Hi,
We (in NCR) are having a problem with fltmgr.sys by one of device drivers
in Teradata Database software and the device driver uses raw I/O access to
disks. We have not seen this problem on Windows platforms (e.g. W2K, XP,
WS2003) until recently when we tried on 32-bit WS2003 SP1 and 64-bit WS2003
on Intel-EM64 or AMD64 platforms. I think the very first raw I/O caused
the blue-screen with STATUS_ACCESS_VIOLATION (0xc0000005).
Kernel APIs call sequence is as follows:
x. IoBuildAsynchronousFsdRequest() ; build the IRP for an Asynchronous I/O
x. IoSetCompletionRoutine() ; register a call-back
x. IoCallDriver() ; issue I/O
Has anyone seen this problem or how to correct this problem ? I am also
wondering whether there is a way to bypass fltmgr.sys for raw I/O access ?
Below is the kernel stack trace from the memory dump.
Thanks in advance,
Moo Kim
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8083f9cc, The address that the exception occurred at
Arg3: b90204d8, Trap Frame
Arg4: 00000000
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
nt!IofCallDriver+41
8083f9cc ff548638 call dword ptr [esi+eax*4+0x38]
TRAP_FRAME: b90204d8 – (.trap ffffffffb90204d8)
ErrCode = 00000000
eax=00000003 ebx=b840b1c0 ecx=89f8a400 edx=898de538 esi=4794e60b edi=89c52438
eip=8083f9cc esp=b902054c ebp=b9020558 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
nt!IofCallDriver+0x41:
8083f9cc ff548638 call dword ptr [esi+eax*4+0x38] ds:0023:4794e64f=???
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from f7317c53 to 8083f9cc
STACK_TEXT:
b9020558 f7317c53 8a6fe990 8908aee0 88d53050 nt!IofCallDriver+0x41
b9020580 8083f9d0 89c52438 898de538 88edb5d8 fltmgr!FltpDispatch+0x6f
b9020594 b829285f 898de6a4 0000004d b825cf73 nt!IofCallDriver+0x45
b90205e4 b8287c8c 88d25bb0 0000000b 00000006 pdesys!fsgdodiskio+0x21f [g:\views2\tnt_6.x.32_snap\opnpde\src\base\fsg\fsgdiskio.c @ 394]
b902064c b8277d65 8908ae64 88056f9c 88d25bb0 pdesys!fsgdoio+0x69c [g:\views2\tnt_6.x.32_snap\opnpde\src\base\fsg\fsgio.c @ 481]
b9020a24 b825eae5 88056f9c b9020b54 8908ae64 pdesys!fsgsub_create+0x3d55 [g:\views2\tnt_6.x.32_snap\opnpde\src\base\fsg\fsgops.c @ 438]
b9020bac b8199656 88d25bb0 b9020bf8 8983e9b0 pdesys!fsgacquire+0xb35 [g:\views2\tnt_6.x.32_snap\opnpde\src\base\fsg\fsguser.c @ 317]
b9020c58 8092e6a2 8a0d6790 00000001 0012f768 pdesys!PdeDispatchFastDeviceControl+0x2f6 [g:\views2\tnt_6.x.32_snap\opnpde\src\base\pde\pdedispatch.c @ 944]
b9020d00 80940844 00000078 00000000 00000000 nt!IopXxxControlFile+0x255
b9020d34 80834d3f 00000078 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
b9020d34 7c82ed54 00000078 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f6b4 00000000 00000000 00000000 00000000 0x7c82ed54
FOLLOWUP_IP:
fltmgr!FltpDispatch+6f
f7317c53 e9df000000 jmp fltmgr!FltpDispatch+0x153 (f7317d37)
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: fltmgr!FltpDispatch+6f
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 42435ba1
STACK_COMMAND: .trap ffffffffb90204d8 ; kb
BUCKET_ID: 0x8E_fltmgr!FltpDispatch+6f