Critical section leak

Stanislav

New Member
Hello,

We use verifier in our project to detecte bugs. We detected leaked critical section. Hwinfo version is 4.4.1.0. Please check it.

WinDbg report:

0:012> .ecxr
eax=030f1028 ebx=003a7d54 ecx=00000002 edx=000001bf esi=00000000 edi=030f1028
eip=7c81a229 esp=043ef894 ebp=043efa98 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
ntdll!DbgBreakPoint:
7c81a229 cc              int     3
0:012> kb50
ChildEBP RetAddr  Args to Child              
043ef890 10003b68 f184e96d 003a60c8 017b8ec8 ntdll!DbgBreakPoint
043efa98 0039c55e 003a60c8 00000201 0564a940 vrfcore!VerifierStopMessageEx+0x4d1
043efacc 00396e4c 00000002 054b0000 00281000 vfbasics!AVrfpFreeMemLockChecks+0xd0
043efaf0 0039f372 00000002 054b0000 00281000 vfbasics!AVrfpFreeMemNotify+0x2b
043efb1c 7c8630a9 00340338 054b0000 00281000 vfbasics!AVrfpDllUnloadCallback+0x1a
043efb40 7c847cd3 002f42d0 054b0000 7c83969f ntdll!AVrfDllUnloadNotification+0x78
043efc48 0039f34d 054b0000 0450e028 00000000 ntdll!LdrUnloadDll+0x2bc
043efc5c 77e6b1d3 00340338 00000000 00000000 vfbasics!AVrfpLdrUnloadDll+0x5d
043efc70 04f697c1 054b0000 519a0bbf 01dffad8 kernel32!FreeLibrary+0x41
043efce4 00404c1a 6bd13030 01e9a4e0 043efd1c klcsnagt!KLHWINFO::HwInfoImpl::Destroy+0xa1 [o:\cs adminkit\development2\nagent\hwinv\hwinfo_impl.cpp @ 16707566]
043efd00 004028d9 01dffad8 6bd13018 01dea5f8 klcsldcl!KLSTD::AutoKLBaseQIWithDestroy::~AutoKLBaseQIWithDestroy+0x3a [o:\cs adminkit\development2\include\std\base\klbase.h @ 1224]
043efd28 0040296b 01dea5f8 043efdc8 004067ef klcsldcl!KLCDLTLDR::Codelet::~Codelet+0x59 [o:\cs adminkit\development2\apps\klcsldcl\klcsldcl.cpp @ 148]
043efd34 004067ef 00000001 00403ad2 6bd130f8 klcsldcl!KLCDLTLDR::Codelet::`scalar deleting destructor'+0xb
043efd3c 00403ad2 6bd130f8 67c03a10 00000000 klcsldcl!boost::detail::sp_counted_impl_p<KLCDLTLDR::Codelet>::dispose+0xf [o:\cs adminkit\development2\include\boost\detail\sp_counted_impl.hpp @ 79]
043efdc8 00405401 00000001 0040763c 6bd13320 klcsldcl!KLCDLTLDR::CodeletsLdrImpl::OnCmd_CodeletUnloadRemote+0x152 [o:\cs adminkit\development2\apps\klcsldcl\klcsldcl.cpp @ 348]
043efdd0 0040763c 6bd13320 01e50d90 01ec03a8 klcsldcl!KLSTDQUEUE::Cmd_CallMethod1<KLCDLTLDR::CodeletsLdrImpl,int>::process+0x11 [o:\cs adminkit\development2\include\common\queued_actions.h @ 93]
043efe10 00408b64 01e50d90 6bd13350 01ec0728 klcsldcl!KLSTDQUEUE::QueuedActionsHandler::OnCommand+0xcc [o:\cs adminkit\development2\common\queued_actions.cpp @ 54]
043efe60 004087f9 01ec03a8 00000000 01ec03a8 klcsldcl!KLCMDQUEUE::CmdQueue<KLSTD::KlAutoPtr<KLSTDQUEUE::QueuedItem>,KLSTD::KlAutoPtr<KLSTDQUEUE::QueuedItem>,KLSTDQUEUE::QueuedActionsHandler>::Invoke+0x204 [o:\cs adminkit\development2\include\std\tp\tpcmdqueue.h @ 313]
043efe70 00407abe 01ec01f0 0040304b 6bd133c4 klcsldcl!KLCMDQUEUE::CmdQueue<KLSTD::KlAutoPtr<KLSTDQUEUE::QueuedItem>,KLSTD::KlAutoPtr<KLSTDQUEUE::QueuedItem>,KLSTDQUEUE::QueuedActionsHandler>::CmdQueueWorkerTh<KLCMDQUEUE::CmdQueue<KLSTD::KlAutoPtr<KLSTDQUEUE::QueuedItem>,KLSTD::KlAutoPtr<KLSTDQUEUE::QueuedItem>,KLSTDQUEUE::QueuedActionsHandler> >::Run+0x29 [o:\cs adminkit\development2\include\std\tp\tpcmdqueue.h @ 122]
043efe78 0040304b 6bd133c4 00000003 67fb5ee4 klcsldcl!KLSTDQUEUE::QueuedActionsHandler::Run+0xe [o:\cs adminkit\development2\common\queued_actions.cpp @ 93]
043efef4 67c56e34 00000000 64d956c7 00000000 klcsldcl!KLCDLTLDR::CodeletsLdrImpl::TheQueueThread+0xbb [o:\cs adminkit\development2\apps\klcsldcl\klcsldcl.cpp @ 254]
043eff3c 78543433 01ec0d28 6b65ebae 00000000 klcsstd2!KLSTD::ThreadStubFunction+0x124 [o:\cs adminkit\development2\std\thr\thread.cpp @ 688]
043eff74 785434c7 017b7190 043effb8 003a42f7 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
043eff80 003a42f7 01ec0e20 e1be5edc 00000000 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
043effb8 77e6481f 017b7190 00000000 00000000 vfbasics!AVrfpStandardThreadFunction+0x2f
043effec 00000000 003a42c8 017b7190 00000000 kernel32!BaseThreadStart+0x34

