WinCE Crash

Niranjan_Niranjan · November 18, 2005, 5:39pm

Hi,

I am working on a passthru driver for WinCE platform and recently (we
updated the wlan.dll as there was some problem with the adhoc mode), it
started crashing randomly. Some of the crashes are outside the modified
passthru driver. I have attached few crash dumps below. I am not having any
clue for the crash as it is happening randomly, sometimes after running the
system for few minutes and sometimes after few hours.

Any insight in this problem will be greatly appreciated or how can I go
about debugging this problem.

Thanks,
-Niranjan
Wireless Terminals Lab,
Samsung Telecommunication America.

CRASH 1:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08d5ddf8) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08d5ddf8, region * * 0x00000020) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08d5ddf8, unsigned long 0x00000020, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

WZCSVC!MIDL_user_allocate(unsigned int 0x00000000) line 33 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742

5a1fddc6()

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742

WZCSVC!CE_QueryInterface(unsigned char * 0x00000000, unsigned long
0x20302030, unsigned long * 0x08d5ddf8) line 1751 + 12 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742 NK!

first chance exception in ndis.dll

(0xC0000005: illegal instruction)

****************************************************************************
***************************************************

CRASH 2:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08d54e48) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08d54e48, region * * 0x00000030) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d54e48) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08d54e48, unsigned long 0x00000030, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d54e48) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

NDIS!NdisAllocateMemory(void * * 0x00000000, unsigned int 0x20302030,
unsigned int 0x08d54e48, _LARGE_INTEGER {…}) line 165

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d54e48) line 742

PASSTHRU!KNEWZ(int 0x0000005c) line 45

PASSTHRU!fast_timer_new(unsigned long * 0x00d54bfc, int 0x00000320, unsigned
int 0x00000002, void (unsigned long, void *)* 0x010e958c
marp_timer_callback(unsigned long, void *), void * 0x00d54bfc) line 108 + 8
bytes

PASSTHRU!marp_timer_new(marp_timer * 0x00d54bfc, int 0x00000320, unsigned
int 0x00000002, void (marp_timer *, void *)* 0x010e6a8c
marp_rreq_record_cb(marp_timer *, void *), void * 0x00d54bf0) line 49 + 28
bytes

PASSTHRU!marp_rreq_record_insert(unsigned char * 0x00d5331c, unsigned int
0x00000006) line 716

PASSTHRU!marp_rreq_process_start(marp_os_buf * 0x00d53e30, marp_rreq *
0x00d532d0) line 1218

PASSTHRU!marp_rreq_process(marp_os_buf * 0x00d53e30) line 331 + 12 bytes
PASSTHRU!marp_process_packet(marp_os_buf * 0x00d53e30) line 347

PASSTHRU!marp_process_event() line 346

PASSTHRU!marp_thread() line 398

first chance exception in ndis.dll

(0xC0000005: Access Violation)

****************************************************************************
***********************************************************

CRASH 3:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08beb3a8) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08beb3a8, region * * 0x00000060) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08beb3a8) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08beb3a8, unsigned long 0x00000060, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08beb3a8) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

WZCSVC!MIDL_user_allocate(unsigned int 0x00000000) line 33 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08beb3a8) line 742

first chance exception in ndis.dll

(0xC0000005: Access Violation)

****************************************************************************
**************************************************

CRASH 4:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08d4df58) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08d4df58, region * * 0x00000020) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d4df58) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08d4df58, unsigned long 0x00000020, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d4df58) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

NDIS!NdisAllocateMemory(void * * 0x00000000, unsigned int 0x20302030,
unsigned int 0x08d4df58, _LARGE_INTEGER {…}) line 165

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d4df58) line 742

PASSTHRU!marp_copy_ndis_packet_add_marp_hdr(_NDIS_PACKET * 0x00bb01a4,
_NDIS_PACKET * 0x00051afc, _BINDING * 0x00a9e3b0) line 277 + 20 bytes

PASSTHRU!MiniportSendPackets(void * 0x00a9e3b0, _NDIS_PACKET * * 0x0862f7e8,
unsigned int 0x00000001) line 335

NDIS!ndisMSendX(void * 0x00000000, _NDIS_PACKET * 0x20302030)

first chance exception in ndis.dll

(0xC0000005: Access Violation)

****************************************************************************
************************************************************

CRASH 5:

COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08bc4ed8) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08bc4ed8, region * * 0x00000020) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08bc4ed8) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08bc4ed8, unsigned long 0x00000020, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08bc4ed8) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

NDIS!NdisAllocateMemory(void * * 0x00000000, unsigned int 0x20302030,
unsigned int 0x08bc4ed8, _LARGE_INTEGER {…}) line 165

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08bc4ed8) line 742

PASSTHRU!KNEWZ(int 0x0000000c) line 45

PASSTHRU!fast_timer_set(unsigned long 0x00bc8d00, int 0x00000802) line 233 +
8 bytes

PASSTHRU!marp_timer_set(marp_timer * 0x00bbfff0, int 0x00000802) line 141

PASSTHRU!marp_neighbor_add(marp_os_buf * 0x00bcabb0, unsigned char *
0x00bcaae4, unsigned int 0x00000007) line 211

PASSTHRU!marp_hello_process(marp_os_buf * 0x00bcabb0) line 263

PASSTHRU!marp_rrep_process(marp_os_buf * 0x00bcabb0) line 279

PASSTHRU!marp_process_packet(marp_os_buf * 0x00bcabb0) line 353

PASSTHRU!marp_process_event() line 346

PASSTHRU!marp_thread() line 398

COREDLL!ThreadBaseFunc(void * 0x00000000, unsigned long 0x20302030) line 419

first chance exception in ndis.dll

(0xC0000005: Access Violation)

Michal_Vodicka-2 · November 18, 2005, 6:01pm

First, this is NTdev list, not CEdev. You’d have a better chance for answer in other list or newsgroup.

Second, one of crashes is illegal instruction which could be caused by random memory overwrite. You should always examine where exactly it crashed and why, at both source and assembly level. Also note zero handles passed to heap functions. It may be OK or may bot be. Anyway, CE sources are available and you can examine them. It is a big advantage against NT.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Niranjan[SMTP:xxxxx@sta.samsung.com]
Reply To: Windows System Software Devs Interest List
Sent: Friday, November 18, 2005 11:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinCE Crash

Hi,

I am working on a passthru driver for WinCE platform and recently (we
updated the wlan.dll as there was some problem with the adhoc mode), it
started crashing randomly. Some of the crashes are outside the modified
passthru driver. I have attached few crash dumps below. I am not having any
clue for the crash as it is happening randomly, sometimes after running the
system for few minutes and sometimes after few hours.

Any insight in this problem will be greatly appreciated or how can I go
about debugging this problem.

Thanks,
-Niranjan
Wireless Terminals Lab,
Samsung Telecommunication America.

CRASH 1:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08d5ddf8) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08d5ddf8, region * * 0x00000020) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08d5ddf8, unsigned long 0x00000020, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

WZCSVC!MIDL_user_allocate(unsigned int 0x00000000) line 33 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742

5a1fddc6()

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742

WZCSVC!CE_QueryInterface(unsigned char * 0x00000000, unsigned long
0x20302030, unsigned long * 0x08d5ddf8) line 1751 + 12 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d5ddf8) line 742 NK!

first chance exception in ndis.dll

(0xC0000005: illegal instruction)

****************************************************************************
***************************************************

CRASH 2:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08d54e48) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08d54e48, region * * 0x00000030) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d54e48) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08d54e48, unsigned long 0x00000030, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d54e48) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

NDIS!NdisAllocateMemory(void * * 0x00000000, unsigned int 0x20302030,
unsigned int 0x08d54e48, _LARGE_INTEGER {…}) line 165

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned>
long 0x08d54e48) line 742

PASSTHRU!KNEWZ(int 0x0000005c) line 45

PASSTHRU!fast_timer_new(unsigned long * 0x00d54bfc, int 0x00000320, unsigned
int 0x00000002, void (unsigned long, void *)* 0x010e958c
marp_timer_callback(unsigned long, void *), void * 0x00d54bfc) line 108 + 8
bytes

PASSTHRU!marp_timer_new(marp_timer * 0x00d54bfc, int 0x00000320, unsigned
int 0x00000002, void (marp_timer *, void *)* 0x010e6a8c
marp_rreq_record_cb(marp_timer *, void *), void * 0x00d54bf0) line 49 + 28
bytes

PASSTHRU!marp_rreq_record_insert(unsigned char * 0x00d5331c, unsigned int
0x00000006) line 716

