Hi all,
This is on a legacy filter for the file system stack.
Environment:
OS win2k3 sp2 32 bit
Memory: 4GB
Procs: 4
Scenario:
Network share is created. This share(\a.b.c.d\Share <file:>)
is mounted on multiple client drives with driver letters (z:, y: etc)
We run multiple file creation tool which create files on this share and
delete it. Each of the clients create file of the same name say temp1.txt or
temp2.txt, hence at a time multiple people are trying to create file of the
same name on the share.
Crash happens rerely, below is dump, any idea what is the issue?
3: kd> !analyze -v
Bugcheck
Analysis
****
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on
chips which support this level of status)
Arg4: 80810f59, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
nt!CcUninitializeCacheMap+2d
80810f59 ff4e04 dec dword ptr [esi+4]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: b8b05664 – (.trap 0xffffffffb8b05664)
ErrCode = 00000002
eax=88dee87c ebx=00000000 ecx=808b4000 edx=8aa75fa0 esi=00000000
edi=8aa532b0
eip=80810f59 esp=b8b056d8 ebp=b8b056e8 iopl=0 nv up ei ng nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010286
nt!CcUninitializeCacheMap+0x2d:
80810f59 ff4e04 dec dword ptr [esi+4]
ds:0023:00000004=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 80826987 to 80871f4c
STACK_TEXT:
b8b05260 80826987 00000003 00000003 00000000
nt!RtlpBreakWithStatusInstruction
b8b052ac 8082788b 00000003 00000004 80810f59 nt!KiBugCheckDebugBreak+0x19
b8b05644 8088c99b 0000000a 00000004 d0000002 nt!KeBugCheck2+0x5e1
b8b05644 80810f59 0000000a 00000004 d0000002 nt!KiTrap0E+0x2a7
b8b056e8 f7b964ef 8aa75fa0 00000000 00000000 nt!CcUninitializeCacheMap+0x2d
b8b058ec f7b928d9 b8b05908 89fa79f0 8aeb04c0 Ntfs!NtfsCommonCleanup+0x2171
b8b05a5c 8081df85 8ad51020 89fa79f0 89fa79f0 Ntfs!NtfsFsdCleanup+0xcf
b8b05a70 f724fd28 89d6bac8 8af5d620 00000000 nt!IofCallDriver+0x45
b8b05a9c 8081df85 8aeb04c0 89fa79f0 89fa79f0 fltMgr!FltpDispatch+0x152
b8b05ab0 f724fb25 8aa0e820 89fa79f0 8ac99880 nt!IofCallDriver+0x45
b8b05ad4 f724fcf5 b8b05af4 8aa0e820 00000000
fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b
b8b05b0c 8081df85 8aa0e820 89fa79f0 89fa7bec fltMgr!FltpDispatch+0x11f
b8b05b20 b95781cf 8aa0e820 b8b05bac b95797f6 nt!IofCallDriver+0x45
b8b05b2c b95797f6 8acb33d0 89fa79f0 00000000 MyFilter!FltCallAndRelease+0x3f
[d:\work\filters\filter.cpp @ 399]
b8b05bac 8081df85 8acb3318 89fa79f0 89fa79f0 MyFilter!FltDispatch+0x5d6
[d:\work\filters\filter.cpp @ 1556]
b8b05bc0 f724fd28 89fa7a00 8af5d620 8aa532b0 nt!IofCallDriver+0x45
b8b05bec 8081df85 8a097648 89fa79f0 89fa79f0 fltMgr!FltpDispatch+0x152
b8b05c00 808f9732 8aa53298 8afa6ca0 8aa532b0 nt!IofCallDriver+0x45
b8b05c30 80934bb0 8af827e0 8a097648 00020089 nt!IopCloseFile+0x2ae
b8b05c60 809344b1 8af827e0 00000001 8afa6ca0 nt!ObpDecrementHandleCount+0xcc
b8b05c88 8093454a e1003ea8 8aa532b0 0000041c
nt!ObpCloseHandleTableEntry+0x131
b8b05ccc 80934667 0000041c 00000000 b8b05cf0 nt!ObpCloseHandle+0x82
b8b05cdc b90594a0 0000041c 8aa174b0 e5ab6f10 nt!NtClose+0x1b
b8b05cf0 b90600c9 0000041c 00000001 8aa0f010 srv!SrvNtClose+0x28
b8b05d08 b9095914 8aa174b0 8aa174b0 8aa174b0 srv!UnlinkRfcbFromLfcb+0x4d
b8b05d24 b90959da 8aa174b0 8aa174b0 8aa174b0 srv!SrvCompleteRfcbClose+0x1df
b8b05d44 b909566e 8aa174b0 8aa17400 892966f0 srv!CloseRfcbInternal+0xb6
b8b05d5c b906569e b905480c 892966f0 8a9c0a18 srv!SrvCloseRfcb+0x53
b8b05d78 b9044e87 892966f8 8a9c09e0 b90596c7 srv!SrvSmbClose+0x17d
b8b05d84 b90596c7 00000000 8a32e020 00000000 srv!SrvProcessSmb+0xb7
b8b05dac 80949b80 009c09e0 00000000 00000000 srv!WorkerThread+0x138
b8b05ddc 8088e092 b9059602 8a9c09e0 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
MyFilter!FltCallAndRelease+3f [d:\work\filters\filter.cpp @ 399]
b95781cf 8be5 mov esp,ebp
FAULTING_SOURCE_CODE:
395: irp->IoStatus.Status = 0;
396:
397: // pass the IRP down to the next device in the i/o stack, and
return its result to the caller
398: return (IoCallDriver(deviceObject, irp));
> 399: }
400:
401: // FltCallAndReleasePower
402: //
403: // This routine calls the underlying device and (optionally)
decrements the reference count on
404: // the device extension.
