Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-11948

[PATCH] ASSERT reactos\ntoskrnl\mm\arm3\mdlsup.c(1102): (Mdl->MdlFlags & MDL_PAGES_LOCKED) != 0 when opening TaskManager

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 0.4.3
    • Component/s: NTCore
    • Labels:
    • Sprint:
      September 2016

      Description

      Hello,

      I hit the (Mdl->MdlFlags & MDL_PAGES_LOCKED) != 0 assert when running task manager in debug msvc 2015 build.

      My test case is very basic:

      1. Compile revision 72584 using VS 2015 in debug x32
      2. Launch ReactOS under debug via WinDbg
      3. Once machine is booted I start Task Manager
      4. Observe assert

      The resulting assert is the following:

       
      Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
      Copyright (c) Microsoft Corporation. All rights reserved.
       
      Opened \\.\pipe\ros_pipe
      Waiting to reconnect...
      Connected to Windows Server 2003 3790 x86 compatible target at (Mon Sep  5 21:14:02.492 2016 (UTC + 2:00)), ptr64 FALSE
      Kernel Debugger connection established.
      WARNING: Inaccessible path: 'C:\Users\volodymyr\reactos\output-VS-i386\reactos'
      Symbol search path is: C:\Users\volodymyr\reactos\output-VS-i386\reactos
      Executable search path is: 
      Windows Server 2003 Kernel Version 3790 UP Checked x86 compatible
      Built by: 20160905-r72584.MSVC_19.0.24213.1
      Machine Name:
      Kernel base = 0x80400000 PsLoadedModuleList = 0x805a93a0
      System Uptime: not available
      (..\ntoskrnl\ke\i386\cpu.c:450) Supported CPU features : KF_V86_VIS KF_RDTSC KF_CR4 KF_CMOV KF_GLOBAL_PAGE KF_LARGE_PAGE KF_MTRR KF_CMPXCHG8B KF_MMX KF_WORKING_PTE KF_PAT KF_FXSR KF_FAST_SYSCALL KF_XMMI   KF_XMMI64    
      (..\ntoskrnl\ke\i386\cpu.c:722) Prefetch Cache: 64 bytes	L2 Cache: 3145728 bytes	L2 Cache Line: 64 bytes	L2 Cache Associativity: 12
      (..\hal\halx86\acpi\halacpi.c:782) ACPI Timer at: 4008h (EXT: 256)
      (..\hal\halx86\acpi\halacpi.c:890) ACPI 2.0 Detected. Tables: [RSDT] [FACP] 
      (..\ntoskrnl\mm\ARM3\mminit.c:1443) HAL I/O Mapping at FFFE0000 is unsafe
      (..\ntoskrnl\mm\mminit.c:131)           0x80000000 - 0x83000000	Boot Loaded Image
      (..\ntoskrnl\mm\mminit.c:135)           0xB0000000 - 0xB0701000	PFN Database
      (..\ntoskrnl\mm\mminit.c:139)           0xB0701000 - 0xB26E9000	ARM3 Non Paged Pool
      (..\ntoskrnl\mm\mminit.c:143)           0xB9400000 - 0xBB400000	System View Space
      (..\ntoskrnl\mm\mminit.c:147)           0xBB400000 - 0xC0000000	Session Space
      (..\ntoskrnl\mm\mminit.c:150)           0xC0000000 - 0xC03FFFFF	Page Tables
      (..\ntoskrnl\mm\mminit.c:153)           0xC0300000 - 0xC0300FFF	Page Directories
      (..\ntoskrnl\mm\mminit.c:156)           0xC0400000 - 0xC07FFFFF	Hyperspace
      (..\ntoskrnl\mm\mminit.c:160)           0xE1000000 - 0xECC00000	ARM3 Paged Pool
      (..\ntoskrnl\mm\mminit.c:163)           0xECC00000 - 0xF7BE0000	System PTE Space
      (..\ntoskrnl\mm\mminit.c:166)           0xF7BE0000 - 0xFFBE0000	Non Paged Pool Expansion PTE Space
      (..\ntoskrnl\config\cmcheck.c:25) CmCheckRegistry(0xB2690008, 2) is UNIMPLEMENTED!
      ACPI Compatible Eisa/Isa HAL Detected
      (..\ntoskrnl\wmi\wmi.c:72) IoWMIRegistrationControl() called for DO B2683220, requesting 1 action, returning success
      (..\sdk\lib\rtl\image.c:171) Invalid base address: 00000000
      (..\ntoskrnl\io\iomgr\driver.c:1647) '\Driver\SACDRV' initialization failed, status (0xc0000037)
      (..\ntoskrnl\io\iomgr\driver.c:64) Deleting driver object '\Driver\SACDRV'
