Hi, i am developing my own customized FSD. Normally reading/writing is working fine, even if i do surprise removal, my exception handler handles it very well, But when i share my folder and do writing from network(write some movie file etc) and if i do surprise removal then Crash occurs.
It tells that we are trying to access pageable memory on high IRQL(IRQL=2), but this crash is coming only, when writing thru network otherwise from local pc its fine.
In case of network do we have to take care something more. i read that oplocks have a role while sharing file., but it doesnt seems to be an issue of oplocks.(using fastfat framework)
Could you please post an !analyze -v for the crash?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, November 04, 2010 3:12 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Crash in file system driver
Hi, i am developing my own customized FSD. Normally reading/writing is
working fine, even if i do surprise removal, my exception handler handles it
very well, But when i share my folder and do writing from network(write some
movie file etc) and if i do surprise removal then Crash occurs.
It tells that we are trying to access pageable memory on high IRQL(IRQL=2),
but this crash is coming only, when writing thru network otherwise from
local pc its fine.
In case of network do we have to take care something more. i read that
oplocks have a role while sharing file., but it doesnt seems to be an issue
of oplocks.(using fastfat framework)
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
!analysis -->
Probably caused by : fat.SYS ( fat!fatCompleteRequest_Real+91 )
Followup: MachineOwner
nt!DbgBreakPointWithStatus+0x4:
8052b3c0 cc int 3
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: a71eaf10, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 8050940b, address which referenced memory
Debugging Details:
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
MODULE_NAME: fat
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4cd2a65a
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
a71eaf10
CURRENT_IRQL: 2
FAULTING_IP:
nt!MmUnlockPages+127
8050940b 8b4710 mov eax,dword ptr [edi+10h]
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 804f99be to 8052b3c0
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f68216e4 804f99be 00000003 a71eaf10 8050940b nt!DbgBreakPointWithStatus+0x4
f6821ac4 805444c0 0000000a a71eaf10 00000002 nt!KeRegisterBugCheckReasonCallback+0x77c
f6821b7c 804f17e8 85f4b398 f6821c0c 869c1000 nt!Kei386EoiHelper+0x2834
f6821ba4 806567b8 f739f483 00000000 00000000 nt!IoCancelIrp+0x266
f6821c10 f73e1b61 00000000 f6821c88 f73e1aa7 nt!RtlCompressBuffer+0x38be
f6821c1c f73e1aa7 00000000 869c0e70 c000000e fat!fatCompleteRequest_Real+0x91 [c:\fat301010\fatdata.c @ 711]
f6821c88 f739f497 85f944d0 869c0e70 c000000e fat!fatProcessException+0x517 [c:\fat301010\fatdata.c @ 618]
f6821ce0 804ef199 85f77020 869c0e70 806e4428 fat!fatFsdWrite+0x1e7 [c:\fat301010\write.c @ 203]
f6821d14 f66b19a2 85e65978 85e65008 85e65d70 nt!IoBuildPartialMdl+0xed
f6821d40 f66f18d0 85e65008 85f77020 85f4b398 srv+0xa9a2
f6821d88 f66b8be8 00000000 85e844c0 00000000 srv+0x4a8d0
f6821dac 805ceca2 85e65008 00000000 00000000 srv+0x11be8
f6821ddc 80545ebe f66b8b32 85e33b60 00000000 nt!PsRemoveCreateThreadNotifyRoutine+0x214
00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x72e
STACK_COMMAND: kb
FOLLOWUP_IP:
fat!fatCompleteRequest_Real+91 [c:\fat301010\fatdata.c @ 711]
f73e1b61 8be5 mov esp,ebp
FAULTING_SOURCE_CODE:
707: IoCompleteRequest( Irp, IO_DISK_INCREMENT );
708: }
709:
710: return;
711: }
712:
713: /**
714: * @fn
715:
716: BOOLEAN fatIsIrpTopLevel (
Before you do anything else, you need to fix your symbols:
.symfix+
.reload -f -n
Then rerun !analyze -v and post the results please.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, November 04, 2010 9:12 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Crash in file system driver
!analysis –>
Probably caused by : fat.SYS ( fat!fatCompleteRequest_Real+91 )
Followup: MachineOwner
---------
nt!DbgBreakPointWithStatus+0x4:
8052b3c0 cc int 3
1: kd> !analyze -v
Bugcheck Analysis
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: a71eaf10, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation
(only on chips which support this level of status)
Arg4: 8050940b, address which referenced memory
Debugging Details:
------------------
Kernel symbols are WRONG. Please fix symbols to do analysis.