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: MyFilter!FltCallAndRelease+3f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MyFilter
IMAGE_NAME: MyFilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b599f2b
FAILURE_BUCKET_ID: 0xA_MyFilter!FltCallAndRelease+3f
BUCKET_ID: 0xA_MyFilter!FltCallAndRelease+3f
Followup: MachineOwner
---------
3: kd> .trap 0xffffffffb8b05664
ErrCode = 00000002
eax=88dee87c ebx=00000000 ecx=808b4000 edx=8aa75fa0 esi=00000000
edi=8aa532b0
eip=80810f59 esp=b8b056d8 ebp=b8b056e8 iopl=0 nv up ei ng nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010286
nt!CcUninitializeCacheMap+0x2d:
80810f59 ff4e04 dec dword ptr [esi+4]
ds:0023:00000004=???
3: kd> !locks
DUMP OF ALL RESOURCE OBJECTS
KD: Scanning for held locks…
Resource @ 0x8ad51534 Shared 2 owning threads
Contention Count = 193
Threads: 8a32e020-01<> 8a9badb0-01<>
KD: Scanning for held
locks…
Resource @ 0x8abf5b98 Exclusively owned
Threads: 8a32e020-01<>
Resource @ 0x8a08e110 Exclusively owned
Contention Count = 1
NumberOfExclusiveWaiters = 1
Threads: 8a32e020-01<>
Threads Waiting On Exclusive Access:
8a9badb0
KD: Scanning for held locks…
Resource @ 0x8a33bf20 Exclusively owned
Threads: 8a32e020-01<>
KD: Scanning for held locks.
8929 total locks, 4 locks currently held
3: kd> !locks -v 0x8ad51534
Resource @ 0x8ad51534 Shared 2 owning threads
Contention Count = 193
Threads: 8a32e020-01<>
THREAD 8a32e020 Cid 0004.08d0 Teb: 00000000 Win32Thread: 00000000
RUNNING on processor 3
IRP List:
89fa79f0: (0006,01fc) Flags: 00000404 Mdl: 00000000
Not impersonating
DeviceMap e10018b0
Owning Process 8af827e0 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 401178 Ticks: 0
Context Switch Count 299
UserTime 00:00:00.000
KernelTime 00:00:00.453
Start Address srv!WorkerThread (0xb9059602)
Stack Init b8b06000 Current b8b05cec Base b8b06000 Limit b8b03000 Call
0
Priority 9 BasePriority 9 PriorityDecrement 0
ChildEBP RetAddr
b8b05260 80826987 nt!RtlpBreakWithStatusInstruction (FPO: [1,0,0])
b8b052ac 8082788b nt!KiBugCheckDebugBreak+0x19 (FPO: [SEH])
b8b05644 8088c99b nt!KeBugCheck2+0x5e1 (FPO: [6,224,4])
b8b05644 80810f59 nt!KiTrap0E+0x2a7 (FPO: [0,0] TrapFrame @ b8b05664)
b8b056e8 f7b964ef nt!CcUninitializeCacheMap+0x2d (FPO: [3,1,4])
b8b058ec f7b928d9 Ntfs!NtfsCommonCleanup+0x2171 (FPO: [SEH])
b8b05a5c 8081df85 Ntfs!NtfsFsdCleanup+0xcf (FPO: [SEH])
b8b05a70 f724fd28 nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8b05a9c 8081df85 fltMgr!FltpDispatch+0x152 (FPO: [2,6,0])
b8b05ab0 f724fb25 nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8b05ad4 f724fcf5
fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b (FPO: [3,4,4])
b8b05b0c 8081df85 fltMgr!FltpDispatch+0x11f (FPO: [2,6,0])
b8b05b20 b95781cf nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8b05b2c b95797f6 MyFilter!FltCallAndRelease+0x3f (FPO: [Non-Fpo])
(CONV: stdcall) [d:\work\filters\filter.cpp @ 399]
b8b05bac 8081df85 MyFilter!FltDispatch+0x5d6 (FPO: [Non-Fpo]) (CONV:
stdcall) [d:\work\filters\filter.cpp @ 1556]