      (..\hal\halx86\legacy\bus\pcibus.c:727) WARNING: PCI Slot Resource Assignment is FOOBAR
      (..\ntoskrnl\io\iomgr\iorsrce.c:874) IoReportResourceUsage is halfplemented!
      (..\ntoskrnl\io\iomgr\iorsrce.c:874) IoReportResourceUsage is halfplemented!
      (..\ntoskrnl\io\iomgr\driver.c:1647) '\Driver\BUSLOGIC' initialization failed, status (0xc00000c0)
      (..\ntoskrnl\io\iomgr\driver.c:64) Deleting driver object '\Driver\BUSLOGIC'
      (..\drivers\storage\class\disk\disk.c:2251) HACK: Handling partition 0 request!
      (..\drivers\ksfilter\swenum\swenum.c:428) SWENUM loaded
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\drivers\storage\ide\pciidex\fdo.c:467) IRP_MJ_PNP / Unknown minor function 0x9
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\VBoxVideo.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\pcnet.sys' with status 0xc000003a
      vgdrvHeartbeatInit: Setting up heartbeat to trigger every 2000 milliseconds
      vgdrvNtInit: Device is ready!
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\VBoxVideo.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\pcnet.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\i8042prt.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\i8042prt.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\serial.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\cmbatt.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\VBoxVideo.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\pcnet.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\i8042prt.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\i8042prt.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\serial.sys' with status 0xc000003a
      (..\ntoskrnl\mm\ARM3\sysldr.c:3024) ZwOpenFile failed for '\SystemRoot\System32\drivers\cmbatt.sys' with status 0xc000003a
      (..\drivers\storage\class\disk\disk.c:2251) HACK: Handling partition 0 request!
      (..\ntoskrnl\io\iomgr\iorsrce.c:725) Failed to open symlink \Device\Harddisk0\Partition1, Status=c0000024
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\VBoxVideo.sys at F68C6000 with 22 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\VIDEOPRT.SYS at F68AE000 with 18 pages
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:858) IRP_MN_QUERY_CAPABILITIES failed with status 0xc00000bb
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:691) IopInitiatePnpIrp() failed (Status 0xc00000bb)
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\pcnet.sys at F6891000 with 9 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\i8042prt.sys at F687C000 with 12 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\kbdclass.sys at F6872000 with a pages
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\VBoxMouse.sys at F6855000 with 1d pages
      IPRT: RTMpPoke => rtMpPokeCpuUsingDpc
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\mouclass.sys at F684B000 with a pages
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:4059) IRP_MN_QUERY_PNP_DEVICE_STATE failed with status 0xc00000bb
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\serial.sys at F683E000 with d pages
      (..\ntoskrnl\io\pnpmgr\pnpres.c:615) Resource conflict: IRQ (0x4 0x4 vs. 0x4 0x4)
      (..\ntoskrnl\io\pnpmgr\pnpres.c:1100) Boot resources for ACPI\PNP0501\1 cause a resource conflict!
      (..\ntoskrnl\io\pnpmgr\pnpres.c:385) Failed to find an available interrupt resource (0x4 to 0x4)
      (..\ntoskrnl\io\pnpmgr\pnpres.c:513) Unable to satisfy preferred resource or alternates in list 0
      (..\ntoskrnl\io\pnpmgr\pnpres.c:524) Out of alternate lists!
      (..\ntoskrnl\io\pnpmgr\pnpres.c:1123) Failed to fixup a resource list from supplied resources for ACPI\PNP0501\1
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\cmbatt.sys at F6832000 with c pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\battc.sys at F682A000 with 8 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\wmilib.sys at F6822000 with 8 pages
      (..\ntoskrnl\io\pnpmgr\pnpmgr.c:469) \Driver\CMBATT->AddDevice(ACPI\PNP0C0A\0) failed with status 0xc0000001
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\floppy.sys at F680D000 with 15 pages
      (..\ntoskrnl\io\iomgr\driver.c:1647) '\Driver\FLOPPY' initialization failed, status (0xc000000e)
      (..\ntoskrnl\io\iomgr\driver.c:64) Deleting driver object '\Driver\FLOPPY'
      (..\ntoskrnl\io\iomgr\driver.c:2057) IopInitializeDriverModule() failed (Status c000000e)
      (..\ntoskrnl\mm\ARM3\sysldr.c:954) Leaking driver: floppy.sys
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\cdrom.sys at F67FA000 with f pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\fs_rec.sys at F67F2000 with 8 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\null.sys at F67EB000 with 7 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\beep.sys at F67E4000 with 7 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\blue.sys at F67DC000 with 8 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\vbemp.sys at F67D4000 with 8 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\msfs.sys at F67CC000 with 8 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\npfs.sys at F67BC000 with 10 pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\drivers\tcpip.sys at F6783000 with 39 pages
      NDIS_STATUS_MEDIA_CONNECT
      Unhandled event type: 6
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\ndisuio.sys at F6775000 with a pages
      (..\drivers\network\ndisuio\protocol.c:91) NetPnPEvent: BindsComplete
      (..\drivers\network\ndisuio\main.c:102) NDISUIO: Loaded
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\afd.sys at F6758000 with 1d pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\VBoxSF.sys at F6717000 with 41 pages
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      (..\drivers\storage\class\disk\disk.c:2251) HACK: Handling partition 0 request!
      (..\drivers\storage\class\disk\disk.c:2251) HACK: Handling partition 0 request!
      (..\drivers\storage\class\disk\disk.c:2251) HACK: Handling partition 0 request!
      WARNING:  RtlCreateTagHeap at ..\sdk\lib\rtl\heap.c:3858 is UNIMPLEMENTED!
      (..\base\system\autochk\autochk.c:349) AUTOCHK: Checking \??\C:
      (..\sdk\lib\fslib\vfatlib\check\io.c:233) NtFsControlFile() failed with Status 0xc0000022
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\cdfs.sys at F66D0000 with d pages
      (..\base\system\smss\pagefile.c:878) SMSS:PFILE: Open volume `\??\D:\' failed with status C0000013
      Boot took 22832411865 cycles!
      Interrupts: 870 System Calls: 15058 Context Switches: 643
      (..\ntoskrnl\config\cmcheck.c:25) CmCheckRegistry(0xB24BA008, 0) is UNIMPLEMENTED!
      (..\ntoskrnl\config\cmcheck.c:25) CmCheckRegistry(0xB24B9008, 0) is UNIMPLEMENTED!
      (..\ntoskrnl\config\cmcheck.c:25) CmCheckRegistry(0xB24C91E8, 0) is UNIMPLEMENTED!
      (..\ntoskrnl\config\cmcheck.c:25) CmCheckRegistry(0xB24CA008, 0) is UNIMPLEMENTED!
      (..\ntoskrnl\mm\ARM3\session.c:785) Session 0 is ready to go: 0xBF7F0000 0xF66BA000, 1262 0xB24CEB98
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\win32k.sys at F651C000 with 19e pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\ftfd.dll at F6472000 with aa pages
