Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-11962

INVALID_PROCESS_ATTACH_ATTEMPT bugcheck during testbot runs

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 0.4.3
    • NTCore
    • September 2016
    • 72,554

    Description

      *** Fatal System Error: 0x00000005
                             (0xB1D8B570,0xB2675D88,0x00000001,0x00000000)
       
      
      Entered debugger on embedded INT3 at 0x0008:0x809411cc.
      kdb:>
       bt
      Eip:
      <NTOSKRNL.EXE:1411cd (:0 (RtlpBreakWithStatusInstruction))>
      Frames:
      <NTOSKRNL.EXE:823ed (ntoskrnl/ke/bug.c:1100 (KeBugCheckWithTf))>
      <NTOSKRNL.EXE:829c4 (ntoskrnl/ke/bug.c:1456 (KeBugCheckEx))>
      <NTOSKRNL.EXE:86f11 (ntoskrnl/ke/procobj.c:542 (KeAttachProcess))>
      <NTOSKRNL.EXE:d969a (ntoskrnl/mm/marea.c:596 (MmDeleteProcessAddressSpace))>
      <NTOSKRNL.EXE:101d57 (ntoskrnl/ps/kill.c:354 (PspDeleteProcess))>
      <NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>
      <NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>
      <NTOSKRNL.EXE:9ff41 (ntoskrnl/mm/ARM3/expool.c:2302 (ExFreePoolWithTag))>
      <NTOSKRNL.EXE:6c01e (ntoskrnl/io/iomgr/irp.c:1644 (IoFreeIrp))>
      <NTOSKRNL.EXE:5f42c (ntoskrnl/io/iomgr/file.c:1334 (IopDeleteFile))>
      <NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>
      <NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>
      <NTOSKRNL.EXE:ec03c (ntoskrnl/ob/obhandle.c:767 (ObpCloseHandleTableEntry))>
      <NTOSKRNL.EXE:ed85a (ntoskrnl/ob/obhandle.c:1771 (ObpCloseHandle))>
      <NTOSKRNL.EXE:ef765 (ntoskrnl/ob/obhandle.c:3395 (NtClose))>
      <NTOSKRNL.EXE:126ac4 (ntoskrnl/include/internal/i386/ke.h:706 (KiSystemServiceHandler))>
      <NTOSKRNL.EXE:3d1f (:0 (KiSystemService))>
      <NTOSKRNL.EXE:1228 (:0 (ZwClose))>
      <NTOSKRNL.EXE:6bd6b (ntoskrnl/io/iomgr/irp.c:1223 (IofCallDriver))>
      <NTOSKRNL.EXE:5f3ab (ntoskrnl/io/iomgr/file.c:1321 (IopDeleteFile))>
      <NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>
      <NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>
      <NTOSKRNL.EXE:ec03c (ntoskrnl/ob/obhandle.c:767 (ObpCloseHandleTableEntry))>
      <NTOSKRNL.EXE:ec083 (ntoskrnl/ob/obhandle.c:1927 (ObpCloseHandleCallback))>
      <NTOSKRNL.EXE:31f43 (ntoskrnl/ex/handle.c:1211 (ExSweepHandleTable))>
      <NTOSKRNL.EXE:edd61 (ntoskrnl/ob/obhandle.c:2182 (ObKillProcess))>
      <NTOSKRNL.EXE:10141c (ntoskrnl/ps/kill.c:837 (PspExitThread))>
      <NTOSKRNL.EXE:1018ce (ntoskrnl/ps/kill.c:940 (PsExitSpecialApc))>
      <NTOSKRNL.EXE:80a3a (ntoskrnl/ke/apc.c:474 (KiDeliverApc))>
      <NTOSKRNL.EXE:123f55 (ntoskrnl/include/internal/i386/ke.h:776 (KiServiceExit))>
      <NTOSKRNL.EXE:126b8b (ntoskrnl/ke/i386/traphdlr.c:1751 (KiSystemServiceHandler))>
      <NTOSKRNL.EXE:3da9 (:0 (KiFastCallEntry))>

      The attach here is done to return the pool quota for the IRP. However the IRP allocation in IopDeleteFile specifies ChargeQuota = FALSE, which indicates that the IRP in question must have come from a lookaside list and was allocated with quota charged to a completely unrelated process. That quota should have been returned before returning the IRP to the lookaside list.

      Attachments

        1. tcp-always-pend.patch
          5 kB
        2. tcp-always-pend.patch
          5 kB
        3. ntos-return-irp-quota.patch
          3 kB
        4. ntos-return-irp-quota.patch
          3 kB
        5. ntos-return-irp-quota.patch
          4 kB
        6. ntos-return-irp-quota.patch
          4 kB
        7. ntos-return-irp-quota.patch
          4 kB
        8. ntos-return-irp-quota.patch
          4 kB
        9. ntos-return-irp-quota.patch
          3 kB
        10. irp-special-pool.patch
          0.5 kB
        11. irp-special-pool.patch
          1.0 kB
        12. ip-enqueue-only-pending.patch
          1 kB
        13. ip-dequeue-if-not-pending.patch
          1.0 kB
        14. ip-dequeue-if-not-pending.patch
          2 kB

        Activity

          People

            ThFabba ThFabba
            ThFabba ThFabba
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: