Hi again,
Well this thread is acquring a spin lock from time to
time so the IRQL is raised above APC of course…
I really can’t understand what make it happen only
sometimes and only on a MP machine.
I have another note (related to this issue of course):
I have the following struct:
typedef struct tagMY_LOCK
{
KSPIN_LOCK Lock ;
BOOLEAN AcqAtDPC ;
} MY_SLOCK, * PMY_SLOCK ;
and i Have wrapper functions for this struct.
The wrppaers:
MyLockAcq( MY_LOCK Lock, PKLOCK_QUEUE_HANDLE
pLockHandle )
{
…
if( (KeGetCurrentIrql() >= DISPATCH_LEVEL )
{
KeAcquireInStackQueuedSpinLockAtDpcLevel(
&Lock->Lock, &pLockHandle )
pLock->AcqAtDPC = TRUE ;
}
else
{
KeAcquireInStackQueuedSpinLock( &Lock->Lock,
&pLockHandle );
pLock->AcqAtDPC = FALSE ;
}
}
MyLockRel( MY_LOCK Lock, PKLOCK_QUEUE_HANDLE
pLockHandle )
{
if( pLock->AcqAtDPC )
{
KeReleaseInStackQueuedSpinLockFromDpcLevel(pLockHandle
)
}
else
{
KeReleaseInStackQueuedSpinLock( pLockHandle ) ;
}
}
Example of usage
MY_LOCK g_MyLock ; // some global
MyFunc(…)
{
KLOCK_QUEUE_HANDLE LockHandle ;
MyLockAcq( &MyLock , &LockHandle ) ;
…
…
…
MyLockRel( &MyLock , &LockHandle ) ;
}
is there any prbolem with this way of implemantation?
Does it cause the problems??
Thanks
“Dan Kyler” wrote in message
news:xxxxx@ntfsd…
> The ioctl from user mode looks fine.
>
> The other 3 Irps are owned by the thread being
deleted, are all completed,
> and are owned by and queued on that thread.
Irp->UserIosb and
> Irp->UserEvent all point to the same locations in
the stack of the thread
> you are deleting. They are KernelMode
IRP_MJ_INTERNAL_DEVICE_CONTROL Irps,
> probably created with IoBuildDeviceControlRequest…
If this is your private
> thread, then even if you didn’t issue such I/O’s
yourself, you probably
> called something to cause it to happen.
>
> Does your thread normally run at IRQL >= APC_LEVEL,
or with APCs otherwise
> disabled
(FsRtlEnterFileSystem/KeEnterCriticalRegion)? If so,
while this
> will allow the Irps to complete, it will delay the
completion of the
> completion (delivering the APC to write back the
user data), and would cause
> something exactly like this once APCs are enabled.
>
> The stack location pointed to by Irp->UserEvent is
clearly no longer an
> initialized KEVENT, which is the immediate cause of
the crash. But it is
> delaying the delivery of the I./O completion APCs
until after the stack has
> unwound that is the root cause.
>
> - Dan.
>
>
> ----- Original Message -----
> From: “Alon”
> To: “Windows File Systems Devs Interest List”
> Sent: Thursday, February 02, 2006 2:13 PM
> Subject: Re:[ntfsd] Re:Problem with terminate thread
> (PsTerminateSystemThread)
>
>
> > Hi again Dan,
> >
> > Thanks for the good will to help…
> > Of course I ran these commands but here they
are…
> > Here is what you asked for (with ome more extras)
> > Hope it will help (me)
> >
> > 1: kd> !irp 81872aa0 7
> > Irp is active with 1 stacks 1 is current (=
> > 0x81872b10)
> > No Mdl System buffer = 819232a8 Thread 818877c0:
Irp
> > stack trace.
> > Flags = 00000070
> > ThreadListEntry.Flink = 818879d0
> > ThreadListEntry.Blink = 818879d0
> > IoStatus.Status = 00000000
> > IoStatus.Information = 00000000
> > RequestorMode = 00000001
> > Cancel = 00
> > CancelIrql = 0
> > ApcEnvironment = 00
> > UserIosb = 0012df0c
> > UserEvent = 00000000
> > Overlay.AsynchronousParameters.UserApcRoutine =
> > 00000000
> > Overlay.AsynchronousParameters.UserApcContext =
> > 00000000
> > Overlay.AllocationSize = 00000000 - 00000000
> > CancelRoutine = 00000000
> > UserBuffer = 0012dfc0
> > &Tail.Overlay.DeviceQueueEntry = 81872ae0
> > Tail.Overlay.Thread = 818877c0
> > Tail.Overlay.AuxiliaryBuffer = 00000000
> > Tail.Overlay.ListEntry.Flink = 00000000
> > Tail.Overlay.ListEntry.Blink = 00000000
> > Tail.Overlay.CurrentStackLocation = 81872b10
> > Tail.Overlay.OriginalFileObject = 818c1320
> > Tail.Apc = 00000000
> > Tail.CompletionKey = 00000000
> > cmd flg cl Device File
Completion-Context
> >>[e, 0] 1 0 82159030 818c1320
00000000-00000000
> >
> > \Driver\MyDriver
> > Args: 00000010 0000001c 00221c08 00000000
> > Extra information not available.
> > 1: kd> !irp 821076b8 7
> > Irp is active with 1 stacks 3 is current (=
00000000)
> > No Mdl Thread 815e1cf4: Irp is completed.
> > Flags = 00000000
> > ThreadListEntry.Flink = 815e1cb8
> > ThreadListEntry.Blink = 819b5de0
> > IoStatus.Status = 00000000
> > IoStatus.Information = 00000000
> > RequestorMode = 00000000
> > Cancel = 00
> > CancelIrql = 0
> > ApcEnvironment = 00
> > UserIosb = a88dccc8
> > UserEvent = a88dccb8
> > Overlay.AsynchronousParameters.UserApcRoutine =
> > 00000000
> > Overlay.AsynchronousParameters.UserApcContext =
> > 00000000
> > Overlay.AllocationSize = 00000000 - 00000000
> > CancelRoutine = 00000000
> > UserBuffer = 00000000
> > &Tail.Overlay.DeviceQueueEntry = 821076f8
> > Tail.Overlay.Thread = 815e1cf4
> > Tail.Overlay.AuxiliaryBuffer = 804ed28c
> > Tail.Overlay.ListEntry.Flink = 8062490f
> > Tail.Overlay.ListEntry.Blink = 00000000
> > Tail.Overlay.CurrentStackLocation = 00000000
> > Tail.Overlay.OriginalFileObject = 00000000
> > Tail.Apc = 00300012
> > Tail.CompletionKey = 00300012
> > cmd flg cl Device File
Completion-Context
> > [f, 0] 0 0 820e2438 00000000
00000000-00000000
> >
> > \Driver\Tcpip
> > Args: 00000000 00000000 00000000 00000000
> > Extra information not available.
> > 1: kd> !irp 815e1ca8 7
> > Irp is active with 1 stacks 3 is current (=
00000000)
> > No Mdl Thread 819b5c04: Irp is completed.
> > Flags = 00000000
> > ThreadListEntry.Flink = 81895880
> > ThreadListEntry.Blink = 821076c8
> > IoStatus.Status = 00000000
> > IoStatus.Information = 00000000
> > RequestorMode = 00000000
> > Cancel = 00
> > CancelIrql = 0
> > ApcEnvironment = 00
> > UserIosb = a88dccc8
> > UserEvent = a88dccb8
> > Overlay.AsynchronousParameters.UserApcRoutine =
> > 00000000
> > Overlay.AsynchronousParameters.UserApcContext =
> > 00000000
> > Overlay.AllocationSize = 00000000 - 00000000
> > CancelRoutine = 00000000
> > UserBuffer = 00000000
> > &Tail.Overlay.DeviceQueueEntry = 815e1ce8
> > Tail.Overlay.Thread = 819b5c04
> > Tail.Overlay.AuxiliaryBuffer = 804ed28c
> > Tail.Overlay.ListEntry.Flink = 8062490f
> > Tail.Overlay.ListEntry.Blink = 00000000
> > Tail.Overlay.CurrentStackLocation = 00000000
> > Tail.Overlay.OriginalFileObject = 00000000
> > Tail.Apc = 00300012
> > Tail.CompletionKey = 00300012
> > cmd flg cl Device File
Completion-Context
> > [f, 0] 0 0 820e2438 00000000
00000000-00000000
> >
> > \Driver\Tcpip
> > Args: 00000000 00000000 00000000 00000000
> > Extra information not available.
> > 1: kd> !irp 81895870 7
> > Irp is active with 1 stacks 3 is current (=
00000000)
> > No Mdl Thread 819b5c04: Irp is completed.
> > Flags = 00000000
> > ThreadListEntry.Flink = 819b5de0
> > ThreadListEntry.Blink = 815e1cb8
> > IoStatus.Status = 00000000
> > IoStatus.Information = 00000000
> > RequestorMode = 00000000
> > Cancel = 00
> > CancelIrql = 0
> > ApcEnvironment = 00
> > UserIosb = a88dccc8
> > UserEvent = a88dccb8
> > Overlay.AsynchronousParameters.UserApcRoutine =
> > 00000000
> > Overlay.AsynchronousParameters.UserApcContext =
> > 00000000
> > Overlay.AllocationSize = 00000000 - 00000000
> > CancelRoutine = 00000000
> > UserBuffer = 00000000
> > &Tail.Overlay.DeviceQueueEntry = 818958b0
> > Tail.Overlay.Thread = 819b5c04
> > Tail.Overlay.AuxiliaryBuffer = 804ed28c
> > Tail.Overlay.ListEntry.Flink = 8062490f
> > Tail.Overlay.ListEntry.Blink = 00000000
> > Tail.Overlay.CurrentStackLocation = 00000000
> > Tail.Overlay.OriginalFileObject = 00000000
> > Tail.Apc = 00300012
> > Tail.CompletionKey = 00300012
> > cmd flg cl Device File
Completion-Context
> > [f, 0] 0 0 820e2438 00000000
00000000-00000000
> >
> > \Driver\Tcpip
> > Args: 00000000 00000000 00000000 00000000
> > Extra information not available.
> > 1: kd> dd a88dccb8
> > a88dccb8 36370008 00000000 00000000 a7e906fa
> > a88dccc8 00000000 00000000 823c89c8 819b5bd0
> > a88dccd8 00000000 a88dcd70 00000000 80703427
> > a88dcce8 00000008 00000246 805760fb 819b5bd0
> > a88dccf8 819b5e18 00000000 a7ea1d2e a88dcd44
> > a88dcd08 823c0100 805522fa 00000000 821a62e0
> > a88dcd18 00000000 a7e906fa 815120d4 a7ea1400
> > a88dcd28 823c89c8 819b5bd0 00000000 00000010
> > 1: kd> !pool a88dccb8
> > Pool page a88dccb8 region is Unknown
> > a88dc000 is not a valid small pool allocation,
> > checking large pool…
> > unable to get pool big page table - either wrong
> > symbols or pool tagging is disabled
> > a88dc000 is freed (or corrupt) pool
> > Bad allocation size @a88dc000, zero is invalid
> >
> >
> > An error (or corruption) in the pool was
detected;
> > Pool Region unknown (0xFFFFFFFFA88DC000)
> >
> > Use !poolval a88dc000 for more details.
> >
> >
> > 1: kd> !devobj 82159030
> > Device object (82159030) is for:
> > MyDriver \Driver\MyDriver DriverObject 822f05f8
> > Current Irp 00000000 RefCount 1 Type 00000022
Flags
> > 00000044
> > Dacl e1441cac DevExt 821590e8 DevObjExt 821590f8
> > ExtensionFlags (0000000000)
> > Device queue is not busy.