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\VBoxDisp.dll at F644C000 with 16 pages
      (..\win32ss\gdi\ntgdi\gdiobj.c:1176) GreDeleteObject: Trying to delete global object 00050043
      (..\win32ss\user\ntuser\class.c:2334) err: SYSTEMCUR(ARROW) == NULL, should not happen!!
      (..\win32ss\user\ntuser\class.c:2334) err: SYSTEMCUR(ARROW) == NULL, should not happen!!
      (..\win32ss\user\ntuser\class.c:2334) err: SYSTEMCUR(ARROW) == NULL, should not happen!!
      (..\win32ss\user\ntuser\class.c:2334) err: SYSTEMCUR(ARROW) == NULL, should not happen!!
      (..\win32ss\user\ntuser\class.c:2334) err: SYSTEMCUR(ARROW) == NULL, should not happen!!
      (..\win32ss\user\ntuser\class.c:2334) err: SYSTEMCUR(ARROW) == NULL, should not happen!!
      fixme:(..\win32ss\user\user32\misc\dllmain.c:362) ClientThreadSetup is UNIMPLEMENTED!
      fixme:(..\win32ss\user\user32\misc\dllmain.c:362) ClientThreadSetup is UNIMPLEMENTED!
      (..\win32ss\user\ntuser\winsta.c:494) err: Initializing input window station
      (..\win32ss\user\ntuser\desktop.c:2414) err: Attempted to change thread desktop although the thread has windows!
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\System32\kbdus.dll at F6428000 with 4 pages
      err:(..\win32ss\user\user32\windows\input.c:327) RegOpenKeyExW failed!
      (..\win32ss\user\ntuser\kbdlayout.c:154) err: Failed to open keyboard layouts registry key \REGISTRY\Machine\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000100C (c0000034)
      (..\win32ss\user\ntuser\kbdlayout.c:230) err: UserLoadKbdFile(0000100C) failed!
      err:(..\base\system\winlogon\winlogon.c:188) LoadKeyboardLayoutW(0000100C) failed!
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(wlnotify.dll) failing with status c0000135
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(shsvcs.dll) failing with status c0000135
      err:(..\win32ss\user\user32\windows\cursoricon.c:27) Loading System Cursors
      err:(..\win32ss\user\user32\misc\dllmain.c:601) hIconSmWindows 00020060 hIconWindows 0002005E 
      (..\win32ss\user\ntuser\callback.c:1137) err: hIconSmWindows 00020060 hIconWindows 0002005E 
      (..\win32ss\user\ntuser\desktop.c:2414) err: Attempted to change thread desktop although the thread has windows!
      err:(..\win32ss\user\user32\windows\window.c:470) CreateWindowExW RegisterSystemControls
      (..\win32ss\user\ntuser\desktop.c:713) err: ptiLastInput is CLEARED!!
      (..\win32ss\user\ntuser\msgqueue.c:846) err: Remove Window Messages E147D6B8 From Sent Queue
      (..\win32ss\user\ntuser\msgqueue.c:1277) err: NB Receiving Thread woken up dead!
      (..\win32ss\user\ntuser\msgqueue.c:2300) err: Thread Cleanup Sent Messages E147D6B8
      (..\win32ss\user\ntuser\message.c:1250) err: UserPostMessage: Invalid handle 0x00020062 Msg 0x0!
      Boot took 26378793440 cycles!
      Interrupts: 1598 System Calls: 22605 Context Switches: 2492
      err:(..\dll\win32\lsasrv\lsarpc.c:1366) LsapOpenDbObject failed (Status 0xc0000034)
      err:(..\dll\win32\lsasrv\lsarpc.c:1366) LsapOpenDbObject failed (Status 0xc0000034)
      err:(..\dll\win32\lsasrv\lsarpc.c:1366) LsapOpenDbObject failed (Status 0xc0000034)
      err:(..\dll\win32\lsasrv\lsarpc.c:1366) LsapOpenDbObject failed (Status 0xc0000034)
      (..\base\system\services\rpcserver.c:1780) RNotifyBootConfigStatus(00000000 1) called
      (..\win32ss\user\winsrv\usersrv\init.c:144) We are logged on
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      (..\ntoskrnl\config\cmcheck.c:25) CmCheckRegistry(0xB23E0008, 0) is UNIMPLEMENTED!
