Hi All,
My system is getting crashed when service is being stopped, Details of
the crash is given below:
Break due to KeBugCheckEx (Unhandeled Kernel Mode Exception)
Error = C4 (DRIVER_VERIFIER_DETECTED_VIOLATION)
P1 = 62, P2 = 8A1DDE18, P3 = 8A1DDDC0, P4 = 2
Stack Trace:
ntoskrnl!KeDeregisterBugCheckCallback + 055B
ntoskrnl!RtlCompressBuffer + 4572
ntoskrnl!PAGE + 000A2836
ntoskrnl!RtlPreixString + 138D
ntoskrnl!ObReferenceObjectByHandle + 0388
ntoskrnl!KeQuerySystemTime + 0081
ntoskrnl!RtlPreixString + 1C43
ntoskrnl!NtSetVolumeInformationFile + 229A
ntoskrnl!DbgBerakPointWithStatus + 0DAD
ntoskrnl!ZwOnloadDriver + 0011
ntoskrnl!NtSetVolumeInformationFile + 229A
Now what could be the possible reason of this crash as help for the above
kebugcheck code C4 with P1 = 6 is not available.
Moreover stack also don’t point out to my driver.
Regards,
Arvind.
You seem to have typed in the debug information rather than copy/paste and
you have quite a few typos.
You have hit a driver verifier detected bug - offhand I;m guessing that it
is an IRQL violation of some sort. Try !verifier in windbg, and use !analyze
-v as well. Unhandled exceptions do not directly produce a valid stack
trace, instead you have to convince the debugger to reset its stack from the
exception source rather than the exception handler. See the documentation
help file for windbg: DRIVER_VERIFIER_DETECTED_VIOLATION. Also I think we
may have discussed the undocumented verifier P1=62 bug here recently, so
search this list. To get a valid stack trace you need the exception record
and the context record.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Arvind
Sent: Wednesday, November 23, 2005 6:19 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] What could be the reason of crash?
Hi All,
My system is getting crashed when service is being
stopped, Details of the crash is given below:
Break due to KeBugCheckEx (Unhandeled Kernel Mode Exception)
Error = C4 (DRIVER_VERIFIER_DETECTED_VIOLATION)
P1 = 62, P2 = 8A1DDE18, P3 = 8A1DDDC0, P4 = 2
Stack Trace:
ntoskrnl!KeDeregisterBugCheckCallback + 055B
ntoskrnl!RtlCompressBuffer + 4572
ntoskrnl!PAGE + 000A2836
ntoskrnl!RtlPreixString + 138D
ntoskrnl!ObReferenceObjectByHandle + 0388
ntoskrnl!KeQuerySystemTime + 0081
ntoskrnl!RtlPreixString + 1C43
ntoskrnl!NtSetVolumeInformationFile + 229A
ntoskrnl!DbgBerakPointWithStatus + 0DAD
ntoskrnl!ZwOnloadDriver + 0011
ntoskrnl!NtSetVolumeInformationFile + 229A
Now what could be the possible reason of this crash as
help for the above kebugcheck code C4 with P1 = 6 is not available.
Moreover stack also don’t point out to my driver.
Regards,
Arvind.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
The current windbg from MS website (but not DDK) decodes/documents this
bugcheck.
“Mark Roddy” wrote in message news:xxxxx@ntdev…
> You seem to have typed in the debug information rather than copy/paste and
> you have quite a few typos.
>
> You have hit a driver verifier detected bug - offhand I;m guessing that it
> is an IRQL violation of some sort. Try !verifier in windbg, and use
> !analyze
> -v as well. Unhandled exceptions do not directly produce a valid stack
> trace, instead you have to convince the debugger to reset its stack from
> the
> exception source rather than the exception handler. See the documentation
> help file for windbg: DRIVER_VERIFIER_DETECTED_VIOLATION. Also I think we
> may have discussed the undocumented verifier P1=62 bug here recently, so
> search this list. To get a valid stack trace you need the exception record
> and the context record.
>
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Arvind
>> Sent: Wednesday, November 23, 2005 6:19 AM
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] What could be the reason of crash?
