Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-19787

ASSERT(Refs > 0) failure in CcRosReleaseVacb() during MS Office 2010 setup

    XMLWordPrintable

Details

    • 0.4.15-dev-xxxx

    Description

      Hit this while installing Office 2010 in ReactOS recent master, supplemented with PR #7375:

      (dll\win32\kernel32\client\loader.c:386) LoadLibraryExW(C:\ReactOS\Microsoft.NET\Framework\v4.0.30319\fusion.dll) failing with status c0000135
      		 
      (ntoskrnl\cc\view.c:276) Leaking VACB B0DB1E40 attached to B0D3EDD0 (262144)
      		 
      (ntoskrnl\cc\view.c:277) There are: 1 references left
      		 
      (ntoskrnl\cc\view.c:278) Map: 0
      		 
      (ntoskrnl\cc\view.c:279) Dirty: 0
      		 
      (ntoskrnl\cc\view.c:282) File was: \DOCUME~1\ADMINI~1\LOCALS~1\Temp\msi27.tmp
      		 
      Assertion D:\a\reactos\reactos\src\ntoskrnl\cc\view.c(616): Refs > 0
      		 
      nt!CcRosReleaseVacb+0xd1:
      		 
      8040c571 cd2c            int     2Ch
      		 
       
      		 
      kd> ??Refs
      		 
      unsigned long 0
      		 
       
      		 
      kd> .reload
      		 
      Connected to Windows Server 2003 3790 x86 compatible target at (Wed Oct  9 16:10:09.494 2024 (UTC + 2:00)), ptr64 FALSE
      		 
      Loading Kernel Symbols
      		 
      ...............................................................
      		 
      .....
      		 
      Loading User Symbols
      		 
      ...............................................................
      		 
      Loading unloaded module list
      		 
      ................
      		 
      *** WARNING: Unable to verify timestamp for OSETUPUI.DLL
      		 
      *** ERROR: Module load completed but symbols could not be loaded for OSETUPUI.DLL
      		 
      ...
      		 
      *** WARNING: Unable to verify timestamp for riched20.dll
      		 
       
      		 
      kd> kp
      		 
      ChildEBP RetAddr  
      f7906adc 80409d4e nt!CcRosReleaseVacb(struct _ROS_SHARED_CACHE_MAP * SharedCacheMap = 0xb0e03c90, struct _ROS_VACB * Vacb = 0xb0db1e40, unsigned char Dirty = 0x00 '', unsigned char Mapped = 0x00 '')+0xd1 [D:\a\reactos\reactos\src\ntoskrnl\cc\view.c @ 616]
      		 
      f7906b70 8050d5b9 nt!CcFlushCache(struct _SECTION_OBJECT_POINTERS * SectionObjectPointers = 0xb10d8370, union _LARGE_INTEGER * FileOffset = 0x00000000, unsigned long Length = 0, struct _IO_STATUS_BLOCK * IoStatus = 0x00000000)+0x1ae [D:\a\reactos\reactos\src\ntoskrnl\cc\view.c @ 1178]
      		 
      f7906bd0 8050dbff nt!MmCreateImageSection(struct _SECTION ** SectionObject = 0xf7906cb4, unsigned long DesiredAccess = 0xf0001, struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0x00000000, union _LARGE_INTEGER * UMaximumSize = 0xf7906cc0 0x0, unsigned long SectionPageProtection = 2, unsigned long AllocationAttributes = 0x1000000, struct _FILE_OBJECT * FileObject = 0xb0dccc20)+0x289 [D:\a\reactos\reactos\src\ntoskrnl\mm\section.c @ 3280]
      		 
      f7906c2c 804e961c nt!MmCreateSection(void ** Section = 0xf7906cb4, unsigned long DesiredAccess = 0xf0001, struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0x00000000, union _LARGE_INTEGER * MaximumSize = 0xf7906cc0 0x0, unsigned long SectionPageProtection = 2, unsigned long AllocationAttributes = 0x1000000, void * FileHandle = 0x0000078c, struct _FILE_OBJECT * FileObject = 0xb0dccc20)+0x3df [D:\a\reactos\reactos\src\ntoskrnl\mm\section.c @ 4727]
      		 
      f7906ce4 8040405e nt!NtCreateSection(void ** SectionHandle = 0x027ae218, unsigned long DesiredAccess = 0xf0001, struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0x00000000, union _LARGE_INTEGER * MaximumSize = 0xf7906cc0 0x0, unsigned long SectionPageProtection = 2, unsigned long AllocationAttributes = 0x1000000, void * FileHandle = 0x0000078c)+0x52c [D:\a\reactos\reactos\src\ntoskrnl\mm\ARM3\section.c @ 3162]
      		 
      f7906d10 8056a668 nt!KiSystemCallTrampoline+0x19
      		 
      f7906d5c 80403ea5 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf7906d64, void * Arguments = 0x027ae1ac)+0x278 [D:\a\reactos\reactos\src\ntoskrnl\ke\i386\traphdlr.c @ 1840]
      		 
      f7906d5c 7c936d1e nt!KiFastCallEntry+0x96
      		 
      027ae1a0 7c969968 ntdll!KiFastSystemCallRet
      		 
      027ae1a4 76770721 ntdll!ZwCreateSection+0xc
      		 
      027ae224 7676fe55 msi!get_binary_type(wchar_t * name = 0x13852f20 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msi27.tmp", unsigned int * type = 0x13812f50)+0x61 [D:\a\reactos\reactos\src\dll\win32\msi\custom.c @ 756]
      		 
      027ae274 7676cc97 msi!do_msidbCustomActionTypeDll(struct tagMSIPACKAGE * package = 0x137f6680, int type = 0n65, wchar_t * source = 0x13852f20 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msi27.tmp", wchar_t * target = 0x13527f78 "FormatFilesInUseTemplate", wchar_t * action = 0x019d1fa8 "FormatFilesInUseTemplate")+0x255 [D:\a\reactos\reactos\src\dll\win32\msi\custom.c @ 838]
      		 
      027ae29c 7676c4e0 msi!HANDLE_CustomType1(struct tagMSIPACKAGE * package = 0x137f6680, wchar_t * source = 0x13527f60 "OCFXCA", wchar_t * target = 0x13527f78 "FormatFilesInUseTemplate", int type = 0n65, wchar_t * action = 0x019d1fa8 "FormatFilesInUseTemplate")+0xe7 [D:\a\reactos\reactos\src\dll\win32\msi\custom.c @ 883]
      		 
      ...
      		 
      ... Log truncated ...

      Either commit 0899f4b2bor the following commit cf4138fa2 by TANGaming seems to have introduced, or at least unhidden, this problem.

      Attachments

        Activity

          People

            TANGaming TANGaming
            hbelusca hbelusca
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: