RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in A fd.s ys..

OSR_Community_User · April 11, 2003, 8:00am

Hi Joze,
Yes you are right i forgot to release one spin lock while returning the
found entry to the caller… That generated the bug… I fixed it and now
every thing works fine.
Thanks a lot for help in solving the problem…
Regards…
Subodh Radheshyam Gupta
----- Original Message -----
From: “Joze Fabcic”
To: “NT Developers Interest List”
Sent: Friday, April 11, 2003 1:34 PM
Subject: [ntdev] RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in A fd.s
ys…

> Have you forgotten to release spin lock? The traces show twice “Acquring
> QSpinLock” and once “Releasing QSpinLock”. Can you extend traces so that
the
> result of KeGetCurrentIrql() can be seen?
>
> Joze
>
> -----Original Message-----
> From: subodh gupta [mailto:xxxxx@softhome.net]
> Sent: Thursday, April 10, 2003 4:42 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in Afd.s
> ys…
>
>
> Hi joze,
> i surely have the stack trace sorry for my mistake of not sending it
> earlier… here it is
> Below is the stack backtrace for the bug check. I checked out online MSDN
> bug check article on this and found how to get
> information about this bug check…
>
>
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
> With Generic Completion Routine
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling TCP
> [INFITCP.SYS] FilterDispatchIoControl - return
>
> Fatal System Error: 0x000000e1
> (0xB79583E7,0x00000002,0x00000000,0xB795B1F0)
> > ln 0xB79583E7
> AFD!_AfdIndicatePollEvent@12+0x51
> AFD!_AfdIndicateEventSelectEvent@12-0x177
> C:\WINNT\symbols\SYS\AFD.dbg for AFD.SYS (has mismatched timestamps sym
> 0x384378C4 img 0x3C9B8D6C )
> >kbvs
> FramePtr RetAddr Param1 Param2 Param3 Function
Name
> ffffffffb79a59dc ffffffff8042c487 0000000000000003 ffffffffb795b1f0
> ffffffff8046d41c NTOSKRNL!RtlpSetSecurityObject+0x9d (EBP)
> ffffffffb79a5d68 ffffffff80418e0c 00000000000000e1 ffffffffb79583e7
> 0000000000000002 NTOSKRNL!KeBugCheckEx+0x573 (EBP)
> ffffffffb79a5da8 ffffffff804553af 0000000000000000 0000000000000000
> 0000000000000000 NTOSKRNL!ExpTimerApcRoutine+0x5c (EBP)
> ffffffffb79a5ddc ffffffff804695b2 ffffffff80418d02 ffffffff80000001
> 0000000000000000 NTOSKRNL!RtlAppendAsciizToString+0x46 (FPO: [2,0,3])
> ffffffffb79a5ddc ffffffff804695b2 ffffffff80418d02 ffffffff80000001
> 0000000000000000 NTOSKRNL!KdSpecialCalls+0x12 (No FPO)
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 NTOSKRNL!KdSpecialCalls+0x12 (No FPO)
>
> >>>>>Do you free something on close?
> Well actually i manage a list of file object pointers and some custome
info
> structure guarded by a spin lock and i check for the file objects which
are
> going out of scope with IRP_MJ_CLOSE and IRP_MJ_CLEANUP , and free my
> custome info struct in IRP_MJ_CLEANUP [NOT IN IRP_MJ_CLOSE]…
> But my driver’s debug output shows that there is always an IRP_MJ_CLEANUP
> before IRP_MJ_CLOSE ? does this have something to do with this problem ?
> See this dbgprint output for a brighter idea of what i am trying to do
…i
> think u may be right… but what actually is happening i am unable to
analyze
> the situation with AFD …
>
> [INFITCP.SYS]- Got An IRP Entering FilterDispatchIoControl
> [INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP
for
> Examination
> [INFITCP.SYS]- Got An IRP Entering FilterPass
> [INFITCP.SYS]- FilterPass IRP_MJ_CLEANUP on file object
> [INFITCP.SYS]-FilterCleanupOnTCP - Removing Entry From the List
> [INFITCP.SYS] FindEntryForFileObject - Finding Entry For the Given
> FileObject
> [INFITCP.SYS] FindEntryForFileObject - Acquring QSpinLock
> [INFITCP.SYS] FindEntryForFileObject - Iterating List For the Given
> FileObject
> [INFITCP.SYS] RemoveEntryFromList - Acquring QSpinLock
> [INFITCP.SYS] RemoveEntryFromList - Calling RemoveEntryList
> [INFITCP.SYS] FindEntryForFileObject - Releasing QSpinLock
> [INFITCP.SYS]-FilterCleanupOnTCP - Freeing Pool Memory
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Skipping Stack Location
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
> With Generic Completion Routine
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling TCP
> [INFITCP.SYS] FilterDispatchIoControl - return
> [INFITCP.SYS]- Got An IRP Entering FilterDispatchIoControl
> [INFITCP.SYS] FilterDispatchIoControl - TCP IRP Found,Passing the IRP
for
> Examination
> [INFITCP.SYS]- Got An IRP Entering FilterPass
> [INFITCP.SYS]- FilterPass IRP_MJ_CLOSE on file object
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - trying to Complete the request
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Skipping Stack Location
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Copying Stack Location to Next
> With Generic Completion Routine
> [INFITCP.SYS]CompleteOrDenyTdiDispatch - Calling TCP
> [INFITCP.SYS] FilterDispatchIoControl - return
>
> Fatal System Error: 0x000000e1
> (0xB79583E7,0x00000002,0x00000000,0xB795B1F0)
>
> Hard coded breakpoint hit
>
> I hope this will help to find a solution.
> Regards…
> Subodh Radheshyam Gupta
>
> ----- Original Message -----
> From: “Joze Fabcic”
> To: “NT Developers Interest List”
> Sent: Thursday, April 10, 2003 6:20 PM
> Subject: [ntdev] RE: WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in Afd.s
> ys…
>
>
> > Some questions: Have you tried to check the state with WinDbg? Have you
> find
> > the worker-thread function that triggers this defect? Can you send a
stack
> > trace? Do you free something on close?
> >
> > Joze
> >
> > -----Original Message-----
> > From: subodh gupta [mailto:xxxxx@softhome.net]
> > Sent: Thursday, April 10, 2003 2:29 PM
> > To: NT Developers Interest List
> > Subject: [ntdev] WORKER_THREAD_RETURNED_AT_BAD_IRQL Bug Check in
Afd.sys…
> >
> >
> > Hi,
> > I am working on a Tdi Filter Driver.The driver works fine but sometimes
> > while booting of the system it gets IRP_MJ_CLOSE from AFD.sys , It calls
> > IoCallDriver as Usuall but the system generates a bug check
> > WORKER_THREAD_RETURNED_AT_BAD_IRQL 0x000000E1 ?
> > Could Any one tell me why this bug check occures and how can i get the
rid
> > of this bug check ?The code works fine most of the times but this bug
> check
> > occures some times only when the system is just booted up (before login
> > screen) and my filter driver has got an IRP_MJ_CLOSE from AFD.SYS.
> >
> > Any Help is appreciated…
> > Regards…
> > Subodh
> > —
> > You are currently subscribed to ntdev as: xxxxx@hermes.si
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@softhome.net
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@hermes.si
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@softhome.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com