Hi,
We have seen a crash on one of our customer setup. We have a volume filter
driver(no FS drivers, no network drivers) and some applications
that transfer some files over LAN/WAN. The system is Windows 2008 R2,
standard. Accidentally when our product runs, crash happens. This is the
output from !analyze -v.
Crash is seen in the stack of tcpip and netio.sys. Is anything suspicious
from below analysis? anybody seen this kind of crash? please suggest.
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880018897a0, address which referenced memory
Debugging Details:
Page 12f5c7 not present in the dump file. Type “.hh dbgerr004” for details
PEB is paged out (Peb.Ldr = 000007fffffd3018). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 000007ff
fffd3018). Type “.hh dbgerr001” for
details
READ_ADDRESS: 0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
tcpip! ?? ::FNODOBFM::string'+56f4 fffff880
018897a0 488b01 mov rax,qword ptr [rcx]
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: vacp.exe
TRAP_FRAME: fffff800014202c0 – (.trap 0xfffff800014202c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8003d46d40 rbx=fffffa8004680600 rcx=0000000000000000
rdx=fffffa8003d46d41 rsi=0000000000000001 rdi=fffff8800185cbb4
rip=fffff880018897a0 rsp=fffff80001420450 rbp=0000000000000000
r8=fffffa8003d46d40 r9=00000000000000d0 r10=fffff80001835b80
r11=fffffa8004680540 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
tcpip! ?? ::FNODOBFM::string'+0x56f4: fffff880
018897a0 488b01 mov rax,qword ptr [rcx]
ds:07ff:0000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016b9ca9 to fffff800016ba740
STACK_TEXT:
fffff80001420178 fffff800
016b9ca9 : 000000000000000a 00000000
00000000
0000000000000002 00000000
00000000 : nt!KeBugCheckEx
fffff80001420180 fffff800
016b8920 : 0000000000000001 fffffa80
04802a00
fffffa8004842010 fffffa80
040c2000 : nt!KiBugCheckDispatch+0x69
fffff800014202c0 fffff880
018897a0 : fffffa8004802a00 fffff880
00e67c08
00000000206c644d fffffa80
0650fc90 : nt!KiPageFault+0x260
fffff80001420450 fffff880
00e626a6 : fffffa8004802a00 00000000
01834e80
0000000000000000 00000000
00000000 : tcpip! ?? ::FNODOBFM::string'+0x56f4 fffff800
014204a0 fffff88000e6035d : fffffa80
066d2e20 fffffa800650fc90 00000000
00000000 fffff80001420400 : NETIO!NetioDereferenceNetBufferList+0x86 fffff800
014204d0 fffff8800183bae6 : fffff800
01834e80 0000000000000000 00000000
00000000 fffffa8004802a00 : NETIO!NetioDereferenceNetBufferListChain+0x2dd fffff800
01420550 fffff88001829f47 : fffffa80
0650fc90 0000000000000000 fffffa80
03fe1b40 fffffa80065a1b80 : tcpip!IppCompleteAndFreePacketList+0xc6 fffff800
01420580 fffff88001829cc0 : 00000000
00000000 fffffa80040cd860 00000000
00000001 0000000000000000 : tcpip!IppCleanupMfe+0x77 fffff800
014205b0 fffff88001859918 : fffffa80
040cd860 0000000000000000 fffff800
01420658 fffffa8003fe1b40 : tcpip!IppDereferenceMfe+0x20 fffff800
014205e0 fffff880018597aa : fffff800
01420830 0000000000000001 fffffa80
03fe1b58 0000000000000000 : tcpip!IppMfeSetTimeOut+0xf8 fffff800
01420700 fffff8800185861a : 00000000
00000000 fffff80001420830 00000000
00000001 fffff800016bf1fa : tcpip!IppCompartmentSetTimeout+0x9a fffff800
01420770 fffff800016c629e : fffff800
01420860 fffff80000000000 00000000
40aa0000 0000000000000000 : tcpip!IppTimeout+0x5a fffff800
014207a0 fffff800016c5dd6 : fffffa80
03d3d3f0 fffffa8003d3d3f0 00000000
00000000 0000000000000000 : nt!KiProcessTimerDpcTable+0x66 fffff800
01420810 fffff800016c64be : 000000cc
f14d88de fffff80001420e88 00000000
0055f58b fffff800018383e8 : nt!KiProcessExpiredTimerList+0xc6 fffff800
01420e60 fffff800016c5cb7 : fffffa80
04823ac4 fffff8000055f58b 00000000
00000000 000000000000008b : nt!KiTimerExpiration+0x1be fffff800
01420f00 fffff800016c0865 : 00000000
00000000 fffffa8006852680 00000000
00000000 fffff88000ec0c50 : nt!KiRetireDpcList+0x277 fffff800
01420fb0 fffff800016c067c : 00000000
0002625a fffff80001615090 00000000
00000000 fffff88004466ca0 : nt!KxRetireDpcList+0x5 fffff880
04466be0 fffff80001704113 : fffff800
016b6c60 fffff800016b6ccc 00000000
001e99f8 fffff800016303c0 : nt!KiDispatchInterruptContinue fffff880
04466c10 fffff800016b6ccc : 00000000
001e99f8 fffff800016303c0 00000000
00000001 fffffa8006616070 : nt!KiDpcInterruptBypass+0x13 fffff880
04466c20 000007fefddeebed : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : nt!KiInterruptDispatchNoLock+0x1fc 00000000
030dd220 0000000000000000 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : 0x7fe
fddeebed
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!NetioDereferenceNetBufferList+86
fffff880`00e626a6 4885ff test rdi,rdi
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+86
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a
FAILURE_BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
Followup: MachineOwner
kd> .trap 0xfffff800014202c0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8003d46d40 rbx=fffffa8004680600 rcx=0000000000000000
rdx=fffffa8003d46d41 rsi=0000000000000001 rdi=fffff8800185cbb4
rip=fffff880018897a0 rsp=fffff80001420450 rbp=0000000000000000
r8=fffffa8003d46d40 r9=00000000000000d0 r10=fffff80001835b80
r11=fffffa8004680540 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
tcpip! ?? ::FNODOBFM::string'+0x56f4: fffff880
018897a0 488b01 mov rax,qword ptr [rcx]
ds:07ff:0000=???