Hi all!
The W2K with my drivers has a BSOD with the following error:
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000b8a, (reserved)
Arg3: e1a50880, Memory contents of the pool block
Arg4: e1a50888, Pointer to pool header
Debugging Details:
unable to get pool big page table - either wrong symbols or pool tagging is disabled
Bad previous allocation size @e1a50880, last size was 2
Here is a stack:
STACK_TEXT:
f6caf69c 8042a43b 00000003 f6caf6e4 00000007 nt!RtlpBreakWithStatusInstruction
f6caf6cc 8042aa2e 00000003 8908c000 e1a50880 nt!KiBugCheckDebugBreak+0x31
f6cafa58 8046bd6b 000000c2 00000007 00000b8a nt!KeBugCheckEx+0x390
f6cafa94 8046bb4d e1a50888 00000000 8051acc4 nt!ExFreePoolWithTag+0x19b
f6cafaa0 8051acc4 e1a50888 e1752048 e1752048 nt!ExFreePool+0xb
f6cafab4 8051ad1b e1752048 804762c0 804762c0 nt!CmpCleanUpKcbValueCache+0x34
f6cafac4 8051b17a e19ddcc8 804762c0 8051b0d4 nt!CmpCleanUpKcbCacheWithLock+0x13
f6cafad0 8051b0d4 e1ab9fa8 e1ab9fe0 8051fe67 nt!CmpDereferenceKeyControlBlockWithLock+0x9a
f6cafadc 8051fe67 e1ab9fa8 00000000 e1acdfdc nt!CmpDereferenceKeyControlBlock+0x16
f6cafaf0 804d71b0 e1acdfe0 e1acdfc8 8905aba0 nt!CmpDeleteKeyObject+0x4f
f6cafb0c 8044f10d e1acdfe0 e1005938 e1acdfc8 nt!ObpRemoveObjectRoutine+0xd6
f6cafb30 8044f382 f6cafbe0 f6cafc5c 8044f18a nt!ObfDereferenceObject+0x157
f6cafbd4 80465679 0000009c f6cafc00 00000000 nt!NtClose+0x1f8
f6cafbd4 8042f917 0000009c f6cafc00 00000000 nt!KiSystemService+0xc9
f6cafc50 804a53f1 8000009c f6cafd5c 00000000 nt!ZwClose+0xb
f6cafce4 804a5655 00000012 00000000 00000000 nt!IopGetDeviceInterfaces+0x46f
f6cafd04 f68543f1 f68579b8 00000000 00000000 nt!IoGetDeviceInterfaces+0x51
f6cafd50 f68537ce f68579b8 00000000 00000000 MY_DRIVER!MY_FUNCTION2+0x19
f6cafda8 80454fde 00000010 00000000 00000000 MY_DRIVER!MY_FUNCTION1+0x646
f6cafddc 8046a302 f6853188 88f65e78 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
It seems that the pool freeing is done by the windows. Can my driver cause the problem in this case? Please look at the stack.
Thanks,
Dany
Double free can cause this problem. For instance, freeing memory twice
in 2 paths.
Max
----- Original Message -----
From: “Dany Polovets”
To: “NT Developers Interest List”
Sent: Sunday, February 02, 2003 8:41 PM
Subject: [ntdev] BAD_POOL_CALLER (c2)
Hi all!
The W2K with my drivers has a BSOD with the following error:
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at
a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000b8a, (reserved)
Arg3: e1a50880, Memory contents of the pool block
Arg4: e1a50888, Pointer to pool header
Debugging Details:
------------------
unable to get pool big page table - either wrong symbols or pool
tagging is disabled
Bad previous allocation size @e1a50880, last size was 2
Here is a stack:
STACK_TEXT:
f6caf69c 8042a43b 00000003 f6caf6e4 00000007
nt!RtlpBreakWithStatusInstruction
f6caf6cc 8042aa2e 00000003 8908c000 e1a50880
nt!KiBugCheckDebugBreak+0x31
f6cafa58 8046bd6b 000000c2 00000007 00000b8a nt!KeBugCheckEx+0x390
f6cafa94 8046bb4d e1a50888 00000000 8051acc4
nt!ExFreePoolWithTag+0x19b
f6cafaa0 8051acc4 e1a50888 e1752048 e1752048 nt!ExFreePool+0xb
f6cafab4 8051ad1b e1752048 804762c0 804762c0
nt!CmpCleanUpKcbValueCache+0x34
f6cafac4 8051b17a e19ddcc8 804762c0 8051b0d4
nt!CmpCleanUpKcbCacheWithLock+0x13
f6cafad0 8051b0d4 e1ab9fa8 e1ab9fe0 8051fe67
nt!CmpDereferenceKeyControlBlockWithLock+0x9a
f6cafadc 8051fe67 e1ab9fa8 00000000 e1acdfdc
nt!CmpDereferenceKeyControlBlock+0x16
f6cafaf0 804d71b0 e1acdfe0 e1acdfc8 8905aba0
nt!CmpDeleteKeyObject+0x4f
f6cafb0c 8044f10d e1acdfe0 e1005938 e1acdfc8
nt!ObpRemoveObjectRoutine+0xd6
f6cafb30 8044f382 f6cafbe0 f6cafc5c 8044f18a
nt!ObfDereferenceObject+0x157
f6cafbd4 80465679 0000009c f6cafc00 00000000 nt!NtClose+0x1f8
f6cafbd4 8042f917 0000009c f6cafc00 00000000 nt!KiSystemService+0xc9
f6cafc50 804a53f1 8000009c f6cafd5c 00000000 nt!ZwClose+0xb
f6cafce4 804a5655 00000012 00000000 00000000
nt!IopGetDeviceInterfaces+0x46f
f6cafd04 f68543f1 f68579b8 00000000 00000000
nt!IoGetDeviceInterfaces+0x51
f6cafd50 f68537ce f68579b8 00000000 00000000
MY_DRIVER!MY_FUNCTION2+0x19
f6cafda8 80454fde 00000010 00000000 00000000
MY_DRIVER!MY_FUNCTION1+0x646
f6cafddc 8046a302 f6853188 88f65e78 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
It seems that the pool freeing is done by the windows. Can my driver
cause the problem in this case? Please look at the stack.