b8b05bc0 f724fd28 nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8b05bec 8081df85 fltMgr!FltpDispatch+0x152 (FPO: [2,6,0])
b8b05c00 808f9732 nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8b05c30 80934bb0 nt!IopCloseFile+0x2ae (FPO: [5,7,0])
b8b05c60 809344b1 nt!ObpDecrementHandleCount+0xcc (FPO: [4,2,4])
b8b05c88 8093454a nt!ObpCloseHandleTableEntry+0x131 (FPO: [5,1,0])
b8b05ccc 80934667 nt!ObpCloseHandle+0x82 (FPO: [2,7,4])
b8b05cdc b90594a0 nt!NtClose+0x1b (FPO: [1,0,0])
b8b05cf0 b90600c9 srv!SrvNtClose+0x28 (FPO: [2,0,0])
b8b05d08 b9095914 srv!UnlinkRfcbFromLfcb+0x4d (FPO: [1,0,0])
b8b05d24 b90959da srv!SrvCompleteRfcbClose+0x1df (FPO: [1,1,4])
b8b05d44 b909566e srv!CloseRfcbInternal+0xb6 (FPO: [2,2,4])
b8b05d5c b906569e srv!SrvCloseRfcb+0x53 (FPO: [0,1,4])
b8b05d78 b9044e87 srv!SrvSmbClose+0x17d (FPO: [0,2,0])
b8b05d84 b90596c7 srv!SrvProcessSmb+0xb7 (FPO: [0,0,0])
b8b05dac 80949b80 srv!WorkerThread+0x138 (FPO: [1,5,0])
b8b05ddc 8088e092 nt!PspSystemThreadStartup+0x2e (FPO: [SEH])
00000000 00000000 nt!KiThreadStartup+0x16
8a9badb0-01<*>
THREAD 8a9badb0 Cid 0004.0e80 Teb: 00000000 Win32Thread: 00000000
WAIT: (Unknown) KernelMode Non-Alertable
8abbe0c8 SynchronizationEvent
8a9bae28 NotificationTimer
IRP List:
89fa3e00: (0006,01fc) Flags: 00000884 Mdl: 00000000
Impersonation token: e5b43a90 (Level Impersonation)
DeviceMap e59be888
Owning Process 8af827e0 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 401178 Ticks: 0
Context Switch Count 69
UserTime 00:00:00.000
KernelTime 00:00:00.000
Start Address srv!WorkerThread (0xb9059602)
Stack Init b884a000 Current b8849370 Base b884a000 Limit b8847000 Call
0
Priority 9 BasePriority 9 PriorityDecrement 0
ChildEBP RetAddr
b8849388 80833485 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
b88493b4 80829a82 nt!KiSwapThread+0x2e5 (FPO: [0,7,0])
b88493fc 8087cb70 nt!KeWaitForSingleObject+0x346 (FPO: [5,13,4])
b8849434 8087ce2f nt!ExpWaitForResource+0x30 (FPO: [0,5,0])
b8849454 f7b515b4 nt!ExAcquireResourceExclusiveLite+0x8d (FPO: [2,3,0])
b8849464 f7b8e3b1 Ntfs!NtfsAcquireResourceExclusive+0x20 (FPO: [3,0,0])
b8849488 f7b91c81 Ntfs!NtfsAcquireExclusiveFcb+0x42 (FPO: [4,1,4])
b88494b4 f7b87b3d Ntfs!NtfsAcquireFcbWithPaging+0x7f (FPO: [3,2,4])
b88494e8 f7b917ce Ntfs!NtfsFindPrefixHashEntry+0x35c (FPO: [10,5,0])
b8849638 f7b91ef8 Ntfs!NtfsCommonCreate+0xaff (FPO: [SEH])
b884973c 8081df85 Ntfs!NtfsFsdCreate+0x17d (FPO: [SEH])
b8849750 f725d54d nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8849780 8081df85 fltMgr!FltpCreate+0x1d9 (FPO: [2,7,0])
b8849794 f724fb25 nt!IofCallDriver+0x45 (FPO: [0,0,4])
b88497b8 f725d5de
fltMgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20b (FPO: [3,4,4])
b88497f4 8081df85 fltMgr!FltpCreate+0x26a (FPO: [2,7,0])
b8849808 b95781cf nt!IofCallDriver+0x45 (FPO: [0,0,4])
b8849814 b9579bd5 MyFilter!FltCallAndRelease+0x3f (FPO: [Non-Fpo])
(CONV: stdcall) [d:\work\filters\filter.cpp @ 399]
b8849890 8081df85 MyFilter!FltDispatchCreate+0x365 (FPO: [Non-Fpo])
(CONV: stdcall) [d:\work\filters\filter.cpp @ 1778]
