ntfs bugcheck

OSR_Community_User · February 17, 2006, 7:38am

Hi,

I have an interesting STACK which completely confused me and I have no idea
what to do.
How is it possible that ExFreeToPagedLookasideList calls ExFreePool?

VP

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad
IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000c3e, (reserved)
Arg3: 02230004, Memory contents of the pool block
Arg4: 81ca8648, Address of the block of pool being deallocated

Debugging Details:

POOL_ADDRESS: 81ca8648 Nonpaged pool

FREED_POOL_TAG: Ntfi

BUGCHECK_STR: 0xc2_7_Ntfi

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 8054b741 to 8053331e

STACK_TEXT:
f88d6c54 8054b741 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
f88d6ca4 8054b0b9 81ca8648 00000000 f88d6cc0 nt!ExFreePoolWithTag+0x2be
f88d6cb4 bae5c764 81ca8648 f88d6cdc bae5a501 nt!ExFreePool+0xf
f88d6cc0 bae5a501 bae79ea0 81ca8648 00000000
Ntfs!ExFreeToPagedLookasideList+0x1e
f88d6cdc bae5a6e6 81ca8648 00000001 80000003
Ntfs!NtfsCleanupIrpContext+0x10d
f88d6cf4 bae87e44 81ca8648 00000000 00000000 Ntfs!NtfsCompleteRequest+0x35
f88d6d74 804e426b 00000000 00000000 822c9300 Ntfs!NtfsFspClose+0x1a5
f88d6dac 8057be15 00000000 00000000 00000000 nt!ExpWorkerThread+0x100
f88d6ddc 804fa4da 804e4196 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2be
8054b741 83f801 cmp eax,0x1

FAULTING_SOURCE_CODE:

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!ExFreePoolWithTag+2be

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

FAILURE_BUCKET_ID: 0xc2_7_Ntfi_VRF_nt!ExFreePoolWithTag+2be

BUCKET_ID: 0xc2_7_Ntfi_VRF_nt!ExFreePoolWithTag+2be

Followup: MachineOwner

OSR_Community_User · February 17, 2006, 8:53am

ExInitializePagedLookasideList can be called with PFREE_FUNCTION parameter which could point to ExFreePool…

bugcheck says, you’re trying to free pool which was already freed - do you modify that IRP? or with FileObject? e.g. problems with reference counters, etc…

-Petr Kurtin

“Vladimir Pribyl” wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I have an interesting STACK which completely confused me and I have no idea
> what to do.
> How is it possible that ExFreeToPagedLookasideList calls ExFreePool?
>
> VP
>
> ***
> *
>
> * Bugcheck Analysis
>
> *
>
>
>
> BAD_POOL_CALLER (c2)
> The current thread is making a bad pool request. Typically this is at a bad
> IRQL level or double freeing the same allocation, etc.
> Arguments:
> Arg1: 00000007, Attempt to free pool which was already freed
> Arg2: 00000c3e, (reserved)
> Arg3: 02230004, Memory contents of the pool block
> Arg4: 81ca8648, Address of the block of pool being deallocated
>
> Debugging Details:
> ------------------
>
>
> POOL_ADDRESS: 81ca8648 Nonpaged pool
>
> FREED_POOL_TAG: Ntfi
>
> BUGCHECK_STR: 0xc2_7_Ntfi
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> LAST_CONTROL_TRANSFER: from 8054b741 to 8053331e
>
> STACK_TEXT:
> f88d6c54 8054b741 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
> f88d6ca4 8054b0b9 81ca8648 00000000 f88d6cc0 nt!ExFreePoolWithTag+0x2be
> f88d6cb4 bae5c764 81ca8648 f88d6cdc bae5a501 nt!ExFreePool+0xf
> f88d6cc0 bae5a501 bae79ea0 81ca8648 00000000
> Ntfs!ExFreeToPagedLookasideList+0x1e
> f88d6cdc bae5a6e6 81ca8648 00000001 80000003
> Ntfs!NtfsCleanupIrpContext+0x10d
> f88d6cf4 bae87e44 81ca8648 00000000 00000000 Ntfs!NtfsCompleteRequest+0x35
> f88d6d74 804e426b 00000000 00000000 822c9300 Ntfs!NtfsFspClose+0x1a5
> f88d6dac 8057be15 00000000 00000000 00000000 nt!ExpWorkerThread+0x100
> f88d6ddc 804fa4da 804e4196 00000000 00000000 nt!PspSystemThreadStartup+0x34
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> nt!ExFreePoolWithTag+2be
> 8054b741 83f801 cmp eax,0x1
>
> FAULTING_SOURCE_CODE:
>
>
> SYMBOL_STACK_INDEX: 1
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: nt!ExFreePoolWithTag+2be
>
> MODULE_NAME: nt
>
> IMAGE_NAME: ntoskrnl.exe
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9
>
> FAILURE_BUCKET_ID: 0xc2_7_Ntfi_VRF_nt!ExFreePoolWithTag+2be
>
> BUCKET_ID: 0xc2_7_Ntfi_VRF_nt!ExFreePoolWithTag+2be
>
> Followup: MachineOwner
> ---------
>
>
>

