(D:\rossrc\reactos\ntoskrnl\mm\ARM3\vadnode.c:288) Given address conflicts with existing node
|
(D:\rossrc\reactos\ntoskrnl\mm\ARM3\virtual.c:4675) Failed to insert the VAD!
|
...
|
(D:\rossrc\reactos\ntoskrnl\mm\ARM3\vadnode.c:288) Given address conflicts with existing node
|
(D:\rossrc\reactos\ntoskrnl\mm\ARM3\virtual.c:4675) Failed to insert the VAD!
|
fixme:(D:\rossrc\reactos\dll\win32\wininet\internet.c:2274) no support on this platform
|
fixme:(D:\rossrc\reactos\dll\win32\wininet\internet.c:2274) no support on this platform
|
fixme:(D:\rossrc\reactos\dll\win32\wininet\internet.c:2274) no support on this platform
|
(D:\rossrc\reactos\ntoskrnl\mm\i386\page.c:676) NULL process given for user-mode mapping at 0000F000 -- 1 pages starting at f52a
|
|
*** Fatal System Error: 0x0000001a
|
(0x00000000,0x00000000,0x00000000,0x00000000)
|
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows Server 2003 3790 x86 compatible target at (Mon Mar 19 21:58:28.252 2018 (UTC + 1:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
........................................................
|
Loading User Symbols
|
.......................................
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck 1A, {0, 0, 0, 0}
|
|
*** ERROR: Module load completed but symbols could not be loaded for updater.exe
|
Probably caused by : memory_corruption ( nt!MmCreateVirtualMappingUnsafe+91 )
|
|
Followup: MachineOwner
|
---------
|
|
nt!RtlpBreakWithStatusInstruction:
|
80517028 cc int 3
|
kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
MEMORY_MANAGEMENT (1a)
|
# Any other values for parameter 1 must be individually examined.
|
Arguments:
|
Arg1: 00000000, The subtype of the bugcheck.
|
Arg2: 00000000
|
Arg3: 00000000
|
Arg4: 00000000
|
|
Debugging Details:
|
------------------
|
|
|
BUGCHECK_STR: 0x1a_0
|
|
DEFAULT_BUCKET_ID: DRIVER_FAULT
|
|
PROCESS_NAME: updater.exe
|
|
CURRENT_IRQL: 0
|
|
LAST_CONTROL_TRANSFER: from 8047be78 to 80517028
|
|
STACK_TEXT:
|
f8432500 8047be78 00000003 f8432820 ffdff408 nt!RtlpBreakWithStatusInstruction
|
f8432530 8047c783 00000003 f8432d14 b12590d0 nt!KiBugCheckDebugBreak+0x38 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 538]
|
f84328cc 8047ce08 0000001a 00000000 00000000 nt!KeBugCheckWithTf+0x553 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1102]
|
f84328ec 804ff821 0000001a 00000001 00000001 nt!KeBugCheck+0x18 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1473]
|
f8432920 804ffd1f 00000000 0000f000 00000004 nt!MmCreateVirtualMappingUnsafe+0x91 [d:\rossrc\reactos\ntoskrnl\mm\i386\page.c @ 680]
|
f8432944 80408d3f 00000000 0000f000 00000004 nt!MmCreateVirtualMapping+0xbf [d:\rossrc\reactos\ntoskrnl\mm\i386\page.c @ 793]
|
f8432978 80408b67 b0dcf620 b0dbe4e0 00000001 nt!CcRosMapVacbInKernelSpace+0x16f [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 666]
|
f84329b4 8040871f b0dbe8b8 00040000 00000000 nt!CcRosCreateVacb+0x3b7 [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 802]
|
f84329d8 80408e4d b0dbe8b8 00040000 00000000 nt!CcRosGetVacb+0x4f [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 843]
|
f8432a10 804050ea b0dbe8b8 00040000 00000000 nt!CcRosRequestVacb+0xad [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 898]
|
f8432aa8 80405bf1 b0dbe998 00040000 00000000 nt!CcCopyData+0x33a [d:\rossrc\reactos\ntoskrnl\cc\copy.c @ 348]
|
f8432adc f8ba2586 b0dbe998 f8432b80 00010000 nt!CcCopyWrite+0x31 [d:\rossrc\reactos\ntoskrnl\cc\copy.c @ 848]
