Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 0.4.3
Component/s: NTCore
Labels:
- REGRESSION

Module:
- io
- ntoskrnl
Sprint:
September 2016
Guilty Revision:
72,554

Description

*** Fatal System Error: 0x00000005

                       (0xB1D8B570,0xB2675D88,0x00000001,0x00000000)

[7h

Entered debugger on embedded INT3 at 0x0008:0x809411cc.

kdb:>

bt

Eip:

<NTOSKRNL.EXE:1411cd (:0 (RtlpBreakWithStatusInstruction))>

Frames:

<NTOSKRNL.EXE:823ed (ntoskrnl/ke/bug.c:1100 (KeBugCheckWithTf))>

<NTOSKRNL.EXE:829c4 (ntoskrnl/ke/bug.c:1456 (KeBugCheckEx))>

<NTOSKRNL.EXE:86f11 (ntoskrnl/ke/procobj.c:542 (KeAttachProcess))>

<NTOSKRNL.EXE:d969a (ntoskrnl/mm/marea.c:596 (MmDeleteProcessAddressSpace))>

<NTOSKRNL.EXE:101d57 (ntoskrnl/ps/kill.c:354 (PspDeleteProcess))>

<NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>

<NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>

<NTOSKRNL.EXE:9ff41 (ntoskrnl/mm/ARM3/expool.c:2302 (ExFreePoolWithTag))>

<NTOSKRNL.EXE:6c01e (ntoskrnl/io/iomgr/irp.c:1644 (IoFreeIrp))>

<NTOSKRNL.EXE:5f42c (ntoskrnl/io/iomgr/file.c:1334 (IopDeleteFile))>

<NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>

<NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>

<NTOSKRNL.EXE:ec03c (ntoskrnl/ob/obhandle.c:767 (ObpCloseHandleTableEntry))>

<NTOSKRNL.EXE:ed85a (ntoskrnl/ob/obhandle.c:1771 (ObpCloseHandle))>

<NTOSKRNL.EXE:ef765 (ntoskrnl/ob/obhandle.c:3395 (NtClose))>

<NTOSKRNL.EXE:126ac4 (ntoskrnl/include/internal/i386/ke.h:706 (KiSystemServiceHandler))>

<NTOSKRNL.EXE:3d1f (:0 (KiSystemService))>

<NTOSKRNL.EXE:1228 (:0 (ZwClose))>

<NTOSKRNL.EXE:6bd6b (ntoskrnl/io/iomgr/irp.c:1223 (IofCallDriver))>

<NTOSKRNL.EXE:5f3ab (ntoskrnl/io/iomgr/file.c:1321 (IopDeleteFile))>

<NTOSKRNL.EXE:f01c3 (ntoskrnl/ob/oblife.c:211 (ObpDeleteObject))>

<NTOSKRNL.EXE:f672f (ntoskrnl/ob/obref.c:237 (ObfDereferenceObject))>

<NTOSKRNL.EXE:ec03c (ntoskrnl/ob/obhandle.c:767 (ObpCloseHandleTableEntry))>

<NTOSKRNL.EXE:ec083 (ntoskrnl/ob/obhandle.c:1927 (ObpCloseHandleCallback))>

<NTOSKRNL.EXE:31f43 (ntoskrnl/ex/handle.c:1211 (ExSweepHandleTable))>

<NTOSKRNL.EXE:edd61 (ntoskrnl/ob/obhandle.c:2182 (ObKillProcess))>

<NTOSKRNL.EXE:10141c (ntoskrnl/ps/kill.c:837 (PspExitThread))>

<NTOSKRNL.EXE:1018ce (ntoskrnl/ps/kill.c:940 (PsExitSpecialApc))>

<NTOSKRNL.EXE:80a3a (ntoskrnl/ke/apc.c:474 (KiDeliverApc))>

<NTOSKRNL.EXE:123f55 (ntoskrnl/include/internal/i386/ke.h:776 (KiServiceExit))>

<NTOSKRNL.EXE:126b8b (ntoskrnl/ke/i386/traphdlr.c:1751 (KiSystemServiceHandler))>

<NTOSKRNL.EXE:3da9 (:0 (KiFastCallEntry))>

The attach here is done to return the pool quota for the IRP. However the IRP allocation in IopDeleteFile specifies ChargeQuota = FALSE, which indicates that the IRP in question must have come from a lookaside list and was allocated with quota charged to a completely unrelated process. That quota should have been returned before returning the IRP to the lookaside list.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

ip-dequeue-if-not-pending.patch
2 kB
2016-09-11 13:03
ip-dequeue-if-not-pending.patch
1.0 kB
2016-09-11 12:48
ip-enqueue-only-pending.patch
1 kB
2016-09-11 11:47
irp-special-pool.patch
1.0 kB
2016-09-10 20:35
irp-special-pool.patch
0.5 kB
2016-09-10 19:24
ntos-return-irp-quota.patch
3 kB
2016-09-14 12:19
ntos-return-irp-quota.patch
4 kB
2016-09-10 15:57
ntos-return-irp-quota.patch
4 kB
2016-09-10 15:42
ntos-return-irp-quota.patch
4 kB
2016-09-10 15:32
ntos-return-irp-quota.patch
4 kB
2016-09-10 15:28
ntos-return-irp-quota.patch
3 kB
2016-09-09 11:08
ntos-return-irp-quota.patch
3 kB
2016-09-09 10:45
tcp-always-pend.patch
5 kB
2016-09-13 11:35
tcp-always-pend.patch
5 kB
2016-09-13 11:05

Activity

People

Assignee:: ThFabba

Reporter:: ThFabba

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2016-09-09 10:35

Updated:: 2016-09-14 12:45

Resolved:: 2016-09-14 12:45