Hello,
I m getting the following blue screen...but not very often. Does this
bcoz of uhcd.sys? or by some other drivers in the system?
The details are
OS Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86
compatible
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000015, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: eb39af57, address which referenced memory
Debugging Details:
READ_ADDRESS: 00000015
CURRENT_IRQL: 2
FAULTING_IP:
uhcd!UHCD_TransferCancel+2d
eb39af57 f6401501 test byte ptr [eax+0x15],0x1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
TRAP_FRAME: b2345b58 -- (.trap ffffffffb2345b58)
ErrCode = 00000000
eax=00000000 ebx=82c97b88 ecx=85e21548 edx=85e21490 esi=823d1148
edi=825469c8
eip=eb39af57 esp=b2345bcc ebp=b2345bdc iopl=0 nv up ei pl zr na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
uhcd!UHCD_TransferCancel+0x2d:
eb39af57 f6401501 test byte ptr [eax+0x15],0x1
ds:0023:00000015=??
Resetting default scope
LAST_CONTROL_TRANSFER: from 8041deba to eb39af57
STACK_TEXT:
b2345bdc 8041deba 85e21490 823d1148 823d1148 uhcd!UHCD_TransferCancel+0x2d
b2345bfc 804ae35c 823d1148 00000000 80064be0 nt!IoCancelIrp+0x70
b2345c18 804b0732 8260edc4 823d1148 823d1224
nt!IopCancelAlertedRequest+0x26
b2345c34 804b14d9 82c87030 00000103 8260ed68
nt!IopSynchronousServiceTail+0xda
b2345d00 804a93dc 00000240 00000c48 00000000 nt!IopXxxControlFile+0x5ab
b2345d34 80466389 00000240 00000c48 00000000 nt!NtDeviceIoControlFile+0x28
b2345d34 77f950df 00000240 00000c48 00000000 nt!KiSystemService+0xc9
02aff8ac 7c59e2f9 00000240 00000c48 00000000
ntdll!ZwDeviceIoControlFile+0xb
02aff908 0157347e 00000240 02affd3c 02affd28 KERNEL32!ClearCommError+0x45
WARNING: Stack unwind information not available. Following frames may be
wrong.
02affd44 01573e8e 01583c70 00000000 00000000 CPHWMgr!CCom_drv::ComRx+0x8f
02afffb4 7c57b382 0283af28 00000000 00000000
CPHWMgr!CCom_drv::PnlReadComportThreadProc+0x9a
02afffec 00000000 01573df4 0283af28 00000000 KERNEL32!BaseThreadStart+0x52
FOLLOWUP_IP:
uhcd!UHCD_TransferCancel+2d
eb39af57 f6401501 test byte ptr [eax+0x15],0x1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: uhcd!UHCD_TransferCancel+2d
MODULE_NAME: uhcd
IMAGE_NAME: uhcd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3e25ba6e
STACK_COMMAND: .trap ffffffffb2345b58 ; kb
BUCKET_ID: 0xD1_uhcd!UHCD_TransferCancel+2d
Followup: MachineOwner
======================================================================
The stack trace of Processor 0 is
ChildEBP RetAddr Args to Child
eb423f38 8041d259 eb3994d4 eb423f6c 80065420 hal!KfAcquireSpinLock+0x2c
eb423f3c eb3994d4 eb423f6c 80065420 82c97b88
nt!IoAcquireCancelSpinLock+0xb
eb423f54 eb39ad96 85e21490 823d1148 00000000 uhcd!UHCD_CompleteIrp+0x5a
eb423fa0 eb39a769 85e21490 82c97b88 823d1148
uhcd!UHCD_CompleteTransferDPC+0x28e
eb423fdc 80465728 85e2169c 85e21490 00000000 uhcd!UHCD_IsrDpc+0x9d
eb423ff4 8046ab4b b2285d44 00000000 00000000 nt!KiRetireDpcList+0x47
======================================================================
I analyzed the dump and found the following information.
The IRP currenlty in procssing in both processors is 0x823d1148
0: kd> !irp 823d1148 1
Irp is active with 4 stacks 3 is current (= 0x823d1200)
No Mdl System buffer = 824c6628 Thread 82365220: Irp stack trace.
Flags = 00000070
ThreadListEntry.Flink = 8236542c
ThreadListEntry.Blink = 8236542c
IoStatus.Status = 00000103
IoStatus.Information = 00000000
RequestorMode = 00000001
Cancel = 01
CancelIrql = 1
ApcEnvironment = 00
UserIosb = 02aff8fc
UserEvent = 82227560
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 02aff8e8
&Tail.Overlay.DeviceQueueEntry = 024ee4f4
Tail.Overlay.Thread = 82365220
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 823d1200
Tail.Overlay.OriginalFileObject = 8260ed68
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[f, 0] 0 e1 85e21490 00000000 eb175ad4-82227508 Success Error Cancel
pending
\Driver\uhcd klsiser
Args: 825469c8 00000000 00220003 00000000
[e, 0] 0 1 82c87030 8260ed68 00000000-00000000 pending
\Driver\klsiser
Args: 00000014 00000000 001b006c 00000000
The Args field in the current IRP Stack Location is
Args: 825469c8 00000000 00220003 00000000
And 825469c8 is an URB
!urb 825469c8
Dump URB 825469c8 0
---- URB: 825469c8 ----
Control Xfer: Pipe 82832fb4 Flags 3 Len 13 Buffer 828bc5c8 MDL 8218f968
HCA 24ee610 SetupPacket: c1 10 00 00 02 00 14 00
HCD_Area: HcdEndpoint 82c97b88 HcdIrp 823d1148
HcdList (82c97bcc, 82c97bcc) HcdList2 (0, 0)
CurrentIoFlush 0 HcdExt 0
URB:: Fn 8 len 50 stat 0 DevH 82832fa8 Flgs 3
At the point of exception, .i.e. in uhcd!UHCD_TransferCancel function,
It tries to read the memory at HcdExt + 0x15. Since HcdExt is 0, reading
memory 0x15 causes bluscreen.
Any idea on possible reasons for the blue screen?
Thanks
Sabeen