Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Fix Version/s: 0.4.4
    • Component/s: ReactOS Tests
    • Labels:
      None
    • Module:
    • Sprint:
      November 2016
    • Guilty Revision:
      73,227

      Description

      kd> kp
        *** Stack trace for last set context - .thread/.cxr resets it
       # ChildEBP RetAddr  
      00 f7098a34 804a9367 nt!KiSwapContext+0x19
      01 f7098ac8 804f1333 nt!KeWaitForSingleObject(void * Object = 0x805f1360, _KWAIT_REASON WaitReason = Executive (0), char WaitMode = 0n0 '', unsigned char Alertable = 0x00 '', union _LARGE_INTEGER * Timeout = 0x00000000)+0x4c7 [c:\ros\reactos\reactos\ntoskrnl\ke\wait.c @ 547]
      02 f7098b20 804e91e9 nt!MmFreeSectionPage(void * Context = 0xb4b3f330, struct _MEMORY_AREA * MemoryArea = 0xb4d85600, void * Address = 0x003c0000, unsigned long Page = 0, unsigned long SwapEntry = 0x7ffffc00, unsigned char Dirty = 0x00 '')+0xd3 [c:\ros\reactos\reactos\ntoskrnl\mm\section.c @ 4029]
      03 f7098bcc 804f3ddb nt!MmFreeMemoryArea(struct _MMSUPPORT * AddressSpace = 0xb4b3f330, struct _MEMORY_AREA * MemoryArea = 0xb4d85600, <function> * FreePage = 0x804f1260, void * FreePageContext = 0xb4b3f330)+0x179 [c:\ros\reactos\reactos\ntoskrnl\mm\marea.c @ 325]
      04 f7098c00 804efb4c nt!MmUnmapViewOfSegment(struct _MMSUPPORT * AddressSpace = 0xb4b3f330, void * BaseAddress = 0x003c0000)+0xeb [c:\ros\reactos\reactos\ntoskrnl\mm\section.c @ 4152]
      05 f7098c64 804cdcd9 nt!MiRosUnmapViewOfSection(struct _EPROCESS * Process = 0xb4b3f148, void * BaseAddress = 0x003c0000, unsigned long Flags = 0)+0x26c [c:\ros\reactos\reactos\ntoskrnl\mm\section.c @ 4242]
      06 f7098cd4 804d142f nt!MiUnmapViewOfSection(struct _EPROCESS * Process = 0xb4b3f148, void * BaseAddress = 0x003c0000, unsigned long Flags = 0)+0x69 [c:\ros\reactos\reactos\ntoskrnl\mm\arm3\section.c @ 837]
      07 f7098cfc 80539dcb nt!NtUnmapViewOfSection(void * ProcessHandle = 0xffffffff, void * BaseAddress = 0x003c0000)+0xaf [c:\ros\reactos\reactos\ntoskrnl\mm\arm3\section.c @ 3777]
      08 f7098d14 80537eab nt!KiSystemCallTrampoline(void * Handler = 0x804d1380, void * Arguments = 0x0012fcf8, unsigned long StackBytes = 8)+0x1b [c:\ros\reactos\reactos\ntoskrnl\include\internal\i386\ke.h @ 742]
      09 f7098d5c 80403e23 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf7098d64, void * Arguments = 0x0012fcf8)+0x24b [c:\ros\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1738]
      0a f7098d5c 7c92f27e nt!KiFastCallEntry+0x8c
      0b 0012fcec 7c95c801 ntdll!KiFastSystemCallRet
      0c 0012fcf0 0040788f ntdll!NtUnmapViewOfSection+0xc
      0d 0012fe80 004021ca kmtest_2!Test_NtCreateSection(void)+0x41f [c:\ros\reactos\reactos\modules\rostests\kmtests\ntos_mm\ntcreatesection_user.c @ 59]
      0e 0012fea0 004024ea kmtest_2!RunTest(char * TestName = 0x001336a8 "NtCreateSection")+0xfa [c:\ros\reactos\reactos\modules\rostests\kmtests\kmtest\kmtest.c @ 276]
      0f 0012fecc 0041577a kmtest_2!main(int ArgCount = 2, char ** Arguments = 0x001320b0)+0x2aa [c:\ros\reactos\reactos\modules\rostests\kmtests\kmtest\kmtest.c @ 366]
      10 0012ffb4 00415a48 kmtest_2!__tmainCRTStartup(void)+0x2ba [c:\ros\reactos\reactos\sdk\lib\crt\startup\crtexe.c @ 311]
      11 0012ffc0 7c7735a4 kmtest_2!mainCRTStartup(void)+0x28 [c:\ros\reactos\reactos\sdk\lib\crt\startup\crtexe.c @ 196]
      12 0012fff0 00000000 kernel32!BaseProcessStartup(<function> * lpStartAddress = 0x00415a20)+0x54 [c:\ros\reactos\reactos\dll\win32\kernel32\client\proc.c @ 478]
      

      1. view.diff
        0.4 kB
        Pierre Schweitzer

        Issue Links

          Activity

          Hide
          Mark Jansen
          added a comment - - edited

          r73199 introduced this.

          id date source revision platformname comment module test status count failures skipped todo time
          50192 2016-11-13 16:56:00.000 Build GCCLin_x86 on Test KVM 73225 ReactOS - i386 Build 15710 kmtest NtCreateSection canceled 0 0 0 0 0
          50190 2016-11-13 16:32:00.000 Build GCCLin_x86 on Test KVM (patched) 73224 ReactOS - i386 Build 15709 kmtest NtCreateSection canceled 0 0 0 0 0
          50189 2016-11-13 16:05:00.000 Build GCCLin_x86 on Test KVM 73224 ReactOS - i386 Build 15708 kmtest NtCreateSection canceled 0 0 0 0 0
          50187 2016-11-13 15:41:00.000 Build GCCLin_x86 on Test KVM 73223 ReactOS - i386 Build 15707 kmtest NtCreateSection canceled 0 0 0 0 0
          50186 2016-11-13 15:17:00.000 Build GCCLin_x86 on Test KVM 73221 ReactOS - i386 Build 15706 kmtest NtCreateSection canceled 0 0 0 0 0
          50183 2016-11-13 14:49:00.000 Build GCCLin_x86 on Test KVM 73220 ReactOS - i386 Build 15705 kmtest NtCreateSection canceled 0 0 0 0 0
          50182 2016-11-13 14:22:00.000 Build GCCLin_x86 on Test KVM 73219 ReactOS - i386 Build 15704 kmtest NtCreateSection canceled 0 0 0 0 0
          50181 2016-11-13 13:59:00.000 Build GCCLin_x86 on Test KVM 73218 ReactOS - i386 Build 15703 kmtest NtCreateSection canceled 0 0 0 0 0
          50180 2016-11-13 13:32:00.000 Build GCCLin_x86 on Test KVM 73217 ReactOS - i386 Build 15702 kmtest NtCreateSection canceled 0 0 0 0 0
          50179 2016-11-13 13:05:00.000 Build GCCLin_x86 on Test KVM 73216 ReactOS - i386 Build 15701 kmtest NtCreateSection canceled 0 0 0 0 0
          50177 2016-11-13 12:40:00.000 Build GCCLin_x86 on Test KVM (patched) 73215 ReactOS - i386 Build 15700 kmtest NtCreateSection canceled 0 0 0 0 0
          50175 2016-11-13 12:15:00.000 Build GCCLin_x86 on Test KVM 73215 ReactOS - i386 Build 15699 kmtest NtCreateSection canceled 0 0 0 0 0
          50168 2016-11-12 22:19:00.000 Build GCCLin_x86 on Test KVM (patched) 73214 ReactOS - i386 Build 15697 kmtest NtCreateSection canceled 0 0 0 0 0
          50166 2016-11-12 21:53:00.000 Build GCCLin_x86 on Test KVM 73214 ReactOS - i386 Build 15696 kmtest NtCreateSection canceled 0 0 0 0 0
          50165 2016-11-12 21:25:00.000 Build GCCLin_x86 on Test KVM 73213 ReactOS - i386 Build 15695 kmtest NtCreateSection canceled 0 0 0 0 0
          50163 2016-11-12 21:01:00.000 Build GCCLin_x86 on Test KVM 73212 ReactOS - i386 Build 15694 kmtest NtCreateSection canceled 0 0 0 0 0
          50161 2016-11-12 19:59:00.000 Build GCCLin_x86 on Test KVM 73211 ReactOS - i386 Build 15692 kmtest NtCreateSection canceled 0 0 0 0 0
          50160 2016-11-12 19:32:00.000 Build GCCLin_x86 on Test KVM 73210 ReactOS - i386 Build 15691 kmtest NtCreateSection canceled 0 0 0 0 0
