What's wrong?

Hi,all:
sCtx is a stream_context,i release it at the end of the pre-write routine(it
in the "finally" part of try-except structure),but aways cause this
BSOD.What's wrong?

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain bad or
it
is pointing at freed memory.
Arguments:
Arg1: fffffffb, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: bad39131, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

MODULE_NAME: DSS

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4421c173

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffffffb

FAULTING_IP:
fltMgr+2131
bad39131 f00fc108 lock xadd [eax],ecx

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 11

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from bad391b5 to bad39131

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
f5f78ad8 bad391b5 ffffffd7 f5f78b6c f7730cff fltMgr+0x2131
f5f78ae4 f7730cff ffffffff f7730c9a 0000001a fltMgr+0x21b5
f5f78aec f7730c9a 0000001a 85627a38 84d97a74 DSS!DssPreWrite+0x56f
[c:\winddk\dss\dss.c @ 1371]
f5f78b6c bad5066b 84d97a74 f5f78bb8 f5f78be8 DSS!DssPreWrite+0x50a
[c:\winddk\dss\dss.c @ 1344]
f5f78b98 bad38944 00000002 00000004 f5f78be8 fltMgr+0x1966b
f5f78bf8 bad3a259 00f78c30 0007b7fc f5f78cbc fltMgr+0x1944
f5f78c10 bad45716 00f78c30 854d1c68 856b2b30 fltMgr+0x3259
f5f78c50 f6972286 854d1c68 f5f78cc4 00000000 fltMgr+0xe716
f5f78d38 8053d808 0000008c 00000000 00000000 klif+0xf286
f5f78d64 7c92eb94 badb0d00 0007b124 69696969 nt+0x65808
f5f78d68 badb0d00 0007b124 69696969 69696969 0x7c92eb94
f5f78d6c 0007b124 69696969 69696969 00000000 ftdisk+0x4d00
f5f78d70 69696969 69696969 00000000 00000000 0x7b124
f5f78d74 69696969 00000000 00000000 00000000 0x69696969
f5f78d78 00000000 00000000 00000000 00000000 0x69696969

STACK_COMMAND: kb

FOLLOWUP_IP:
DSS!DssPreWrite+56f [c:\winddk\dss\dss.c @ 1371]
f7730cff c3 ret

FAULTING_SOURCE_CODE:
1367: break;
1368: }
1369:
1370: if(sCtx!=NULL){

1371: FltReleaseContext( sCtx );
1372:
1373: }
1374:
1375: }
1376: }

SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: DSS!DssPreWrite+56f

IMAGE_NAME: DSS.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

Perhaps it isn't obvious but the following line indicates that you have
a setup problem with your debug session:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

************************************************************************
*
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
************************************************************************
*

Without the PRCB, the debugger cannot find anything else (PRCB points to
the current thread for example). My suggestion is to type ".symfix" and
".reload" and try again.

Ignoring that, the invalid address is just below zero - this looks like
the value in your local variable is not what you expect. Look at the
value in EAX and figure out from whence it was loaded and you'll likely
find that the value wasn't ZERO but something close to zero (so when you
subtracted the offset amount, it was just below zero - or very large in
unsigned numbers...)

The key to this one is figuring out the value of the local variable.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.

Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006 (note new date - MS scheduled plugfest the
same week again.)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of ntfsd
Sent: Wednesday, March 22, 2006 5:09 PM
To: ntfsd redirect
Subject: [ntfsd] What's wrong?

Hi,all:
sCtx is a stream_context,i release it at the end of the pre-write
routine(it
in the "finally" part of try-except structure),but aways cause this
BSOD.What's wrong?

************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain
bad or
it
is pointing at freed memory.
Arguments:
Arg1: fffffffb, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: bad39131, If non-zero, the instruction address which referenced
the
bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

************************************************************************
*
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
************************************************************************
*

MODULE_NAME: DSS

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4421c173

WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffffffb

FAULTING_IP:
fltMgr+2131
bad39131 f00fc108 lock xadd [eax],ecx

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 11

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from bad391b5 to bad39131

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be

wrong.
f5f78ad8 bad391b5 ffffffd7 f5f78b6c f7730cff fltMgr+0x2131
f5f78ae4 f7730cff ffffffff f7730c9a 0000001a fltMgr+0x21b5
f5f78aec f7730c9a 0000001a 85627a38 84d97a74 DSS!DssPreWrite+0x56f
[c:\winddk\dss\dss.c @ 1371]
f5f78b6c bad5066b 84d97a74 f5f78bb8 f5f78be8 DSS!DssPreWrite+0x50a
[c:\winddk\dss\dss.c @ 1344]
f5f78b98 bad38944 00000002 00000004 f5f78be8 fltMgr+0x1966b
f5f78bf8 bad3a259 00f78c30 0007b7fc f5f78cbc fltMgr+0x1944
f5f78c10 bad45716 00f78c30 854d1c68 856b2b30 fltMgr+0x3259
f5f78c50 f6972286 854d1c68 f5f78cc4 00000000 fltMgr+0xe716
f5f78d38 8053d808 0000008c 00000000 00000000 klif+0xf286
f5f78d64 7c92eb94 badb0d00 0007b124 69696969 nt+0x65808
f5f78d68 badb0d00 0007b124 69696969 69696969 0x7c92eb94
f5f78d6c 0007b124 69696969 69696969 00000000 ftdisk+0x4d00
f5f78d70 69696969 69696969 00000000 00000000 0x7b124
f5f78d74 69696969 00000000 00000000 00000000 0x69696969
f5f78d78 00000000 00000000 00000000 00000000 0x69696969