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBoxService 5.0.26 r108824 (verbosity: 0) win.x86 (Jul 18 2016 12:51:43) release log
      00:00:00.014995 main     Log opened 2016-09-05T19:14:10.477926400Z
      00:00:00.029990 main     OS Product: Windows 2003
      00:00:00.029990 main     OS Release: 5.2.3790
      00:00:00.029990 main     OS Service Pack: 2
      00:00:00.044985 main     Executable: C:\ReactOS\system32\VBoxService.exe
      00:00:00.044985 main     Process ID: 240
      00:00:00.044985 main     Package type: WINDOWS_32BITS_GENERIC
      WARNING:  MmSecureVirtualMemory at ..\ntoskrnl\mm\ARM3\virtual.c:2673 is UNIMPLEMENTED!
      WARNING:  MmUnsecureVirtualMemory at ..\ntoskrnl\mm\ARM3\virtual.c:2684 is UNIMPLEMENTED!
      00:00:00.059980 main     5.0.26 r108824 started. Verbose level = 0
      (..\base\system\services\services.c:67) ScmLogEvent: RegisterEventSourceW failed 1722
      (..\win32ss\user\ntuser\desktop.c:2414) err: Attempted to change thread desktop although the thread has windows!
      (..\win32ss\user\ntuser\desktop.c:713) err: ptiLastInput is CLEARED!!
      (..\base\system\services\services.c:67) ScmLogEvent: RegisterEventSourceW failed 1722
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      (..\base\system\services\services.c:67) ScmLogEvent: RegisterEventSourceW failed 1722
      Boot took 27990954473 cycles!
      Interrupts: 1789 System Calls: 44686 Context Switches: 3906
      (..\base\system\services\services.c:67) ScmLogEvent: RegisterEventSourceW failed 1722
      (..\base\system\services\services.c:67) ScmLogEvent: RegisterEventSourceW failed 1722
      fixme:(..\dll\win32\rpcrt4\rpc_server.c:1684) (0x1000): stub
      (..\base\system\services\services.c:67) ScmLogEvent: RegisterEventSourceW failed 1723
      fixme:(..\dll\win32\rpcrt4\rpc_server.c:1684) (0x1000): stub
      (..\base\services\eventlog\file.c:1766) Expanding the log file from 12620 to 524288
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(C:\ReactOS\System32/VBoxGINA.dll) failing with status c000000f
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(C:\ReactOS\System32/VBoxCredProv.dll) failing with status c000000f
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(rshell.dll) failing with status c0000135
      fixme:(..\dll\win32\shell32\wine\shellord.c:1295) (true)
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(rshell.dll) failing with status c0000135
      fixme:(..\dll\win32\shdocvw\shdocvw_main.c:201) (), stub!
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      err:(..\dll\win32\msafd\misc\dllmain.c:2379) wVersionRequested (0x202) 
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(rshell.dll) failing with status c0000135
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      DHCPCSVC: Adapter Name: [{8538c043-626b-4ad6-967c-bbda0a7c24eb}] (dynamic)
      err:(..\dll\win32\msafd\misc\dllmain.c:2379) wVersionRequested (0x202) 
      WARNING:  WSHIoctl at ..\dll\win32\wshtcpip\wshtcpip.c:354 is UNIMPLEMENTED!
      (..\dll\win32\wshtcpip\wshtcpip.c:356) Ioctl: Unknown IOCTL code: 1074033791
      err:(..\base\services\wkssvc\rpcserver.c:61) RpcServerListen() failed (Status 6b1)
      err:(..\base\services\srvsvc\rpcserver.c:64) RpcServerListen() failed (Status 6b1)
      fixme:(..\dll\win32\wtsapi32\wtsapi32.c:355) Stub 000200A2 0x00000000
      fixme:(..\dll\win32\wtsapi32\wtsapi32.c:288) Stub 00000000 0xffffffff 8 0012FEEC 0012FEF4
      Windows version 5.2
      (..\dll\ntdll\ldr\ldrutils.c:1304) LDR: LdrpMapDll Relocating Image Name C:\ReactOS\System32\VBoxHook.dll (10000000-1000E000 -> 00B40000)
