Here it is, but I must say, the assembly code snippet from before is not
from this failure, it’s from a previous one(but they fail the same way)
0: kd> !analyze -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88026d497b4, The address that the exception occurred at
Arg3: fffff880246208f8, Exception Record Address
Arg4: fffff88024620150, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
NeitPackage!fbe_api_common_send_control_packet+94
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_common\src\fbe_api_common.c @ 187]
fffff880`26d497b4 0000 add byte ptr [rax],al
EXCEPTION_RECORD: fffff880246208f8 – (.exr 0xfffff880246208f8)
ExceptionAddress: fffff88026d497b4
(NeitPackage!fbe_api_common_send_control_packet+0x0000000000000094)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000001
Attempt to write to address 0000000000000001
CONTEXT: fffff88024620150 – (.cxr 0xfffff88024620150)
rax=0000000000000001 rbx=fffffa8007e00040 rcx=fffffa80091bca20
rdx=0000000000000460 rsi=fffffa80036c5890 rdi=0000000000000001
rip=fffff88026d497b4 rsp=fffff88024620b30 rbp=0000000000000080
r8=0000000000000801 r9=fffff800018652e0 r10=fffff80001864888
r11=fffffa80091bca20 r12=0000000000000000 r13=fffff88026d46150
r14=0000000000000000 r15=fffff880009cfec0
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b
efl=00010286
NeitPackage!fbe_api_common_send_control_packet+0x94:
fffff88026d497b4 0000 add byte ptr [rax],al ds:002b:00000000
00000001=??
Resetting default scope
PROCESS_NAME: System
CURRENT_IRQL: f
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000000001
WRITE_ADDRESS: 0000000000000001
FOLLOWUP_IP:
NeitPackage!fbe_api_common_send_control_packet+94
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_common\src\fbe_api_common.c @ 187]
fffff880`26d497b4 0000 add byte ptr [rax],al
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: CODE_CORRUPTION
LAST_CONTROL_TRANSFER: from fffff88026d474da to fffff88026d497b4
STACK_TEXT:
fffff88024620b30 fffff880
26d474da : fffffa80ff030004 fffff880
24620c08 fffffa8000000008 fffff880
00000835 :
NeitPackage!fbe_api_common_send_control_packet+0x94
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_common\src\fbe_api_common.c @ 187]
fffff88024620bb0 fffff880
26d45e2e : 000000000000000b fffff880
24620c54 fffffa800000000b 00000000
00000000 :
NeitPackage!fbe_api_get_object_type+0x4a
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_physical_package_interface\src\fbe_api_discovery_interf
ace.c @ 274]
fffff88024620c20 fffff880
26d46427 : fffffa800000000b fffff880
26d4c21d fffffa80036c5890 fffff880
26d46150 :
NeitPackage!object_map_interface_add_object+0x2e
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_object_map\src\fbe_api_object_map_interface.c @ 820]
fffff88024620c70 fffff880
26d462d4 : fffff8800000000b fffff880
00000002 fffff88026d4e880 00000000
0000000b :
NeitPackage!object_map_interface_change_object_state+0x47
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_object_map\src\fbe_api_object_map_interface.c @ 1026]
fffff88024620cb0 fffff880
26d46198 : fffff88026d50808 00000000
00000000 fffff88026d4e820 00000000
00000008 :
NeitPackage!object_map_interface_dispatch_queue+0xe4
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_object_map\src\fbe_api_object_map_interface.c @ 958]
fffff88024620d00 fffff800
0197a166 : 0000000000000000 fffffa80
036f2b60 0000000000000000 fffff800
016ced87 :
NeitPackage!object_map_interface_thread_func+0x48
[d:\views\d7a70e197744846811e80440a568257c.stg\catmerge\disk\fbe\src\lib
\fbe_api\fbe_api_object_map\src\fbe_api_object_map_interface.c @ 904]
fffff88024620d40 fffff800
016b5486 : fffff880009cb180 fffffa80
07e00040 fffffa80036f1b60 fffff880
01c15a90 :
nt!PspSystemThreadStartup+0x5a
fffff88024620d80 00000000
00000000 : fffff88024621000 fffff880
2461b000 fffff88024620a10 00000000
00000000 :
nt!KxStartSystemThread+0x16
CHKIMG_EXTENSION: !chkimg -lo 50 -d !NeitPackage
fffff88026d497b3-fffff88026d497d1 31 bytes -
NeitPackage!fbe_api_common_send_control_packet+93
[68 e8 c7 a2 ff ff 48 89:00 00 00 00 00 00 00 00]
31 errors : !NeitPackage (fffff88026d497b3-fffff88026d497d1)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE_32
STACK_COMMAND: .cxr 0xfffff88024620150 ; kb
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE_32
BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE_32
Followup: memory_corruption
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Friday, September 10, 2010 9:57 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Looking for an idea to track memory corruption
An !analyze -v dump would be nice, with symbols set correctly.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@emc.com
Sent: Friday, September 10, 2010 8:43 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Looking for an idea to track memory corruption
Hi,
During runtime, one of our driver’s stack is being corrupted, most
likely by a DMA transaction gone wrong. The reason I say it is because
the instruction memory is getting corrupted and Windows will trap that
if any code will try to do that. The reason window does not catch that
before is most likely a DMA access was done wrong. The code that crashes
has no hardware access at all so it’s 100% not its fault.
Here is how the code ends up:
564 fffff880`2f9507a5 8b842490000000 mov eax,dword ptr [rsp+90h]
564 fffff880`2f9507ac 89440a14 mov dword ptr
[rdx+rcx+14h],eax
565 fffff880`2f9507b0 8b442400 mov eax,dword ptr [rsp]
565 fffff880`2f9507b4 0000 add byte ptr [rax],al
<============= Panic happened here.
565 fffff880`2f9507b6 0000 add byte ptr [rax],al
565 fffff880`2f9507b8 0000 add byte ptr [rax],al
565 fffff880`2f9507ba 0000 add byte ptr [rax],al
565 fffff880`2f9507bc 0000 add byte ptr [rax],al
565 fffff880`2f9507be 0000 add byte ptr [rax],al
565 fffff880`2f9507c0 0000 add byte ptr [rax],al
565 fffff880`2f9507c2 0000 add byte ptr [rax],al
565 fffff880`2f9507c4 0000 add byte ptr [rax],al
565 fffff880`2f9507c6 0000 add byte ptr [rax],al
565 fffff880`2f9507c8 0000 add byte ptr [rax],al
565 fffff880`2f9507ca 0000 add byte ptr [rax],al
565 fffff880`2f9507cc 0000 add byte ptr [rax],al
565 fffff880`2f9507ce 0000 add byte ptr [rax],al
565 fffff880`2f9507d0 0000 add byte ptr [rax],al
565 fffff880`2f9507d2 00488d add byte ptr [rax-73h],cl
565 fffff880`2f9507d5 4c0110 add qword ptr [rax],r10
565 fffff880`2f9507d8 8b842488000000 mov eax,dword ptr [rsp+88h]
565 fffff880`2f9507df 486bc044 imul rax,rax,44h
565 fffff880`2f9507e3 c744011804000000 mov dword ptr
[rcx+rax+18h],4
Any creative idea to look for clues who might have done this ?
Thanks.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer