[ https://jira.reactos.org/browse/CORE-14293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=103013#comment-103013 ]
HBelusca commented on CORE-14293:
---------------------------------
Update: I get this crash now:
{noformat}
(D:\rossrc\reactos\ntoskrnl\ex\work.c:755) Requesting a new thread. CurrentCount: 0. MaxCount: 1
(D:\rossrc\reactos\ntoskrnl\ex\work.c:398) EX: Creating new dynamic thread as requested
(D:\rossrc\reactos\ntoskrnl\mm\ARM3\expool.c:2510) Freeing pool - invalid tag specified: CcPc !=
*** Fatal System Error: 0x000000c2
(0x0000000A,0xB1D71ED0,0x00000000,0x63506343)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows Server 2003 3790 x86 compatible target at (Sun Apr 1 00:05:45.241 2018 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
..........................................................
Loading User Symbols
*** ERROR: Symbol file could not be found. Defaulted to export symbols for VBoxDisp.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for VBoxVideo.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for VBoxGuest.sys -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {a, b1d71ed0, 0, 63506343}
Probably caused by : ntoskrnl.exe ( nt!ExFreePoolWithTag+3b9 )
Followup: MachineOwner
---------
nt!RtlpBreakWithStatusInstruction:
805171c8 cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000a, Attempt to free some other component's protected pool.
Arg2: b1d71ed0, Address of pool
Arg3: 00000000, Pool allocation's tag
Arg4: 63506343, Quota process pointer (bad).
Debugging Details:
------------------
BUGCHECK_STR: 0xc2_a
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8047bfe8 to 805171c8
STACK_TEXT:
f790a84c 8047bfe8 00000003 f790ab6c ffdff408 nt!RtlpBreakWithStatusInstruction
f790a87c 8047c8f3 00000003 00000000 8000003b nt!KiBugCheckDebugBreak+0x38 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 538]
f790ac18 8047cf50 000000c2 0000000a b1d71ed0 nt!KeBugCheckWithTf+0x553 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1102]
f790ac38 804921f9 000000c2 0000000a b1d71ed0 nt!KeBugCheckEx+0x20 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1462]
f790ac9c 804098f6 b1d71ed0 63506343 0090acd8 nt!ExFreePoolWithTag+0x3b9 [d:\rossrc\reactos\ntoskrnl\mm\arm3\expool.c @ 2519]
f790acb8 804066f5 b1dada00 b1d0db68 b1cc1d50 nt!CcRosReleaseFileCache+0xb6 [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 1243]
f790acd8 f7ba0d5f b1dada00 b1d0db68 00000000 nt!CcUninitializeCacheMap+0xa5 [d:\rossrc\reactos\ntoskrnl\cc\fs.c @ 357]
f790ad04 f7ba0a32 b1cbb250 b1cbb250 f790ad38 fastfat!VfatCleanupFile+0x2df [d:\rossrc\reactos\drivers\filesystems\fastfat\cleanup.c @ 123]
f790ad14 f7bb07c1 b1cbb250 00000001 00000012 fastfat!VfatCleanup+0x62 [d:\rossrc\reactos\drivers\filesystems\fastfat\cleanup.c @ 178]
f790ad38 f7bb0cfa b1cbb250 f790ad8c 80439afd fastfat!VfatDispatchRequest+0x141 [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 169]
f790ad44 80439afd b1cbb250 fc45390c 00000001 fastfat!VfatDoRequest+0x1a [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 311]
f790ad8c 804e0634 00000000 00000000 8000003b nt!ExpWorkerThreadEntryPoint+0x18d [d:\rossrc\reactos\ntoskrnl\ex\work.c @ 165]
f790adc0 804f9d72 80439970 00000000 f790ade0 nt!PspSystemThreadStartup+0x64 [d:\rossrc\reactos\ntoskrnl\ps\thread.c @ 158]
f790addc 804e05cf 80439970 00000000 e850fc00 nt!KiThreadStartup+0x42 [d:\rossrc\reactos\ntoskrnl\ke\i386\thrdini.c @ 81]
f790ade0 8043996f 00000000 e850fc00 0000027f nt!PspUnhandledExceptionInSystemThread+0xcf
f790ade4 00000000 e850fc00 0000027f 00000000 nt!ExpDesktopClose+0x4f
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+3b9 [d:\rossrc\reactos\ntoskrnl\mm\arm3\expool.c @ 2519]
804921f9 8b4dec mov ecx,dword ptr [ebp-14h]
FAULTING_SOURCE_CODE:
