hi all,
i search the list for my problem, but didn't found anything about it.
I'm using a worker thread to write data from a buffer to filesystem.
writing to the file works pretty well, but when i try to close the file, i get the following bugcheck:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffc, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80541805, address which referenced memory
Debugging Details:
WRITE_ADDRESS: fffffffc
CURRENT_IRQL: ff
FAULTING_IP:
nt!KiSystemCallExit2+84
80541805 897308 mov dword ptr [ebx+8],esi
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: a709fc84 -- (.trap 0xffffffffa709fc84)
ErrCode = 00000002
eax=00000000 ebx=fffffff4 ecx=00000100 edx=a709fdcc esi=001540fc edi=a709fcf8
eip=80541805 esp=a709fcf8 ebp=a709fcf8 iopl=0 nv up di ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010093
nt!KiSystemCallExit2+0x84:
80541805 897308 mov dword ptr [ebx+8],esi ds:0023:fffffffc=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 804f8e09 to 8052b610
STACK_TEXT:
a709f838 804f8e09 00000003 a709fb94 00000000 nt!RtlpBreakWithStatusInstruction
a709f884 804f99f4 00000003 fffffffc 80541805 nt!KiBugCheckDebugBreak+0x19
a709fc64 80544758 0000000a fffffffc 000000ff nt!KeBugCheck2+0x574
a709fc64 80541805 0000000a fffffffc 000000ff nt!KiTrap0E+0x238
a709fcf8 804fff41 badb0d00 a709fd70 00000100 nt!KiSystemCallExit2+0x84
a709fdac 805cffd8 784e3fe0 00000000 00000000 nt!ZwClose+0x11
a709fddc 8054615e a66fe7f0 784e3fe0 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSystemCallExit2+84
80541805 897308 mov dword ptr [ebx+8],esi
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!KiSystemCallExit2+84
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d00d4fc
FAILURE_BUCKET_ID: 0xA_VRF_nt!KiSystemCallExit2+84
BUCKET_ID: 0xA_VRF_nt!KiSystemCallExit2+84
Followup: MachineOwner
The access to the buffer is protected by a WDFSPINLOCK. I know that this spinlock raises the IRQL to DEPATCH_LEVEL, therefore i check my IRQL before every usage of a Zw function (ZwWriteFile & ZwClose). Nevertheless i get this bugcheck when i call "ZwClose".
Anyone a idea where to search for this problem?
Greetz,
Andreas S.