Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hi,
I am working on software RAID driver. I had my QA enable driver verifier for some annoying bugs that I don't see in my tests. He gets this BSOD on reboot.
2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common BugCheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80009186729, The address that the exception occurred at Arg3: ffffc504869e7008, Exception Record Address Arg4: ffffc504869e6840, Context Record Address Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : AV.Fault Value: Read Key : Analysis.CPU.mSec Value: 2312 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 2380 Key : Analysis.Init.CPU.mSec Value: 4656 Key : Analysis.Init.Elapsed.mSec Value: 14990 Key : Analysis.Memory.CommitPeak.Mb Value: 96 Key : Bugcheck.Code.DumpHeader Value: 0x7e Key : Bugcheck.Code.KiBugCheckData Value: 0x7e Key : Bugcheck.Code.Register Value: 0x7e Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 ORIGINAL_CAB_PATH: C:\Users\mridu\Downloads\MEMORY.DMP (1).zip FILE_IN_CAB: MEMORY.DMP BUGCHECK_CODE: 7e BUGCHECK_P1: ffffffffc0000005 BUGCHECK_P2: fffff80009186729 BUGCHECK_P3: ffffc504869e7008 BUGCHECK_P4: ffffc504869e6840 EXCEPTION_RECORD: ffffc504869e7008 -- (.exr 0xffffc504869e7008) ExceptionAddress: fffff80009186729 (nt!MmIsDriverVerifying+0x0000000000000009) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: ffffc504869e6840 -- (.cxr 0xffffc504869e6840) rax=04ffffe088929f28 rbx=0000000000000010 rcx=ffffb506f93d9e01 rdx=0000000000000010 rsi=ffffb506f986adf0 rdi=ffffb506f93d9e01 rip=fffff80009186729 rsp=ffffc504869e7248 rbp=ffffb506fe87afb8 r8=ffffb5070c424a30 r9=0000000000000000 r10=fffff80009b55a00 r11=ffffb506fe87aea0 r12=0000000000000200 r13=0000000000000000 r14=0000000000400000 r15=fffff80009b2f440 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206 nt!MmIsDriverVerifying+0x9: fffff800`09186729 8b4068 mov eax,dword ptr [rax+68h] ds:002b:04ffffe0`88929f90=???????? Resetting default scope BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 PROCESS_NAME: System READ_ADDRESS: ffffffffffffffff ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff EXCEPTION_STR: 0xc0000005 STACK_TEXT: ffffc504`869e7248 fffff800`097d8cd9 : 00000000`00000200 00000000`0c424a30 fffff800`09b2f440 00000000`00000000 : nt!MmIsDriverVerifying+0x9 ffffc504`869e7250 fffff800`097d912e : ffffb506`fe87aea0 fffff800`094f8f28 ffffc504`869e7420 ffffb506`fe87aea0 : nt!VfGetPristineDispatchRoutine+0x1d ffffc504`869e7280 fffff800`097ccee6 : ffffb506`fe87aea0 ffffb506`f986adf0 fffff800`097b333e fffff800`0906c3e2 : nt!VfBeforeCallDriver+0xc6 ffffc504`869e72b0 fffff800`09250fe9 : ffffb506`f986adf0 ffffc504`869e7420 00000000`00000000 ffffb507`0c424a30 : nt!IovCallDriver+0x242 ffffc504`869e72f0 fffff800`097b334e : ffffb506`f986ae40 ffffc504`869e7420 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x19b579 ffffc504`869e7330 fffff800`097b307e : 00000000`00000001 ffffb506`f64b8670 fffff800`09a2af60 00000000`00000001 : nt!IopShutdownBaseFileSystems+0xca ffffc504`869e73b0 fffff800`097b92ea : 00000000`00000002 00000000`00000002 fffff800`09a2af60 00000000`00000000 : nt!IoShutdownSystem+0x156 ffffc504`869e7430 fffff800`09090265 : ffffb507`10d8a080 fffff800`095084d0 ffffb506`f64b8670 00000000`00000000 : nt!PopGracefulShutdown+0x23a ffffc504`869e7470 fffff800`09162235 : ffffb507`10d8a080 00000000`00000080 ffffb506`f64e2140 001fe4ff`bd9bbfff : nt!ExpWorkerThread+0x105 ffffc504`869e7510 fffff800`09209f48 : ffff8c80`d41e8180 ffffb507`10d8a080 fffff800`091621e0 00000000`00000246 : nt!PspSystemThreadStartup+0x55 ffffc504`869e7560 00000000`00000000 : ffffc504`869e8000 ffffc504`869e1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28 SYMBOL_NAME: nt!MmIsDriverVerifying+9 MODULE_NAME: nt STACK_COMMAND: .cxr 0xffffc504869e6840 ; kb IMAGE_NAME: ntkrnlmp.exe BUCKET_ID_FUNC_OFFSET: 9 FAILURE_BUCKET_ID: AV_VRF_nt!MmIsDriverVerifying OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {8e4134e6-d901-bae5-b88b-a2ecbb34941b} Followup: MachineOwner ---------
I haven't the faintest idea how to go about debugging this. Any tips?
Thanks!
Mridul.
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Internals & Software Drivers | 19-23 June 2023 | Live, Online |
Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Kernel Debugging | 16-20 October 2023 | Live, Online |
Developing Minifilters | 13-17 November 2023 | Live, Online |
Comments
I'd start by also enabling Verifier on ntoskrnl.exe and seeing if you get a better crash.
-scott
OSR