OSR_Community_User · February 17, 2006, 9:37am

Which IRP, which FileObject? How can I know, with which FileObject (Irp) works this Thread?
P.
“Petr Kurtin” wrote in message news:xxxxx@ntfsd…
ExInitializePagedLookasideList can be called with PFREE_FUNCTION parameter which could point to ExFreePool…

bugcheck says, you’re trying to free pool which was already freed - do you modify that IRP? or with FileObject? e.g. problems with reference counters, etc…

-Petr Kurtin

“Vladimir Pribyl” wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I have an interesting STACK which completely confused me and I have no idea
> what to do.
> How is it possible that ExFreeToPagedLookasideList calls ExFreePool?
>
> VP
>
> ***
> *
>
> * Bugcheck Analysis
>
> *
>
>
>
> BAD_POOL_CALLER (c2)
> The current thread is making a bad pool request. Typically this is at a bad
> IRQL level or double freeing the same allocation, etc.
> Arguments:
> Arg1: 00000007, Attempt to free pool which was already freed
> Arg2: 00000c3e, (reserved)
> Arg3: 02230004, Memory contents of the pool block
> Arg4: 81ca8648, Address of the block of pool being deallocated
>
> Debugging Details:
> ------------------
>
>
> POOL_ADDRESS: 81ca8648 Nonpaged pool
>
> FREED_POOL_TAG: Ntfi
>
> BUGCHECK_STR: 0xc2_7_Ntfi
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> LAST_CONTROL_TRANSFER: from 8054b741 to 8053331e
>
> STACK_TEXT:
> f88d6c54 8054b741 000000c2 00000007 00000c3e nt!KeBugCheckEx+0x1b
> f88d6ca4 8054b0b9 81ca8648 00000000 f88d6cc0 nt!ExFreePoolWithTag+0x2be
> f88d6cb4 bae5c764 81ca8648 f88d6cdc bae5a501 nt!ExFreePool+0xf
> f88d6cc0 bae5a501 bae79ea0 81ca8648 00000000
> Ntfs!ExFreeToPagedLookasideList+0x1e
> f88d6cdc bae5a6e6 81ca8648 00000001 80000003
> Ntfs!NtfsCleanupIrpContext+0x10d
> f88d6cf4 bae87e44 81ca8648 00000000 00000000 Ntfs!NtfsCompleteRequest+0x35
> f88d6d74 804e426b 00000000 00000000 822c9300 Ntfs!NtfsFspClose+0x1a5
> f88d6dac 8057be15 00000000 00000000 00000000 nt!ExpWorkerThread+0x100
> f88d6ddc 804fa4da 804e4196 00000000 00000000 nt!PspSystemThreadStartup+0x34
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> nt!ExFreePoolWithTag+2be
> 8054b741 83f801 cmp eax,0x1
>
> FAULTING_SOURCE_CODE:
>
>
> SYMBOL_STACK_INDEX: 1
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: nt!ExFreePoolWithTag+2be
>
> MODULE_NAME: nt
>
> IMAGE_NAME: ntoskrnl.exe
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9
>
> FAILURE_BUCKET_ID: 0xc2_7_Ntfi_VRF_nt!ExFreePoolWithTag+2be
>
> BUCKET_ID: 0xc2_7_Ntfi_VRF_nt!ExFreePoolWithTag+2be
>
> Followup: MachineOwner
> ---------
>
>
>