|
f8432ba8 f8ba0710 b0dc8168 00000001 00000004 fastfat!VfatWrite+0x626 [d:\rossrc\reactos\drivers\filesystems\fastfat\rw.c @ 991]
|
f8432bcc f8ba0667 b0dc8168 00000001 00000001 fastfat!VfatDispatchRequest+0x90 [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 133]
|
f8432be8 804674c7 b1259018 b0db9140 00000001 fastfat!VfatBuildRequest+0x77 [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 239]
|
f8432c0c 8045ec82 80466c16 00000000 00000190 nt!IofCallDriver+0x97 [d:\rossrc\reactos\ntoskrnl\io\iomgr\irp.c @ 1288]
|
f8432c28 80463176 b1259018 b0db9140 b0dbe998 nt!IopPerformSynchronousRequest+0x32 [d:\rossrc\reactos\ntoskrnl\io\iomgr\iofunc.c @ 142]
|
f8432ce8 804fccab 000002a0 00000000 00000000 nt!NtWriteFile+0x686 [d:\rossrc\reactos\ntoskrnl\io\iomgr\iofunc.c @ 3810]
|
f8432d1c 804fc34f 80462af0 0067de60 00000024 nt!KiSystemCallTrampoline+0x1b [d:\rossrc\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
|
f8432d5c 80403e23 0067deb0 7c92d0de badb0d00 nt!KiSystemServiceHandler+0x22f [d:\rossrc\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
|
f8432d5c 7c92d0de 0067deb0 7c92d0de badb0d00 nt!KiFastCallEntry+0x8c
|
0067de54 7c953e5a 7c785ecb 000002a0 00000000 ntdll!KiFastSystemCallRet
|
0067de58 7c785ecb 000002a0 00000000 00000000 ntdll!ZwWriteFile+0xc
|
0067deb0 7c785c17 0000029c 000002a0 000da7f0 KERNEL32!CopyLoop+0x1bb [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 121]
|
0067df48 7c786101 0067e4a8 0067e6b0 00000000 KERNEL32!BasepCopyFileExW+0x137 [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 268]
|
0067dfa4 7c786272 0067e4a8 0067e6b0 00000000 KERNEL32!CopyFileExW+0x61 [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 341]
|
0067dfc4 0040656f 0067e4a8 0067e6b0 00000000 KERNEL32!CopyFileW+0x22 [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 449]
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
0067e048 7c93802d 00000001 000006c0 0067e068 updater+0x656f
|
0067e058 7c92b4dd 7c99aa20 7ffde000 0067e0f4 ntdll!RtlLeaveCriticalSection+0xd [d:\rossrc\reactos\sdk\lib\rtl\critical.c @ 698]
|
0067e068 7c948b2d 00000000 00000000 00000000 ntdll!RtlReleasePebLock+0x1d [d:\rossrc\reactos\dll\ntdll\rtl\libsupp.c @ 86]
|
0067e0f4 00000000 0067e10c 7c92b4dd 7c99aa20 ntdll!RtlGetFullPathName_Ustr+0x73d [d:\rossrc\reactos\sdk\lib\rtl\path.c @ 814]
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
nt!MmCreateVirtualMappingUnsafe+91 [d:\rossrc\reactos\ntoskrnl\mm\i386\page.c @ 680]
|
804ff821 817d1800000100 cmp dword ptr [ebp+18h],10000h
|
|
SYMBOL_STACK_INDEX: 4
|
|
SYMBOL_NAME: nt!MmCreateVirtualMappingUnsafe+91
|
|
FOLLOWUP_NAME: MachineOwner
|
|
MODULE_NAME: nt
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 5ab02183
|
|
IMAGE_NAME: memory_corruption
|
|
FAILURE_BUCKET_ID: 0x1a_0_nt!MmCreateVirtualMappingUnsafe+91
|
|
BUCKET_ID: 0x1a_0_nt!MmCreateVirtualMappingUnsafe+91
|
|
Followup: MachineOwner
|
---------
|
|
kd> kp
|
ChildEBP RetAddr
|
f8432500 8047be78 nt!RtlpBreakWithStatusInstruction
|
f8432530 8047c783 nt!KiBugCheckDebugBreak(unsigned long StatusCode = 3)+0x38 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 538]
|
f84328cc 8047ce08 nt!KeBugCheckWithTf(unsigned long BugCheckCode = 0x1a, unsigned long BugCheckParameter1 = 0, unsigned long BugCheckParameter2 = 0, unsigned long BugCheckParameter3 = 0, unsigned long BugCheckParameter4 = 0, struct _KTRAP_FRAME * TrapFrame = 0x00000000)+0x553 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1102]