STACK_COMMAND: kb

FOLLOWUP_IP:
DSS!DssPreWrite+56f [c:\winddk\dss\dss.c @ 1371]
f7730cff c3 ret

FAULTING_SOURCE_CODE:
1367: break;
1368: }
1369:
1370: if(sCtx!=NULL){

1371: FltReleaseContext( sCtx );
1372:
1373: }
1374:
1375: }
1376: }

SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: DSS!DssPreWrite+56f

IMAGE_NAME: DSS.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

Questions? First check the IFS FAQ at

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Repair your kernel symbols first, a very, very good idea.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “ntfsd”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Thursday, March 23, 2006 2:09 AM
Subject: [ntfsd] What’s wrong?

> Hi,all:
> sCtx is a stream_context,i release it at the end of the pre-write routine(it
> in the “finally” part of try-except structure),but aways cause this
> BSOD.What’s wrong?
>
>

>
>
> * Bugcheck Analysis
>
>
>
>

>
> PAGE_FAULT_IN_NONPAGED_AREA (50)
> Invalid system memory was referenced. This cannot be protected by
> try-except,
> it must be protected by a Probe. Typically the address is just plain bad or
> it
> is pointing at freed memory.
> Arguments:
> Arg1: fffffffb, memory referenced.
> Arg2: 00000001, value 0 = read operation, 1 = write operation.
> Arg3: bad39131, If non-zero, the instruction address which referenced the
> bad memory
> address.
> Arg4: 00000000, (reserved)
>
> Debugging Details:
> ------------------
>
> Kernel symbols are WRONG. Please fix symbols to do analysis.
>
>***************************************************************
> ******
> ******
> Your debugger is not using the correct symbols
> ******
> In order for this command to work properly, your symbol path
> must point to .pdb files that have full type information.
> ******
> Certain .pdb files (such as the public OS symbols) do not
> contain the required information. Contact the group that
> provided you with these symbols if you need this command to
> work.
> ******
> Type referenced: nt!_KPRCB
> ******
> *************************************************************************
>
> MODULE_NAME: DSS
>
> FAULTING_MODULE: 804d8000 nt
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4421c173
>
> WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
> unable to get nt!MmSpecialPoolEnd
> unable to get nt!MmPoolCodeStart
> unable to get nt!MmPoolCodeEnd
> fffffffb
>
> FAULTING_IP:
> fltMgr+2131
> bad39131 f00fc108 lock xadd [eax],ecx
>
> MM_INTERNAL_CODE: 0
>
> CUSTOMER_CRASH_COUNT: 11
>
> DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
>
> BUGCHECK_STR: 0x50
>
> LAST_CONTROL_TRANSFER: from bad391b5 to bad39131
>
> STACK_TEXT:
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> f5f78ad8 bad391b5 ffffffd7 f5f78b6c f7730cff fltMgr+0x2131
> f5f78ae4 f7730cff ffffffff f7730c9a 0000001a fltMgr+0x21b5
> f5f78aec f7730c9a 0000001a 85627a38 84d97a74 DSS!DssPreWrite+0x56f
> [c:\winddk\dss\dss.c @ 1371]
> f5f78b6c bad5066b 84d97a74 f5f78bb8 f5f78be8 DSS!DssPreWrite+0x50a
> [c:\winddk\dss\dss.c @ 1344]
> f5f78b98 bad38944 00000002 00000004 f5f78be8 fltMgr+0x1966b
> f5f78bf8 bad3a259 00f78c30 0007b7fc f5f78cbc fltMgr+0x1944
> f5f78c10 bad45716 00f78c30 854d1c68 856b2b30 fltMgr+0x3259
> f5f78c50 f6972286 854d1c68 f5f78cc4 00000000 fltMgr+0xe716
> f5f78d38 8053d808 0000008c 00000000 00000000 klif+0xf286
> f5f78d64 7c92eb94 badb0d00 0007b124 69696969 nt+0x65808
> f5f78d68 badb0d00 0007b124 69696969 69696969 0x7c92eb94
> f5f78d6c 0007b124 69696969 69696969 00000000 ftdisk+0x4d00
> f5f78d70 69696969 69696969 00000000 00000000 0x7b124
> f5f78d74 69696969 00000000 00000000 00000000 0x69696969
> f5f78d78 00000000 00000000 00000000 00000000 0x69696969
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> DSS!DssPreWrite+56f [c:\winddk\dss\dss.c @ 1371]
> f7730cff c3 ret
>
> FAULTING_SOURCE_CODE:
> 1367: break;
> 1368: }
> 1369:
> 1370: if(sCtx!=NULL){
> > 1371: FltReleaseContext( sCtx );
> 1372:
> 1373: }
> 1374:
> 1375: }
> 1376: }
>
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: DSS!DssPreWrite+56f
>
> IMAGE_NAME: DSS.sys
>
> BUCKET_ID: WRONG_SYMBOLS
>
> Followup: MachineOwner
> ---------
>
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com