Yet another kernel bug delivered by FireFox+YouTube combination.
NtTerminateProcess() failed with the infamous IRQL_NOT_LESS_OR_EQUAL. It seems that MiDeleteAddressesInWorkingSet() tried to access data without any probe or exception handling. Did Vista kernel passed WHQL?
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: c0053000, memory referenced
Arg2: 00000000, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8201985f, address which referenced memory
Debugging Details:
------------------
Missing image name, possible paged-out or corrupt data.
Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147
WARNING: .reload failed, module list may be incomplete
Missing image name, possible paged-out or corrupt data.
Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147
WARNING: .reload failed, module list may be incomplete
READ_ADDRESS: c0053000
CURRENT_IRQL: 0
FAULTING_IP:
nt!MiDeleteAddressesInWorkingSet+141
8201985f 8b0e mov ecx,dword ptr [esi]
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
TRAP_FRAME: af78f79c -- (.trap 0xffffffffaf78f79c)
ErrCode = 00000000
eax=0a600201 ebx=84ded3a8 ecx=c080f514 edx=c080a50c esi=c0053000 edi=c0801000
eip=8201985f esp=af78f810 ebp=af78fc6c iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
nt!MiDeleteAddressesInWorkingSet+0x141:
8201985f 8b0e mov ecx,dword ptr [esi] ds:0023:c0053000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 8201985f to 8208fd84
STACK_TEXT:
af78f79c 8201985f badb0d00 c080a50c 85382cb5 nt!KiTrap0E+0x2ac
af78fc6c 82019cc7 84ded1d8 84ded1d8 84ded1d8 nt!MiDeleteAddressesInWorkingSet+0x141
af78fc9c 8221bd12 84ded1d8 af784644 84daf818 nt!MmCleanProcessAddressSpace+0x14f
af78fd04 8221ad7a 00000000 00000000 84daf5b8 nt!PspExitThread+0x64a
af78fd24 8221b265 84daf5b8 00000000 00000001 nt!PspTerminateThreadByPointer+0x5b
af78fd54 8208caaa ffffffff 00000000 0012fea4 nt!NtTerminateProcess+0x1e0
af78fd54 77b20f34 ffffffff 00000000 0012fea4 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fea4 00000000 00000000 00000000 00000000 0x77b20f34
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiDeleteAddressesInWorkingSet+141
8201985f 8b0e mov ecx,dword ptr [esi]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiDeleteAddressesInWorkingSet+141
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 471ea39c
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiDeleteAddressesInWorkingSet+141
BUCKET_ID: 0xA_nt!MiDeleteAddressesInWorkingSet+141
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment