RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k - NAV 7.03

Another approach to locating your bug is to put a memory breakpoint far far
down towards the end of the limit of the stack and you’re likely to
have this breakpoint trigger in the offending recusing routines.

If it really is a stack thing, which all evidence points towards…
then maybe growing the stack will resolve the problem - it’s ugly…
but hey fixing bugs in third party drivers is…

regards,
Anders

Wednesday, June 13, 2001, 5:23:31 PM, you wrote:

GC> Ronen,

GC> The Create path is notorious for stack overflows. File systems and file
GC> system filters tend to have complex Create handlers, which makes them greedy
GC> for stack space. When you combine multiple filters, and/or trigger
GC> recursion, long call chains with too much local storage exceeds the thread’s
GC> modest stack limit.

GC> Rather than address the specific overflow that you happened to have found,
GC> you may find it more useful to automate a stack space check on all call
GC> paths. For example, if your routine boilerplate includes trace code, you
GC> can add calls to IoGetRemainingStackSize() in your trace routine, and
GC> thereby find all inordinately deep stack usage – I suggest ASSERTing below
GC> some freespace limit, independent of your trace level. Unrolling long call
GC> chains, using dynamic storage rather than local, and posting operations
GC> where appropriate, will resolve any problem spots.

GC> In any case, check out IoGetRemainingStackSize(), and be frugal with stack.

GC> -----Original Message-----
GC> From: Ronen Agam [mailto:xxxxx@hotmail.com]
GC> Sent: Wednesday, June 13, 2001 9:47 AM
GC> To: File Systems Developers
GC> Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k -
GC> NAV 7.03

GC> Can you recommand a way for me to find where the problem might be? It
GC> dosen’t happens all the time, but almost every time I run IE and NAV is on
GC> and OS is win2000. On nt it never happens.