Thanks,
Dany
—
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Refer to MS KB article 192486. Use Gflags to monitor
allocation/deallocation of the tag the block experiencing the
double-free. Sometimes memory corruption is reported as double free if
the allocation’s header is overwritten. It then looks like an OS
component is at fault, when in fact it is your (or another) misbehaving
driver scribbling.
-----Original Message-----
From: Dany Polovets [mailto:xxxxx@store-age.com]
Sent: Sunday, February 02, 2003 12:41 PM
To: NT Developers Interest List
Subject: [ntdev] BAD_POOL_CALLER (c2)
Hi all!
The W2K with my drivers has a BSOD with the following error:
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a
bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000b8a, (reserved)
Arg3: e1a50880, Memory contents of the pool block
Arg4: e1a50888, Pointer to pool header
Debugging Details:
unable to get pool big page table - either wrong symbols or pool tagging
is disabled
Bad previous allocation size @e1a50880, last size was 2
Here is a stack:
STACK_TEXT:
f6caf69c 8042a43b 00000003 f6caf6e4 00000007
nt!RtlpBreakWithStatusInstruction
f6caf6cc 8042aa2e 00000003 8908c000 e1a50880
nt!KiBugCheckDebugBreak+0x31
f6cafa58 8046bd6b 000000c2 00000007 00000b8a nt!KeBugCheckEx+0x390
f6cafa94 8046bb4d e1a50888 00000000 8051acc4 nt!ExFreePoolWithTag+0x19b
f6cafaa0 8051acc4 e1a50888 e1752048 e1752048 nt!ExFreePool+0xb
f6cafab4 8051ad1b e1752048 804762c0 804762c0
nt!CmpCleanUpKcbValueCache+0x34
f6cafac4 8051b17a e19ddcc8 804762c0 8051b0d4
nt!CmpCleanUpKcbCacheWithLock+0x13
f6cafad0 8051b0d4 e1ab9fa8 e1ab9fe0 8051fe67
nt!CmpDereferenceKeyControlBlockWithLock+0x9a
f6cafadc 8051fe67 e1ab9fa8 00000000 e1acdfdc
nt!CmpDereferenceKeyControlBlock+0x16
f6cafaf0 804d71b0 e1acdfe0 e1acdfc8 8905aba0 nt!CmpDeleteKeyObject+0x4f
f6cafb0c 8044f10d e1acdfe0 e1005938 e1acdfc8
nt!ObpRemoveObjectRoutine+0xd6
f6cafb30 8044f382 f6cafbe0 f6cafc5c 8044f18a
nt!ObfDereferenceObject+0x157
f6cafbd4 80465679 0000009c f6cafc00 00000000 nt!NtClose+0x1f8
f6cafbd4 8042f917 0000009c f6cafc00 00000000 nt!KiSystemService+0xc9
f6cafc50 804a53f1 8000009c f6cafd5c 00000000 nt!ZwClose+0xb
f6cafce4 804a5655 00000012 00000000 00000000
nt!IopGetDeviceInterfaces+0x46f
f6cafd04 f68543f1 f68579b8 00000000 00000000
nt!IoGetDeviceInterfaces+0x51
f6cafd50 f68537ce f68579b8 00000000 00000000 MY_DRIVER!MY_FUNCTION2+0x19
f6cafda8 80454fde 00000010 00000000 00000000
MY_DRIVER!MY_FUNCTION1+0x646
f6cafddc 8046a302 f6853188 88f65e78 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
It seems that the pool freeing is done by the windows. Can my driver
cause the problem in this case? Please look at the stack.
Thanks,
Dany
You are currently subscribed to ntdev as: xxxxx@nsisoftware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com