fitler driver help needed

OSR_Community_User · July 12, 2006, 11:36am

Hi All,

I have a filter driver on Windows XP and my driver crashes sometimes and I
am not able to fix it could anyone help by giving pointers in how to proceed
based on on follwoing windbg output.

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aad84885, The address that the exception occurred at
Arg3: aaa14a88, Trap Frame
Arg4: 00000000

Debugging Details:

*** WARNING: Unable to verify timestamp for pnd.sys

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
aad84885 894804 mov [eax+0x4],ecx

TRAP_FRAME: aaa14a88 -- (.trap ffffffffaaa14a88)
ErrCode = 00000002
eax=00000000 ebx=e1627ff0 ecx=aad8f550 edx=00000000 esi=85eb3cf0
edi=8537e020
eip=aad84885 esp=aaa14afc ebp=aaa14b04 iopl=0 nv up ei ng nz ac po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010296
fsf!RemoveEntryList+0x25:
aad84885 894804 mov [eax+0x4],ecx
ds:0023:00000004=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from aad84bde to aad84885

STACK_TEXT:
aaa14b04 aad84bde 86143598 00000000 00000000 fsf!RemoveEntryList+0x25
[f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
aaa14b20 aad84c49 aad8f550 aad8e5e0 aaa14ba4 fsf!FreeQueue+0x9e
[c:\fsf\suprtfns.c @ 1358]
aaa14b30 aad8c71f 8537e020 85eb3cf0 00000054 fsf!FreeRequestQueue+0x1f
[c:\fsf\suprtfns.c @ 1386]
aaa14ba4 aad8c1e6 85fbd030 85fac718 80538a0e fsf!DispatchDeviceIOCTL+0x27e
[c:\fsf\dispatch.c @ 3460]
aaa14bc4 aad823d2 85fbd030 85fac718 aaa14c18 fsf!DeviceRoutine+0x46
[c:\fsf\dispatch.c @ 3293]
aaa14bd4 804eeeb1 85fbd030 85fac718 80562944 fsf!PassThrough+0x22
[c:\fsf\entry.c @ 1298]
aaa14be4 f72c4d75 82002058 aa044c00 00000000 nt!IopfCallDriver+0x31
aaa14c18 f72c4ce3 82002058 aaa14c28 00000d1c pnd!PNDIoctl+0x9bf
[c:\pnd\pnd.c @ 560]
aaa14c40 805d0350 000002e0 00000d1c 00000000 pnd!PNDIoctl+0x92d
[c:\pnd\pnd.c @ 548]
aaa14c64 805d0e03 00000001 00000007 864bf1e0 nt!PspExitProcess+0x5e
aaa14cf0 805d0fb9 00000001 aaa14d4c 804fecb1 nt!PspExitThread+0x54f
aaa14cfc 804fecb1 864bf1e0 aaa14d48 aaa14d3c nt!PsExitSpecialApc+0x23
aaa14d4c 80540677 00000001 00000000 aaa14d64 nt!KiDeliverApc+0x1af
aaa14d4c 7c90eb94 00000001 00000000 aaa14d64 nt!KiServiceExit+0x59
WARNING: Frame IP not in any known module. Following frames may be wrong.
02b7feb8 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
aad84885 894804 mov [eax+0x4],ecx

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: fsf!RemoveEntryList+25

MODULE_NAME: fsf

IMAGE_NAME: fsf.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 44ab4094

STACK_COMMAND: .trap ffffffffaaa14a88 ; kb

FAILURE_BUCKET_ID: 0x8E_fsf!RemoveEntryList+25

BUCKET_ID: 0x8E_fsf!RemoveEntryList+25

Followup: MachineOwner

Any information is helpful.

thanks,
Kedar.

