I have got a crash in 64 bit machine in win2k3. The detail of crash dump as
follows.
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8000128b0ef, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 00000000bad0b144, Parameter 1 of the exception
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
nt!ObpFreeObject+82
fffff800`0128b0ef f041ff8c2494000000 lock dec dword ptr [r12+94h]
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 00000000bad0b144
WRITE_ADDRESS: 00000000bad0b144
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: dataprotection.
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffffadfe2ac4e00 – (.exr fffffadfe2ac4e00)
ExceptionAddress: fffff8000128b0ef (nt!ObpFreeObject+0x0000000000000082)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 00000000bad0b144
Attempt to write to address 00000000bad0b144
TRAP_FRAME: fffffadfe2ac4e90 – (.trap fffffadfe2ac4e90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffadfe4c6b7f0 rsi=fffffadfe2ac55d0 rdi=0000000000000000
rip=fffff8000128b0ef rsp=fffffadfe2ac5020 rbp=fffffadfe771a010
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ObpFreeObject+0x82:
fffff800`0128b0ef f041ff8c2494000000 lock dec dword ptr [r12+94h]
ds:4fc0:0094=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800010860dd to fffff800010501d0
STACK_TEXT:
fffffadfe2ac4708 fffff800010860dd : 000000000000001e ffffffffc0000005
fffff8000128b0ef 0000000000000001 : nt!KeBugCheckEx
fffffadfe2ac4710 fffff8000104ffef : fffffadfe2ac4e00 fffff8000102f05c
fffffadfe2ac4e90 fffff8000105d6f2 : nt!KiDispatchException+0x128
fffffadfe2ac4d10 fffff8000104eee1 : fffffabe09126edc fffff80000000018
000011fe08db0f00 fffff800013dafff : nt!KiExceptionExit
fffffadfe2ac4e90 fffff8000128b0ef : 0012011600120089 001f01ff001200a0
0000000000000000 fffffadfe2ac5080 : nt!KiPageFault+0x1e1
fffffadfe2ac5020 fffff8000105a92b : fffffadfe771a040 fffffadfe2ac5170
fffffadfe771a070 0000000000000000 : nt!ObpFreeObject+0x82
fffffadfe2ac5060 fffff80001296a8c : ffffffff80000248 0000000000000000
fffffadfe2ac55d0 0000000000000001 : nt!ObfDereferenceObject+0x83
fffffadfe2ac5090 fffff80001296bb7 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!IopCreateFile+0x74c
fffffadfe2ac5220 fffff800012858f9 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!IoCreateFile+0x12f
fffffadfe2ac5300 fffff8000104fce2 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!NtOpenFile+0x49
fffffadfe2ac5380 fffff80001050140 : fffff8000124cee7 fffffabec84c8ff8
fffffadfe633f000 fffffadfe633f000 : nt!KiSystemServiceCopyEnd+0x3
fffffadfe2ac5588 fffff8000124cee7 : fffffabec84c8ff8 fffffadfe633f000
fffffadfe633f000 fffffadfe633f000 : nt!KiServiceLinkage
fffffadfe2ac5590 fffffadfe1e7415e : fffffadfe676b05a fffffadfe676b05a
0000000000000200 fffffadfe68ab650 : nt!IoGetDeviceObjectPointer+0x57
fffffadfe2ac5620 fffffadfe1e743d9 : 0000000000000000 0000000000000000
fffffadfe676b05a fffffadfe676b05d : volDrv!CreateFileRaw+0xde
fffffadfe2ac5790 fffffadfe1e707c0 : 0000000000000000 fffffadfe76354e0
fffffabe8037e0a0 fffffabec84c8f00 : volDrv!OPEN_RAW_FILE+0x9
fffffadfe2ac57c0 fffffadfe1e7390c : fffffabe00000000 000000000a081800
fffffadfe69b8770 fffffadfe6995b40 : volDrv!ReadFromVolume+0x50
fffffadfe2ac5860 fffffadfe1e73c07 : 01c760ad0f18db45 fffffadfe6983ef0
fffffabec84c8ee0 fffffadfe2ac5a78 :
volDrv!VolumesUpdateForParentVolume+0x13c
fffffadfe2ac5920 fffffadfe1e6bdfa : 0000000000feefd8 00000000000000b0
fffffadfe2005a40 fffffadfe6983ef0 : volDrv!VolumesUpdates+0x27
fffffadfe2ac5960 fffffadfe1e6d109 : fffffabec84c8ff8 fffffadfe69b8620
fffffabec84c8ee0 fffffabec84c8ee0 : volDrv!UpdateVolume+0x5a