0:012> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

APPLICATION_VERIFIER_LOCKS_LOCK_IN_UNLOADED_DLL (201)
Unloading DLL containing an active critical section.
This stop is generated if a DLL has a global variable containing a critical section
and the DLL is unloaded but the critical section has not been deleted. To debug
this stop use the following debugger commands:
$ du parameter3 - to dump the name of the culprit DLL.
$ .reload dllname or .reload dllname = parameter4 - to reload the symbols for that DLL.
$ !cs -s parameter1 - dump information about this critical section.
$ ln parameter1 - to show symbols near the address of the critical section.
This should help identify the leaked critical section.
$ dps parameter2 - to dump the stack trace for this critical section initialization.
Arguments:
Arg1: 0564a940, Critical section address. Run !cs -s <address> to get more information.
Arg2: 005abe1c, Critical section initialization stack trace. Run dps <address> to dump the stack trace.
Arg3: 00340338, DLL name address.
Arg4: 054b0000, DLL base address.

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c81a229 (ntdll!DbgBreakPoint)
  ExceptionCode: 80000003 (Break instruction exception)
 ExceptionFlags: 00000000
NumberParameters: 3
  Parameter[0]: 00000000
  Parameter[1]: fcc32020
  Parameter[2]: 000001bf

DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT
PROCESS_NAME:  klcsldcl.exe
CRITICAL_SECTION:  0564a940 -- (!cs -s 0564a940)
IMAGE_NAME:  HWiNFO32.dll
ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER:  from 00000000 to 00000000

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_PARAMETER1:  00000000
EXCEPTION_PARAMETER2:  fcc32020
EXCEPTION_PARAMETER3:  000001bf
NTGLOBALFLAG:  2000100
APPLICATION_VERIFIER_FLAGS:  80048066
APP:  klcsldcl.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
FAULTING_THREAD:  ffffffff
PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT
BUGCHECK_STR:  APPLICATION_FAULT_STATUS_BREAKPOINT
STACK_TEXT:  
00000000 00000000 hwinfo32.dll!Unknown+0x0

SYMBOL_STACK_INDEX:  0
SYMBOL_NAME:  hwinfo32.dll!Unknown
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: hwinfo32

DEBUG_FL_IMAGE_TIMESTAMP:  53d252c3

STACK_COMMAND:  ** Pseudo Context ** ; kb

BUCKET_ID:  APPLICATION_FAULT_STATUS_BREAKPOINT

FAILURE_BUCKET_ID:  STATUS_BREAKPOINT_80000003_HWiNFO32.dll!Unknown

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:status_breakpoint_80000003_hwinfo32.dll!unknown

FAILURE_ID_HASH:  {9b5567cc-2f6c-d602-7b6e-968ad67ed929}

Followup: MachineOwner
---------


0:012> !cs -s 0564a940
-----------------------------------------
Critical section   = 0x0564a940 (<Unloaded_HWiNFO32.dll>+0x19A940)
DebugInfo          = 0x002e1f90
NOT LOCKED
LockSemaphore      = 0x0
SpinCount          = 0x00000000


Stack trace for DebugInfo = 0x002e1f90:

0x0039bc36: vfbasics!AVrfpInitializeCriticalSectionCommon+0xD8
0x0039bd6f: vfbasics!AVrfpRtlInitializeCriticalSection+0x11
0x77e67867: kernel32!InitializeCriticalSection+0xE
0x05545642: <Unloaded_HWiNFO32.dll>+0x95642
0x05544742: <Unloaded_HWiNFO32.dll>+0x94742
0x05543abb: <Unloaded_HWiNFO32.dll>+0x93ABB
0x055421df: <Unloaded_HWiNFO32.dll>+0x921DF
0x054d0516: <Unloaded_HWiNFO32.dll>+0x20516
0x0554dd22: <Unloaded_HWiNFO32.dll>+0x9DD22
0x0554d23f: <Unloaded_HWiNFO32.dll>+0x9D23F
0x0554d359: <Unloaded_HWiNFO32.dll>+0x9D359
0x0554d414: <Unloaded_HWiNFO32.dll>+0x9D414
0x5a61899f: verifier!AVrfpStandardDllEntryPointRoutine+0x14F
0x1000898c: vrfcore!VfCoreStandardDllEntryPointRoutine+0x128
0x0039f544: vfbasics!AVrfpStandardDllEntryPointRoutine+0x97
0x7c81a19a: ntdll!LdrpCallInitRoutine+0x14
0x7c8332cd: ntdll!LdrpRunInitializeRoutines+0x367
0x7c834189: ntdll!LdrpLoadDll+0x3CD
0x7c833edd: ntdll!LdrLoadDll+0x198
0x0039f2c7: vfbasics!AVrfpLdrLoadDll+0x49
 
This is not from the standard HWiNFO32/HWiNFO64 tool.
Which product are you using and how is that related to HWiNFO ?
 
Martin said:
This is not from the standard HWiNFO32/HWiNFO64 tool.
Which product are you using and how is that related to HWiNFO ?

Yes, this is not a standart tool. We are using licensed HWiNFO SDK.
 
Back
Top