Don_Burn_1 · July 12, 2006, 11:41am

Well it sure looks like you are calling RemoveEntryList on an empty list,
but then I only spent a few seconds. This is what debuggers are made for.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Kedar” wrote in message news:xxxxx@ntfsd…
> Hi All,
>
> I have a filter driver on Windows XP and my driver crashes sometimes and I
> am not able to fix it could anyone help by giving pointers in how to
> proceed
> based on on follwoing windbg output.
>
> *****
>
>
> * Bugcheck Analysis
>
>
>
>
>
> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> This is a very common bugcheck. Usually the exception address pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never have
> hardcoded breakpoints in retail code, but …
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: aad84885, The address that the exception occurred at
> Arg3: aaa14a88, Trap Frame
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
> *** WARNING: Unable to verify timestamp for pnd.sys
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The memory could not be “%s”.
>
> FAULTING_IP:
> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aad84885 894804 mov [eax+0x4],ecx
>
> TRAP_FRAME: aaa14a88 – (.trap ffffffffaaa14a88)
> ErrCode = 00000002
> eax=00000000 ebx=e1627ff0 ecx=aad8f550 edx=00000000 esi=85eb3cf0
> edi=8537e020
> eip=aad84885 esp=aaa14afc ebp=aaa14b04 iopl=0 nv up ei ng nz ac po
> nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010296
> fsf!RemoveEntryList+0x25:
> aad84885 894804 mov [eax+0x4],ecx
> ds:0023:00000004=???
> Resetting default scope
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x8E
>
> LAST_CONTROL_TRANSFER: from aad84bde to aad84885
>
> STACK_TEXT:
> aaa14b04 aad84bde 86143598 00000000 00000000 fsf!RemoveEntryList+0x25
> [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aaa14b20 aad84c49 aad8f550 aad8e5e0 aaa14ba4 fsf!FreeQueue+0x9e
> [c:\fsf\suprtfns.c @ 1358]
> aaa14b30 aad8c71f 8537e020 85eb3cf0 00000054 fsf!FreeRequestQueue+0x1f
> [c:\fsf\suprtfns.c @ 1386]
> aaa14ba4 aad8c1e6 85fbd030 85fac718 80538a0e fsf!DispatchDeviceIOCTL+0x27e
> [c:\fsf\dispatch.c @ 3460]
> aaa14bc4 aad823d2 85fbd030 85fac718 aaa14c18 fsf!DeviceRoutine+0x46
> [c:\fsf\dispatch.c @ 3293]
> aaa14bd4 804eeeb1 85fbd030 85fac718 80562944 fsf!PassThrough+0x22
> [c:\fsf\entry.c @ 1298]
> aaa14be4 f72c4d75 82002058 aa044c00 00000000 nt!IopfCallDriver+0x31
> aaa14c18 f72c4ce3 82002058 aaa14c28 00000d1c pnd!PNDIoctl+0x9bf
> [c:\pnd\pnd.c @ 560]
> aaa14c40 805d0350 000002e0 00000d1c 00000000 pnd!PNDIoctl+0x92d
> [c:\pnd\pnd.c @ 548]
> aaa14c64 805d0e03 00000001 00000007 864bf1e0 nt!PspExitProcess+0x5e
> aaa14cf0 805d0fb9 00000001 aaa14d4c 804fecb1 nt!PspExitThread+0x54f
> aaa14cfc 804fecb1 864bf1e0 aaa14d48 aaa14d3c nt!PsExitSpecialApc+0x23
> aaa14d4c 80540677 00000001 00000000 aaa14d64 nt!KiDeliverApc+0x1af
> aaa14d4c 7c90eb94 00000001 00000000 aaa14d64 nt!KiServiceExit+0x59
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 02b7feb8 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> FOLLOWUP_IP:
> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aad84885 894804 mov [eax+0x4],ecx
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: fsf!RemoveEntryList+25
>
> MODULE_NAME: fsf
>
> IMAGE_NAME: fsf.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 44ab4094
>
> STACK_COMMAND: .trap ffffffffaaa14a88 ; kb
>
> FAILURE_BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>
> BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>
> Followup: MachineOwner
> ---------
>
>
>
> Any information is helpful.
>
> thanks,
> Kedar.
>
>
>
>
>
>
>

OSR_Community_User · July 12, 2006, 11:44am

Hi Don Burn,

I have observed that and I cross checked my code but I did not notice a case
where I might call with an empty list. And actually I am using look aside
lists here, does it cause any problem? and do you suggest any ways to
confirm this.

thanks in advance.

