Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-11286

Pool corruption on KVM testbot, assertion failure 'Hash == TableMask'

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 0.4.2
    • None
    • None
    • June 2016

    Description

      (ntoskrnl/mm/ARM3/expool.c:657) Empty item reached in tracker table. Hash=0x5, TableMask=0x7ff, Tag=0x00080000, NumberOfBytes=32, PoolType=4
      		 
       
      		 
      *** Assertion failed: Hash == TableMask
      		 
      ***   Source File: /srv/buildbot/Build_GCCLin_x86/build/ntoskrnl/mm/ARM3/expool.c, line 658
      		 
       
      		 
      Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? 
      kdb:>
      		 
       o
      		 
      Execute '.cxr F774F194' to dump context
      		 
      
      		 
      Entered debugger on embedded INT3 at 0x0008:0x8093f646.
      		 
      kdb:>
      		 
       bt
      		 
      Eip:
      		 
      <NTOSKRNL.EXE:13f647 (:0 (DbgBreakPoint))>
      		 
      Frames:
      		 
      <NTOSKRNL.EXE:9daf2 (ntoskrnl/mm/ARM3/expool.c:658 (ExpRemovePoolTracker))>
      		 
      <NTOSKRNL.EXE:9f615 (ntoskrnl/mm/ARM3/expool.c:2278 (ExFreePoolWithTag))>
      		 
      <NTOSKRNL.EXE:a0165 (ntoskrnl/mm/ARM3/expool.c:2503 (ExFreePool))>
      		 
      <class2.sys:3677 (drivers/storage/class/class2/class2.c:2453 (ScsiClassSendSrbSynchronous))>
      		 
      <class2.sys:3734 (drivers/storage/class/class2/class2.c:1091 (ScsiClassReadDriveCapacity))>
      		 
      <cdrom.sys:41d7 (drivers/storage/class/cdrom/cdrom.c:1009 (CreateCdRomDeviceObject))>
      		 
      <cdrom.sys:4a3a (drivers/storage/class/cdrom/cdrom.c:628 (ScsiCdRomFindDevices))>
      		 
      <class2.sys:201c (drivers/storage/class/class2/class2.c:589 (ScsiClassInitialize))>
      		 
      <cdrom.sys:23dc (drivers/storage/class/cdrom/cdrom.c:523 (DriverEntry))>
      		 
      <NTOSKRNL.EXE:5b849 (ntoskrnl/io/iomgr/driver.c:1643 (IopCreateDriver))>
      		 
      <NTOSKRNL.EXE:5bad9 (ntoskrnl/io/iomgr/driver.c:521 (IopInitializeDriverModule))>
      		 
      <NTOSKRNL.EXE:16f606 (ntoskrnl/io/iomgr/driver.c:959 (IopInitializeBuiltinDriver))>
      		 
      <NTOSKRNL.EXE:16f9ad (ntoskrnl/io/iomgr/driver.c:1173 (IopInitializeBootDrivers))>
      		 
      <NTOSKRNL.EXE:170681 (ntoskrnl/io/iomgr/iomgr.c:547 (IoInitSystem))>
      		 
      <NTOSKRNL.EXE:16bc6a (ntoskrnl/ex/init.c:1799 (Phase1InitializationDiscard))>
      		 
      <NTOSKRNL.EXE:3320a (ntoskrnl/ex/init.c:2013 (Phase1Initialization))>
      		 
      <NTOSKRNL.EXE:10a2a4 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
      		 
      <NTOSKRNL.EXE:121079 (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
      		 
      <NTOSKRNL.EXE:10a26b (ntoskrnl/ps/state.c:565 (NtQueueApcThread))>
      		 
      <5d8950ec>
      		 
      Couldn't access memory at 0x83E58959!
      		 
      kdb:>

      Seems to happen consistently in r71366:
      https://build.reactos.org/builders/Test%20KVM/builds/13867/steps/test/logs/stdio
      https://build.reactos.org/builders/Test%20KVM/builds/13870/steps/test/logs/stdio

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CORE-11296 DataBuffer out of bounds access in uniata!AtapiInterrupt__

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              ThFabba ThFabba
              ThFabba ThFabba
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: