CreateThread() fails in DrMemory.1.10.1 Win64 version

[avaneev]

I can't be sure which part is responsible for this issue, but I can't debug Win64 programs that use CreateThread() under Dr.Memory. This system call simply fails and the whole application either crashes or exits. When I disable this call in my application, Dr.Memory runs correctly.

[derekbruening]

Chromium runs, so CreateThread works in general. Please provide more information: what version of Windows; what is the error code of the failure; please try to create a small reproducer we can try.

[avaneev]

The program is simple, and it crashes under Dr.Memory Win64, Windows 7 Pro 64-bit SP1. The command line is bin64\drmemory.exe -no_check_leaks -no_count_leaks -no_possible_leaks --

#include <windows.h>
#include <stdio.h>

DWORD WINAPI ThreadFuncStub( LPVOID ThreadPtr )
{
    return( 0 );
}

int main()
{
    DWORD ThreadId;
    HANDLE ThrHandle = CreateThread( NULL, 0, ThreadFuncStub, NULL, 0,
        &ThreadId );

    printf( "%i\n", (int) ThrHandle );
}

[derekbruening]

I cannot reproduce any problem with the supplied program. On Windows 7 Ultimate 6.1.7601 SP1:

% cl /Zi i1883.c 
Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for x64
Copyright (C) Microsoft Corporation.  All rights reserved.

i1883.c
Microsoft (R) Incremental Linker Version 10.00.40219.01
Copyright (C) Microsoft Corporation.  All rights reserved.

/out:i1883.exe 
/debug 
i1883.obj 

% ~/drmemory/releases/DrMemory-Windows-1.10.1-3/bin64/drmemory -no_check_leaks -no_count_leaks -no_possible_leaks -batch -- ./i1883.exe
~~Dr.M~~ Dr. Memory version 1.10.1
~~Dr.M~~ (Uninitialized read checking is not yet supported for 64-bit)
~~Dr.M~~ Running "./i1883.exe"
104
~~Dr.M~~ 
~~Dr.M~~ NO ERRORS FOUND:
~~Dr.M~~       0 unique,     0 total unaddressable access(es)
~~Dr.M~~       0 unique,     0 total invalid heap argument(s)
~~Dr.M~~       0 unique,     0 total GDI usage error(s)
~~Dr.M~~       0 unique,     0 total handle leak(s)
~~Dr.M~~       0 unique,     0 total warning(s)
~~Dr.M~~ ERRORS IGNORED:
~~Dr.M~~       1 potential error(s) (suspected false positives)
~~Dr.M~~          (details: D:\derek\drmemory\releases\DrMemory-Windows-1.10.1-3\drmemory\logs\DrMemory-i1883.exe.3780.000\potential_errors.txt)
~~Dr.M~~ Details: D:\derek\drmemory\releases\DrMemory-Windows-1.10.1-3\drmemory\logs\DrMemory-i1883.exe.3780.000\results.txt

The program behaves just like it does natively, printing the handle as an int and then exiting.

[derekbruening]

Can you reproduce this only on that one machine? Is there some invasive software on that machine? What is the precise output of this failure/crash?

[avaneev]

I use Intel C++ Compiler 14. I have not checked it on other computers. The computer is Intel i7-4770K with 16 GB of memory.

Dr.Memory prints at the end: WARNING: application exited with abnormal code 0xc0000005

[derekbruening]

I don't have access to the Intel compiler. The same Windows API and MSVCRT libraries should be used. Please debug further: see https://github.com/DynamoRIO/drmemory/wiki/Debugging. Use debug DrM and debug DR; look at the precise instruction that is hitting the access violation: what is it?; get logs with "-debug -verbose 3"; is this compiler using a strange instruction sequence? If so, why does calling CreateThread matter?

[avaneev]

When running Dr.Memory with -dr_debug I get this error:

[derekbruening]

That may mean there's invasive software on your particular computer, or your Windows system calls are in some other way different from expected. Usually this might cause an up-front error though, not an app crash later. What about all the tests under "Narrowing down the source of the problem"? Does plain DR release build work? Use ProcessExplorer or a debugger and look at the list of libraries in this app (when started natively): is there AV software or something hooking your system calls in a weird way. Use windbg with the instructions to get DR symbols to see which syscall this is (print out syscalls_names[i] at the assert popup you pasted) and disassemble its entry point.

[avaneev]

I do use AV software - Dr.Web. Disabling it does not help. But I can't uninstall it to test in AV-less mode.