      (..\dll\ntdll\ldr\ldrutils.c:1343) Overlapping DLL: C:\ReactOS\System32\VBoxMRXNP.dll
      VBoxIPCInit: Local IPC server now running at "VBoxTrayIPC-Administrator"
      LA: RegQueryValueExW: failed [SOFTWARE\Oracle\VirtualBox Guest Additions/VBoxTrayLog]
      LA: RegQueryValueExW: failed [SOFTWARE\Oracle\VirtualBox Guest Additions/VBoxTrayLA]
      LA: DetachOnDisconnect=true 
      fixme:(..\dll\win32\comctl32\toolbar.c:380) [000200B2] TBSTYLE_REGISTERDROP not implemented
      DnD: Drag and drop service successfully started
      fixme:(..\dll\win32\shell32\shellmenu\CBandSite.cpp:703) IDeskBarClient::UIActivateDBC() Properly notify bands?
      (..\ntoskrnl\fsrtl\unc.c:290) FsRtlRegisterUncProvider(B250773C, \Device\VBoxMiniRdr, 0)
      (..\ntoskrnl\fsrtl\unc.c:301) DFS is not disabled. Going through MUP
      (..\ntoskrnl\mm\ARM3\sysldr.c:176) Loading: \SystemRoot\system32\drivers\mup.sys at F4FEF000 with a pages
      WARNING:  DfsDriverEntry at ..\drivers\filesystems\mup\mup.c:2563 is UNIMPLEMENTED!
      (..\drivers\filesystems\mup\mup.c:2221) Opening MUP
      (..\ntoskrnl\fsrtl\unc.c:146) FsRtlpRegisterProviderWithMUP(000006AC, \Device\VBoxMiniRdr, 0)
      (..\drivers\filesystems\mup\mup.c:1136) RegisterUncProvider(B2313938, B23AFA48)
      (..\drivers\filesystems\mup\mup.c:1258) UNC provider \Device\VBoxMiniRdr registered
      Mounting "Shared" to "D:" resulted in dwErr = 85
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      Shared folder "Shared" was mounted to drive "E:"
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(rshell.dll) failing with status c0000135
      (..\win32ss\user\ntuser\window.c:3023) err: FindWindowEx: Not Desktop Parent!
      (..\win32ss\user\ntuser\winpos.c:1551) err: Window is HWND_BOTTOM hwnd 00000001
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  ExAllocatePoolWithTagPriority at ..\ntoskrnl\mm\ARM3\expool.c:2549 is UNIMPLEMENTED!
      WARNING:  IoRaiseInformationalHardError at ..\ntoskrnl\io\iomgr\error.c:655 is UNIMPLEMENTED!
      WARNING:  MmForceSectionClosed at ..\ntoskrnl\mm\ARM3\section.c:2897 is UNIMPLEMENTED!
      (..\dll\win32\kernel32\client\loader.c:384) LoadLibraryExW(rshell.dll) failing with status c0000135
      (..\base\services\umpnpmgr\umpnpmgr.c:3195) Installing: ACPI\ACPI0003\0
      VBOXNP: DLL unloaded.
      (..\ntoskrnl\se\token.c:111) FIXME: Pretending tokens are equal!
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      err:(..\dll\win32\setupapi\queue.c:1688) copy error 2 L"C:\\ReactOS\\inf\\cmbatt.sys" -> L"C:\\ReactOS\\System32\\drivers\\cmbatt.sys"
      err:(..\dll\win32\setupapi\queue.c:1688) copy error 2 L"C:\\ReactOS\\inf\\battc.sys" -> L"C:\\ReactOS\\System32\\drivers\\battc.sys"
      err:(..\dll\win32\newdev\newdev.c:989) DevInstallW failed with error 3758096641
      VBOXNP: DLL unloaded.
      (..\win32ss\gdi\ntgdi\gdiobj.c:1169) GreDeleteObject: Trying to delete invalid object 010500DB
      (..\base\services\umpnpmgr\umpnpmgr.c:3309) InstallDevice failed for DeviceInstance 'ACPI\ACPI0003\0'
      (..\ntoskrnl\ex\sysinfo.c:821) Process B23E0D88 (userinit.exe:00000144) is a zombie
      WARNING:  WSHIoctl at ..\dll\win32\wshtcpip\wshtcpip.c:354 is UNIMPLEMENTED!
      (..\dll\win32\wshtcpip\wshtcpip.c:356) Ioctl: Unknown IOCTL code: 1074033791
      (..\ntoskrnl\mm\ARM3\section.c:2035) Warning, not handling dirty bit
      VBOXNP: DLL loaded.
      Assertion c:\users\volodymyr\reactos\ntoskrnl\mm\arm3\mdlsup.c(1102): (Mdl->MdlFlags & MDL_PAGES_LOCKED) != 0
      nt!MmUnlockPages+0x2a:
      8049642a cd2c            int     2Ch