          50159 2016-11-12 19:08:00.000 Build GCCLin_x86 on Test KVM 73209 ReactOS - i386 Build 15690 kmtest NtCreateSection canceled 0 0 0 0 0
          50158 2016-11-12 18:41:00.000 Build GCCLin_x86 on Test KVM 73208 ReactOS - i386 Build 15689 kmtest NtCreateSection canceled 0 0 0 0 0
          50157 2016-11-12 18:14:00.000 Build GCCLin_x86 on Test KVM 73207 ReactOS - i386 Build 15688 kmtest NtCreateSection canceled 0 0 0 0 0
          50156 2016-11-12 17:49:00.000 Build GCCLin_x86 on Test KVM 73206 ReactOS - i386 Build 15687 kmtest NtCreateSection canceled 0 0 0 0 0
          50155 2016-11-12 17:25:00.000 Build GCCLin_x86 on Test KVM 73205 ReactOS - i386 Build 15686 kmtest NtCreateSection canceled 0 0 0 0 0
          50154 2016-11-12 17:02:00.000 Build GCCLin_x86 on Test KVM 73204 ReactOS - i386 Build 15685 kmtest NtCreateSection canceled 0 0 0 0 0
          50153 2016-11-12 16:39:00.000 Build GCCLin_x86 on Test KVM 73203 ReactOS - i386 Build 15684 kmtest NtCreateSection canceled 0 0 0 0 0
          50151 2016-11-12 16:12:00.000 Build GCCLin_x86 on Test KVM 73202 ReactOS - i386 Build 15683 kmtest NtCreateSection canceled 0 0 0 0 0
          50147 2016-11-12 15:26:00.000 Build GCCLin_x86 on Test KVM 73201 ReactOS - i386 Build 15681 kmtest NtCreateSection canceled 0 0 0 0 0
          50144 2016-11-12 14:58:00.000 Build GCCLin_x86 on Test KVM 73200 ReactOS - i386 Build 15680 kmtest NtCreateSection canceled 0 0 0 0 0
          50131 2016-11-10 21:57:00.000 Build GCCLin_x86 on Test KVM 73199 ReactOS - i386 Build 15679 kmtest NtCreateSection canceled 0 0 0 0 0
          50129 2016-11-10 21:31:00.000 Build GCCLin_x86 on Test KVM 73198 ReactOS - i386 Build 15678 kmtest NtCreateSection ok 168 28 0 0 0,24
          Show
          Mark Jansen
          added a comment - - edited r73199 introduced this. id date source revision platformname comment module test status count failures skipped todo time 50192 2016-11-13 16:56:00.000 Build GCCLin_x86 on Test KVM 73225 ReactOS - i386 Build 15710 kmtest NtCreateSection canceled 0 0 0 0 0 50190 2016-11-13 16:32:00.000 Build GCCLin_x86 on Test KVM (patched) 73224 ReactOS - i386 Build 15709 kmtest NtCreateSection canceled 0 0 0 0 0 50189 2016-11-13 16:05:00.000 Build GCCLin_x86 on Test KVM 73224 ReactOS - i386 Build 15708 kmtest NtCreateSection canceled 0 0 0 0 0 50187 2016-11-13 15:41:00.000 Build GCCLin_x86 on Test KVM 73223 ReactOS - i386 Build 15707 kmtest NtCreateSection canceled 0 0 0 0 0 50186 2016-11-13 15:17:00.000 Build GCCLin_x86 on Test KVM 73221 ReactOS - i386 Build 15706 kmtest NtCreateSection canceled 0 0 0 0 0 50183 2016-11-13 14:49:00.000 Build GCCLin_x86 on Test KVM 73220 ReactOS - i386 Build 15705 kmtest NtCreateSection canceled 0 0 0 0 0 50182 2016-11-13 14:22:00.000 Build GCCLin_x86 on Test KVM 73219 ReactOS - i386 Build 15704 kmtest NtCreateSection canceled 0 0 0 0 0 50181 2016-11-13 13:59:00.000 Build GCCLin_x86 on Test KVM 73218 ReactOS - i386 Build 15703 kmtest NtCreateSection canceled 0 0 0 0 0 50180 2016-11-13 13:32:00.000 Build