|
f84328ec 804ff821 nt!KeBugCheck(unsigned long BugCheckCode = 0x1a)+0x18 [d:\rossrc\reactos\ntoskrnl\ke\bug.c @ 1473]
|
f8432920 804ffd1f nt!MmCreateVirtualMappingUnsafe(struct _EPROCESS * Process = 0x00000000, void * Address = 0x0000f000, unsigned long flProtect = 4, unsigned long * Pages = 0xf8432968, unsigned long PageCount = 1)+0x91 [d:\rossrc\reactos\ntoskrnl\mm\i386\page.c @ 680]
|
f8432944 80408d3f nt!MmCreateVirtualMapping(struct _EPROCESS * Process = 0x00000000, void * Address = 0x0000f000, unsigned long flProtect = 4, unsigned long * Pages = 0xf8432968, unsigned long PageCount = 1)+0xbf [d:\rossrc\reactos\ntoskrnl\mm\i386\page.c @ 793]
|
f8432978 80408b67 nt!CcRosMapVacbInKernelSpace(struct _ROS_VACB * Vacb = 0xb0dcf620)+0x16f [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 666]
|
f84329b4 8040871f nt!CcRosCreateVacb(struct _ROS_SHARED_CACHE_MAP * SharedCacheMap = 0xb0dbe8b8, int64 FileOffset = 0n262144, struct _ROS_VACB ** Vacb = 0xf84329d4)+0x3b7 [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 802]
|
f84329d8 80408e4d nt!CcRosGetVacb(struct _ROS_SHARED_CACHE_MAP * SharedCacheMap = 0xb0dbe8b8, int64 FileOffset = 0n262144, int64 * BaseOffset = 0xf8432a08, void ** BaseAddress = 0xf8432aa4, unsigned char * UptoDate = 0xf8432a7b "???", struct _ROS_VACB ** Vacb = 0xf8432a7c)+0x4f [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 843]
|
f8432a10 804050ea nt!CcRosRequestVacb(struct _ROS_SHARED_CACHE_MAP * SharedCacheMap = 0xb0dbe8b8, int64 FileOffset = 0n262144, void ** BaseAddress = 0xf8432aa4, unsigned char * UptoDate = 0xf8432a7b "???", struct _ROS_VACB ** Vacb = 0xf8432a7c)+0xad [d:\rossrc\reactos\ntoskrnl\cc\view.c @ 898]
|
f8432aa8 80405bf1 nt!CcCopyData(struct _FILE_OBJECT * FileObject = 0xb0dbe998, int64 FileOffset = 0n262144, void * Buffer = 0x008d0000, int64 Length = 0n65536, _CC_COPY_OPERATION Operation = CcOperationWrite (0n1), unsigned char Wait = 0x01 '', struct _IO_STATUS_BLOCK * IoStatus = 0xf8432ad4)+0x33a [d:\rossrc\reactos\ntoskrnl\cc\copy.c @ 348]
|
f8432adc f8ba2586 nt!CcCopyWrite(struct _FILE_OBJECT * FileObject = 0xb0dbe998, union _LARGE_INTEGER * FileOffset = 0xf8432b80 0x40000, unsigned long Length = 0x10000, unsigned char Wait = 0x01 '', void * Buffer = 0x008d0000)+0x31 [d:\rossrc\reactos\ntoskrnl\cc\copy.c @ 848]
|
f8432ba8 f8ba0710 fastfat!VfatWrite(struct VFAT_IRP_CONTEXT * IrpContext = 0xb0dc8168)+0x626 [d:\rossrc\reactos\drivers\filesystems\fastfat\rw.c @ 991]
|
f8432bcc f8ba0667 fastfat!VfatDispatchRequest(struct VFAT_IRP_CONTEXT * IrpContext = 0xb0dc8168)+0x90 [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 133]
|
f8432be8 804674c7 fastfat!VfatBuildRequest(struct _DEVICE_OBJECT * DeviceObject = 0xb1259018, struct _IRP * Irp = 0xb0db9140)+0x77 [d:\rossrc\reactos\drivers\filesystems\fastfat\misc.c @ 239]
|
f8432c0c 8045ec82 nt!IofCallDriver(struct _DEVICE_OBJECT * DeviceObject = 0xb1259018, struct _IRP * Irp = 0xb0db9140)+0x97 [d:\rossrc\reactos\ntoskrnl\io\iomgr\irp.c @ 1288]
|
f8432c28 80463176 nt!IopPerformSynchronousRequest(struct _DEVICE_OBJECT * DeviceObject = 0xb1259018, struct _IRP * Irp = 0xb0db9140, struct _FILE_OBJECT * FileObject = 0xb0dbe998, unsigned char Deferred = 0x01 '', char PreviousMode = 0n1 '', unsigned char SynchIo = 0x01 '', _IOP_TRANSFER_TYPE TransferType = IopWriteTransfer (0n1))+0x32 [d:\rossrc\reactos\ntoskrnl\io\iomgr\iofunc.c @ 142]
|