> >
> >
> >
> > “Dan Kyler” wrote in message
> > news:xxxxx@ntfsd…
> >> At the risk of running windbg over SMTP…
> >>
> >> Could you show us the output of:
> >>
> >> !irp 81872aa0 7
> >> !irp 821076b8 7
> >> !irp 815e1ca8 7
> >> !irp 81895870 7
> >>
> >> and
> >>
> >> dd a88dccb8
> >>
> >> - Dan.
> >>
> >> ----- Original Message -----
> >> From: “Alon”
> >> To: “Windows File Systems Devs Interest List”
> >
> >> Sent: Thursday, February 02, 2006 9:37 AM
> >> Subject: Re:[ntfsd] Problem with terminate thread
> > (PsTerminateSystemThread)
> >>
> >>
> >> > Hi Dan (and everyone),
> >> >
> >> > Thanks for the comprehansive answer, but the I
> > must
> >> > admit that I’m not using non UserIosb or
UserEvent
> > or
> >> > IoBuildSynchronousFsdRequest.
> >> > The IRP is a simple IRP of IOCTL from a user
mode
> >> > module to kernel mode driver.
> >> > So I really do not understand why the UserEvent
is
> >> > accssed.
> >> >
> >> > Let me elobrate regarding the two threads I’ve
> > found:
> >> > I have two threads:
> >> > A is the one with the IOCTL - signaling thread
B
> > to
> >> > call PsTerminateSystemThread and exit.
> >> > B - the thread that crashes!
> >> >
> >> > thread A has 1 IRP when UserEvent field is:
> > 0xa88dccb8
> >> >
> >> > thread B has 3 IRPs when UserEvent field in all
of
> >> > them is again: 0xa88dccb8
> >> >
> >> > here are the stacks:
> >> >
> >> > Thread A:
> >> > thread 818877c0
> >> > ChildEBP RetAddr Args to Child
> >> > a8984b30 804e21f3 81887830 818877c0 804e223f
> >> > nt!KiSwapContext+0x2f (FPO: [Uses EBP] [0,0,4])
> >> > a8984b3c 804e223f 815121b8 819b5bd0 00001388
> >> > nt!KiSwapThread+0x6b (FPO: [0,0,0])
> >> > a8984b64 a7ea0fd7 00000000 00000000 00000000
> >> > nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])
> >> > a8984b84 a7edb7ab 815121b8 a7eda8a6 81512008
> >> > MyDriver!AThreadDestroy+0x29 (FPO: [1,0,0])
(CONV:
> >> > a8984b8c a7eda8a6 81512008 a7edea88 00002457
> >> > MyDriver!..DispatchClose+0x1e (FPO: [1,0,0
> >> > a8984ba0 a7ed6600 81512008 a7edea88 a7ebf9a1
> >> > MyDriver!..Shutdown+0x4f (FPO: [1,0,0]) (
> >> > a8984bac a7ebf9a1 a7e929a3 819232a8 81872aa0
> >> > MyDriver!Lib2Shutdown+0x4d (FPO: [0,0,0])
(CONV:
> >> > a8984bb0 a7e929a3 819232a8 81872aa0 a8984c10
> >> > MyDriver!Lib1Shutdown+0x19 (FPO: [0,0,0])
(CONV:
> >> > a8984bf0 a7e936cb 819232a8 819232a8 81872aa0
> >> > MyDriver!Shutdown+0x2f2 (FPO: [Uses EBP] [2,
> >> > a8984c10 a7e938fe 819232a8 819232a8 818879d0
> >> > MyDriver!RequestDispatcher+0xbc (FPO: [Non-
> >> > a8984c24 a7e90b48 82159030 81872aa0 818879d0
> >> > MyDriver!OnIoControl+0x47 (FPO: [2,0,0]) (
> >> > a8984c40 804e19ee 82159030 81872aa0 80703410
> >> > MyDriver!DeviceDispatcher+0x8c (FPO: [Non-
> >> > a8984c50 8057184c 81872b10 818c1320 81872aa0