b88498a4 f725d54d nt!IofCallDriver+0x45 (FPO: [0,0,4])
b88498d4 8081df85 fltMgr!FltpCreate+0x1d9 (FPO: [2,7,0])
b88498e8 808f8f71 nt!IofCallDriver+0x45 (FPO: [0,0,4])
b88499d0 808f93b8 nt!IopParseDevice+0xa35 (FPO: [SEH])
b8849a08 809374b5 nt!IopParseFile+0x46 (FPO: [10,0,0])
b8849a88 80933a7a nt!ObpLookupObjectName+0x11f (FPO: [11,17,4])
b8849adc 808eae25 nt!ObOpenObjectByName+0xea (FPO: [7,5,4])
b8849b58 808ec0bf nt!IopCreateFile+0x447 (FPO: [SEH])
b8849bb4 b9062479 nt!IoCreateFile+0xa3 (FPO: [14,3,0])
b8849c24 b9061a4b srv!SrvIoCreateFile+0x36d (FPO: [16,9,4])
b8849cf0 b9062bd1 srv!SrvNtCreateFile+0x44b (FPO: [18,30,4])
b8849d78 b9044e87 srv!SrvSmbNtCreateAndX+0x15c (FPO: [0,11,4])
b8849d84 b90596c7 srv!SrvProcessSmb+0xb7 (FPO: [0,0,0])
b8849dac 80949b80 srv!WorkerThread+0x138 (FPO: [1,5,0])
b8849ddc 8088e092 nt!PspSystemThreadStartup+0x2e (FPO: [SEH])
00000000 00000000 nt!KiThreadStartup+0x16
1 total locks, 1 locks currently held
3: kd> !irp 0x89fa79f0 1
Irp is active with 11 stacks 9 is current (= 0x89fa7b80)
No Mdl: No System Buffer: Thread 8a32e020: Irp stack trace.
Flags = 00000404
ThreadListEntry.Flink = 8a32e228
ThreadListEntry.Blink = 8a32e228
IoStatus.Status = 00000000
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = 89fa7a08
UserEvent = b8b05c14
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = 89fa7a30
Tail.Overlay.Thread = 8a32e020
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 89fa7b80
Tail.Overlay.OriginalFileObject = 8aa532b0
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[12, 0] 0 e0 8ad51020 8aa532b0 f724f468-89d6bac8 Success Error Cancel
\FileSystem\Ntfs fltMgr!FltpPassThroughCompletion
Args: 00000000 00000000 00000000 00000000
[12, 0] 0 e1 8aa0e820 8aa532b0 b9578f30-8a0bead8 Success Error Cancel
pending
\FileSystem\FltMgr MyFilter!FltIoCompletion
Args: 00000000 00000000 00000000 00000000
[12, 0] 0 1 8acb3318 8aa532b0 00000000-00000000 pending
\Driver\MyFilter
Args: 00000000 00000000 00000000 00000000
3: kd> !irp 89fa3e00 1
Irp is active with 11 stacks 9 is current (= 0x89fa3f90)
No Mdl: No System Buffer: Thread 8a9badb0: Irp stack trace.
Flags = 00000884
ThreadListEntry.Flink = 8a9bafb8
ThreadListEntry.Blink = 8a9bafb8
IoStatus.Status = 00000000
IoStatus.Information = 00000009
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = b8849988
UserEvent = 00000000
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = 89fa3e40
Tail.Overlay.Thread = 8a9badb0
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 89fa3f90
Tail.Overlay.OriginalFileObject = 8a0360c8
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[0, 0] 0 e0 8ad51020 8a0360c8 f724ef8e-8a038e70 Success Error Cancel
\FileSystem\Ntfs fltMgr!FltpSynchronizedOperationCompletion
Args: b8849914 01000000 00070000 00000000
[0, 0] 0 e0 8aa0e820 8a0360c8 b9578f30-8a9e5758 Success Error Cancel
\FileSystem\FltMgr MyFilter!FltIoCompletion
Args: b8849914 01000000 00070000 00000000
[0, 0] 0 1 8acb3318 8a0360c8 00000000-00000000 pending
\Driver\MyFilter
Args: b8849914 01000000 00070000 00000000</file:>