RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k- - NAV 7.03

Ronen,

The Create path is notorious for stack overflows. File systems and file
system filters tend to have complex Create handlers, which makes them greedy
for stack space. When you combine multiple filters, and/or trigger
recursion, long call chains with too much local storage exceeds the thread’s
modest stack limit.

Rather than address the specific overflow that you happened to have found,
you may find it more useful to automate a stack space check on all call
paths. For example, if your routine boilerplate includes trace code, you
can add calls to IoGetRemainingStackSize() in your trace routine, and
thereby find all inordinately deep stack usage – I suggest ASSERTing below
some freespace limit, independent of your trace level. Unrolling long call
chains, using dynamic storage rather than local, and posting operations
where appropriate, will resolve any problem spots.

In any case, check out IoGetRemainingStackSize(), and be frugal with stack.

-----Original Message-----
From: Ronen Agam [mailto:xxxxx@hotmail.com]
Sent: Wednesday, June 13, 2001 9:47 AM
To: File Systems Developers
Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k -
NAV 7.03

Can you recommand a way for me to find where the problem might be? It
dosen’t happens all the time, but almost every time I run IE and NAV is on
and OS is win2000. On nt it never happens.

Thanks,
Ronen

From: “Dan Partelly”
>Reply-To: “File Systems Developers”
>To: “File Systems Developers”
>Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k -
>NAV 7.03
>Date: Wed, 13 Jun 2001 17:35:39 +0300
>
>Duble faults are weird animals. First of all , a double fault will occur
>only when the CPU will fault while the CPU already tryes to invoke an
>exception handler. An example would be a IDT with a too low limit . But in
>your case ,
>Im too almost sure , like Mr Ravisankar already told you , that the real
>reason of your double fault is a stack overflow. In practice you often get
>a
>double fault because you run out of stack in ring0, and the CPU is unable
>to
>save EIP/CS/EFLAGS on the stack . This is one reason why the gate for a
>duble fault is in NT/2k/XP in fact a task gate. A clean stack , and clean
>registers are required to prevent a triple fault , thus CPU reset. This way
>, at least the system will survive long enough to bug check. Dont bother
>to
>extract a stack trace from that dump , 99% is that you encounter a sack
>overflow.
>
>
>----- Original Message -----
>From: “Ronen Agam”
>To: “File Systems Developers”
>Sent: Wednesday, June 13, 2001 3:42 PM
>Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k -
>NAV
>7.03
>
>
> > Unhandled exception 8
> > Creating .\DMP4.tmp - mini kernel dump
> >
> >
> > eax=ffdff13c ebx=0000007f ecx=80036000 edx=00000000 esi=00000000
> > edi=00000000
> > eip=804669be esp=80470468 ebp=00000000 iopl=0 nv up di ng nz na
>po
> > nc
> > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> > efl=00000086
> > ntoskrnl!Kei386EoiHelper+1608:
> > 804669be ebef jmp ntoskrnl!Kei386EoiHelper+0x15f9
>(804669af)
> >
> > This is what I see from the dump file.
> >
> >
> > >From: “danp”
> > >Reply-To: “File Systems Developers”
> > >To: “File Systems Developers”
> > >Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k
>-
> > >NAV 7.03
> > >Date: Wed, 13 Jun 2001 14:14:53 +0300
> > >
> > >Stack trace ? It can be reconstructed from the crash dump.
> > >
> > >----- Original Message -----
> > >From: “Ronen Agam”
> > >To: “File Systems Developers”
> > >Sent: Wednesday, June 13, 2001 1:45 PM
> > >Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k
>-
> > >NAV
> > >7.03
> > >
> > >
> > > >
> > > >
> > > >
> > > > >From: “Ravisankar Pudipeddi”
> > > > >Reply-To: “File Systems Developers”
> > > > >To: “File Systems Developers”
> > > > >Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win
>2k
> > >-
> > > > >NAV 7.03
> > > > >Date: Tue, 12 Jun 2001 15:53:51 -0700
> > > > >
> > > > >Sounds like a stack ovfl.
> > > > >A stack trace will help confirm.
> > > >
> > > > I am using softice, and I type stack and there is nothing.
> > > > How can I trace the problem?
> > > >
> > > > Ronen
> > > >
> > > > >-----Original Message-----
> > > > >From: xxxxx@mmm.com [mailto:xxxxx@mmm.com]
> > > > >Sent: Tuesday, June 12, 2001 1:51 PM
> > > > >To: File Systems Developers
> > > > >Subject: [ntfsd] UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k
>-
> > >NAV
> > > > >7.03
> > > > >
> > > > >
> > > > >Hi,
> > > > >
> > > > >I have a file system filter driver that works fine on nt and 2000.
>When
> > > > >my driver uses ZwCreateFile to query a directory full name, the Irp
> > > > >comes to my filter dispatch. In the filter dispatch I can see that
>when
> > > > >the name is '' - root directory - and I pass it to next driver in
>the
> > > > >stack I get UNEXPECTED_KERNEL_MODE_TRAP with parametr1 = 8 ->
>Double
> > > > >Fault. This doesn’t happens if Nav is not working. It only happens
>on
> > > > >win2k with NAV ver 7.03. I tries win2k service pack 1 and 2 with
>same
> > > > >results.
> > > > >
> > > > >Anyone can help?
> > > > >
> > > > >status=ZwCreateFile(&hDir,
> > > > > FILE_LIST_DIRECTORY,
> > > > > &ObjectAttributes,
> > > > > &IoStatus,
> > > > > 0,
> > > > > FILE_ATTRIBUTE_DIRECTORY,
> > > > > FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
> > > > > FILE_OPEN,
> > > > > FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT,
> > > > > NULL,
> > > > > 0);
> > > > >
> > > > >
> > > > >Thanks,
> > > > >Ronen
> > > > >
> > > > >
> > > > >—
> > > > >You are currently subscribed to ntfsd as:
>xxxxx@windows.microsoft.com
> > > > >To unsubscribe send a blank email to
>leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > > > >
> > > > >—
> > > > >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> > > > >To unsubscribe send a blank email to
>leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > > >
> > > >
> > > > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
> > > > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > > >
> > >
> > >
> > >
> > >—
> > >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
> > >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> >

> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> >
> > —
> > You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
>
>
>—
>You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


You are currently subscribed to ntfsd as: xxxxx@stbernard.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com