> >> > nt!IopfCallDriver+0x31 (FPO: [0,0,0])
> >> >
> >> > THREAD 818877c0 Cid 0640.0710 Teb: 7ffdf000
> >> > Win32Thread: e1299ac0 WAIT: (Executive)
KernelMode
> >> > Non-Alertable
> >> > 819b5bd0 Thread
> >> > IRP List:
> >> > 81872aa0: (0006,0094) Flags: 00000070 Mdl:
> >> > 00000000
> >> >
> >> > thread B:
> >> > thread 0x819b5bd0
> >> > a88dcbb8 804ed522 a88dccb8 00000000 00000000
> >> > nt!KeSetEvent+0x32
> >> > a88dcc14 804ed49a 818958b0 a88dcc60 a88dcc54
> >> > nt!IopCompleteRequest+0x232
> >> > a88dcc64 80703ef2 00000000 00000000 a88dcc7c
> >> > nt!KiDeliverApc+0xb3
> >> > a88dcc64 80703427 00000000 00000000 a88dcc7c
> >> > hal!HalpApcInterrupt+0xc6
> >> > a88dccec 805760fb 819b5bd0 819b5e18 00000000
> >> > hal!KfLowerIrql+0x17
> >> > a88dcd70 805763b0 00000000 00000000 815121b8
> >> > nt!PspExitThread+0x41
> >> > a88dcd90 8058312f 819b5bd0 00000000 a88dcddc
> >> > nt!PspTerminateThreadByPointer+0x52
> >> > a88dcda0 a7ea0f07 00000000 819b5bd0 80576b24
> >> > nt!PsTerminateSystemThread+0x24
> >> > a88dcdac 80576b24 815121b8 00000000 00000000
> >> > MyDriver!AThreadFunction+0x25
> >> > [d:\work\aod\core\base\thread.c @ 63]
> >> > a88dcddc 804eed86 a7ea0ee2 815121b8 00000000
> >> > nt!PspSystemThreadStartup+0x34
> >> > 00000000 00000000 00000000 00000000 00000000
> >> > nt!KiThreadStartup+0x16
> >> >
> >> > THREAD 819b5bd0 Cid 0004.01c4 Teb: 00000000
> >> > Win32Thread: 00000000 RUNNING on processor 1
> >> > IRP List:
> >> > 821076b8: (0006,0094) Flags:
00000000
> >> > Mdl: 00000000
> >> > 815e1ca8: (0006,0094) Flags:
00000000
> >> > Mdl: 00000000
> >> > 81895870: (0006,0094) Flags:
00000000
> >> > Mdl: 00000000
> >> >
> >> > Here is another information that might help:
> >> > 1: kd> !apc
> >> > Enumerating APCs in all processes
> >> > Process 823c89c8 System
> >> > Thread 819b5bd0 ApcStateIndex 0 ApcListHead
> >> > 819b5c04 [KERNEL]
> >> > KAPC @ 815e1ce8
> >> > Type 12
> >> > KernelRoutine 804ed28c
> >> > nt!IopCompleteRequest+0
> >> > RundownRoutine 8062490f
> > nt!IopAbortRequest+0
> >> > KAPC @ 821076f8
> >> > Type 12
> >> > KernelRoutine 804ed28c
> >> > nt!IopCompleteRequest+0
> >> > RundownRoutine 8062490f
> > nt!IopAbortRequest+0
> >> >
> >> >
> >> > Any insight?
> >> >
> >> > Alon
> >> >
> >> > “Dan Kyler” wrote in
message
> >> > news:xxxxx@ntfsd…
> >> >> It appears from your stack trace that an I/O
> >> > completion APC is trying to set
> >> >> an event that is on your stack, however the
stack
> >> > has already been unwound…
> >> >> The call to KfLowerIrql allowed the APC to be
> >> > delivered. The APC has been
> >> >> patiently waiting for its chance, but the
issuer
> > of
> >> > the I/O went on it’s
> >> >> merry business and returned, making the stack
> > local
> >> > event no good.
