[ros-bugs] [Bug 3116] New: High-side redzone overwritten caller, MmCreateMemoryArea at 40

ReactOS.Bugzilla at www.reactos.org ReactOS.Bugzilla at www.reactos.org
Mon Mar 3 07:05:33 CET 2008 

http://www.reactos.org/bugzilla/show_bug.cgi?id=3116

           Summary: High-side redzone overwritten caller,
                    MmCreateMemoryArea at 40
           Product: ReactOS
           Version: TRUNK
          Platform: x86 Hardware
        OS/Version: ReactOS
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Kernel
        AssignedTo: ros-bugs at reactos.org
        ReportedBy: samdwise51 at gmail.com
         QAContact: ros-bugs at reactos.org


Using r32546. Sometimes after closing an application, such as taskmgr or device
manager, this bugcheck occurs. race condition?

(subsystems\win32\win32k\ntuser\message.c:1208) Attempted to post message to
window 0x200f4 that is being destroyed!
NPPOL: High-side redzone overwritten, Block 81656018, Size 64, Tag
4552414d(ERAM), Caller 80859ad8
KeBugCheck at ntoskrnl\mm\npool.c:1514

*** Fatal System Error: 0x00000000
                       (0x00000000,0x00000000,0x00000000,0x00000000)

Entered debugger on embedded INT3 at 0x0008:0x808a68e8.
kdb:> bt
Eip:
<NTOSKRNL.EXE:a68e9 (lib\rtl\i386\debug_asm.S:42
(RtlpBreakWithStatusInstruction))>
Frames:
<NTOSKRNL.EXE:29e2 (ntoskrnl/ke/bug.c:1101 (KeBugCheckWithTf at 24))>
<NTOSKRNL.EXE:2aec (ntoskrnl/ke/bug.c:1365 (KeBugCheck at 4))>
<NTOSKRNL.EXE:5c59c (ntoskrnl/mm/npool.c:1514 (check_redzone_header))>
<NTOSKRNL.EXE:5c69e (ntoskrnl/mm/npool.c:1579 (ExFreeNonPagedPool at 4))>
<NTOSKRNL.EXE:5f484 (ntoskrnl/mm/pool.c:239 (ExFreePool at 4))>
<NTOSKRNL.EXE:5f4c2 (ntoskrnl/mm/pool.c:249 (ExFreePoolWithTag at 8))>
<NTOSKRNL.EXE:59e83 (ntoskrnl/mm/marea.c:854 (MmFreeMemoryArea at 16))>
<NTOSKRNL.EXE:64bba (ntoskrnl/mm/section.c:3980 (MmUnmapViewOfSegment))>
<NTOSKRNL.EXE:64d75 (ntoskrnl/mm/section.c:4093 (MmUnmapViewOfSection at 8))>
<NTOSKRNL.EXE:60882 (ntoskrnl/mm/procsup.c:689
(MmDeleteProcessAddressSpace at 4))>
<NTOSKRNL.EXE:79cb4 (ntoskrnl/ps/kill.c:303 (PspDeleteProcess at 4))>
<NTOSKRNL.EXE:71dce (ntoskrnl/include/internal/ob_x.h:334 (ObpDeleteObject at 8))>
<NTOSKRNL.EXE:7312e (ntoskrnl/ob/obref.c:312 (@ObfDereferenceObject at 4))>
<NTOSKRNL.EXE:6b8cd (ntoskrnl/ob/obhandle.c:717 (ObpCloseHandleTableEntry at 20))>
<NTOSKRNL.EXE:6bb5e (ntoskrnl/include/internal/ke_x.h:1535 (ObpCloseHandle at 8))>
<NTOSKRNL.EXE:6bd11 (ntoskrnl/ob/obhandle.c:3172 (NtClose at 4))>
<NTOSKRNL.EXE:911fa (ntoskrnl\ke\i386\trap.s:244 (KiFastCallEntry))>
<ntdll.dll:5e6a> dll\ntdll\main\i386\dispatch.S:297 (KiFastSystemCallRet at 0)
<csrss.exe:1f42> subsystems/win32/csrss/api/wapi.c:238
(ClientConnectionThread at 4)
<00000000>
kdb:> thread list
  TID         State        Prior.  Affinity    EBP         EIP
  0x00000088  Terminated     9     0x00000001  0x0168ff4c  0x7c905e6a
  0x00000090  Waiting        8     0x00000001  0x0092fff4  0x7c905e6a
  0x00000094  Waiting        9     0x00000001  0x00b3fff4  0x7c905e6a
  0x000000a0  Waiting        9     0x00000001  0x0031fff4  0x7c905e6a
  0x000000ac  Waiting        9     0x00000001  0x0116fff4  0x7c905e6a
  0x000000b0  Waiting        9     0x00000001  0x0136fff4  0x7c905e6a
  0x000000b4  Ready          8     0x00000001  0x0196ff5c  0x7c905e6a
  0x000000b8  Waiting        8     0x00000001  0x01b6ff5c  0x7c905e6a
  0x000000bc  Waiting        8     0x00000001  0x0216ff5c  0x7c905e6a
 *0x000000c8  Running        9     0x00000001  0x0276fed8  0x7c905e6a
  0x000000d8  Waiting        9     0x00000001  0x0296fff4  0x7c905e6a
  0x00000120  Waiting        9     0x00000001  0x02d6fff4  0x7c905e6a
  0x00000140  Waiting        9     0x00000001  0x02f6fff4  0x7c905e6a
  0x00000154  Waiting        9     0x00000001  0x0316fff4  0x7c905e6a
  0x00000198  Waiting        8     0x00000001  0x02b6fff4  0x7c905e6a
  0x000001ac  Waiting        8     0x00000001  0x0336fff4  0x7c905e6a
  0x000001bc  Waiting        8     0x00000001  0x0356fff4  0x7c905e6a
kdb:> proc list
  PID         State       Filename
  0x00000004  In Memory   System
  0x0000004c  In Memory   smss.exe
 *0x00000084  In Memory   csrss.exe
  0x000000a4  In Memory   winlogon.exe
  0x000000c0  In Memory   services.exe
  0x000000d0  In Memory   eventlog.exe
  0x000000ec  In Memory   dhcp.exe
  0x00000118  In Memory   lsass.exe
  0x0000014c  In Memory   umpnpmgr.exe
  0x00000190  In Memory   userinit.exe
  0x000001a4  In Memory   explorer.exe


-- 
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the Ros-bugs mailing list