******
******
Your debugger is not using the correct symbols
******
In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.
******
Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.
******
Type referenced: nt!_KPRCB
******
******
******
Your debugger is not using the correct symbols
******
In order for this command to work properly, your symbol path
must point to .pdb files that have full type information.
******
Certain .pdb files (such as the public OS symbols) do not
contain the required information. Contact the group that
provided you with these symbols if you need this command to
work.
******
Type referenced: nt!_KPRCB
******
*
MODULE_NAME: fat
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4cd2a65a
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
a71eaf10
CURRENT_IRQL: 2
FAULTING_IP:
nt!MmUnlockPages+127
8050940b 8b4710 mov eax,dword ptr [edi+10h]
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 804f99be to 8052b3c0
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
f68216e4 804f99be 00000003 a71eaf10 8050940b nt!DbgBreakPointWithStatus+0x4
f6821ac4 805444c0 0000000a a71eaf10 00000002
nt!KeRegisterBugCheckReasonCallback+0x77c
f6821b7c 804f17e8 85f4b398 f6821c0c 869c1000 nt!Kei386EoiHelper+0x2834
f6821ba4 806567b8 f739f483 00000000 00000000 nt!IoCancelIrp+0x266
f6821c10 f73e1b61 00000000 f6821c88 f73e1aa7 nt!RtlCompressBuffer+0x38be
f6821c1c f73e1aa7 00000000 869c0e70 c000000e
fat!fatCompleteRequest_Real+0x91 [c:\fat301010\fatdata.c @ 711]
f6821c88 f739f497 85f944d0 869c0e70 c000000e fat!fatProcessException+0x517
[c:\fat301010\fatdata.c @ 618]
f6821ce0 804ef199 85f77020 869c0e70 806e4428 fat!fatFsdWrite+0x1e7
[c:\fat301010\write.c @ 203]
f6821d14 f66b19a2 85e65978 85e65008 85e65d70 nt!IoBuildPartialMdl+0xed
f6821d40 f66f18d0 85e65008 85f77020 85f4b398 srv+0xa9a2
f6821d88 f66b8be8 00000000 85e844c0 00000000 srv+0x4a8d0
f6821dac 805ceca2 85e65008 00000000 00000000 srv+0x11be8
f6821ddc 80545ebe f66b8b32 85e33b60 00000000
nt!PsRemoveCreateThreadNotifyRoutine+0x214
00000000 00000000 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x72e
STACK_COMMAND: kb
FOLLOWUP_IP:
fat!fatCompleteRequest_Real+91 [c:\fat301010\fatdata.c @ 711]
f73e1b61 8be5 mov esp,ebp
FAULTING_SOURCE_CODE:
707: IoCompleteRequest( Irp, IO_DISK_INCREMENT );
708: }
709:
710: return;
> 711: }
712:
713: /**
714: * @fn
715:
716: BOOLEAN fatIsIrpTopLevel (
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Or cut/paste the analysis from the OSR’s Instant Online Crash Analysis page:
http://www.osronline.com/page.cfm?name=analyze
But, please… don’t give us the output from the debugger when the debugger output clearly indicates – multiple times – that it’s not correctly configured. I mean, seriously. A big box with stars around it probably MEANS something.
Sorry… I’m just frustrated by the number of people who do this,
Peter
OSR
On 11/04/2010 02:40 PM, xxxxx@osr.com wrote:
Sorry… I’m just frustrated by the number of people who do this,
+1. “push_button_wizard++;”
is it the problem with srv .sys just check it…