> >> >>
> >> >> Do not use Irp->UserEvent (and UserIosb)
unless
> > you
> >> > are prepared to wait for
> >> >> it then and there with APCs enabled. Do not
use
> >> >> IoBuildSynchronousFsdRequest, and think you
can
> > just
> >> > ignore the event and
> >> >> Iosb. It will get set when you least expect
it,
> >> > sometimes with less obvious
> >> >> corruption than this.
> >> >>
> >> >> - Dan.
> >> >>
> >> >> ----- Original Message -----
> >> >> From: “Alon”
> >> >> To: “Windows File Systems Devs Interest List”
> >> >
> >> >> Sent: Thursday, February 02, 2006 5:42 AM
> >> >> Subject: [ntfsd] Problem with terminate thread
> >> > (PsTerminateSystemThread)
> >> >>
> >> >>
> >> >> > Hi,
> >> >> >
> >> >> > I got crashes with my driver code, only from
> > time
> >> > to
> >> >> > time and with the following conditions:
> >> >> > 1. Using MP (2 procs)
> >> >> > 2. Using
> >> >> >
> >> >
> >
KeAcquireInStackQueuedSpinLock/KeAcquireInStackQueuedSpinLockAtDpcLevel,
> >> >> > when I’m going back to “KeAcquireSpinLock” -
> > crash
> >> >> > doesn’t happen (anyway it doesn’t happen in
> > every
> >> >> > running)
> >> >> >
> >> >> > Here is the dump:
> >> >> >
> >> >> > Windows XP Kernel Version 2600 (Service Pack
2)
> > MP
> >> > (2
> >> >> > procs) Free x86 compatible
> >> >> > Product: WinNt, suite: TerminalServer
> > SingleUserTS
> >> >> > Built by: 2600.xpsp_sp2_rtm.040803-2158
> >> >> > Kernel base = 0x804d7000 PsLoadedModuleList
=
> >> >> > 0x805644a0
> >> >> > Debug session time: Wed Feb 1 13:39:23.015
> > 2006
> >> >> > (GMT+2)
> >> >> > System Uptime: 0 days 0:41:13.731
> >> >> >
> >> >> >
> >> >
> >
> >> >> >
> >> >> >
> >> >> > * Bugcheck Analysis
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >
> >
> >> >> >
> >> >> > Use !analyze -v to get detailed debugging
> >> > information.
> >> >> >
> >> >> > BugCheck A, {16, 1c, 0, 804e63a3}
> >> >> >
> >> >> > Probably caused by : MyDriver.sys (
> >> >> > MyDriver!AThreadFunction+25 )
> >> >> >
> >> >> > Followup: MachineOwner
> >> >> > ---------
> >> >> >
> >> >> > 1: kd> !analyze -v
> >> >> >
> >> >
> >
> >> >> >
> >> >> >
> >> >> > * Bugcheck Analysis
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >
> >
> >> >> >
> >> >> > IRQL_NOT_LESS_OR_EQUAL (a)
> >> >> > An attempt was made to access a pageable (or
> >> >> > completely invalid) address at an
> >> >> > interrupt request level (IRQL) that is too
> > high.
> >> > This
> >> >> > is usually
> >> >> > caused by drivers using improper addresses.
> >> >> > If a kernel debugger is available get the
stack
> >> >> > backtrace.