Regards,
Kedar.
“Kedar” wrote in message news:xxxxx@ntfsd…
> Hi All,
>
> I have a filter driver on Windows XP and my driver crashes sometimes and I
> am not able to fix it could anyone help by giving pointers in how to
> proceed
> based on on follwoing windbg output.
>
> *****
>
>
> * Bugcheck Analysis
>
>
>
>
>
> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> This is a very common bugcheck. Usually the exception address pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never have
> hardcoded breakpoints in retail code, but …
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: aad84885, The address that the exception occurred at
> Arg3: aaa14a88, Trap Frame
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
> *** WARNING: Unable to verify timestamp for pnd.sys
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The memory could not be “%s”.
>
> FAULTING_IP:
> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aad84885 894804 mov [eax+0x4],ecx
>
> TRAP_FRAME: aaa14a88 – (.trap ffffffffaaa14a88)
> ErrCode = 00000002
> eax=00000000 ebx=e1627ff0 ecx=aad8f550 edx=00000000 esi=85eb3cf0
> edi=8537e020
> eip=aad84885 esp=aaa14afc ebp=aaa14b04 iopl=0 nv up ei ng nz ac po
> nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010296
> fsf!RemoveEntryList+0x25:
> aad84885 894804 mov [eax+0x4],ecx
> ds:0023:00000004=???
> Resetting default scope
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x8E
>
> LAST_CONTROL_TRANSFER: from aad84bde to aad84885
>
> STACK_TEXT:
> aaa14b04 aad84bde 86143598 00000000 00000000 fsf!RemoveEntryList+0x25
> [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aaa14b20 aad84c49 aad8f550 aad8e5e0 aaa14ba4 fsf!FreeQueue+0x9e
> [c:\fsf\suprtfns.c @ 1358]
> aaa14b30 aad8c71f 8537e020 85eb3cf0 00000054 fsf!FreeRequestQueue+0x1f
> [c:\fsf\suprtfns.c @ 1386]
> aaa14ba4 aad8c1e6 85fbd030 85fac718 80538a0e fsf!DispatchDeviceIOCTL+0x27e
> [c:\fsf\dispatch.c @ 3460]
> aaa14bc4 aad823d2 85fbd030 85fac718 aaa14c18 fsf!DeviceRoutine+0x46
> [c:\fsf\dispatch.c @ 3293]
> aaa14bd4 804eeeb1 85fbd030 85fac718 80562944 fsf!PassThrough+0x22
> [c:\fsf\entry.c @ 1298]
> aaa14be4 f72c4d75 82002058 aa044c00 00000000 nt!IopfCallDriver+0x31
> aaa14c18 f72c4ce3 82002058 aaa14c28 00000d1c pnd!PNDIoctl+0x9bf
> [c:\pnd\pnd.c @ 560]
> aaa14c40 805d0350 000002e0 00000d1c 00000000 pnd!PNDIoctl+0x92d
> [c:\pnd\pnd.c @ 548]
> aaa14c64 805d0e03 00000001 00000007 864bf1e0 nt!PspExitProcess+0x5e
> aaa14cf0 805d0fb9 00000001 aaa14d4c 804fecb1 nt!PspExitThread+0x54f
> aaa14cfc 804fecb1 864bf1e0 aaa14d48 aaa14d3c nt!PsExitSpecialApc+0x23
> aaa14d4c 80540677 00000001 00000000 aaa14d64 nt!KiDeliverApc+0x1af
> aaa14d4c 7c90eb94 00000001 00000000 aaa14d64 nt!KiServiceExit+0x59
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 02b7feb8 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> FOLLOWUP_IP:
> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aad84885 894804 mov [eax+0x4],ecx
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: fsf!RemoveEntryList+25
>
> MODULE_NAME: fsf
>
> IMAGE_NAME: fsf.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 44ab4094
>
> STACK_COMMAND: .trap ffffffffaaa14a88 ; kb
>
> FAILURE_BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>
> BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>
> Followup: MachineOwner
> ---------
>
>
>
> Any information is helpful.
>
> thanks,
> Kedar.
>
>
>
>
>
>
>

OSR_Community_User · July 12, 2006, 11:48am

How are you serializing the list?

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Kedar
Sent: Wednesday, July 12, 2006 11:36 AM
To: ntfsd redirect
Subject: [ntfsd] fitler driver help needed

Hi All,

I have a filter driver on Windows XP and my driver crashes sometimes and
I
am not able to fix it could anyone help by giving pointers in how to
proceed
based on on follwoing windbg output.

