Hi All,
I am writing a FILE SYSTEM driver.
When I unplug the USB disk (simply remove the cable from machine). I get a BSOD. Here's the output of !analyze -v
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002885b2c, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeWaitForSingleObject+17c
fffff800`02885b2c 4c8938 mov qword ptr [rax],r15
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
TRAP_FRAME: fffff88005837c60 -- (.trap 0xfffff88005837c60)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8003ac9900
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002885b2c rsp=fffff88005837df0 rbp=0000000000000000
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff800029f6e80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KeWaitForSingleObject+0x17c:
fffff80002885b2c 4c8938 mov qword ptr [rax],r15 ds:0000000000000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002973672 to fffff800028748e0
STACK_TEXT:
fffff880058373a8 fffff80002973672 : 0000000000000000 fffffa8002889b60 0000000000000065 fffff800028ba910 : nt!DbgBreakPointWithStatus
fffff880058373b0 fffff8000297445e : 0000000000000003 0000000000000000 fffff800028b74d0 000000000000000a : nt!KiBugCheckDebugBreak+0x12
fffff88005837410 fffff8000287c984 : fffff88005837d40 0000000000000008 0000000000000001 fffff800028fab52 : nt!KeBugCheck2+0x71e
fffff88005837ae0 fffff8000287bde9 : 000000000000000a 0000000000000000 0000000000000002 0000000000000001 : nt!KeBugCheckEx+0x104
fffff88005837b20 fffff8000287aa60 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69
fffff88005837c60 fffff80002885b2c : fffffa8003af1070 fffff8a001de6c60 fffff88000000000 0000000000000000 : nt!KiPageFault+0x260
fffff88005837df0 fffff8000283dffa : fffffa8000020000 fffff8a000000022 0000000002647d00 fffff8a002f14600 : nt!KeWaitForSingleObject+0x17c
fffff88005837e90 fffff800028c4179 : fffffa8003901010 fffff8a002f146a0 0000000000000002 00000000000006a8 : nt!KiAcquireFastMutex+0x4e
fffff88005837ed0 fffff8000282fb74 : fffff800029f4e98 fffffa8003901010 fffff8a0014bf5e0 fffffa8003ac98e0 : nt! ?? ::FNODOBFM::string'+0x399d8 fffff88005837f80 fffff800028c505e : 0000000000000001 fffffa8002889fe0 0000000000000001 fffff8a002f146a0 : nt!IoCancelIrp+0x64 fffff88005837fc0 fffff80002bb6ece : fffffa8003bf6910 0000000000000001 00000000037111b0 0000000000000000 : nt!IopCancelIrpsInCurrentThreadList+0x186 fffff88005838070 fffff80002b9b6ec : fffffa8002889b60 fffffa8002889b60 00000000037111b0 fffffa80039d3b30 : nt! ?? ::NNGAKEGL::string'+0x1c37e
fffff880058380c0 fffff80002b99a12 : 0000000000000000 fffff88005838260 000000000392f340 fffffa8003bf6910 : nt!IopCancelIrpsInThreadListForCurrentProcess+0xcc
fffff88005838180 fffff8000287bad3 : fffffa8002889b60 ffffffffffffffff 0000000000000000 0000000000000020 : nt!NtCancelIoFileEx+0xda
fffff880058381e0 0000000077a4ff4a : 000007fefdae41eb 0000000000000001 0000000000000000 000007fefec18428 : nt!KiSystemServiceCopyEnd+0x13
000000000392f318 000007fefdae41eb : 0000000000000001 0000000000000000 000007fefec18428 000007fefc490b01 : ntdll!NtCancelIoFileEx+0xa
000000000392f320 000007fefebc911b : 000007fefec18428 000007fefebe6e41 0000000000000000 0000000000000000 : KERNELBASE!CancelIoEx+0x1b
000000000392f360 000007fefebc9295 : 0000000003710900 0000000003710900 0000000000000000 0000000004c73390 : SHELL32!CLocalInterruptSource::v_CloseHandle+0x47
