RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in A fd.s ys..

Have you forgotten to release spin lock? The traces show twice “Acquring
QSpinLock” and once “Releasing QSpinLock”. Can you extend traces so that the
result of KeGetCurrentIrql() can be seen?

Joze

-----Original Message-----
From: subodh gupta [mailto:xxxxx@softhome.net]
Sent: Thursday, April 10, 2003 4:42 PM
To: NT Developers Interest List
Subject: [ntdev] RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in Afd.s
ys…

Hi joze,
i surely have the stack trace sorry for my mistake of not sending it
earlier… here it is
Below is the stack backtrace for the bug check. I checked out online MSDN
bug check article on this and found how to get
information about this bug check…

[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
With Generic Completion Routine
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling TCP
[INFITCP.SYS] FilterDispatchIoControl - return

*** Fatal System Error: 0x000000e1
(0xB79583E7,0x00000002,0x00000000,0xB795B1F0)

ln 0xB79583E7
AFD!_AfdIndicatePollEvent@12+0x51
AFD!_AfdIndicateEventSelectEvent@12-0x177
C:\WINNT\symbols\SYS\AFD.dbg for AFD.SYS (has mismatched timestamps sym
0x384378C4 img 0x3C9B8D6C )
kbvs
FramePtr RetAddr Param1 Param2 Param3 Function Name
ffffffffb79a59dc ffffffff8042c487 0000000000000003 ffffffffb795b1f0
ffffffff8046d41c NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
ffffffffb79a5d68 ffffffff80418e0c 00000000000000e1 ffffffffb79583e7
0000000000000002 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
ffffffffb79a5da8 ffffffff804553af 0000000000000000 0000000000000000
0000000000000000 NTOSKRNL!ExpTimerApcRoutine+0x5c (EBP)
ffffffffb79a5ddc ffffffff804695b2 ffffffff80418d02 ffffffff80000001
0000000000000000 NTOSKRNL!RtlAppendAsciizToString+0x46 (FPO: [2,0,3])
ffffffffb79a5ddc ffffffff804695b2 ffffffff80418d02 ffffffff80000001
0000000000000000 NTOSKRNL!KdSpecialCalls+0x12 (No FPO)
0000000000000000 0000000000000000 0000000000000000 0000000000000000
0000000000000000 NTOSKRNL!KdSpecialCalls+0x12 (No FPO)

>>>>Do you free something on close?
Well actually i manage a list of file object pointers and some custome info
structure guarded by a spin lock and i check for the file objects which are
going out of scope with IRP_MJ_CLOSE and IRP_MJ_CLEANUP , and free my
custome info struct in IRP_MJ_CLEANUP [NOT IN IRP_MJ_CLOSE]…
But my driver’s debug output shows that there is always an IRP_MJ_CLEANUP
before IRP_MJ_CLOSE ? does this have something to do with this problem ?
See this dbgprint output for a brighter idea of what i am trying to do …i
think u may be right… but what actually is happening i am unable to analyze
the situation with AFD …

[INFITCP.SYS]- Got An IRP Entering FilterDispatchIoControl
[INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for
Examination
[INFITCP.SYS]- Got An IRP Entering FilterPass
[INFITCP.SYS]- FilterPass IRP_MJ_CLEANUP on file object
[INFITCP.SYS]-FilterCleanupOnTCP - Removing Entry From the List
[INFITCP.SYS] FindEntryForFileObject - Finding Entry For the Given
FileObject
[INFITCP.SYS] FindEntryForFileObject - Acquring QSpinLock
[INFITCP.SYS] FindEntryForFileObject - Iterating List For the Given
FileObject
[INFITCP.SYS] RemoveEntryFromList - Acquring QSpinLock
[INFITCP.SYS] RemoveEntryFromList - Calling RemoveEntryList
[INFITCP.SYS] FindEntryForFileObject - Releasing QSpinLock
[INFITCP.SYS]-FilterCleanupOnTCP - Freeing Pool Memory
[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Skipping Stack Location
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
With Generic Completion Routine
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling TCP
[INFITCP.SYS] FilterDispatchIoControl - return
[INFITCP.SYS]- Got An IRP Entering FilterDispatchIoControl
[INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP for
Examination
[INFITCP.SYS]- Got An IRP Entering FilterPass
[INFITCP.SYS]- FilterPass IRP_MJ_CLOSE on file object
[INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Skipping Stack Location
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
With Generic Completion Routine
[INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling TCP
[INFITCP.SYS] FilterDispatchIoControl - return

*** Fatal System Error: 0x000000e1
(0xB79583E7,0x00000002,0x00000000,0xB795B1F0)

Hard coded breakpoint hit

I hope this will help to find a solution.
Regards…
Subodh Radheshyam Gupta

----- Original Message -----
From: “Joze Fabcic”
To: “NT Developers Interest List”
Sent: Thursday, April 10, 2003 6:20 PM
Subject: [ntdev] RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in Afd.s
ys…

> Some questions: Have you tried to check the state with WinDbg? Have you
find
> the worker-thread function that triggers this defect? Can you send a stack
> trace? Do you free something on close?
>
> Joze
>
> -----Original Message-----
> From: subodh gupta [mailto:xxxxx@softhome.net]
> Sent: Thursday, April 10, 2003 2:29 PM
> To: NT Developers Interest List
> Subject: [ntdev] WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in Afd.sys…
>
>
> Hi,
> I am working on a Tdi Filter Driver.The driver works fine but sometimes
> while booting of the system it gets IRP_MJ_CLOSE from AFD.sys , It calls
> IoCallDriver as Usuall but the system generates a bug check
> WORKER_THREAD_RETURNED_AT_BAD_IRQL 0x000000E1 ?
> Could Any one tell me why this bug check occures and how can i get the rid
> of this bug check ?The code works fine most of the times but this bug
check
> occures some times only when the system is just booted up (before login
> screen) and my filter driver has got an IRP_MJ_CLOSE from AFD.SYS.
>
> Any Help is appreciated…
> Regards…
> Subodh
> —
> You are currently subscribed to ntdev as: xxxxx@hermes.si
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com