All,
I am working on an NDIS driver for an 802.11 product. When I attempt to
map a network drive I get an odd blue screen under Windows XP SP1.
The wireless client (A) is associated to an AP (B), and the client is
trying to map a network share from a PC (C) wired to the AP.
Using ethereal on machine (C) and machine (A) shows that what (A) sends
(C) receives and vice versa. During Samba negotiation, it appears that
(A) sends a garbled SMB “Negotiate Protocol Request”, which ends up
going at as a NBSS Session Message to (C). It is the lack of response
to this message which appears to be the impetus for mrxsmb.sys crashing;
since it only occurs in this situation.
I’ve attached the “!analyze -v” text from WinDBG when the BSOD occurs.
What could I possibly be doing, since my driver isn’t on the call stack
at BSOD time?
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******
RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd
parameters are the
exception record and context record. Do a .cxr on the 3rd parameter
and then kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code,
which is defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: baad00a3
Arg2: f91cf53c
Arg3: f91cf23c
Arg4: fbc3f7c7
Debugging Details:
EXCEPTION_RECORD: f91cf53c – (.exr fffffffff91cf53c)
ExceptionAddress: fbc3f7c7 (mrxsmb!SmbCeBuildSmbHeader+0x0000022d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000004
Attempt to read from address 00000004
CONTEXT: f91cf23c – (.cxr fffffffff91cf23c)
eax=00000000 ebx=ff70a8d8 ecx=811ebf28 edx=f91cf620 esi=e1135040
edi=e1135060
eip=fbc3f7c7 esp=f91cf604 ebp=f91cf62c iopl=0 nv up ei pl zr na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
mrxsmb!SmbCeBuildSmbHeader+0x22d:
fbc3f7c7 ff5004 call dword ptr [eax+0x4]
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x27
LAST_CONTROL_TRANSFER: from fbc36996 to fbc3f7c7
STACK_TEXT:
f91cf62c fbc36996 811ebf28 00135040 00001000
mrxsmb!SmbCeBuildSmbHeader+0x22d
f91cf6a0 fbc3fd47 811ebf28 00000000 ffbbce80
mrxsmb!SmbConstructNetRootExchangeStart+0x93
f91cf6bc fbc3685d 81136cb0 811bc088 ffa36990
mrxsmb!SmbCeInitiateExchange+0x29d
ff70a8d8 00000002 00000000 fbc29ea8 fbc29ea8
mrxsmb!SmbCeEstablishConnection+0xad
FOLLOWUP_IP:
mrxsmb!SmbCeBuildSmbHeader+22d
fbc3f7c7 ff5004 call dword ptr [eax+0x4]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: mrxsmb!SmbCeBuildSmbHeader+22d
MODULE_NAME: mrxsmb
IMAGE_NAME: mrxsmb.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3dd93f29
STACK_COMMAND: .cxr fffffffff91cf23c ; kb
BUCKET_ID: 0x27_mrxsmb!SmbCeBuildSmbHeader+22d
Followup: MachineOwner
Thanks,
Chris
–
Chris Zimmermann
Software / Firmware Engineer, MTS
Agere Systems
Email : xxxxx@agere.com