2515: // Track the removal of this allocation
2516: //
2517: ExpRemovePoolTracker(Tag,
2518: BlockSize * POOL_BLOCK_SIZE,
2519: Entry->PoolType - 1);
2520:
2521: //
2522: // Release pool quota, if any
2523: //
2524: if ((Entry->PoolType - 1) & QUOTA_POOL_MASK)
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!ExFreePoolWithTag+3b9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5abfa922
FAILURE_BUCKET_ID: 0xc2_a_nt!ExFreePoolWithTag+3b9
BUCKET_ID: 0xc2_a_nt!ExFreePoolWithTag+3b9
Followup: MachineOwner
---------
kd> kp
ChildEBP RetAddr
f790a84c 8047bfe8 nt!RtlpBreakWithStatusInstruction
f790a87c 8047c8f3 nt!KiBugCheckDebugBreak(unsigned long StatusCode = 3)+0x38 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 538]
f790ac18 8047cf50 nt!KeBugCheckWithTf(unsigned long BugCheckCode = 0xc2, unsigned long BugCheckParameter1 = 0xa, unsigned long BugCheckParameter2 = 0xb1d71ed0, unsigned long BugCheckParameter3 = 0, unsigned long BugCheckParameter4 = 0x63506343, struct _KTRAP_FRAME * TrapFrame = 0x00000000)+0x553 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1102]
f790ac38 804921f9 nt!KeBugCheckEx(unsigned long BugCheckCode = 0xc2, unsigned long BugCheckParameter1 = 0xa, unsigned long BugCheckParameter2 = 0xb1d71ed0, unsigned long BugCheckParameter3 = 0, unsigned long BugCheckParameter4 = 0x63506343)+0x20 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1462]
f790ac9c 804098f6 nt!ExFreePoolWithTag(void * P = 0xb1d71ed0, unsigned long TagToFree = 0x63506343)+0x3b9 [d:\rossrc\reactos\ntoskrnl\mm\arm3\expool.c @ 2519]
f790acb8 804066f5 nt!CcRosReleaseFileCache(struct _FILE_OBJECT * FileObject = 0xb1dada00)+0xb6 [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 1243]
f790acd8 f7ba0d5f nt!CcUninitializeCacheMap(struct _FILE_OBJECT * FileObject = 0xb1dada00, union _LARGE_INTEGER * TruncateSize = 0xb1d0db68 0x2c77, struct _CACHE_UNINITIALIZE_EVENT * UninitializeCompleteEvent = 0x00000000)+0xa5 [d:\rossrc\reactos\ntoskrnl\cc\fs.c @ 357]
f790ad04 f7ba0a32 fastfat!VfatCleanupFile(struct VFAT_IRP_CONTEXT * IrpContext = 0xb1cbb250)+0x2df [d:\rossrc\reactos\drivers\filesystems\fastfat\cleanup.c @ 123]
f790ad14 f7bb07c1 fastfat!VfatCleanup(struct VFAT_IRP_CONTEXT * IrpContext = 0xb1cbb250)+0x62 [d:\rossrc\reactos\drivers\filesystems\fastfat\cleanup.c @ 178]
f790ad38 f7bb0cfa fastfat!VfatDispatchRequest(struct VFAT_IRP_CONTEXT * IrpContext = 0xb1cbb250)+0x141 [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 169]
f790ad44 80439afd fastfat!VfatDoRequest(void * IrpContext = 0xb1cbb250)+0x1a [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 311]
f790ad8c 804e0634 nt!ExpWorkerThreadEntryPoint(void * Context = 0x00000000)+0x18d [d:\rossrc\reactos\ntoskrnl\ex\work.c @ 165]
f790adc0 804f9d72 nt!PspSystemThreadStartup(<function> * StartRoutine = 0x80439970, void * StartContext = 0x00000000)+0x64 [d:\rossrc\reactos\ntoskrnl\ps\thread.c @ 158]
f790addc 804e05cf nt!KiThreadStartup(void)+0x42 [d:\rossrc\reactos\ntoskrnl\ke\i386\thrdini.c @ 81]
f790ade0 8043996f nt!PspUnhandledExceptionInSystemThread+0xcf
f790ade4 00000000 nt!ExpDesktopClose+0x4f
{noformat}
Crash in CcPurgeCacheSection()
------------------------------
Key: CORE-14293
URL: https://jira.reactos.org/browse/CORE-14293
Project: Core ReactOS
Issue Type: Bug
Components: NTCore
Environment: ReactOS 0.4.8-dev g131678a025601690d655e35ad4b968c1b98297c7 local MSVC build.
Reporter: HBelusca
Assignee: Pierre Schweitzer
Attachments: ReactOS_0.4.8-dev_g131678a_MSVC_Cc_crash.txt
A crash in CcPurgeCacheSection() happened while stress-testing ReactOS (building ROS on ROS with RosBE 2.1.6).
See the debug log [^ReactOS_0.4.8-dev_g131678a_MSVC_Cc_crash.txt] for more details.
--
This message was sent by Atlassian JIRA
(v7.3.2#73013)