GCCLin_x86 on Test KVM 73217 ReactOS - i386 Build 15702 kmtest NtCreateSection canceled 0 0 0 0 0 50179 2016-11-13 13:05:00.000 Build GCCLin_x86 on Test KVM 73216 ReactOS - i386 Build 15701 kmtest NtCreateSection canceled 0 0 0 0 0 50177 2016-11-13 12:40:00.000 Build GCCLin_x86 on Test KVM (patched) 73215 ReactOS - i386 Build 15700 kmtest NtCreateSection canceled 0 0 0 0 0 50175 2016-11-13 12:15:00.000 Build GCCLin_x86 on Test KVM 73215 ReactOS - i386 Build 15699 kmtest NtCreateSection canceled 0 0 0 0 0 50168 2016-11-12 22:19:00.000 Build GCCLin_x86 on Test KVM (patched) 73214 ReactOS - i386 Build 15697 kmtest NtCreateSection canceled 0 0 0 0 0 50166 2016-11-12 21:53:00.000 Build GCCLin_x86 on Test KVM 73214 ReactOS - i386 Build 15696 kmtest NtCreateSection canceled 0 0 0 0 0 50165 2016-11-12 21:25:00.000 Build GCCLin_x86 on Test KVM 73213 ReactOS - i386 Build 15695 kmtest NtCreateSection canceled 0 0 0 0 0 50163 2016-11-12 21:01:00.000 Build GCCLin_x86 on Test KVM 73212 ReactOS - i386 Build 15694 kmtest NtCreateSection canceled 0 0 0 0 0 50161 2016-11-12 19:59:00.000 Build GCCLin_x86 on Test KVM 73211 ReactOS - i386 Build 15692 kmtest NtCreateSection canceled 0 0 0 0 0 50160 2016-11-12 19:32:00.000 Build GCCLin_x86 on Test KVM 73210 ReactOS - i386 Build 15691 kmtest NtCreateSection canceled 0 0 0 0 0 50159 2016-11-12 19:08:00.000 Build GCCLin_x86 on Test KVM 73209 ReactOS - i386 Build 15690 kmtest NtCreateSection canceled 0 0 0 0 0 50158 2016-11-12 18:41:00.000 Build GCCLin_x86 on Test KVM 73208 ReactOS - i386 Build 15689 kmtest NtCreateSection canceled 0 0 0 0 0 50157 2016-11-12 18:14:00.000 Build GCCLin_x86 on Test KVM 73207 ReactOS - i386 Build 15688 kmtest NtCreateSection canceled 0 0 0 0 0 50156 2016-11-12 17:49:00.000 Build GCCLin_x86 on Test KVM 73206 ReactOS - i386 Build 15687 kmtest NtCreateSection canceled 0 0 0 0 0 50155 2016-11-12 17:25:00.000 Build GCCLin_x86 on Test KVM 73205 ReactOS - i386 Build 15686 kmtest NtCreateSection canceled 0 0 0 0 0 50154 2016-11-12 17:02:00.000 Build GCCLin_x86 on Test KVM 73204 ReactOS - i386 Build 15685 kmtest NtCreateSection canceled 0 0 0 0 0 50153 2016-11-12 16:39:00.000 Build GCCLin_x86 on Test KVM 73203 ReactOS - i386 Build 15684 kmtest NtCreateSection canceled 0 0 0 0 0 50151 2016-11-12 16:12:00.000 Build GCCLin_x86 on Test KVM 73202 ReactOS - i386 Build 15683 kmtest NtCreateSection canceled 0 0 0 0 0 50147 2016-11-12 15:26:00.000 Build GCCLin_x86 on Test KVM 73201 ReactOS - i386 Build 15681 kmtest NtCreateSection canceled 0 0 0 0 0 50144 2016-11-12 14:58:00.000 Build GCCLin_x86 on Test KVM 73200 ReactOS - i386 Build 15680 kmtest NtCreateSection canceled 0 0 0 0 0 50131 2016-11-10 21:57:00.000 Build GCCLin_x86 on Test KVM 73199 ReactOS - i386 Build 15679 kmtest NtCreateSection canceled 0 0 0 0 0 50129 2016-11-10 21:31:00.000 Build GCCLin_x86 on Test KVM 73198 ReactOS - i386 Build 15678 kmtest NtCreateSection ok 168 28 0 0 0,24
          Hide
          Doug Lyons
          added a comment -