>>
>> Hi All,
>> My system is getting crashed when service is being
>> stopped, Details of the crash is given below:
>> =====================================================
>> Break due to KeBugCheckEx (Unhandeled Kernel Mode Exception)
>> Error = C4 (DRIVER_VERIFIER_DETECTED_VIOLATION)
>> P1 = 62, P2 = 8A1DDE18, P3 = 8A1DDDC0, P4 = 2
>>
>> Stack Trace:
>> ============
>> ntoskrnl!KeDeregisterBugCheckCallback + 055B
>> ntoskrnl!RtlCompressBuffer + 4572
>> ntoskrnl!PAGE + 000A2836
>> ntoskrnl!RtlPreixString + 138D
>> ntoskrnl!ObReferenceObjectByHandle + 0388
>> ntoskrnl!KeQuerySystemTime + 0081
>> ntoskrnl!RtlPreixString + 1C43
>> ntoskrnl!NtSetVolumeInformationFile + 229A
>> ntoskrnl!DbgBerakPointWithStatus + 0DAD
>> ntoskrnl!ZwOnloadDriver + 0011
>> ntoskrnl!NtSetVolumeInformationFile + 229A
>>
>> Now what could be the possible reason of this crash as
>> help for the above kebugcheck code C4 with P1 = 6 is not available.
>> Moreover stack also don’t point out to my driver.
>> Regards,
>> Arvind.
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as:
>> xxxxx@hollistech.com To unsubscribe send a blank email to
>> xxxxx@lists.osr.com
>>
>
>
>
>
This is a new verifier code (0x62) for which documentation might be
missing.
****************************************************
This verifier code is new to Server 2003 SP1. It indicates that your
driver has pool still allocated when your driver unloads.
Parameter 1 is the verifier code (0x62)
Parameter 2 is the pointer to the driver name string Parameter 3 is an
internal verifier structure Parameter 4 is the total number of non-freed
paged and non-paged pool allocations for your driver
*****************************************************
Harish
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-226697-
xxxxx@lists.osr.com] On Behalf Of Ivan Bublikov
Sent: Wednesday, November 23, 2005 10:42 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] What could be the reason of crash?
The current windbg from MS website (but not DDK) decodes/documents
this
bugcheck.
“Mark Roddy” wrote in message
news:xxxxx@ntdev…
> > You seem to have typed in the debug information rather than
copy/paste
> and
> > you have quite a few typos.
> >
> > You have hit a driver verifier detected bug - offhand I;m guessing
that
> it
> > is an IRQL violation of some sort. Try !verifier in windbg, and use
> > !analyze
> > -v as well. Unhandled exceptions do not directly produce a valid
stack
> > trace, instead you have to convince the debugger to reset its stack
from
> > the
> > exception source rather than the exception handler. See the
> documentation
> > help file for windbg: DRIVER_VERIFIER_DETECTED_VIOLATION. Also I
think
> we
> > may have discussed the undocumented verifier P1=62 bug here
recently, so
> > search this list. To get a valid stack trace you need the exception
> record
> > and the context record.
> >
> > =====================
> > Mark Roddy DDK MVP
> > Windows 2003/XP/2000 Consulting
> > Hollis Technology Solutions 603-321-1032
> > www.hollistech.com
> >
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com] On Behalf Of Arvind
> >> Sent: Wednesday, November 23, 2005 6:19 AM
> >> To: Windows System Software Devs Interest List
> >> Subject: [ntdev] What could be the reason of crash?