************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: aad84885, The address that the exception occurred at
Arg3: aaa14a88, Trap Frame
Arg4: 00000000

Debugging Details:

*** WARNING: Unable to verify timestamp for pnd.sys

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
aad84885 894804 mov [eax+0x4],ecx

TRAP_FRAME: aaa14a88 -- (.trap ffffffffaaa14a88)
ErrCode = 00000002
eax=00000000 ebx=e1627ff0 ecx=aad8f550 edx=00000000 esi=85eb3cf0
edi=8537e020
eip=aad84885 esp=aaa14afc ebp=aaa14b04 iopl=0 nv up ei ng nz ac
po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010296
fsf!RemoveEntryList+0x25:
aad84885 894804 mov [eax+0x4],ecx
ds:0023:00000004=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from aad84bde to aad84885

STACK_TEXT:
aaa14b04 aad84bde 86143598 00000000 00000000 fsf!RemoveEntryList+0x25
[f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
aaa14b20 aad84c49 aad8f550 aad8e5e0 aaa14ba4 fsf!FreeQueue+0x9e
[c:\fsf\suprtfns.c @ 1358]
aaa14b30 aad8c71f 8537e020 85eb3cf0 00000054 fsf!FreeRequestQueue+0x1f
[c:\fsf\suprtfns.c @ 1386]
aaa14ba4 aad8c1e6 85fbd030 85fac718 80538a0e
fsf!DispatchDeviceIOCTL+0x27e
[c:\fsf\dispatch.c @ 3460]
aaa14bc4 aad823d2 85fbd030 85fac718 aaa14c18 fsf!DeviceRoutine+0x46
[c:\fsf\dispatch.c @ 3293]
aaa14bd4 804eeeb1 85fbd030 85fac718 80562944 fsf!PassThrough+0x22
[c:\fsf\entry.c @ 1298]
aaa14be4 f72c4d75 82002058 aa044c00 00000000 nt!IopfCallDriver+0x31
aaa14c18 f72c4ce3 82002058 aaa14c28 00000d1c pnd!PNDIoctl+0x9bf
[c:\pnd\pnd.c @ 560]
aaa14c40 805d0350 000002e0 00000d1c 00000000 pnd!PNDIoctl+0x92d
[c:\pnd\pnd.c @ 548]
aaa14c64 805d0e03 00000001 00000007 864bf1e0 nt!PspExitProcess+0x5e
aaa14cf0 805d0fb9 00000001 aaa14d4c 804fecb1 nt!PspExitThread+0x54f
aaa14cfc 804fecb1 864bf1e0 aaa14d48 aaa14d3c nt!PsExitSpecialApc+0x23
aaa14d4c 80540677 00000001 00000000 aaa14d64 nt!KiDeliverApc+0x1af
aaa14d4c 7c90eb94 00000001 00000000 aaa14d64 nt!KiServiceExit+0x59
WARNING: Frame IP not in any known module. Following frames may be
wrong.
02b7feb8 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
aad84885 894804 mov [eax+0x4],ecx

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: fsf!RemoveEntryList+25

MODULE_NAME: fsf

IMAGE_NAME: fsf.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 44ab4094

STACK_COMMAND: .trap ffffffffaaa14a88 ; kb

FAILURE_BUCKET_ID: 0x8E_fsf!RemoveEntryList+25

BUCKET_ID: 0x8E_fsf!RemoveEntryList+25

Followup: MachineOwner

Any information is helpful.

thanks,
Kedar.

Questions? First check the IFS FAQ at

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Don_Burn_1 · July 12, 2006, 11:49am