> >> >> > Arguments:
> >> >> > Arg1: 00000016, memory referenced
> >> >> > Arg2: 0000001c, IRQL
> >> >> > Arg3: 00000000, value 0 = read operation, 1
=
> >> > write
> >> >> > operation
> >> >> > Arg4: 804e63a3, address which referenced
memory
> >> >> >
> >> >> > Debugging Details:
> >> >> > ------------------
> >> >> >
> >> >> >
> >> >> > READ_ADDRESS: 00000016
> >> >> >
> >> >> > CURRENT_IRQL: 1c
> >> >> >
> >> >> > FAULTING_IP:
> >> >> > nt!KeSetEvent+32
> >> >> > 804e63a3 66394616 cmp
[esi+0x16],ax
> >> >> >
> >> >> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >> >> >
> >> >> > BUGCHECK_STR: 0xA
> >> >> >
> >> >> > LAST_CONTROL_TRANSFER: from 804ed522 to
> > 804e63a3
> >> >> >
> >> >> > IRP_ADDRESS: 81895870
> >> >> >
> >> >> > DEVICE_OBJECT: 820e2438
> >> >> >
> >> >> > DRIVER_OBJECT: 820cd870
> >> >> >
> >> >> > IMAGE_NAME: MyDriver.Sys
> >> >> >
> >> >> > DEBUG_FLR_IMAGE_TIMESTAMP: 43ddf525
> >> >> >
> >> >> > MODULE_NAME: MyDriver
> >> >> >
> >> >> > FAULTING_MODULE: aac76000 tcpip
> >> >> >
> >> >> > TRAP_FRAME: a88dcb38 – (.trap
> > ffffffffa88dcb38)
> >> >> > ErrCode = 00000000
> >> >> > eax=00000001 ebx=81895801 ecx=a88dccb8
> >> > edx=00000000
> >> >> > esi=00000000 edi=00000000
> >> >> > eip=804e63a3 esp=a88dcbac ebp=a88dcbb8
iopl=0
> >> >> > nv up ei pl nz na pe nc
> >> >> > cs=0008 ss=0010 ds=0023 es=0023 fs=0030
> >> > gs=0000
> >> >> > efl=00010202
> >> >> > nt!KeSetEvent+0x32:
> >> >> > 804e63a3 66394616 cmp
[esi+0x16],ax
> >> >> > ds:0023:00000016=???
> >> >> > Resetting default scope
> >> >> >
> >> >> > STACK_TEXT:
> >> >> > a88dcbb8 804ed522 a88dccb8 00000000 00000000
> >> >> > nt!KeSetEvent+0x32
> >> >> > a88dcc14 804ed49a 818958b0 a88dcc60 a88dcc54
> >> >> > nt!IopCompleteRequest+0x232
> >> >> > a88dcc64 80703ef2 00000000 00000000 a88dcc7c
> >> >> > nt!KiDeliverApc+0xb3
> >> >> > a88dcc64 80703427 00000000 00000000 a88dcc7c
> >> >> > hal!HalpApcInterrupt+0xc6
> >> >> > a88dccec 805760fb 819b5bd0 819b5e18 00000000
> >> >> > hal!KfLowerIrql+0x17
> >> >> > a88dcd70 805763b0 00000000 00000000 815121b8
> >> >> > nt!PspExitThread+0x41
> >> >> > a88dcd90 8058312f 819b5bd0 00000000 a88dcddc
> >> >> > nt!PspTerminateThreadByPointer+0x52
> >> >> > a88dcda0 a7ea0f07 00000000 819b5bd0 80576b24
> >> >> > nt!PsTerminateSystemThread+0x24
> >> >> > a88dcdac 80576b24 815121b8 00000000 00000000
> >> >> > MyDriver!AThreadFunction+0x25
> >> >> > [d:\work\aod\core\base\thread.c @ 63]
> >> >> > a88dcddc 804eed86 a7ea0ee2 815121b8 00000000
> >> >> > nt!PspSystemThreadStartup+0x34
> >> >> > 00000000 00000000 00000000 00000000 00000000
> >> >> > nt!KiThreadStartup+0x16
> >> >> >
> >> >> >
> >> >> > FOLLOWUP_IP:
> >> >> > MyDriver!AThreadFunction+25 [file.c @ 63]
> >> >> > a7ea0f07 5e pop esi
> >> >> >
> >> >> > SYMBOL_STACK_INDEX: 8
> >> >> >
> >> >> > FOLLOWUP_NAME: MachineOwner
> >> >> >
> >> >> > SYMBOL_NAME: MyDriver!AThreadFunction+25
> >> >> >
> >> >> > STACK_COMMAND: .trap ffffffffa88dcb38 ; kb
> >> >> >
> >> >> > FAILURE_BUCKET_ID:
> >> > 0xA_MyDriver!AThreadFunction+25
> >> >> >
> >> >> > BUCKET_ID: 0xA_MyDriver!AThreadFunction+25
> >> >> >
> >> >> > Followup: MachineOwner
> >> >> > ---------
> >> >> >
> >> >> > 1: kd> .trap ffffffffa88dcb38 ; kb
> >> >> > ErrCode = 00000000
> >> >> > eax=00000001 ebx=81895801 ecx=a88dccb8
> >> > edx=00000000
> >> >> > esi=00000000 edi=00000000
> >> >> > eip=804e63a3 esp=a88dcbac ebp=a88dcbb8
iopl=0
> >> >> > nv up ei pl nz na pe nc
> >> >> > cs=0008 ss=0010 ds=0023 es=0023 fs=0030
> >> > gs=0000
> >> >> > efl=00010202
> >> >> > nt!KeSetEvent+0x32:
> >> >> > 804e63a3 66394616 cmp
[esi+0x16],ax
> >> >> > ds:0023:00000016=???
