x1c647260 Void +0x018 fcache_return_prefix : 0x1a48a000 "d???" +0x01c trace_head_return_prefix : 0x1a48a011 "???" +0x020 ibl_ret_prefix : 0x1a48a016 "???" +0x024 ibl_call_prefix : 0x1a48a01b "???" +0x028 ibl_jmp_prefix : 0x1a48a020 "???" +0x02c incoming : (null) +0x030 cache_start_pc : 0x1a461000 "???" +0x034 cache_end_pc : 0x1a4852f9 "" +0x038 stubs_start_pc : 0x1a48a030 "gd???" +0x03c stubs_end_pc : 0x1a490190 "" +0x040 mmap_size : 0x2f190 +0x044 pclookup_htable : 0x19425abc Void +0x048 flags : 8 +0x04c mmap_pc : (null) +0x050 mmap_ro_size : 0 +0x054 fd : (null) +0x058 persisted_source_mmap_size : 0 +0x05c stubs_write_count : 0 +0x060 non_frozen : (null) +0x064 lock : _mutex_t +0x06c incoming_lock : _mutex_t +0x074 base_pc : 0x76ee0000 "???" +0x078 end_pc : 0x76fb6000 "--- memory read error at address 0x76fb6000 ---" +0x07c module_md5 : module_digest_t +0x09c persist_base : (null) +0x0a0 mod_shift : 0n0

it's ntdll: 76ed0000 77050000 ntdll (pdb symbols) d:\derek\symbols\wntdll.pdb\D74F79EB1F8D4A45ABCD2F476CCABACC2\wntdll.pdb

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1204