000000000392f3a0 000007fefebc9096 : 0000000000000000 000007fefebde3fc 0000000000000008 0000000000000001 : SHELL32!CLocalInterruptSource::vector deleting destructor'+0x55 000000000392f3d0 000007fefebc21f3 : 0000000004c40d80 0000000000350e30 0000000003710900 000007fefebe4b01 : SHELL32!CFSInterruptSource::Release+0x22 000000000392f400 000007fefc4900b1 : 0000000080004005 0000000000000000 000000000370fff0 000007fefebc8b7c : SHELL32!DPA_ReleaseCB<iautoplayhandler>+0xf<br>000000000392f430 000007fefc4900ee : 0000000004c40d80 000000000370fff0 0000000004c40d80 000007fefebc21e4 : comctl32!DPA_EnumCallback+0x41<br>000000000392f460 000007fefebe4c8d : 0000000000000002 0000000004c3faf0 0000000000000000 0000000004c40d80 : comctl32!DPA_DestroyCallback+0xe<br>000000000392f490 000007fefebc8fce : 0000000004c3faf0 0000000000350e30 0000000000350df0 0000000004e60798 : SHELL32!DPA_DestroyCallback+0x4d<br>000000000392f4c0 000007fefebc9007 : 0000000000010088 00000000002e7a98 0000000000000000 0000000004e61c88 : SHELL32!CChangeNotify::ReleaseInterruptSource+0x1dd<br>000000000392f540 000007fefebc8c13 : 0000000004c79fd8 0000000000350df0 0000000000000000 0000000000000000 : SHELL32!CChangeNotify::RemoveClient+0x41<br>000000000392f570 000007fefebc8cc8 : 0000000000000000 000000007791b98f 0000000000000000 0000000000000001 : SHELL32!CRegisteredClient::Deregister+0x23<br>000000000392f5a0 000007fefebc8c4d : 0000000000000000 0000000000000000 0000000000000000 00000000000006a8 : SHELL32!CChangeNotify::_DeregisterClientByID+0x7b<br>000000000392f5e0 000000007791c3c1 : 0000000000000000 0000000000000001 0000000000000001 000007fefdab3986 : SHELL32!CChangeNotify::s_WndProc+0x18b<br>000000000392f640 000000007791a01b : 0000000000000000 000007fefebe3de0 0000000000000000 0000000000000000 : USER32!UserCallWinProcCheckWow+0x1ad<br>000000000392f700 000000007791a061 : 0000000004cbe740 0000000000000014 0000000000000014 00000000000002f0 : USER32!DispatchClientMessage+0xc3<br>000000000392f760 0000000077a4f5e5 : 0000000000000000 000000000392f8e8 0000000000000014 0000000000000000 : USER32!_fnDWORD+0x2d<br>000000000392f7c0 000000007791bb2a : 000000007791baf9 000000000392f8e0 0000000002704b00 0000000000000002 : ntdll!KiUserCallbackDispatcherContinue<br>000000000392f848 000000007791baf9 : 000000000392f8e0 0000000002704b00 0000000000000002 0000000000000020 : USER32!ZwUserPeekMessage+0xa<br>000000000392f850 000007fefebe3903 : 00000000026e3ff0 0000000000000014 0000000000000000 0000000000000016 : USER32!PeekMessageW+0x105<br>000000000392f8a0 000007fefeb43663 : ffffffffffffffff ffffffffffffffff 0000000000000000 0000000000000001 : SHELL32!CChangeNotify::_MessagePump+0x111<br>000000000392f950 000007fefde6c8ea : 0000000000000000 0000000000000000 0000000000000000 0000000000000018 : SHELL32!CChangeNotify::s_ThreadProc+0xc7<br>000000000392f9b0 00000000777ff34d : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : SHLWAPI!WrapperThreadProc+0x19b<br>000000000392fab0 0000000077a32ca1 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>000000000392fae0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>STACK_COMMAND: kb<br><br>FOLLOWUP_IP: <br>nt!KeWaitForSingleObject+17c<br>fffff80002885b2c 4c8938 mov qword ptr [rax],r15
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: nt!KeWaitForSingleObject+17c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5147dc36
FAILURE_BUCKET_ID: X64_0xA_nt!KeWaitForSingleObject+17c
BUCKET_ID: X64_0xA_nt!KeWaitForSingleObject+17c
Followup: MachineOwner
---------