> >> >> > Stack trace for last set context -
> >> > .thread/.cxr
> >> >> > resets it
> >> >> > ChildEBP RetAddr Args to Child
> >> >> > a88dcbb8 804ed522 a88dccb8 00000000 00000000
> >> >> > nt!KeSetEvent+0x32
> >> >> > a88dcc14 804ed49a 818958b0 a88dcc60 a88dcc54
> >> >> > nt!IopCompleteRequest+0x232
> >> >> > a88dcc64 80703ef2 00000000 00000000 a88dcc7c
> >> >> > nt!KiDeliverApc+0xb3
> >> >> > a88dcc64 80703427 00000000 00000000 a88dcc7c
> >> >> > hal!HalpApcInterrupt+0xc6
> >> >> > a88dccec 805760fb 819b5bd0 819b5e18 00000000
> >> >> > hal!KfLowerIrql+0x17
> >> >> > a88dcd70 805763b0 00000000 00000000 815121b8
> >> >> > nt!PspExitThread+0x41
> >> >> > a88dcd90 8058312f 819b5bd0 00000000 a88dcddc
> >> >> > nt!PspTerminateThreadByPointer+0x52
> >> >> > a88dcda0 a7ea0f07 00000000 819b5bd0 80576b24
> >> >> > nt!PsTerminateSystemThread+0x24
> >> >> > a88dcdac 80576b24 815121b8 00000000 00000000
> >> >> > MyDriver!AThreadFunction+0x25 [file.c @ 63]
> >> >> > a88dcddc 804eed86 a7ea0ee2 815121b8 00000000
> >> >> > nt!PspSystemThreadStartup+0x34
> >> >> > 00000000 00000000 00000000 00000000 00000000
> >> >> > nt!KiThreadStartup+0x16
> >> >> >
> >> >> > Thanks in advance
> >> >> >
> >> >> > Alon
> >> >> >
> >> >> >
> >
> >> >> > Do You Yahoo!?
> >> >> > Tired of spam? Yahoo! Mail has the best
spam
> >> > protection around
> >> >> > http://mail.yahoo.com
> >> >> >
> >> >> >
> >> >> > —
> >> >> > Questions? First check the IFS FAQ at
> >> >> > https://www.osronline.com/article.cfm?id=17
> >> >> >
> >> >> > You are currently subscribed to ntfsd as:
> >> > xxxxx@privtek.com
> >> >> > To unsubscribe send a blank email to
> >> > xxxxx@lists.osr.com
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >> > Do You Yahoo!?
> >> > Tired of spam? Yahoo! Mail has the best spam
> > protection around
> >> > http://mail.yahoo.com
> >> >
> >> >
> >> > —
> >> > Questions? First check the IFS FAQ at
> >> > https://www.osronline.com/article.cfm?id=17
> >> >
> >> > You are currently subscribed to ntfsd as:
> > xxxxx@privtek.com
> >> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >>
> >>
> >>
> >
> >
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
protection around
> > http://mail.yahoo.com
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as:
xxxxx@privtek.com
> > To unsubscribe send a blank email to
xxxxx@lists.osr.com
>
>
>
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com