Well assuming WinDBG open the calls window and click on the stack entry for
fsf!RemoveEntryList you should easily be able to tell if it is an empty
list, at that point you may need to go back in the call stack to see the
originating routine, then figure how you got to that point.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Kedar” wrote in message news:xxxxx@ntfsd…
> Hi Don Burn,
>
> I have observed that and I cross checked my code but I did not notice a
> case where I might call with an empty list. And actually I am using look
> aside lists here, does it cause any problem? and do you suggest any ways
> to confirm this.
>
> thanks in advance.
>
> Regards,
> Kedar.
> “Kedar” wrote in message news:xxxxx@ntfsd…
>> Hi All,
>>
>> I have a filter driver on Windows XP and my driver crashes sometimes and
>> I
>> am not able to fix it could anyone help by giving pointers in how to
>> proceed
>> based on on follwoing windbg output.
>>
>> *****
>>
>>
>> * Bugcheck Analysis
>>
>>
>>
>>
>>
>> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
>> This is a very common bugcheck. Usually the exception address pinpoints
>> the driver/function that caused the problem. Always note this address
>> as well as the link date of the driver/image that contains this address.
>> Some common problems are exception code 0x80000003. This means a hard
>> coded breakpoint or assertion was hit, but this system was booted
>> /NODEBUG. This is not supposed to happen as developers should never have
>> hardcoded breakpoints in retail code, but …
>> If this happens, make sure a debugger gets connected, and the
>> system is booted /DEBUG. This will let us see why this breakpoint is
>> happening.
>> Arguments:
>> Arg1: c0000005, The exception code that was not handled
>> Arg2: aad84885, The address that the exception occurred at
>> Arg3: aaa14a88, Trap Frame
>> Arg4: 00000000
>>
>> Debugging Details:
>> ------------------
>>
>> *** WARNING: Unable to verify timestamp for pnd.sys
>>
>> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
>> referenced memory at “0x%08lx”. The memory could not be “%s”.
>>
>> FAULTING_IP:
>> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
>> aad84885 894804 mov [eax+0x4],ecx
>>
>> TRAP_FRAME: aaa14a88 – (.trap ffffffffaaa14a88)
>> ErrCode = 00000002
>> eax=00000000 ebx=e1627ff0 ecx=aad8f550 edx=00000000 esi=85eb3cf0
>> edi=8537e020
>> eip=aad84885 esp=aaa14afc ebp=aaa14b04 iopl=0 nv up ei ng nz ac
>> po
>> nc
>> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
>> efl=00010296
>> fsf!RemoveEntryList+0x25:
>> aad84885 894804 mov [eax+0x4],ecx
>> ds:0023:00000004=???
>> Resetting default scope
>>
>> CUSTOMER_CRASH_COUNT: 1
>>
>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>>
>> BUGCHECK_STR: 0x8E
>>
>> LAST_CONTROL_TRANSFER: from aad84bde to aad84885
>>
>> STACK_TEXT:
>> aaa14b04 aad84bde 86143598 00000000 00000000 fsf!RemoveEntryList+0x25
>> [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
>> aaa14b20 aad84c49 aad8f550 aad8e5e0 aaa14ba4 fsf!FreeQueue+0x9e
>> [c:\fsf\suprtfns.c @ 1358]
>> aaa14b30 aad8c71f 8537e020 85eb3cf0 00000054 fsf!FreeRequestQueue+0x1f
>> [c:\fsf\suprtfns.c @ 1386]
>> aaa14ba4 aad8c1e6 85fbd030 85fac718 80538a0e
>> fsf!DispatchDeviceIOCTL+0x27e
>> [c:\fsf\dispatch.c @ 3460]
>> aaa14bc4 aad823d2 85fbd030 85fac718 aaa14c18 fsf!DeviceRoutine+0x46
>> [c:\fsf\dispatch.c @ 3293]
>> aaa14bd4 804eeeb1 85fbd030 85fac718 80562944 fsf!PassThrough+0x22
>> [c:\fsf\entry.c @ 1298]
>> aaa14be4 f72c4d75 82002058 aa044c00 00000000 nt!IopfCallDriver+0x31
>> aaa14c18 f72c4ce3 82002058 aaa14c28 00000d1c pnd!PNDIoctl+0x9bf
>> [c:\pnd\pnd.c @ 560]
>> aaa14c40 805d0350 000002e0 00000d1c 00000000 pnd!PNDIoctl+0x92d
>> [c:\pnd\pnd.c @ 548]
>> aaa14c64 805d0e03 00000001 00000007 864bf1e0 nt!PspExitProcess+0x5e
>> aaa14cf0 805d0fb9 00000001 aaa14d4c 804fecb1 nt!PspExitThread+0x54f
>> aaa14cfc 804fecb1 864bf1e0 aaa14d48 aaa14d3c nt!PsExitSpecialApc+0x23
>> aaa14d4c 80540677 00000001 00000000 aaa14d64 nt!KiDeliverApc+0x1af
>> aaa14d4c 7c90eb94 00000001 00000000 aaa14d64 nt!KiServiceExit+0x59
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 02b7feb8 00000000 00000000 00000000 00000000 0x7c90eb94
>>
>>
>> FOLLOWUP_IP:
>> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
>> aad84885 894804 mov [eax+0x4],ecx
>>
>> SYMBOL_STACK_INDEX: 0
>>
>> FOLLOWUP_NAME: MachineOwner
>>
>> SYMBOL_NAME: fsf!RemoveEntryList+25
>>
>> MODULE_NAME: fsf
>>
>> IMAGE_NAME: fsf.sys
>>
>> DEBUG_FLR_IMAGE_TIMESTAMP: 44ab4094
>>
>> STACK_COMMAND: .trap ffffffffaaa14a88 ; kb
>>
>> FAILURE_BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>>
>> BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>>
>> Followup: MachineOwner
>> ---------
>>
>>
>>
>> Any information is helpful.
>>
>> thanks,
>> Kedar.
>>
>>
>>
>>
>>
>>
>>
>
>
>

