Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-11962

INVALID_PROCESS_ATTACH_ATTEMPT bugcheck during testbot runs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Fix Version/s: 0.4.3
    • Component/s: NTCore
    • Labels:
    • Module:
    • Sprint:
      September 2016
    • Guilty Revision:
      72,554

      Description

      *** Fatal System Error: 0x00000005
                             (0xB1D8B570,0xB2675D88,0x00000001,0x00000000)
       
      
      Entered debugger on embedded INT3 at 0x0008:0x809411cc.
      kdb:>
       bt
      Eip:
      <NTOSKRNL.EXE:1411cd (:0 (RtlpBreakWithStatusInstruction))>
      Frames:
      <NTOSKRNL.EXE:823ed (ntoskrnl/ke/bug.c:1100 (KeBugCheckWithTf))>
      <NTOSKRNL.EXE:829c4 (ntoskrnl/ke/bug.c:1456 (KeBugCheckEx))>
      <NTOSKRNL.EXE:86f11 (ntoskrnl/ke/procobj.c:542 (KeAttachProcess))>
      <NTOSKRNL.EXE:d969a (ntoskrnl/mm/marea.c:596 (MmDeleteProcessAddressSpace))>
      <NTOSKRNL.EXE:101d57 (ntoskrnl/ps/kill.c:354 (PspDeleteProcess))>
      <NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>
      <NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>
      <NTOSKRNL.EXE:9ff41 (ntoskrnl/mm/ARM3/expool.c:2302 (ExFreePoolWithTag))>
      <NTOSKRNL.EXE:6c01e (ntoskrnl/io/iomgr/irp.c:1644 (IoFreeIrp))>
      <NTOSKRNL.EXE:5f42c (ntoskrnl/io/iomgr/file.c:1334 (IopDeleteFile))>
      <NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>
      <NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>
      <NTOSKRNL.EXE:ec03c (ntoskrnl/ob/obhandle.c:767 (ObpCloseHandleTableEntry))>
      <NTOSKRNL.EXE:ed85a (ntoskrnl/ob/obhandle.c:1771 (ObpCloseHandle))>
      <NTOSKRNL.EXE:ef765 (ntoskrnl/ob/obhandle.c:3395 (NtClose))>
      <NTOSKRNL.EXE:126ac4 (ntoskrnl/include/internal/i386/ke.h:706 (KiSystemServiceHandler))>
      <NTOSKRNL.EXE:3d1f (:0 (KiSystemService))>
      <NTOSKRNL.EXE:1228 (:0 (ZwClose))>
      <NTOSKRNL.EXE:6bd6b (ntoskrnl/io/iomgr/irp.c:1223 (IofCallDriver))>
      <NTOSKRNL.EXE:5f3ab (ntoskrnl/io/iomgr/file.c:1321 (IopDeleteFile))>
      <NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>
      <NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>
      <NTOSKRNL.EXE:ec03c (ntoskrnl/ob/obhandle.c:767 (ObpCloseHandleTableEntry))>
      <NTOSKRNL.EXE:ec083 (ntoskrnl/ob/obhandle.c:1927 (ObpCloseHandleCallback))>
      <NTOSKRNL.EXE:31f43 (ntoskrnl/ex/handle.c:1211 (ExSweepHandleTable))>
      <NTOSKRNL.EXE:edd61 (ntoskrnl/ob/obhandle.c:2182 (ObKillProcess))>
      <NTOSKRNL.EXE:10141c (ntoskrnl/ps/kill.c:837 (PspExitThread))>
      <NTOSKRNL.EXE:1018ce (ntoskrnl/ps/kill.c:940 (PsExitSpecialApc))>
      <NTOSKRNL.EXE:80a3a (ntoskrnl/ke/apc.c:474 (KiDeliverApc))>
      <NTOSKRNL.EXE:123f55 (ntoskrnl/include/internal/i386/ke.h:776 (KiServiceExit))>
      <NTOSKRNL.EXE:126b8b (ntoskrnl/ke/i386/traphdlr.c:1751 (KiSystemServiceHandler))>
      <NTOSKRNL.EXE:3da9 (:0 (KiFastCallEntry))>

      The attach here is done to return the pool quota for the IRP. However the IRP allocation in IopDeleteFile specifies ChargeQuota = FALSE, which indicates that the IRP in question must have come from a lookaside list and was allocated with quota charged to a completely unrelated process. That quota should have been returned before returning the IRP to the lookaside list.

        Attachments

        1. ip-dequeue-if-not-pending.patch
          2 kB
        2. ip-dequeue-if-not-pending.patch
          1.0 kB
        3. ip-enqueue-only-pending.patch
          1 kB
        4. irp-special-pool.patch
          1.0 kB
        5. irp-special-pool.patch
          0.5 kB
        6. ntos-return-irp-quota.patch
          3 kB
        7. ntos-return-irp-quota.patch
          4 kB
        8. ntos-return-irp-quota.patch
          4 kB
        9. ntos-return-irp-quota.patch
          4 kB
        10. ntos-return-irp-quota.patch
          4 kB
        11. ntos-return-irp-quota.patch
          3 kB
        12. ntos-return-irp-quota.patch
          3 kB
        13. tcp-always-pend.patch
          5 kB
        14. tcp-always-pend.patch
          5 kB

          Activity

            People

            • Assignee:
              ThFabba ThFabba
              Reporter:
              ThFabba ThFabba
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: