Crash during CcCopywrite...

OSR_Community_User · July 29, 2003, 6:46am

Dear All,

I’m writing a file system driver. I’m getting a crash when i’m calling Cccopywrite. Here is the Crash dump file.

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804e225b, address which referenced memory

Debugging Details:

WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!CcSetDirtyInMask+fa
804e225b f3a5 rep movsd

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA_W

TRAP_FRAME: f38029cc – (.trap fffffffff38029cc)
ErrCode = 00000002
eax=00000000 ebx=ffb5e6c0 ecx=00000010 edx=f3802a4c esi=ffb5e700 edi=00000000
eip=804e225b esp=f3802a40 ebp=f3802a6c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!CcSetDirtyInMask+fa:
804e225b f3a5 rep movsd ds:ffb5e700=00ffc000 es:00000000=???
Resetting default context

LAST_CONTROL_TRANSFER: from 804fcfcf to 804e225b

STACK_TEXT:
f3802a6c 804fcfcf ffb67978 f3802a88 00001000 nt!CcSetDirtyInMask+0xfa
f3802a90 804e4b69 ffb67978 80f2bb70 00000200 nt!CcFreeActiveVacb+0x87
f3802b14 f3f08d8f 80e3b048 f3802c1c 00000040 nt!CcCopyWrite+0x1d5
f38039d4 f3eefec9 81612fc8 81d3ee48 000084a1 Packudf!CdUpdateAndInitializeFcbWithCache+0x232 [c:\winddk\2600\src\gsl\strucsup.c @ 1659]
f38049d4 f3eaa5c3 81612fc8 833b2e90 80d90ce8 Packudf!CdCommonCreate+0x135b [c:\winddk\2600\src\gsl\create.c @ 1542]
f3804a3c 804eea36 80d90ce8 833b2e90 806cb1a8 Packudf!CdFsdDispatch+0x18f [c:\winddk\2600\src\gsl\cddata.c @ 329]
f3804a4c 80649111 833b2ea0 833b2e90 80de4220 nt!IopfCallDriver+0x31
f3804a70 80584ebb ffbab018 80e6732c f3804c18 nt!IovCallDriver+0x9e
f3804b54 805816f0 ffbab030 00000000 80e67288 nt!IopParseDevice+0xa4d
f3804bd8 80583aba 00000000 f3804c18 00000040 nt!ObpLookupObjectName+0x56a
f3804c2c 80585172 00000000 00000000 ffffff01 nt!ObOpenObjectByName+0xe9
f3804ca8 8058524e 034de820 40110080 034de548 nt!IopCreateFile+0x407
f3804cf0 8058d1f0 034de820 40110080 034de548 nt!IoCreateFile+0x36
f3804d30 804dc140 034de820 40110080 034de548 nt!NtCreateFile+0x2e
f3804d30 7ffe0304 034de820 40110080 034de548 nt!KiSystemService+0xc4
034de16c 77f7596a 77e30be5 034de820 40110080 SharedUserData!SystemCallStub+0x4
034de170 77e30be5 034de820 40110080 034de548 ntdll!NtCreateFile+0xc
034de83c 77e302b6 02babc84 00000614 80000000 kernel32!BaseCopyStream+0x615
034dec2c 77e30393 02babc84 02babe8c 7741ea44 kernel32!BasepCopyFileExW+0x4c6
034dec88 7741e7af 02babc84 02babe8c 7741ea44 kernel32!CopyFileExW+0x39
034deed0 7741e697 02babb90 02babc84 02babe8c SHELL32!FileCopy+0x11a
034df108 7741e670 02babb90 02babc84 02babe8c SHELL32!DoFile_Copy+0x22
034df83c 7741dd37 00000000 00000000 00107fa0 SHELL32!MoveCopyDriver+0x3d2
034df880 774a470e 00000000 00107fa0 00000000 SHELL32!SHFileOperationW+0x179
034dfce4 774a49a1 02c9a8dc 02c9444c 03c50020 SHELL32!CFSDropTarget::_MoveCopy+0x183
034dff34 774a4a32 02c9a8dc 02c9444c 00000000 SHELL32!CFSDropTarget::_DoDrop+0x210
034dff50 7728df5f 02c9444c 000a5150 003bb468 SHELL32!CFSDropTarget::_DoDropThreadProc+0x44
034dffb4 77e3d33b 00000000 000a5150 003bb468 SHLWAPI!WrapperThreadProc+0x92
034dffec 00000000 7728def2 02fcf118 00000000 kernel32!BaseThreadStart+0x37

FOLLOWUP_IP:
Packudf!CdUpdateAndInitializeFcbWithCache+232
f3f08d8f 0fb6d0 movzx edx,al

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Packudf!CdUpdateAndInitializeFcbWithCache+232

MODULE_NAME: Packudf

IMAGE_NAME: Packudf.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3f255eb5

STACK_COMMAND: .trap fffffffff38029cc ; kb

BUCKET_ID: 0xA_W_Packudf!CdUpdateAndInitializeFcbWithCache+232

Followup: MachineOwner

Can you please guide me as what’s happening here? What could be the cause…

Thanks in advance.

Sridhar D

OSR_Community_User · July 29, 2003, 2:09pm

Something has been corrupted or not set up correctly between this file
and the Cache Manager. Double-check how you’re setting up the FileObject
and when you’re invoking CcInitializeCacheMap.

And why are you calling CcCopyWrite during create anyways? This is not
the cleanest way to prewarm the cache (if that’s what you’re trying to do).

Sridhar wrote:

Dear All,

I’m writing a file system driver. I’m getting a crash when i’m calling
Cccopywrite. Here is the Crash dump file.

*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804e225b, address which referenced memory

Debugging Details:

WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!CcSetDirtyInMask+fa
804e225b f3a5 rep movsd

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA_W

TRAP_FRAME: f38029cc – (.trap fffffffff38029cc)
ErrCode = 00000002
eax=00000000 ebx=ffb5e6c0 ecx=00000010 edx=f3802a4c esi=ffb5e700
edi=00000000
eip=804e225b esp=f3802a40 ebp=f3802a6c iopl=0 nv up ei pl nz na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010206
nt!CcSetDirtyInMask+fa:
804e225b f3a5 rep movsd ds:ffb5e700=00ffc000
es:00000000=???
Resetting default context

LAST_CONTROL_TRANSFER: from 804fcfcf to 804e225b

STACK_TEXT:
f3802a6c 804fcfcf ffb67978 f3802a88 00001000 nt!CcSetDirtyInMask+0xfa
f3802a90 804e4b69 ffb67978 80f2bb70 00000200 nt!CcFreeActiveVacb+0x87
f3802b14 f3f08d8f 80e3b048 f3802c1c 00000040 nt!CcCopyWrite+0x1d5
f38039d4 f3eefec9 81612fc8 81d3ee48 000084a1
Packudf!CdUpdateAndInitializeFcbWithCache+0x232
[c:\winddk\2600\src\gsl\strucsup.c @ 1659]
f38049d4 f3eaa5c3 81612fc8 833b2e90 80d90ce8
Packudf!CdCommonCreate+0x135b [c:\winddk\2600\src\gsl\create.c @ 1542]
f3804a3c 804eea36 80d90ce8 833b2e90 806cb1a8 Packudf!CdFsdDispatch+0x18f
[c:\winddk\2600\src\gsl\cddata.c @ 329]
f3804a4c 80649111 833b2ea0 833b2e90 80de4220 nt!IopfCallDriver+0x31
f3804a70 80584ebb ffbab018 80e6732c f3804c18 nt!IovCallDriver+0x9e
f3804b54 805816f0 ffbab030 00000000 80e67288 nt!IopParseDevice+0xa4d
f3804bd8 80583aba 00000000 f3804c18 00000040 nt!ObpLookupObjectName+0x56a
f3804c2c 80585172 00000000 00000000 ffffff01 nt!ObOpenObjectByName+0xe9
f3804ca8 8058524e 034de820 40110080 034de548 nt!IopCreateFile+0x407
f3804cf0 8058d1f0 034de820 40110080 034de548 nt!IoCreateFile+0x36
f3804d30 804dc140 034de820 40110080 034de548 nt!NtCreateFile+0x2e
f3804d30 7ffe0304 034de820 40110080 034de548 nt!KiSystemService+0xc4
034de16c 77f7596a 77e30be5 034de820 40110080
SharedUserData!SystemCallStub+0x4
034de170 77e30be5 034de820 40110080 034de548 ntdll!NtCreateFile+0xc
034de83c 77e302b6 02babc84 00000614 80000000 kernel32!BaseCopyStream+0x615
034dec2c 77e30393 02babc84 02babe8c 7741ea44 kernel32!BasepCopyFileExW+0x4c6
034dec88 7741e7af 02babc84 02babe8c 7741ea44 kernel32!CopyFileExW+0x39
034deed0 7741e697 02babb90 02babc84 02babe8c SHELL32!FileCopy+0x11a
034df108 7741e670 02babb90 02babc84 02babe8c SHELL32!DoFile_Copy+0x22
034df83c 7741dd37 00000000 00000000 00107fa0 SHELL32!MoveCopyDriver+0x3d2
034df880 774a470e 00000000 00107fa0 00000000 SHELL32!SHFileOperationW+0x179
034dfce4 774a49a1 02c9a8dc 02c9444c 03c50020
SHELL32!CFSDropTarget::_MoveCopy+0x183
034dff34 774a4a32 02c9a8dc 02c9444c 00000000
SHELL32!CFSDropTarget::_DoDrop+0x210
034dff50 7728df5f 02c9444c 000a5150 003bb468
SHELL32!CFSDropTarget::_DoDropThreadProc+0x44
034dffb4 77e3d33b 00000000 000a5150 003bb468 SHLWAPI!WrapperThreadProc+0x92
034dffec 00000000 7728def2 02fcf118 00000000 kernel32!BaseThreadStart+0x37

FOLLOWUP_IP:
Packudf!CdUpdateAndInitializeFcbWithCache+232
f3f08d8f 0fb6d0 movzx edx,al

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Packudf!CdUpdateAndInitializeFcbWithCache+232

MODULE_NAME: Packudf

IMAGE_NAME: Packudf.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3f255eb5

STACK_COMMAND: .trap fffffffff38029cc ; kb

BUCKET_ID: 0xA_W_Packudf!CdUpdateAndInitializeFcbWithCache+232

Followup: MachineOwner

Can you please guide me as what’s happening here? What could be the cause…

Thanks in advance.

Sridhar D

You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

–

Nick Ryan (MVP for DDK)