Access Violation ...

NTDEV
1

In my upper storage filter driver, I’m allocating round 64MB of memory (for some preliminary testing to mimick my storage device which is not available right now). I’m getting the following error at random times:

*** An Access Violation occurred in C:\Windows\system32\svchost.exe -k rpcss:

The instruction at 74B63B53 tried to write to a NULL pointer

*** enter .exr 00CCF128 for the exception record
*** enter .cxr 00CCF144 for the context
*** then kb to get the faulting stack

Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
001b:770d2ea8 cc int 3
1: kd> kb
ChildEBP RetAddr Args to Child
00ccef30 77139b31 00cca85c 007f3a58 75afbfd0 ntdll!DbgBreakPoint
00ccef68 77139b94 00ccf030 770d5286 00ccf000 ntdll!RtlUnhandledExceptionFilter2+0x2a4
00ccef78 75ac5ac2 00ccf030 00cc4fc5 00000000 ntdll!RtlUnhandledExceptionFilter+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
00ccf000 77109f8e 00ccf030 77098dd4 00000000 0x75ac5ac2
00ccf008 77098dd4 00000000 00ccfcb4 770df108 ntdll!_RtlUserThreadStart+0x6f
00ccf01c 770940f0 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12
00ccf044 770f1039 fffffffe 00ccfca4 00ccf144 ntdll!_except_handler4+0x8e
00ccf068 770f100b 00ccf128 00ccfca4 00ccf144 ntdll!ExecuteHandler2+0x26
00ccf110 770f0e97 00ccb000 00ccf144 00ccf128 ntdll!ExecuteHandler+0x24
00ccf110 74b63b53 00ccb000 00ccf144 00ccf128 ntdll!KiUserExceptionDispatcher+0xf
00ccf42c 74b27deb 000002a0 74b27c10 75a78129 0x74b63b53
00ccf4a0 74b27d06 000002a0 00ccf500 00000000 0x74b27deb
00ccf4c4 74b29e65 01b53e70 00000000 00ccf500 0x74b27d06
00ccf508 76346dfe 01b53e70 0013c748 0013c78c 0x74b29e65
00ccf588 763c03ef 74b29c4f 00ccf790 0000001b 0x76346dfe
00ccfa4c 770f1843 00ccbdf0 00050000 00000000 0x763c03ef
00ccfabc 00ccfb2c 76347655 01b53e70 00ccfafc ntdll!RtlpLowFragHeapAllocFromContext+0xa6f
00000000 00000000 00000000 00000000 00000000 0xccfb2c

Also many times I get “Assertion failure - code c0000420 (first chance) nt!KeUpdateRunTime+0x248:” in WinDbg.

Help!!! Thanks.

2

  1. Have you tried doing what WinDbg suggested (.exr/.cxr/kb)? Please post it.

  2. Regarding the nt!KeUpdateRunTime Issue, that can be caused by spending too much time in a DPC, but without some more
    information, it’s hard to say anything really.

Good luck,

mm

xxxxx@yahoo.com wrote:

In my upper storage filter driver, I’m allocating round 64MB of memory (for some preliminary testing to mimick my storage device which is not available right now). I’m getting the following error at random times:

*** An Access Violation occurred in C:\Windows\system32\svchost.exe -k rpcss:

The instruction at 74B63B53 tried to write to a NULL pointer

*** enter .exr 00CCF128 for the exception record
*** enter .cxr 00CCF144 for the context
*** then kb to get the faulting stack

Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
001b:770d2ea8 cc int 3
1: kd> kb
ChildEBP RetAddr Args to Child
00ccef30 77139b31 00cca85c 007f3a58 75afbfd0 ntdll!DbgBreakPoint
00ccef68 77139b94 00ccf030 770d5286 00ccf000 ntdll!RtlUnhandledExceptionFilter2+0x2a4
00ccef78 75ac5ac2 00ccf030 00cc4fc5 00000000 ntdll!RtlUnhandledExceptionFilter+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
00ccf000 77109f8e 00ccf030 77098dd4 00000000 0x75ac5ac2
00ccf008 77098dd4 00000000 00ccfcb4 770df108 ntdll!_RtlUserThreadStart+0x6f
00ccf01c 770940f0 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12
00ccf044 770f1039 fffffffe 00ccfca4 00ccf144 ntdll!_except_handler4+0x8e
00ccf068 770f100b 00ccf128 00ccfca4 00ccf144 ntdll!ExecuteHandler2+0x26
00ccf110 770f0e97 00ccb000 00ccf144 00ccf128 ntdll!ExecuteHandler+0x24
00ccf110 74b63b53 00ccb000 00ccf144 00ccf128 ntdll!KiUserExceptionDispatcher+0xf
00ccf42c 74b27deb 000002a0 74b27c10 75a78129 0x74b63b53
00ccf4a0 74b27d06 000002a0 00ccf500 00000000 0x74b27deb
00ccf4c4 74b29e65 01b53e70 00000000 00ccf500 0x74b27d06
00ccf508 76346dfe 01b53e70 0013c748 0013c78c 0x74b29e65
00ccf588 763c03ef 74b29c4f 00ccf790 0000001b 0x76346dfe
00ccfa4c 770f1843 00ccbdf0 00050000 00000000 0x763c03ef
00ccfabc 00ccfb2c 76347655 01b53e70 00ccfafc ntdll!RtlpLowFragHeapAllocFromContext+0xa6f
00000000 00000000 00000000 00000000 00000000 0xccfb2c

Also many times I get “Assertion failure - code c0000420 (first chance) nt!KeUpdateRunTime+0x248:” in WinDbg.

Help!!! Thanks.

3

: kd> .exr 00CCF128
ExceptionAddress: 74b63b53
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000000
Attempt to write to address 00000000
1: kd> .cxr 00CCF144
eax=00000000 ebx=000003e7 ecx=00ccf402 edx=770f0f34 esi=00000000 edi=00000000
eip=74b63b53 esp=00ccf410 ebp=00ccf42c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
001b:74b63b53 0000 add byte ptr [eax],al ds:0023:00000000=??

4

Hi Pradeep,
Can you post the part of the code where you are allocating, accessing/ modifying and deallocating this memory ?? It would make the picture more clear. Are you using tagged memory ??
Also it might be helpful if you turn on the verifier for your driver( checking pool) if you are suspecting a memory allocation issue.

-Imtiaz
Calsoft Pvt Ltd

5

I noticed that this access violation happens only when winDbg is open, otherwise I don’t see any crashes.

After repeated boots, now the above error is gone by itself but another service svchost.exe -k netscvs shows the same error whenever the machine is restarted and winDbg is open.