Issue: System crash randomly even if my driver is not running
Scenario: I developed a file system driver for removable disk and is wroking fine. But after stoping the driver and even the device removed and no activities related with driver is doing, system may crash randomly and following is crash dumb analyze report:
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 786674ae, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 955134a3, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 786674ae
CURRENT_IRQL: 2
FAULTING_IP:
rdbss!RxClearMinirdrCancelRoutine+1c
955134a3 8731 xchg esi,dword ptr [ecx]
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: bd855ae0 – (.trap 0xffffffffbd855ae0)
ErrCode = 00000002
eax=00000002 ebx=8a3175b8 ecx=786674ae edx=875719c0 esi=00000000 edi=955245f8
eip=955134a3 esp=bd855b54 ebp=bd855b5c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
rdbss!RxClearMinirdrCancelRoutine+0x1c:
955134a3 8731 xchg esi,dword ptr [ecx] ds:0023:786674ae=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 955134a3 to 8748281b
STACK_TEXT:
bd855ae0 955134a3 badb0d00 875719c0 89ff46d4 nt!KiTrap0E+0x2cf
bd855b5c 96e0a776 7866744e 8a52a24c bd855bc8 rdbss!RxClearMinirdrCancelRoutine+0x1c
WARNING: Stack unwind information not available. Following frames may be wrong.
bd855b70 96e1047f 8a52a24c 00000004 00000000 mrxsmb!VctMarkConnectionForLargeMtu+0x39a
bd855b9c 96e048b6 bd855bc8 00840745 8a634ec0 mrxsmb!SmbCeFreeExchangeBuffer+0xd8
bd855bd4 96e0eadc 8a634ec0 00000004 00000000 mrxsmb!SmbCeResumeSuspendedExchangesLite+0x71
bd855bf8 96e0ecba 8a634e68 c00000c9 bd855c18 mrxsmb!SmbCeDereferenceNetRootEntry+0xcd
bd855c08 96e0ecfa 8a634e68 8a634e68 bd855c2c mrxsmb!MRxSmbFinalizeVNetRoot+0x72
bd855c18 96e0ed42 8a634e68 8a634e68 8a5d44c8 mrxsmb!MRxSmbFinalizeVNetRoot+0xb2
bd855c2c 96e0ec90 8a634e68 8a5d44c8 00000000 mrxsmb!MRxSmbFinalizeVNetRoot+0xfa
bd855c44 96e01910 8a5d44c8 00000000 8a5d44c8 mrxsmb!MRxSmbFinalizeVNetRoot+0x48
bd855c58 9551364f 8a5d44c8 00000000 95524000 mrxsmb!MRxSmbGetConfigurationBlock+0x3b6
bd855c70 955282df 8a5d44c8 95524000 8e139afc rdbss!RxMRxFinalizeVNetRoot+0x64
bd855c8c 95526a93 8a66f468 00000001 00000001 rdbss!RxFinalizeVNetRoot+0xc3
bd855cc4 95526c80 8e1396b8 00000001 8cdcb690 rdbss!RxScavengerFinalizeEntries+0x535
bd855ce4 95512143 001396b8 28d71a41 00000000 rdbss!RxScavengerTimerRoutine+0x6a
bd855d40 955280fc 95524ec0 95525120 bd855d90 rdbss!RxpWorkerThreadDispatcher+0x13e
bd855d50 8764a9df 95524ec0 9235b22d 00000000 rdbss!RxWorkerThreadDispatcher+0x1a
bd855d90 874fc1d9 955280e2 95524ec0 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
rdbss!RxClearMinirdrCancelRoutine+1c
955134a3 8731 xchg esi,dword ptr [ecx]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: rdbss!RxClearMinirdrCancelRoutine+1c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdbss
IMAGE_NAME: rdbss.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbfd2
FAILURE_BUCKET_ID: 0xD1_rdbss!RxClearMinirdrCancelRoutine+1c
BUCKET_ID: 0xD1_rdbss!RxClearMinirdrCancelRoutine+1c
Followup: MachineOwner