f8432ce8 804fccab nt!NtWriteFile(void * FileHandle = 0x000002a0, void * Event = 0x00000000, <function> * ApcRoutine = 0x00000000, void * ApcContext = 0x00000000, struct _IO_STATUS_BLOCK * IoStatusBlock = 0x0067dea8, void * Buffer = 0x008d0000, unsigned long Length = 0x10000, union _LARGE_INTEGER * ByteOffset = 0x00000000, unsigned long * Key = 0x00000000)+0x686 [d:\rossrc\reactos\ntoskrnl\io\iomgr\iofunc.c @ 3810]
|
f8432d1c 804fc34f nt!KiSystemCallTrampoline(void * Handler = 0x80462af0, void * Arguments = 0x0067de60, unsigned long StackBytes = 0x24)+0x1b [d:\rossrc\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
|
f8432d5c 80403e23 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf8432d64, void * Arguments = 0x0067de60)+0x22f [d:\rossrc\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
|
f8432d5c 7c92d0de nt!KiFastCallEntry+0x8c
|
0067de54 7c953e5a ntdll!KiFastSystemCallRet
|
0067de58 7c785ecb ntdll!ZwWriteFile+0xc
|
0067deb0 7c785c17 KERNEL32!CopyLoop(void * FileHandleSource = 0x0000029c, void * FileHandleDest = 0x000002a0, union _LARGE_INTEGER SourceFileSize = union _LARGE_INTEGER 0xda7f0, <function> * lpProgressRoutine = 0x00000000, void * lpData = 0x00000000, int * pbCancel = 0x00000000, int * KeepDest = 0x0067dee4)+0x1bb [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 121]
|
0067df48 7c786101 KERNEL32!BasepCopyFileExW(wchar_t * lpExistingFileName = 0x0067e4a8 "C:\Program Files\Mozilla Firefox/uninstall/helper.exe", wchar_t * lpNewFileName = 0x0067e6b0 "C:\Program Files\Mozilla Firefox\updated/uninstall/helper.exe", <function> * lpProgressRoutine = 0x00000000, void * lpData = 0x00000000, int * pbCancel = 0x00000000, unsigned long dwCopyFlags = 0, unsigned long dwBasepFlags = 0, void ** lpExistingHandle = 0x0067df84, void ** lpNewHandle = 0x0067df80)+0x137 [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 268]
|
0067dfa4 7c786272 KERNEL32!CopyFileExW(wchar_t * lpExistingFileName = 0x0067e4a8 "C:\Program Files\Mozilla Firefox/uninstall/helper.exe", wchar_t * lpNewFileName = 0x0067e6b0 "C:\Program Files\Mozilla Firefox\updated/uninstall/helper.exe", <function> * lpProgressRoutine = 0x00000000, void * lpData = 0x00000000, int * pbCancel = 0x00000000, unsigned long dwCopyFlags = 0)+0x61 [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 341]
|
0067dfc4 0040656f KERNEL32!CopyFileW(wchar_t * lpExistingFileName = 0x0067e4a8 "C:\Program Files\Mozilla Firefox/uninstall/helper.exe", wchar_t * lpNewFileName = 0x0067e6b0 "C:\Program Files\Mozilla Firefox\updated/uninstall/helper.exe", int bFailIfExists = 0n0)+0x22 [d:\rossrc\reactos\dll\win32\kernel32\client\file\copy.c @ 449]
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
0067e048 7c93802d updater+0x656f
|
0067e058 7c92b4dd ntdll!RtlLeaveCriticalSection(struct _RTL_CRITICAL_SECTION * CriticalSection = 0x7c99aa20)+0xd [d:\rossrc\reactos\sdk\lib\rtl\critical.c @ 698]
|
0067e068 7c948b2d ntdll!RtlReleasePebLock(void)+0x1d [d:\rossrc\reactos\dll\ntdll\rtl\libsupp.c @ 86]
|
0067e0f4 00000000 ntdll!RtlGetFullPathName_Ustr(struct _UNICODE_STRING * FileName = 0x0067e10c "쀳???", unsigned long Size = 0x7c92b4dd, unsigned short * Buffer = 0x7c99aa20 "ꅈ粙???", wchar_t ** ShortName = 0x7ffde000, unsigned char * InvalidName = 0x0067e380 "", _RTL_PATH_TYPE * PathType = 0x7c949648)+0x73d [d:\rossrc\reactos\sdk\lib\rtl\path.c @ 814]
|
Major CORE-14478 "(ntoskrnl/mm/i386/page.c:676) No process", followed by MEMORY_MANAGEMENT bugcheck, in "CcRosGetVacb > MmCreateVirtualMappingUnsafe", on Test KVM AHK. Since CORE-14285
