String corruption observed on win7-stab bot

[derekbruening]

From rnk@google.com on March 08, 2012 17:54:55

Observed here: http://build.chromium.org/p/client.drmemory/builders/win7-stab/builds/678/steps/Chromium%20%27unit%27%20tests/logs/stdio Search for symcache and you can find warnings like this:

[----------] 7 tests from GAIAInfoUpdateServiceTest [ RUN ] GAIAInfoUpdateServiceTest.DownloadSuccess [ OK ] GAIAInfoUpdateServiceTest.DownloadSuccess (93207 ms) [ RUN ] GAIAInfoUpdateServiceTest.DownloadFailure [ OK ] GAIAInfoUpdateServiceTest.DownloadFailure (90192 ms) [ RUN ] GAIAInfoUpdateServiceTest.NoMigration Dr.M Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/nMap> >::Pointer.txt [ OK ] GAIAInfoUpdateServiceTest.NoMigration (90660 ms) [ RUN ] GAIAInfoUpdateServiceTest.ShouldUseGAIAProfileInfo Dr.M Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/nMap> >::Pointer.txt [ OK ] GAIAInfoUpdateServiceTest.ShouldUseGAIAProfileInfo (89754 ms) [ RUN ] GAIAInfoUpdateServiceTest.ScheduleUpdate Dr.M Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/nMap> >::Pointer.txt [ OK ] GAIAInfoUpdateServiceTest.ScheduleUpdate (89363 ms) [ RUN ] GAIAInfoUpdateServiceTest.LogOut Dr.M Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/nMap> >::Pointer.txt [ OK ] GAIAInfoUpdateServiceTest.LogOut (90067 ms) [ RUN ] GAIAInfoUpdateServiceTest.LogIn Dr.M Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/nMap> >::Pointer.txt [ OK ] GAIAInfoUpdateServiceTest.LogIn (91144 ms) [----------] 7 tests from GAIAInfoUpdateServiceTest (634700 ms total)

[----------] 10 tests from ProfileInfoCacheTest [ RUN ] ProfileInfoCacheTest.AddProfiles [ OK ] ProfileInfoCacheTest.AddProfiles (344 ms) [ RUN ] ProfileInfoCacheTest.DeleteProfile [ OK ] ProfileInfoCacheTest.DeleteProfile (203 ms) [ RUN ] ProfileInfoCacheTest.MutateProfile [ OK ] ProfileInfoCacheTest.MutateProfile (250 ms) [ RUN ] ProfileInfoCacheTest.Sort Dr.M Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/T�T�.txt \~~Dr.M~~ Unable to create temp file for symfile E:\chromium\src\build\Debug\drmemory.symcache/T�T�.txt [ OK ] ProfileInfoCacheTest.Sort (182134 ms) [ RUN ] ProfileInfoCacheTest.BackgroundModeStatus [ OK ] ProfileInfoCacheTest.BackgroundModeStatus (234 ms) [ RUN ] ProfileInfoCacheTest.HasMigrated [ OK ] ProfileInfoCacheTest.HasMigrated (218 ms) [ RUN ] ProfileInfoCacheTest.GAIAName [ OK ] ProfileInfoCacheTest.GAIAName (250 ms) [ RUN ] ProfileInfoCacheTest.GAIAPicture [ OK ] ProfileInfoCacheTest.GAIAPicture (265 ms) [ RUN ] ProfileInfoCacheTest.PersistGAIAPicture [ OK ] ProfileInfoCacheTest.PersistGAIAPicture (234 ms) [ RUN ] ProfileInfoCacheTest.EmptyGAIAInfo [ OK ] ProfileInfoCacheTest.EmptyGAIAInfo (89629 ms) [----------] 10 tests from ProfileInfoCacheTest (274060 ms total)

I spent a while looking at the symcache code, and it's trying to print modname into a buffer so it can open the symcache temp file. modname is from the mod_cache_t entry in the symcache hashtable, and it's being properly strdup'd so modname should still be live and not a dangling reference.

Original issue: http://code.google.com/p/drmemory/issues/detail?id=821

[derekbruening]

From bruen...@google.com on March 08, 2012 17:03:38

the initial ones have a symbol name in them so perhaps this is an overflow or other invalid write from some other code involving symbols and is not the fault of symcache code at all

[derekbruening]

From rnk@google.com on March 08, 2012 17:30:37

If it were a string write overflow, I would think our DEBUG_MEMORY overflow checks would have caught it by now. This was something I noticed on the side, so I filed it without digging too deep. It's possible that the data is corrupt before we strdup it. Shouldn't be too hard to test that: just log all the modnames as they come in to the symcache.

[derekbruening]

From bruen...@google.com on March 08, 2012 17:46:42

stability tests are run with release DR not debug DR

[derekbruening]

From zhao...@google.com on September 13, 2012 08:51:17

On my local machine, I saw warning: Unable to create temp file for symfile ... when running the browser_tests with DrM pattern mode.

[derekbruening]

From zhao...@google.com on October 31, 2012 12:14:49

• It seems happens on my DrM release build with either debug or release build of browser_tests, but debug build DrM seems fine.
• The error message is something like "Unable to create temp file for symfile D:\src.../logs/symcache/KERNEL32.dll.txt" so the string seems not corrupted,
• When running browser_tests with release build DrM, the master browser_tests process first create a new brower_tests process and run the real tests. And then at exit, a new browser_tests process is created. And this third process has this Notice.

[derekbruening]

From zhao...@google.com on October 31, 2012 12:28:41

It could be the second process report this Notice too. Attaching to the process, it tried 1000 times to open the temp file and all failed: 0:006> dt symfile_tmp Local var @ 0x1840ed18 Type char[] [260] "D:\src\cygwin\home\zhaoqin\Workspace\DrMemory\builds\build_x86_rel.svn/logs/symcache/KERNEL32.dll.txt.0999.tmp" 0:006> dt symfile Local var @ 0x1840ee1c Type char[] [260] "D:\src\cygwin\home\zhaoqin\Workspace\DrMemory\builds\build_x86_rel.svn/logs/symcache/KERNEL32.dll.txt"

f is 0xffffffff

[derekbruening]

From bruen...@google.com on October 31, 2012 15:03:37

re: file creation issues: xref issue #1025