fffffadfe2ac5990 fffffadfe1e6b2d0 : 0000000000000000 fffffabec84c8ee0
fffffadfe69b8620 0000000000000000 :
volDrv!HandleDeviceControlForControlDevice+0xb9
fffffadfe2ac59c0 fffff800013c6255 : fffffadfe77aee60 fffffadfe2ac5a30
fffffabec84c8ee0 fffffadfe69b8620 : volDrv!DispatchDeviceControl+0xc0
fffffadfe2ac5a00 fffff8000129abc0 : 0000000000000850 fffffabec84c8ee0
0000000000000000 0000000000000801 : nt!IovCallDriver+0x1b5
fffffadfe2ac5a70 fffff8000129ac76 : 0000000000000000 0000000000000000
0000000000000001 0000000000000000 : nt!IopXxxControlFile+0xa69
fffffadfe2ac5b90 fffff8000104fce2 : 0000000000000274 0000000000000000
0000000000000000 0000000000000000 : nt!NtDeviceIoControlFile+0x56
fffffadfe2ac5c00 0000000078b83e48 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x3
0000000000ebf098 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : 0x78b83e48
0000000000ebf0a0 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000ebf0f0 : 0x0
0000000000ebf0a8 0000000000000000 : 0000000000000000 0000000000000000
0000000000ebf0f0 000000000001241c : 0x0
0000000000ebf0b0 0000000000000000 : 0000000000000000 0000000000ebf0f0
000000000001241c 0000000000fef034 : 0x0
0000000000ebf0b8 0000000000000000 : 0000000000ebf0f0 000000000001241c
0000000000fef034 0000000000000850 : 0x0
0000000000ebf0c0 0000000000ebf0f0 : 000000000001241c 0000000000fef034
0000000000000850 0000000000000000 : 0x0
0000000000ebf0c8 000000000001241c : 0000000000fef034 0000000000000850
0000000000000000 0000000000000000 : 0xebf0f0
0000000000ebf0d0 0000000000fef034 : 0000000000000850 0000000000000000
0000000000000000 0000000000feefd8 : 0x1241c
0000000000ebf0d8 0000000000000850 : 0000000000000000 0000000000000000
0000000000feefd8 0000000000000000 : 0xfef034
0000000000ebf0e0 0000000000000000 : 0000000000000000 0000000000feefd8
0000000000000000 0000000000feefd8 : 0x850
0000000000ebf0e8 0000000000000000 : 0000000000feefd8 0000000000000000
0000000000feefd8 0000000000fef86c : 0x0
0000000000ebf0f0 0000000000feefd8 : 0000000000000000 0000000000feefd8
0000000000fef86c 000000237d61c884 : 0x0
0000000000ebf0f8 0000000000000000 : 0000000000feefd8 0000000000fef86c
000000237d61c884 0000000000000023 : 0xfeefd8
0000000000ebf100 0000000000feefd8 : 0000000000fef86c 000000237d61c884
0000000000000023 0000000000000202 : 0x0
0000000000ebf108 0000000000fef86c : 000000237d61c884 0000000000000023
0000000000000202 0000000000fefffc : 0xfeefd8
0000000000ebf110 000000237d61c884 : 0000000000000023 0000000000000202
0000000000fefffc 000000000000002b : 0xfef86c
0000000000ebf118 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : 0x23`7d61c884
STACK_COMMAND: kb
FOLLOWUP_IP:
volDrv!CreateFileRaw+0xde
fffffadf`e1e7415e 488d4c2430 lea rcx,[rsp+30h]
SYMBOL_STACK_INDEX: c
SYMBOL_NAME: volDrv!CreateFileRaw+0xde
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: volDrv
IMAGE_NAME: volDrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45ee1ba6
FAILURE_BUCKET_ID: X64_0x1E_BADMEMREF_volDrv!CreateFileRaw+0xde
BUCKET_ID: X64_0x1E_BADMEMREF_volDrv!CreateFileRaw+0xde
Followup: MachineOwner
1: kd> .exr fffffadfe2ac4e00
ExceptionAddress: fffff8000128b0ef (nt!ObpFreeObject+0x0000000000000082)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 00000000bad0b144
Attempt to write to address 00000000bad0b144
IoGetDeviceObjectPointer tries to get the device object and file object for
the raw volume created by us mounted on the sparse file.first parameter to
this function is \DosDevices\Global\X: Second paramete is
FILE_READ_ATTRIBUTES. I got this crash once in a while. i did not got this
crash in 32 bit machine.