          Since the only addition was FileEndOfFileInformation I just did a search and found the following interesting comment in file.c

          • As it happens that, on Windows (and ReactOS), retrieving the End-Of-File
          • information using NtQueryInformationFile with the FileEndOfFileInformation
          • class is invalid (who knows why...), use instead the FileStandardInformation
          • class, and the EndOfFile member of the returned FILE_STANDARD_INFORMATION
          • structure will give the desired information.

          Maybe it might provide some insight?

          Show
          Doug Lyons
          added a comment - Since the only addition was FileEndOfFileInformation I just did a search and found the following interesting comment in file.c As it happens that, on Windows (and ReactOS), retrieving the End-Of-File information using NtQueryInformationFile with the FileEndOfFileInformation class is invalid (who knows why...), use instead the FileStandardInformation class, and the EndOfFile member of the returned FILE_STANDARD_INFORMATION structure will give the desired information. Maybe it might provide some insight?
          Hide
          Pierre Schweitzer
          added a comment - - edited

          The problem comes from the following set of events:
          The caller maps the view of a section backed by a file in its virtual space.
          Then, it attemps to write to the mapping. This is causing a legit page fault.
          This brings us to MmNotPresentFaultSectionView() where MM will try to read the page from the FSD.
          By doing so, it will mark the associated section segment as waiting for paging event.
          Unfortunately, because the FSD is performing late CC init, MiPageRead() cannot succeed and the page is never loaded. And the section segment is still marked as waiting for input.
          Later on, when calling NtUnmapViewOfSection(), we end to MmFreeSectionPage() which waits on reading to finish before unmapping. This cannot happen as it failed earlier. Hence the deadlock in MM which makes the callee stuck.

          I guess our cleanup path in MmNotPresentFaultSectionView() is guilty as it doesn't reset states properly. Need to find out of to make this properly.

          CCing zefklop, in case he would already have a quick win in mind.

          Show
          Pierre Schweitzer
          added a comment - - edited The problem comes from the following set of events: The caller maps the view of a section backed by a file in its virtual space. Then, it attemps to write to the mapping. This is causing a legit page fault. This brings us to MmNotPresentFaultSectionView() where MM will try to read the page from the FSD. By doing so, it will mark the associated section segment as waiting for paging event. Unfortunately, because the FSD is performing late CC init, MiPageRead() cannot succeed and the page is never loaded. And the section segment is still marked as waiting for input. Later on, when calling NtUnmapViewOfSection(), we end to MmFreeSectionPage() which waits on reading to finish before unmapping. This cannot happen as it failed earlier. Hence the deadlock in MM which makes the callee stuck. I guess our cleanup path in MmNotPresentFaultSectionView() is guilty as it doesn't reset states properly. Need to find out of to make this properly. CCing zefklop , in case he would already have a quick win in mind.
          Hide
          Pierre Schweitzer
          added a comment -

          Actually, previous analysis was wrong. I was in the wrong case. It gets stuck on MiReadPage, not because caching was not initialized, but because allocation was grown, and file size wasn't. This gives the following behavior:
          The caller maps the view of a section backed by a file in its virtual space.
          Then, it attemps to write to the mapping. This is causing a legit page fault.
          This brings us to MmNotPresentFaultSectionView() where MM will try to read the page from the FSD.
          By doing so, it will mark the associated section segment as waiting for paging event.
          Because no previous reading was made, MiPageRead() attempts to create a VACB. But it failes, due to filesize being equal to file offset (0). The page is never loaded and the section segment is still marked as waiting for input.
          Later on, when calling NtUnmapViewOfSection(), we end to MmFreeSectionPage() which waits on reading to finish before unmapping. This cannot happen as it failed earlier. Hence the deadlock in MM which makes the callee stuck.

          Show
          Pierre Schweitzer
          added a comment - Actually, previous analysis was wrong. I was in the wrong case. It gets stuck on MiReadPage, not because caching was not initialized, but because allocation was grown, and file size wasn't. This gives the following behavior: The caller maps the view of a section backed by a file in its virtual space. Then, it attemps to write to the mapping. This is causing a legit page fault. This brings us to MmNotPresentFaultSectionView() where MM will try to read the page from the FSD. By doing so, it will mark the associated section segment as waiting for paging event. Because no previous reading was made, MiPageRead() attempts to create a VACB. But it failes, due to filesize being equal to file offset (0). The page is never loaded and the section segment is still marked as waiting for input. Later on, when calling NtUnmapViewOfSection(), we end to MmFreeSectionPage() which waits on reading to finish before unmapping. This cannot happen as it failed earlier. Hence the deadlock in MM which makes the callee stuck.
          Hide
          Pierre Schweitzer
          added a comment -

          Patch file to test a possible fix.

          Show
          Pierre Schweitzer
          added a comment - Patch file to test a possible fix.
          Hide
          Pierre Schweitzer
          added a comment -

          Fixed with r73325 and r73326.

          Show
          Pierre Schweitzer
          added a comment - Fixed with r73325 and r73326.

            People

            • Assignee:
              Pierre Schweitzer
              Reporter:
              Thomas Faber
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Agile