Hi Neal,
We had a bug check on XP SP2 with the filter manager. A block or context is
being freed twice. The block at the time of the free was not one of my
blocks (the tag is VadS. Any ideas about what might be causing this?
Thanks,
Ken
Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [I:\Dumps\d8\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is:
I:\Dumps\cami\d8;SRV*c:\dev\websymbols*http://msdl.microsoft.com/download/sy
mbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805644a0
Debug session time: Fri Jan 14 20:56:48 2005
System Uptime: 0 days 2:41:22.125
Loading Kernel Symbols
…
…
Loading unloaded module list
…
Loading User Symbols
1: kd> !analyze -v
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad
IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 023d0007, Memory contents of the pool block
Arg4: 816f23e8, Address of the block of pool being deallocated
Debugging Details:
POOL_ADDRESS: 816f23e8 Nonpaged pool
FREED_POOL_TAG: VadS
BUGCHECK_STR: 0xc2_7_VadS
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from 80552fc8 to 80537832
STACK_TEXT:
f619bb3c 80552fc8 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f619bb8c f9957d80 816f23e8 5346434f f619bbb0 nt!ExFreePoolWithTag+0x2c1
f619bb9c f9957fe6 816f23e8 00000000 816f23e8 fltmgr!DoFreeContextMemory+0x2e
f619bbb0 f9958147 816f23e8 816f23e8 f619bbd8 fltmgr!DoFreeContext+0x26
f619bbc0 f9962b7c 816f23e8 816afaf0 816afb18 fltmgr!DoReleaseContext+0x25
f619bbd8 f996ce79 816afb50 816afb18 ffffffff
fltmgr!FltpDeleteContextList+0x7c
f619bbf8 f996d0c3 816afaf0 e234c3e0 816afaf4
fltmgr!CleanupStreamListCtrl+0x1b
f619bc10 805928a0 816afaf4 805521e6 e234c3e0
fltmgr!DeleteStreamListCtrlCallback+0x61
f619bc58 f617bd5d e234c3e0 e234c3e0 81a0fd28
nt!FsRtlTeardownPerStreamContexts+0x52
f619bc70 f6176069 f619bc8c e234c3e0 e135346c Fastfat!FatDeleteFcb_Real+0x72
f619bd00 f6177313 81a0fd28 e234c3e0 e1353460 Fastfat!FatCommonClose+0x1f5
f619bd5c f61857d0 00000000 f619bd7c 8056f03d Fastfat!FatFspClose+0x108
f619bd68 8056f03d 81a00bc0 00000000 8056b4c0 Fastfat!FatCloseWorker+0x13
f619bd7c 804e29d6 81a5a540 00000000 816ef498 nt!IopProcessWorkItem+0x13
f619bdac 80576b24 81a5a540 00000000 00000000 nt!ExpWorkerThread+0xef
f619bddc 804eed86 804e2912 80000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
fltmgr!DoFreeContextMemory+2e
f9957d80 eb1b jmp fltmgr!DoFreeContextMemory+0x4b (f9957d9d)
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: fltmgr!DoFreeContextMemory+2e
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 41107bad
STACK_COMMAND: kb
BUCKET_ID: 0xc2_7_VadS_fltmgr!DoFreeContextMemory+2e
Followup: MachineOwner
1: kd> !pool 816f23e8
Pool page 816f23e8 region is Nonpaged pool
816f2000 size: 80 previous size: 0 (Allocated) Mdl
816f2080 size: 8 previous size: 80 (Free) …y
816f2088 size: 30 previous size: 8 (Allocated) TCPc
816f20b8 size: 10 previous size: 30 (Free) Vadl
816f20c8 size: 28 previous size: 10 (Allocated) NtFs
816f20f0 size: 178 previous size: 28 (Free) CcBc
816f2268 size: 28 previous size: 178 (Allocated) NtFs
816f2290 size: 30 previous size: 28 (Free) ObSt
816f22c0 size: a8 previous size: 30 (Allocated) File (Protected)
816f2368 size: 40 previous size: a8 (Allocated) FatE
*816f23a8 size: 220 previous size: 40 (Free) *VadS
Pooltag VadS : Mm virtual address descriptors (short),
Binary : nt!mm
816f25c8 size: 80 previous size: 220 (Allocated) Mdl
816f2648 size: 180 previous size: 80 (Free) Ntfi
816f27c8 size: 38 previous size: 180 (Allocated) Process: 81964978
816f2800 size: 8 previous size: 38 (Free) Hal
816f2808 size: 20 previous size: 8 (Allocated) ReTa
816f2828 size: 30 previous size: 20 (Allocated) Even (Protected)
816f2858 size: 8 previous size: 30 (Free) Ntfr
816f2860 size: 58 previous size: 8 (Allocated) MmCa
816f28b8 size: 8 previous size: 58 (Free) NtFs
816f28c0 size: 50 previous size: 8 (Free ) PcIs
816f2910 size: 30 previous size: 50 (Free ) Process: 817cf4a0
816f2940 size: 98 previous size: 30 (Free) File
816f29d8 size: 30 previous size: 98 (Allocated) Vad
816f2a08 size: 30 previous size: 30 (Allocated) Even (Protected)
816f2a38 size: 8 previous size: 30 (Free) Sema
816f2a40 size: 40 previous size: 8 (Allocated) Ntfr
816f2a80 size: 70 previous size: 40 (Free) MmCa
816f2af0 size: 40 previous size: 70 (Allocated) Ntfr
816f2b30 size: 30 previous size: 40 (Allocated) Vad
816f2b60 size: 30 previous size: 30 (Allocated) Even (Protected)
816f2b90 size: 98 previous size: 30 (Free) File
816f2c28 size: 50 previous size: 98 (Allocated) TCPC
816f2c78 size: 8 previous size: 50 (Free) Ntfi
816f2c80 size: 1b8 previous size: 8 (Allocated) OCFS
816f2e38 size: 80 previous size: 1b8 (Allocated) Mdl
816f2eb8 size: 8 previous size: 80 (Free) xXp.
816f2ec0 size: a0 previous size: 8 (Allocated) MmIn
816f2f60 size: a0 previous size: a0 (Allocated) AfdC (Protected)