Device object for X: is 0xfffffadf`e6870060
1: kd> !DEVOBJ 0xfffffadf`e6870060
Device object (fffffadfe6870060) is for:
VVolume2{70819915-cc8a-11db-a310-0016e696fc7e} \Driver\volDrv DriverObject
fffffadfe688cd40
Current Irp 00000000 RefCount 0 Type 00000007 Flags 00000050
Vpb fffffadfe6539e80 Dacl fffffb8100c96010 DevExt fffffadfe68701b0 DevObjExt
fffffadfe68702a8 Dope fffffadfe69b69f0
ExtensionFlags (0x80000000) DOE_DESIGNATED_FDO
Device queue is not busy.
1: kd> dt nt!_DEVICE_OBJECT 0xfffffadfe6870060 +0x000 Type : 3 +0x002 Size : 0x248 +0x004 ReferenceCount : 0 +0x008 DriverObject : 0xfffffadfe688cd40 _DRIVER_OBJECT
+0x010 NextDevice : 0xfffffadfe69da5d0 _DEVICE_OBJECT +0x018 AttachedDevice : (null) +0x020 CurrentIrp : (null) +0x028 Timer : (null) +0x030 Flags : 0x50 +0x034 Characteristics : 0 +0x038 Vpb : 0xfffffadfe6539e80 _VPB
+0x040 DeviceExtension : 0xfffffadfe68701b0 +0x048 DeviceType : 7 +0x04c StackSize : 1 '' +0x050 Queue : <unnamed-tag><br> +0x098 AlignmentRequirement : 0<br> +0x0a0 DeviceQueue : _KDEVICE_QUEUE<br> +0x0c8 Dpc : _KDPC<br> +0x108 ActiveThreadCount : 0<br> +0x110 SecurityDescriptor : 0xfffffa8000b75f70
+0x118 DeviceLock : _KEVENT
+0x130 SectorSize : 0x200
+0x132 Spare1 : 0
+0x138 DeviceObjectExtension : 0xfffffadfe68702a8 _DEVOBJ_EXTENSION<br> +0x140 Reserved : (null)<br><br>1: kd> dt nt!_VPB 0xfffffadfe6539e80
+0x000 Type : 10
+0x002 Size : 96
+0x004 Flags : 1
+0x006 VolumeLabelLength : 0
+0x008 DeviceObject : 0xfffffadfe6368b30 _DEVICE_OBJECT<br> +0x010 RealDevice : 0xfffffadfe6870060 _DEVICE_OBJECT
+0x018 SerialNumber : 0xffffffff
+0x01c ReferenceCount : 1
+0x020 VolumeLabel : [32] 0
1: kd> !devobj 0xfffffadf`e6368b30
Device object (fffffadfe6368b30) is for:
\FileSystem\RAW DriverObject fffffadfe7b6b450
Current Irp 00000000 RefCount 0 Type 00000008 Flags 00000010
DevExt fffffadfe6368c80 DevObjExt fffffadfe6368d10
ExtensionFlags (0x80000000) DOE_DESIGNATED_FDO
AttachedDevice (Upper) fffffadfe76a2ce0 \FileSystem\FltMgr
Device queue is not busy.