Re: BugCheck 0xA when verifier enabled

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Eliyas Yakub [MSFT]" <eliyasy@xxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 16 Sep 2007 11:39:16 -0700

---

This crash can happen either the driver messes with Irp->AllocationFlags or frees the Irp using ExFreePool function instead of IoFreeIrp.

-Eliyas


"KS" <wakeup@xxxxxxxxxxxxxxxx> wrote in message news:Okq97%2379HHA.4784@xxxxxxxxxxxxxxxxxxxxxxx

Here's my !analyze dump. Thanks for helping.
Please let me know if you need more info from me.

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000140, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ebfd9, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000140

CURRENT_IRQL: 2

FAULTING_IP:
nt!PsReturnProcessNonPagedPoolQuota+19
804ebfd9 8bb040010000 mov esi,dword ptr [eax+140h]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: wuauclt.exe

TRAP_FRAME: ed7889a4 -- (.trap 0xffffffffed7889a4)
ErrCode = 00000000
eax=00000000 ebx=87bfeeb8 ecx=85f93118 edx=00000000 esi=85f93118 edi=ed788a77
eip=804ebfd9 esp=ed788a18 ebp=ed788a38 iopl=0 nv up ei pl nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010207
nt!PsReturnProcessNonPagedPoolQuota+0x19:
804ebfd9 8bb040010000 mov esi,dword ptr [eax+140h] ds:0023:00000140=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 804ebfd9 to 804e2158

STACK_TEXT:
ed7889a4 804ebfd9 badb0d00 00000000 00000000 nt!KiTrap0E+0x233
ed788a38 806717e8 00000000 00000000 87bfeec8 nt!PsReturnProcessNonPagedPoolQuota+0x19
ed788a5c 8066a208 87bfeeb8 861d12e0 ed788b50 nt!VerifierIoFreeIrp+0x109
ed788a6c 80570ff8 87bfeeb8 863828e8 85ba225c nt!IovFreeIrpPrivate+0x41
ed788b50 8056386c 86382900 00000000 85ba21b8 nt!IopParseDevice+0xae0
ed788bd8 80567c63 00000000 ed788c18 00000040 nt!ObpLookupObjectName+0x56a
ed788c2c 80571477 00000000 00000000 98d95801 nt!ObOpenObjectByName+0xeb
ed788ca8 80571546 0007e0fc 00100080 0007e0c8 nt!IopCreateFile+0x407
ed788d04 8057160e 0007e0fc 00100080 0007e0c8 nt!IoCreateFile+0x8e
ed788d44 804df06b 0007e0fc 00100080 0007e0c8 nt!NtOpenFile+0x27
ed788d44 7c90eb94 0007e0fc 00100080 0007e0c8 nt!KiFastCallEntry+0xf8
0007e094 7c90dd09 7c82481e 0007e0fc 00100080 ntdll!KiFastSystemCallRet
0007e098 7c82481e 0007e0fc 00100080 0007e0c8 ntdll!NtOpenFile+0xc
0007e30c 7c8255bd 000ba230 000bf200 00002000 kernel32!GetVolumeNameForRoot+0x11b
0007e334 7c833af9 000ba230 000bf200 00002000 kernel32!BasepGetVolumeNameForVolumeMountPoint+0xbd
0007e37c 7c833d28 00000001 000bac78 00000104 kernel32!GetVolumePathNameW+0x18a
0007e3d4 606b4923 0007e3f8 0007e4fc 00000104 kernel32!GetVolumePathNameA+0x7f
0007e604 606b4875 0007eab8 0007e654 00000000 ESENT!COSFileSystem::ErrPathRoot+0x55
0007e920 606b4aba 0007eab8 0007e98c 0080bbe0 ESENT!COSFileSystem::ErrFileAtomicWriteSize+0x38
0007ec80 606c77bd 0080b86c 0080b808 00000001 ESENT!COSFileSystem::ErrFileOpen+0x31e
0007f138 606c592f 0080b510 0007f164 00000000 ESENT!LOG::ErrLGCheckReadLastLogRecordFF+0x1e61
0007f6c0 606c333d 0080b510 00000000 0007f6fc ESENT!LOG::ErrLGSoftStart+0x641
0007fa4c 606c3b7e 0080ae88 00000000 10000000 ESENT!ErrIsamInit+0x1ca
0007fb74 606c3afe 0080ae88 00000000 00000000 ESENT!ErrInit+0x99
0007fb9c 606c3a30 00000000 00000000 00000000 ESENT!ErrInitComplete+0xa5
0007fbc4 606c398d 0080ae88 00000000 00000000 ESENT!JetInitEx+0xc4
0007fc04 606c3966 0007fc38 00000000 0007fc3c ESENT!JetInit2+0x1e
0007fc14 500592dc 0007fc38 00000000 00000000 ESENT!JetInit+0xf
0007fc3c 500590b7 000b9fb4 00000001 000b9ef4 wuaueng!CSusDatastore::InitializeEse+0xb7
0007fc84 50058f97 00000001 0007fe30 00000000 wuaueng!CSusDatastore::CreateStore+0x4e
0007fdb8 50058e62 000b9ef4 00000001 0007fe30 wuaueng!CSusDatastore::Init+0x28c
0007fdd8 50048097 00000000 00000000 50040000 wuaueng!CSusDatastoreWrap::CreateStoreObject+0x12f
0007fe1c 50064674 00000108 00000000 00000108 wuaueng!CSusDatastoreWrap::RunComServer+0xd3
0007fea0 00408654 00000108 004140c8 00000001 wuaueng!DSRunStoreAsComServer+0x11d
0007febc 0040b8dd 000adb26 00000000 00020688 wuauclt!RunDatastoreAsComServer+0x7f
0007ff1c 0040bc6d 00400000 00000000 00020688 wuauclt!wWinMain+0x230
0007ffc0 7c816d4f 028dea2c 00000000 7ffda000 wuauclt!wWinMainCRTStartup+0x198
0007fff0 00000000 0040bad5 00000000 78746341 kernel32!BaseProcessStart+0x23


