Hello,
I’m trying to validate my file system drivers with HCT 12 on XP SP2. The
process BSOD’s but I don’t see any direct interaction with my driver.
Here’s the !analyze info. I’m hoping someone will see something that can
point me in the right direction. The last command being run, as noted in
the HCT DC2.LOG file, was “Start IOCTL/FSCTL Zero Length Buffer Tests (funcs
0-4095, with devtype 2-2).”
Thank you.
Microsoft (R) Windows Debugger Version 6.2.0013.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\TEMP\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\code\run
Windows XP Kernel Version 2600 (Service Pack 2.2149) MP (4 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rc2.040610-1520
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b700
Debug session time: Wed Jul 07 14:27:10 2004
System Uptime: 0 days 0:03:08.937
Loading Kernel Symbols
…
…
Loading unloaded module list
…
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdf00c). Type “.hh dbgerr001” for details
****************************************************************************
***
* *
* Bugcheck Analysis *
* *
****************************************************************************
***
Use !analyze -v to get detailed debugging information.
BugCheck A, {f787, 2, 1, 806e3a8e}
Probably caused by : ntkrpamp.exe ( nt!IoAcquireCancelSpinLock+e )
Followup: MachineOwner
2: kd> !analyze -v
****************************************************************************
***
* *
* Bugcheck Analysis *
* *
****************************************************************************
***
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000f787, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 806e3a8e, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 0000f787
CURRENT_IRQL: 2
FAULTING_IP:
hal!KeAcquireQueuedSpinLock+42
806e3a8e 8902 mov [edx],eax
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
TRAP_FRAME: f0fadc7c – (.trap fffffffff0fadc7c)
ErrCode = 00000002
eax=f787c570 ebx=806e33b8 ecx=80551483 edx=0000f787 esi=866e8e28
edi=866e8e38
eip=806e3a8e esp=f0fadcf0 ebp=f0fadcf8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
hal!KeAcquireQueuedSpinLock+0x42:
806e3a8e 8902 mov [edx],eax ds:0023:0000f787=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 804eec44 to 806e3a8e
STACK_TEXT:
f0fadcf0 804eec44 f0fadd0c 804f1385 f0fadd08
hal!KeAcquireQueuedSpinLock+0x42
f0fadcf8 804f1385 f0fadd08 866bfac8 866bf270 nt!IoAcquireCancelSpinLock+0xe
f0fadd0c 805749b8 866e8e28 f0fadd64 00b0ff18 nt!IoCancelIrp+0x2f
f0fadd54 8053fe9c 00000798 0103f4ac 00b0ffb4 nt!NtCancelIoFile+0xb8
f0fadd54 7c911444 00000798 0103f4ac 00b0ffb4 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00b0ff04 00000000 00000000 00000000 00000000 0x7c911444
FOLLOWUP_IP:
nt!IoAcquireCancelSpinLock+e
804eec44 8b4d08 mov ecx,[ebp+0x8]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!IoAcquireCancelSpinLock+e
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 40c8ec05
STACK_COMMAND: .trap fffffffff0fadc7c ; kb
BUCKET_ID: 0xA_W_nt!IoAcquireCancelSpinLock+e
Followup: MachineOwner