      If I look at the faulty code I see that the culprit is happening in function QSISystemHandleInformation in the following place:

      _SEH2_TRY
                                  {
                                      POBJECT_HEADER ObjectHeader = ObpGetHandleObject(HandleTableEntry);
       
                                      /* Filling handle information */
                                      HandleInformation->Handles[Index].UniqueProcessId =
                                          (USHORT)(ULONG_PTR) HandleTable->UniqueProcessId;
       
                                      HandleInformation->Handles[Index].CreatorBackTraceIndex = 0;
       
                                      HandleInformation->Handles[Index].ObjectTypeIndex =
                                          (UCHAR) ObjectHeader->Type->Index; <----- IT FAILS HERE
       
                                      HandleInformation->Handles[Index].HandleAttributes =
                                          HandleTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
       
                                      HandleInformation->Handles[Index].HandleValue =
                                          (USHORT)(ULONG_PTR) Handle.GenericHandleOverlay;
       
                                      HandleInformation->Handles[Index].Object = &ObjectHeader->Body;
       
                                      HandleInformation->Handles[Index].GrantedAccess =
                                          HandleTableEntry->GrantedAccess;
       
                                      ++Index;
                                  }
                                  _SEH2_FINALLY
                                  {
                                      /* Unlock it */
                                      ExUnlockHandleTableEntry(HandleTable, HandleTableEntry);
                                  }

      A closer look at _OBJECT_HEADER in question indicates that it is corrupted:

      struct _OBJECT_HEADER * 0xb24cbcd8
         +0x000 PointerCount     : 0n0
         +0x004 HandleCount      : 0n-1073676287
         +0x004 NextToFree       : 0xc0010001 Void
         +0x008 Type             : 0x0600000d _OBJECT_TYPE
         +0x00c NameInfoOffset   : 0x42 'B'
         +0x00d HandleInfoOffset : 0 ''
         +0x00e QuotaInfoOffset  : 0x75 'u'
         +0x00f Flags            : 0 ''
         +0x010 ObjectCreateInfo : 0x00740074 _OBJECT_CREATE_INFORMATION
         +0x010 QuotaBlockCharged : 0x00740074 Void
         +0x014 SecurityDescriptor : 0x006e006f Void
         +0x018 Body             : _QUAD

      As you can see the Name and Type fields are corrupted. Once the code attempts to use Type->Index value it causes exception and exception filter is called, later on the machine asserts with MDL check.

        Attachments

          Activity

            People

            • Assignee:
              lentin Dmitry Chapyshev
              Reporter:
              vshcherbyna vshcherbyna
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: