Crash dump SYSTEM_SERVICE_EXCEPTION (3b)

WINDBG
1

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff803637154b9, Address of the instruction which caused the BugCheck
Arg3: ffff900b0137e540, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 3609

Key  : Analysis.Elapsed.mSec
Value: 14479
Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 1

Key  : Analysis.IO.Write.Mb
Value: 0

Key  : Analysis.Init.CPU.mSec
Value: 609

Key  : Analysis.Init.Elapsed.mSec
Value: 2460

Key  : Analysis.Memory.CommitPeak.Mb
Value: 106

Key  : Analysis.Version.DbgEng
Value: 10.0.27725.1000

Key  : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre

Key  : Analysis.Version.Ext
Value: 1.2408.27.1

Key  : Bugcheck.Code.LegacyAPI
Value: 0x3b

Key  : Bugcheck.Code.TargetModel
Value: 0x3b

Key  : Failure.Bucket
Value: AV_!PreCreate

Key  : Failure.Hash
Value: {f1e03e97-ce41-3db3-5acc-c1b507516434}

Key  : WER.OS.Branch
Value: ni_release

Key  : WER.OS.Version
Value: 10.0.22621.1

BUGCHECK_CODE: 3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff803637154b9

BUGCHECK_P3: ffff900b0137e540

BUGCHECK_P4: 0

FILE_IN_CAB: 102924-14828-01.dmp

FAULTING_THREAD: ffffaa817d9ce0c0

CONTEXT: ffff900b0137e540 -- (.cxr 0xffff900b0137e540)
rax=0000000000000018 rbx=8484286471a85dd8 rcx=0000000000003300
rdx=0000000000000220 rsi=0000000000000220 rdi=ffffaa8183b57b50
rip=fffff803637154b9 rsp=ffff900b0137ef60 rbp=ffff900b0137efe0
r8=0000000000000002 r9=0000000000000001 r10=0000000000000008
r11=ffffd1807b740000 r12=0000000000000001 r13=fffff80363400000
r14=ffffaa8183b57b60 r15=0000000000000220
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
nt!ExFreeHeapPool+0x1a9:
fffff803637154b9 488b5328 mov rdx,qword ptr [rbx+28h] ds:002b:8484286471a85e00=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: svchost.exe

STACK_TEXT:
ffff900b0137ef60 fffff80363eaaca5 : 0000000066636767 fffff80300000002 0100000000100000 0000000000000220 : nt!ExFreeHeapPool+0x1a9
ffff900b0137f010 fffff803811b1326 : ffffaa8183b57b60 ffff900b0137f100 0000000000000000 ffffaa817cf7b0f8 : nt!ExFreePool+0x25
ffff900b0137f050 fffff8036273963b : ffffaa817cf7b010 ffff900b0137f169 0000000000000000 0000000000000000 : !PreCreate+0x1d6 [callback.c @ 503]
ffff900b0137f0c0 fffff803627390c1 : ffff900b0137f260 fffff8036273b000 0000000000000000 fffff80363ac1e00 : FLTMGR!FltpPerformPreCallbacksWorker+0x37b
ffff900b0137f1d0 fffff80362771fef : ffff900b01380000 ffff900b01379000 ffffaa81723e78d0 ffffaa8183b09010 : FLTMGR!FltpPassThroughInternal+0xd1
ffff900b0137f220 fffff803637003e7 : 0000000000000100 0000000000000000 0000000000000000 0000000000000000 : FLTMGR!FltpCreate+0x30f
ffff900b0137f2d0 fffff803638565fd : 0000000000000000 0000000000000000 0000000000000000 0000000000000040 : nt!IopfCallDriver+0x53
ffff900b0137f310 fffff80363841b91 : 0000000000000000 ffff900b0137f650 ffffaa8184a385c8 ffffaa8183b09010 : nt!IopPerfCallDriver+0xb3
ffff900b0137f340 fffff80363ab5133 : 0000000000000000 ffff900b0137f650 ffffaa8184a385c8 ffffaa81723e78d0 : nt!IofCallDriver+0x1dadb1
ffff900b0137f380 fffff80363ac0781 : ffff900b0137f778 ffff96092b05de90 fffff80362737da0 ffff900b0137f770 : nt!IopParseDevice+0x15b3
ffff900b0137f550 fffff80363abfa52 : ffffaa8183bb3001 ffff900b0137f770 0000000000000040 ffffaa81551ab7a0 : nt!ObpLookupObjectName+0x7e1
ffff900b0137f6e0 fffff80363aa32c7 : ffffaa8100000000 ffffaa8183b09010 0000008d7817f5c8 0000000000000001 : nt!ObOpenObjectByNameEx+0x1f2
ffff900b0137f810 fffff80363befc18 : 0000008d7817f550 0000025200100001 0000008d7817f5c8 0000008d7817f5b8 : nt!IopCreateFile+0xb17
ffff900b0137f8e0 fffff8036382a405 : 000000000000000f 0000000000000080 ffffaa817d9ce0c0 0000000000000000 : nt!NtOpenFile+0x58
ffff900b0137f970 00007ffe60710734 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
0000008d7817f4f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffe`60710734

FAULTING_SOURCE_LINE: callback.c

FAULTING_SOURCE_FILE: callback.c

FAULTING_SOURCE_LINE_NUMBER: 503

FAULTING_SOURCE_CODE:
No source found for 'callback.c'

SYMBOL_NAME: !PreCreate+1d6

MODULE_NAME:

IMAGE_NAME: .sys

IMAGE_VERSION: 24.0.0.11

STACK_COMMAND: .cxr 0xffff900b0137e540 ; kb

BUCKET_ID_FUNC_OFFSET: 1d6

FAILURE_BUCKET_ID: AV_!PreCreate

OS_VERSION: 10.0.22621.1

BUILDLAB_STR: ni_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {f1e03e97-ce41-3db3-5acc-c1b507516434}

Followup: MachineOwner

@r13 void ** ppvCompletionContext = 0xffff900b`0137f128
10: kd> dx -id 0,0,ffffaa817d49d080 -r1 ((ggc!void * *)0xffff900b0137f128)
((ggc!void * *)0xffff900b0137f128) : 0xffff900b0137f128 [Type: void * *]
0x0 [Type: void *]

Hi, i am debugging this crash dump, in this ppvcompletioncontext variable in my code seems to be evaluating as null, though the in the code ive already made check for null after that i am allocating memory to it by using ExAllocateFromNPagedLookasideList.
Here is a lilttle code snippet
pCreateContext = ExAllocateFromNPagedLookasideList(&g_DriverGlobals.CreateCtxLookaside);
if (NULL == pCreateContext)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
*ppvCompletionContext = pCreateContext;
help me debug

2

You didn't show where you declared your ppvCompletionContext. Most certainly it's a global variable that needs to be included in a critical section.

3

FLT_PREOP_CALLBACK_STATUS
PreCreate(
PFLT_CALLBACK_DATA pCBData,
PCFLT_RELATED_OBJECTS pFltObjects,
PVOID *ppvCompletionContext
)
This routine is the Pre-Create routine for the minifilter. ppvCompletionContext comes with it
it sets the CompletionContext that will be passed to the Post-Create callback.