GC> Thanks,
GC> Ronen

>From: “Dan Partelly”
>>Reply-To: “File Systems Developers”
>>To: “File Systems Developers”
>>Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k -
>>NAV 7.03
>>Date: Wed, 13 Jun 2001 17:35:39 +0300
>>
>>Duble faults are weird animals. First of all , a double fault will occur
>>only when the CPU will fault while the CPU already tryes to invoke an
>>exception handler. An example would be a IDT with a too low limit . But in
>>your case ,
>>Im too almost sure , like Mr Ravisankar already told you , that the real
>>reason of your double fault is a stack overflow. In practice you often get
>>a
>>double fault because you run out of stack in ring0, and the CPU is unable
>>to
>>save EIP/CS/EFLAGS on the stack . This is one reason why the gate for a
>>duble fault is in NT/2k/XP in fact a task gate. A clean stack , and clean
>>registers are required to prevent a triple fault , thus CPU reset. This way
>>, at least the system will survive long enough to bug check. Dont bother
>>to
>>extract a stack trace from that dump , 99% is that you encounter a sack
>>overflow.
>>
>>
>>----- Original Message -----
>>From: “Ronen Agam”
>>To: “File Systems Developers”
>>Sent: Wednesday, June 13, 2001 3:42 PM
>>Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k -
>>NAV
>>7.03
>>
>>
>> > Unhandled exception 8
>> > Creating .\DMP4.tmp - mini kernel dump
>> >
>> >
>> > eax=ffdff13c ebx=0000007f ecx=80036000 edx=00000000 esi=00000000
>> > edi=00000000
>> > eip=804669be esp=80470468 ebp=00000000 iopl=0 nv up di ng nz na
>>po
>> > nc
>> > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
>> > efl=00000086
>> > ntoskrnl!Kei386EoiHelper+1608:
>> > 804669be ebef jmp ntoskrnl!Kei386EoiHelper+0x15f9
>>(804669af)
>> >
>> > This is what I see from the dump file.
>> >
>> >
>> > >From: “danp”
>> > >Reply-To: “File Systems Developers”
>> > >To: “File Systems Developers”
>> > >Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k
>>-
>> > >NAV 7.03
>> > >Date: Wed, 13 Jun 2001 14:14:53 +0300
>> > >
>> > >Stack trace ? It can be reconstructed from the crash dump.
>> > >
>> > >----- Original Message -----
>> > >From: “Ronen Agam”
>> > >To: “File Systems Developers”
>> > >Sent: Wednesday, June 13, 2001 1:45 PM
>> > >Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k
>>-
>> > >NAV
>> > >7.03
>> > >
>> > >
>> > > >
>> > > >
>> > > >
>> > > > >From: “Ravisankar Pudipeddi”
>> > > > >Reply-To: “File Systems Developers”
>> > > > >To: “File Systems Developers”
>> > > > >Subject: [ntfsd] RE: UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win
>>2k
>> > >-
>> > > > >NAV 7.03
>> > > > >Date: Tue, 12 Jun 2001 15:53:51 -0700
>> > > > >
>> > > > >Sounds like a stack ovfl.
>> > > > >A stack trace will help confirm.
>> > > >
>> > > > I am using softice, and I type stack and there is nothing.
>> > > > How can I trace the problem?
>> > > >
>> > > > Ronen
>> > > >
>> > > > >-----Original Message-----
>> > > > >From: xxxxx@mmm.com [mailto:xxxxx@mmm.com]
>> > > > >Sent: Tuesday, June 12, 2001 1:51 PM
>> > > > >To: File Systems Developers
>> > > > >Subject: [ntfsd] UNEXPECTED_KERNEL_MODE_TRAP (Double Fault) win 2k
>>-
>> > >NAV
>> > > > >7.03
>> > > > >
>> > > > >
>> > > > >Hi,
>> > > > >
>> > > > >I have a file system filter driver that works fine on nt and 2000.
>>When
>> > > > >my driver uses ZwCreateFile to query a directory full name, the Irp
>> > > > >comes to my filter dispatch. In the filter dispatch I can see that
>>when
>> > > > >the name is '' - root directory - and I pass it to next driver in
>>the
>> > > > >stack I get UNEXPECTED_KERNEL_MODE_TRAP with parametr1 = 8 ->
>>Double
>> > > > >Fault. This doesn’t happens if Nav is not working. It only happens
>>on
>> > > > >win2k with NAV ver 7.03. I tries win2k service pack 1 and 2 with
>>same
>> > > > >results.
>> > > > >
>> > > > >Anyone can help?
>> > > > >
>> > > > >status=ZwCreateFile(&hDir,
>> > > > > FILE_LIST_DIRECTORY,
>> > > > > &ObjectAttributes,
>> > > > > &IoStatus,
>> > > > > 0,
>> > > > > FILE_ATTRIBUTE_DIRECTORY,
>> > > > > FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
>> > > > > FILE_OPEN,
>> > > > > FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT,
>> > > > > NULL,
>> > > > > 0);
>> > > > >
>> > > > >
>> > > > >Thanks,
>> > > > >Ronen
>> > > > >
>> > > > >
>> > > > >—
>> > > > >You are currently subscribed to ntfsd as:
>>xxxxx@windows.microsoft.com
>> > > > >To unsubscribe send a blank email to
>>leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>> > > > >
>> > > > >—
>> > > > >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>> > > > >To unsubscribe send a blank email to
>>leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>> > > >
>> > > >
>> > > > Get your FREE download of MSN Explorer at http://explorer.msn.com
>> > > >
>> > > >
>> > > > —
>> > > > You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
>> > > > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>> > > >
>> > >
>> > >
>> > >
>> > >—
>> > >You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>> > >To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>> >
>> >

>> > Get your FREE download of MSN Explorer at http://explorer.msn.com
>> >
>> >
>> > —
>> > You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
>> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>> >
>>
>>
>>
>>—
>>You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>>To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

GC> _________________________________________________________________
GC> Get your FREE download of MSN Explorer at http://explorer.msn.com

GC> —
GC> You are currently subscribed to ntfsd as: xxxxx@stbernard.com
GC> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

GC> —
GC> You are currently subscribed to ntfsd as: xxxxx@flaffer.com
GC> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


Best regards,
Anders mailto:xxxxx@flaffer.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I found what was causing this. Stack overflown, as many of you suggested.

Thank you all for your help

Ronen


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com