Hi ntfsd users,
we are in process of maintaining/updating an existing file system driver.
-
the driver operates as expected, but it occasionally crashes with bugcheck IRQL_NOT_LESS_OR_EQUAL while restarting/shutdown the operating system ( Windows XP Service pack 2)
-
The issue seems to be with our driver, as the machine operates fine without over driver.
-
The kernel dump does not point on our driver, rather it points to explorer.exe
Please find below the bug check analysis report.
(a) ntfsd/ntdev expert please advice which areas to focus on?
(b) is the issue related to Event (KeWaitForSingleObject) not being reset/freed properly [as per our observation on seeing the bug report]
(c) Please share you analysis seeing on the bug report.
(d) When does the driver crashes at restart/shutdown?? Is it related to spinlock aquired not freed? Or driver doing something abnormal while unloading ?
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00040001, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation
(only on chips which support this level of status)
Arg4: 80823d30, address which referenced memory
Debugging Details:
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for halmacpi.dll -
PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details
WRITE_ADDRESS: 00040001
CURRENT_IRQL: 1c
FAULTING_IP:
nt!KeWaitForSingleObject+186
80823d30 8939 mov dword ptr [ecx],edi
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
TRAP_FRAME: f6a5bb1c -- (.trap 0xfffffffff6a5bb1c)
ErrCode = 00000002
eax=866ab6bc ebx=866ab6b4 ecx=00040001 edx=00000000 esi=8645a350 edi=8645a3c0
eip=80823d30 esp=f6a5bb90 ebp=f6a5bbb0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!KeWaitForSingleObject+0x186:
80823d30 8939 mov dword ptr [ecx],edi ds:0023:00040001=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 80823d30 to 8086c6d0
STACK_TEXT:
f6a5bb1c 80823d30 badb0d00 00000000 f6a5bb60 nt!KiTrap0E+0x238
f6a5bbb0 8086e91e 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x186
f6a5bbcc 80816352 8645a560 87546e70 80a0d3b8 nt!ExAcquireFastMutexUnsafe+0x1a
f6a5bc28 8081a327 86475728 87546e70 87546e80 nt!FsRtlCancelNotify+0x52
f6a5bc40 8089d529 87546e70 86485020 8645a350 nt!IoCancelIrp+0x65
f6a5bc68 808f9cb9 8645a350 866ae8a0 40010004 nt!IoCancelThreadIo+0x33
f6a5bcf0 808f9fbb 40010004 f6a5bd4c 80827cb1 nt!PspExitThread+0x403
f6a5bcfc 80827cb1 866ae8a0 f6a5bd48 f6a5bd3c nt!PsExitSpecialApc+0x23
f6a5bd4c 80869677 00000001 00000000 f6a5bd64 nt!KiDeliverApc+0x1af
f6a5bd4c 7c90eb94 00000001 00000000 f6a5bd64 nt!KiServiceExit+0x59
WARNING: Frame IP not in any known module. Following frames may be wrong.
0132fdcc 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeWaitForSingleObject+186
80823d30 8939 mov dword ptr [ecx],edi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KeWaitForSingleObject+186
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 41107b0d
FAILURE_BUCKET_ID: 0xA_VRF_nt!KeWaitForSingleObject+186
BUCKET_ID: 0xA_VRF_nt!KeWaitForSingleObject+186
Followup: MachineOwner
0: kd .trap 0xfffffffff6a5bb1c
ErrCode = 00000002
eax=866ab6bc ebx=866ab6b4 ecx=00040001 edx=00000000 esi=8645a350 edi=8645a3c0
eip=80823d30 esp=f6a5bb90 ebp=f6a5bbb0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!KeWaitForSingleObject+0x186:
80823d30 8939 mov dword ptr [ecx],edi ds:0023:00040001=????????
=============
thankyou very much
-lazlo elteto