OSR_Community_User · July 12, 2006, 11:50am

Hi,

I am serializing list with fast mutex.

thanks,
Kedar.
“Kedar” wrote in message news:xxxxx@ntfsd…
> Hi All,
>
> I have a filter driver on Windows XP and my driver crashes sometimes and I
> am not able to fix it could anyone help by giving pointers in how to
> proceed
> based on on follwoing windbg output.
>
> *****
>
>
> * Bugcheck Analysis
>
>
>
>
>
> KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
> This is a very common bugcheck. Usually the exception address pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never have
> hardcoded breakpoints in retail code, but …
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: aad84885, The address that the exception occurred at
> Arg3: aaa14a88, Trap Frame
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
> *** WARNING: Unable to verify timestamp for pnd.sys
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The memory could not be “%s”.
>
> FAULTING_IP:
> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aad84885 894804 mov [eax+0x4],ecx
>
> TRAP_FRAME: aaa14a88 – (.trap ffffffffaaa14a88)
> ErrCode = 00000002
> eax=00000000 ebx=e1627ff0 ecx=aad8f550 edx=00000000 esi=85eb3cf0
> edi=8537e020
> eip=aad84885 esp=aaa14afc ebp=aaa14b04 iopl=0 nv up ei ng nz ac po
> nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010296
> fsf!RemoveEntryList+0x25:
> aad84885 894804 mov [eax+0x4],ecx
> ds:0023:00000004=???
> Resetting default scope
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x8E
>
> LAST_CONTROL_TRANSFER: from aad84bde to aad84885
>
> STACK_TEXT:
> aaa14b04 aad84bde 86143598 00000000 00000000 fsf!RemoveEntryList+0x25
> [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aaa14b20 aad84c49 aad8f550 aad8e5e0 aaa14ba4 fsf!FreeQueue+0x9e
> [c:\fsf\suprtfns.c @ 1358]
> aaa14b30 aad8c71f 8537e020 85eb3cf0 00000054 fsf!FreeRequestQueue+0x1f
> [c:\fsf\suprtfns.c @ 1386]
> aaa14ba4 aad8c1e6 85fbd030 85fac718 80538a0e fsf!DispatchDeviceIOCTL+0x27e
> [c:\fsf\dispatch.c @ 3460]
> aaa14bc4 aad823d2 85fbd030 85fac718 aaa14c18 fsf!DeviceRoutine+0x46
> [c:\fsf\dispatch.c @ 3293]
> aaa14bd4 804eeeb1 85fbd030 85fac718 80562944 fsf!PassThrough+0x22
> [c:\fsf\entry.c @ 1298]
> aaa14be4 f72c4d75 82002058 aa044c00 00000000 nt!IopfCallDriver+0x31
> aaa14c18 f72c4ce3 82002058 aaa14c28 00000d1c pnd!PNDIoctl+0x9bf
> [c:\pnd\pnd.c @ 560]
> aaa14c40 805d0350 000002e0 00000d1c 00000000 pnd!PNDIoctl+0x92d
> [c:\pnd\pnd.c @ 548]
> aaa14c64 805d0e03 00000001 00000007 864bf1e0 nt!PspExitProcess+0x5e
> aaa14cf0 805d0fb9 00000001 aaa14d4c 804fecb1 nt!PspExitThread+0x54f
> aaa14cfc 804fecb1 864bf1e0 aaa14d48 aaa14d3c nt!PsExitSpecialApc+0x23
> aaa14d4c 80540677 00000001 00000000 aaa14d64 nt!KiDeliverApc+0x1af
> aaa14d4c 7c90eb94 00000001 00000000 aaa14d64 nt!KiServiceExit+0x59
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 02b7feb8 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> FOLLOWUP_IP:
> fsf!RemoveEntryList+25 [f:\winddk\2600.1106\inc\wxp\ntifs.h @ 3138]
> aad84885 894804 mov [eax+0x4],ecx
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: fsf!RemoveEntryList+25
>
> MODULE_NAME: fsf
>
> IMAGE_NAME: fsf.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 44ab4094
>
> STACK_COMMAND: .trap ffffffffaaa14a88 ; kb
>
> FAILURE_BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>
> BUCKET_ID: 0x8E_fsf!RemoveEntryList+25
>
> Followup: MachineOwner
> ---------
>
>
>
> Any information is helpful.
>
> thanks,
> Kedar.
>
>
>
>
>
>
>