Skip to Content
1
Aug 24 at 01:13 PM

Heap allocation failure in cslibu_3_0 or crpe32 modules

188 Views Last edit Aug 24 at 08:11 PM 2 rev

Using SAP Crystal runtime for .NET v13.0.31.4010

Using .NET Framework 4.8

We have an ASP.NET web application that uses a Windows service. The service has crashed multiple times based on the faulting Windows module ntdll.dll (see below for extract from the Application Log):

Faulting module name: ntdll.dll, version: 10.0.17763.2989, time stamp: 0x21d18902

We opened a support ticket with Microsoft and after collecting various dump files, the engineer found a heap allocation error in one of the two SAP modules cslibu_3_0 or crpe32 that was causing the exception.

I have enclosed excerpts of the dump files and analysis provided by the Microsoft engineer below. Is this an issue that has been detected and resolved in a newer version of the runtime? If not, how can we get this reviewed by the appropriate team at SAP?

Thank you in advance.

Below are excerpts from the call stack traces captured by the dumps:

2. The first is the c0000374 exception which we encountered in earlier logs. Its call stack:

0:036> kc

# Call Site

00 ntdll!ZwWaitForMultipleObjects

01 ntdll!WerpWaitForCrashReporting

0e ntdll!RtlpLogHeapFailure

0f ntdll!RtlpSubSegmentAllocate

10 ntdll!RtlpLocalInfoAllocFromCache

11 ntdll!RtlpLowFragHeapAllocFromContext

12 ntdll!RtlpAllocateHeapInternal

13 ucrtbase!_malloc_base

14 mfc140u!operator new

15 cslibu_3_0!CSLib300::CSObArray::setSize

16 cslibu_3_0!CSLib300::CSObArray::add

17 crpe32!MWCleanupProcess

3. I can find the same c0000374 exception in other 2 dumps, which has similar (but not the same) call stack:

0:029> kc

# Call Site

00 ntdll!ZwWaitForMultipleObjects

01 ntdll!WerpWaitForCrashReporting

0e ntdll!RtlpLogHeapFailure

0f ntdll!RtlpSubSegmentAllocate

10 ntdll!RtlpLocalInfoAllocFromCache

11 ntdll!RtlpLowFragHeapAllocFromContext

12 ntdll!RtlpAllocateHeapInternal

13 ucrtbase!_malloc_base

14 crpe32!MWCleanupProcess

And

0:029> kc

# Call Site

00 ntdll!ZwWaitForMultipleObjects

01 ntdll!WerpWaitForCrashReporting

0e ntdll!RtlpLogHeapFailure

0f ntdll!RtlpSubSegmentAllocate

10 ntdll!RtlpLocalInfoAllocFromCache

11 ntdll!RtlpLowFragHeapAllocFromContext

12 ntdll!RtlpAllocateHeapInternal

13 ucrtbase!_malloc_base

14 mfc140u!operator new

15 cslibu_3_0!CSLib300::StrDup

16 crpe32!MWCleanupProcess

Further investigation found the source code related to this issue:

if (RtlpIsBlockBusy(HeapEntry) != FALSE) {

RtlpLogHeapFailure(heap_failure_lfh_bitmap_mismatch,

(PVOID)SegmentInfo->LocalData->LowFragHeap->Heap,

HeapEntry,

NULL,

NULL,

NULL);

The cause of this crash is the heap entry allocated shows it is already reserved for unknown reason. We have additional analysis and log file dumps if needed.

From the dumps, we don’t know how and why the UnusedBytes is set to 88.