PASSTHRU!marp_rreq_process_start(marp_os_buf * 0x00d53e30, marp_rreq *
0x00d532d0) line 1218

PASSTHRU!marp_rreq_process(marp_os_buf * 0x00d53e30) line 331 + 12 bytes
PASSTHRU!marp_process_packet(marp_os_buf * 0x00d53e30) line 347

PASSTHRU!marp_process_event() line 346

PASSTHRU!marp_thread() line 398

first chance exception in ndis.dll

(0xC0000005: Access Violation)

****************************************************************************
***********************************************************

CRASH 3:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08beb3a8) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08beb3a8, region * * 0x00000060) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08beb3a8) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08beb3a8, unsigned long 0x00000060, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08beb3a8) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

WZCSVC!MIDL_user_allocate(unsigned int 0x00000000) line 33 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08beb3a8) line 742

first chance exception in ndis.dll

(0xC0000005: Access Violation)

****************************************************************************
**************************************************

CRASH 4:
COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08d4df58) line 841 + 8 bytes

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08d4df58, region * * 0x00000020) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d4df58) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08d4df58, unsigned long 0x00000020, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d4df58) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

NDIS!NdisAllocateMemory(void * * 0x00000000, unsigned int 0x20302030,
unsigned int 0x08d4df58, _LARGE_INTEGER {…}) line 165

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08d4df58) line 742

PASSTHRU!marp_copy_ndis_packet_add_marp_hdr(_NDIS_PACKET * 0x00bb01a4,
_NDIS_PACKET * 0x00051afc, _BINDING * 0x00a9e3b0) line 277 + 20 bytes

PASSTHRU!MiniportSendPackets(void * 0x00a9e3b0, _NDIS_PACKET * * 0x0862f7e8,
unsigned int 0x00000001) line 335

NDIS!ndisMSendX(void * 0x00000000, _NDIS_PACKET * 0x20302030)

first chance exception in ndis.dll

(0xC0000005: Access Violation)

****************************************************************************
************************************************************

CRASH 5:

COREDLL!FindFreeItemInRegion(void * 0x00000000, region * 0x20302030, int
0x08bc4ed8) line 841 + 8 bytes>

COREDLL!FindFreeItem(void * 0x00000000, heap * 0x20302030, unsigned long
0x08bc4ed8, region * * 0x00000020) line 921 + 16 bytes

COREDLL!Int_HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08bc4ed8) line 1256 + 20 bytes

LMEMDEBUG!HeapAllocTrace(void * 0x00000000, unsigned long 0x20302030,
unsigned long 0x08bc4ed8, unsigned long 0x00000020, char * 0x00000000) line
721 + 4 bytes

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08bc4ed8) line 742

COREDLL!LocalAlloc(unsigned int 0x00000000, unsigned int 0x20302030) line
197

NDIS!NdisAllocateMemory(void * * 0x00000000, unsigned int 0x20302030,
unsigned int 0x08bc4ed8, _LARGE_INTEGER {…}) line 165

LMEMDEBUG!HeapAlloc(void * 0x00000000, unsigned long 0x20302030, unsigned
long 0x08bc4ed8) line 742

PASSTHRU!KNEWZ(int 0x0000000c) line 45

PASSTHRU!fast_timer_set(unsigned long 0x00bc8d00, int 0x00000802) line 233 +
8 bytes

PASSTHRU!marp_timer_set(marp_timer * 0x00bbfff0, int 0x00000802) line 141

PASSTHRU!marp_neighbor_add(marp_os_buf * 0x00bcabb0, unsigned char *
0x00bcaae4, unsigned int 0x00000007) line 211

PASSTHRU!marp_hello_process(marp_os_buf * 0x00bcabb0) line 263

PASSTHRU!marp_rrep_process(marp_os_buf * 0x00bcabb0) line 279

PASSTHRU!marp_process_packet(marp_os_buf * 0x00bcabb0) line 353

PASSTHRU!marp_process_event() line 346

PASSTHRU!marp_thread() line 398

COREDLL!ThreadBaseFunc(void * 0x00000000, unsigned long 0x20302030) line 419

first chance exception in ndis.dll

(0xC0000005: Access Violation)

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@upek.com
To unsubscribe send a blank email to xxxxx@lists.osr.com