> >>
> >> Hi All,
> >> My system is getting crashed when service is being
> >> stopped, Details of the crash is given below:
> >> =====================================================
> >> Break due to KeBugCheckEx (Unhandeled Kernel Mode Exception)
> >> Error = C4 (DRIVER_VERIFIER_DETECTED_VIOLATION)
> >> P1 = 62, P2 = 8A1DDE18, P3 = 8A1DDDC0, P4 = 2
> >>
> >> Stack Trace:
> >> ============
> >> ntoskrnl!KeDeregisterBugCheckCallback + 055B
> >> ntoskrnl!RtlCompressBuffer + 4572
> >> ntoskrnl!PAGE + 000A2836
> >> ntoskrnl!RtlPreixString + 138D
> >> ntoskrnl!ObReferenceObjectByHandle + 0388
> >> ntoskrnl!KeQuerySystemTime + 0081
> >> ntoskrnl!RtlPreixString + 1C43
> >> ntoskrnl!NtSetVolumeInformationFile + 229A
> >> ntoskrnl!DbgBerakPointWithStatus + 0DAD
> >> ntoskrnl!ZwOnloadDriver + 0011
> >> ntoskrnl!NtSetVolumeInformationFile + 229A
> >>
> >> Now what could be the possible reason of this crash as
> >> help for the above kebugcheck code C4 with P1 = 6 is not available.
> >> Moreover stack also don’t point out to my driver.
> >> Regards,
> >> Arvind.
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as:
> >> xxxxx@hollistech.com To unsubscribe send a blank email to
> >> xxxxx@lists.osr.com
> >>
> >
> >
> >
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@mendocinosoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
I would strongly suggest to use targeted DPCs instead of this.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Ivan Bublikov”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, November 23, 2005 9:42 PM
Subject: Re:[ntdev] What could be the reason of crash?
> The current windbg from MS website (but not DDK) decodes/documents this
> bugcheck.
>
> “Mark Roddy” wrote in message news:xxxxx@ntdev…
> > You seem to have typed in the debug information rather than copy/paste and
> > you have quite a few typos.
> >
> > You have hit a driver verifier detected bug - offhand I;m guessing that it
> > is an IRQL violation of some sort. Try !verifier in windbg, and use
> > !analyze
> > -v as well. Unhandled exceptions do not directly produce a valid stack
> > trace, instead you have to convince the debugger to reset its stack from
> > the
> > exception source rather than the exception handler. See the documentation
> > help file for windbg: DRIVER_VERIFIER_DETECTED_VIOLATION. Also I think we
> > may have discussed the undocumented verifier P1=62 bug here recently, so
> > search this list. To get a valid stack trace you need the exception record
> > and the context record.
> >
> > =====================
> > Mark Roddy DDK MVP
> > Windows 2003/XP/2000 Consulting
> > Hollis Technology Solutions 603-321-1032
> > www.hollistech.com
> >
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com] On Behalf Of Arvind
> >> Sent: Wednesday, November 23, 2005 6:19 AM
> >> To: Windows System Software Devs Interest List
> >> Subject: [ntdev] What could be the reason of crash?
> >>
> >> Hi All,
> >> My system is getting crashed when service is being
> >> stopped, Details of the crash is given below:
> >> =====================================================
> >> Break due to KeBugCheckEx (Unhandeled Kernel Mode Exception)
> >> Error = C4 (DRIVER_VERIFIER_DETECTED_VIOLATION)
> >> P1 = 62, P2 = 8A1DDE18, P3 = 8A1DDDC0, P4 = 2
> >>
> >> Stack Trace:
> >> ============
> >> ntoskrnl!KeDeregisterBugCheckCallback + 055B
> >> ntoskrnl!RtlCompressBuffer + 4572
> >> ntoskrnl!PAGE + 000A2836
> >> ntoskrnl!RtlPreixString + 138D
> >> ntoskrnl!ObReferenceObjectByHandle + 0388
> >> ntoskrnl!KeQuerySystemTime + 0081
> >> ntoskrnl!RtlPreixString + 1C43
> >> ntoskrnl!NtSetVolumeInformationFile + 229A
> >> ntoskrnl!DbgBerakPointWithStatus + 0DAD
> >> ntoskrnl!ZwOnloadDriver + 0011
> >> ntoskrnl!NtSetVolumeInformationFile + 229A
> >>
> >> Now what could be the possible reason of this crash as
> >> help for the above kebugcheck code C4 with P1 = 6 is not available.
> >> Moreover stack also don’t point out to my driver.
> >> Regards,
> >> Arvind.
> >>
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as:
> >> xxxxx@hollistech.com To unsubscribe send a blank email to
> >> xxxxx@lists.osr.com
> >>
> >
> >
> >
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com