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!PsReturnProcessNonPagedPoolQuota+19
804ebfd9 8bb040010000 mov esi,dword ptr [eax+140h]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!PsReturnProcessNonPagedPoolQuota+19

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41108004

FAILURE_BUCKET_ID: 0xA_VRF_nt!PsReturnProcessNonPagedPoolQuota+19

BUCKET_ID: 0xA_VRF_nt!PsReturnProcessNonPagedPoolQuota+19

Followup: MachineOwner
---------

KS

"Eliyas Yakub [MSFT]" <eliyasy@xxxxxxxxxxxxxxxxxxxx> wrote in message news:21E3FD52-6824-45BD-BB75-C53537D3A56F@xxxxxxxxxxxxxxxx

Dump the output of !analyze -v.

--
- This posting is provided "AS IS" with no warranties, and confers no rights.


"KS" <wakeup@xxxxxxxxxxxxxxxx> wrote in message news:uz6kFcp9HHA.4476@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

I'm getting the same exact BSOD with the similar stack as what was describe in this mail thread at < http://www.developerfood.com/system-crash-after-driver-unload/microsoft-public-development-device-drivers/7958043b-e142-4109-86d3-44cb39ba3c89/article.aspx>

The issue do not occur at all when verifier is not enabled, and when it occurs, the stack trace does not point to my driver at all. May I know if there's anyone knows what is the possible cause by the driver that can cause this to happen? Thanks.
Here's my stack trace on the fault.

ed7889a4 804ebfd9 badb0d00 00000000 00000000 nt!KiTrap0E+0x233
ed788a38 806717e8 00000000 00000000 87bfeec8 nt!PsReturnProcessNonPagedPoolQuota+0x19
ed788a5c 8066a208 87bfeeb8 861d12e0 ed788b50 nt!VerifierIoFreeIrp+0x109
ed788a6c 80570ff8 87bfeeb8 863828e8 85ba225c nt!IovFreeIrpPrivate+0x41
ed788b50 8056386c 86382900 00000000 85ba21b8 nt!IopParseDevice+0xae0
ed788bd8 80567c63 00000000 ed788c18 00000040 nt!ObpLookupObjectName+0x56a
ed788c2c 80571477 00000000 00000000 98d95801 nt!ObOpenObjectByName+0xeb
ed788ca8 80571546 0007e0fc 00100080 0007e0c8 nt!IopCreateFile+0x407
ed788d04 8057160e 0007e0fc 00100080 0007e0c8 nt!IoCreateFile+0x8e
ed788d44 804df06b 0007e0fc 00100080 0007e0c8 nt!NtOpenFile+0x27
ed788d44 7c90eb94 0007e0fc 00100080 0007e0c8 nt!KiFastCallEntry+0xf8
0007e094 7c90dd09 7c82481e 0007e0fc 00100080 ntdll!KiFastSystemCallRet
0007e098 7c82481e 0007e0fc 00100080 0007e0c8 ntdll!NtOpenFile+0xc
0007e30c 7c8255bd 000ba230 000bf200 00002000 kernel32!GetVolumeNameForRoot+0x11b
0007e334 7c833af9 000ba230 000bf200 00002000 kernel32!BasepGetVolumeNameForVolumeMountPoint+0xbd
0007e37c 7c833d28 00000001 000bac78 00000104 kernel32!GetVolumePathNameW+0x18a
0007e3d4 606b4923 0007e3f8 0007e4fc 00000104 kernel32!GetVolumePathNameA+0x7f
0007e604 606b4875 0007eab8 0007e654 00000000 ESENT!COSFileSystem::ErrPathRoot+0x55
0007e920 606b4aba 0007eab8 0007e98c 0080bbe0 ESENT!COSFileSystem::ErrFileAtomicWriteSize+0x38
0007ec80 606c77bd 0080b86c 0080b808 00000001 ESENT!COSFileSystem::ErrFileOpen+0x31e
0007f138 606c592f 0080b510 0007f164 00000000 ESENT!LOG::ErrLGCheckReadLastLogRecordFF+0x1e61
0007f6c0 606c333d 0080b510 00000000 0007f6fc ESENT!LOG::ErrLGSoftStart+0x641
0007fa4c 606c3b7e 0080ae88 00000000 10000000 ESENT!ErrIsamInit+0x1ca
0007fb74 606c3afe 0080ae88 00000000 00000000 ESENT!ErrInit+0x99
0007fb9c 606c3a30 00000000 00000000 00000000 ESENT!ErrInitComplete+0xa5
0007fbc4 606c398d 0080ae88 00000000 00000000 ESENT!JetInitEx+0xc4
0007fc04 606c3966 0007fc38 00000000 0007fc3c ESENT!JetInit2+0x1e
0007fc14 500592dc 0007fc38 00000000 00000000 ESENT!JetInit+0xf
0007fc3c 500590b7 000b9fb4 00000001 000b9ef4 wuaueng!CSusDatastore::InitializeEse+0xb7
0007fc84 50058f97 00000001 0007fe30 00000000 wuaueng!CSusDatastore::CreateStore+0x4e
0007fdb8 50058e62 000b9ef4 00000001 0007fe30 wuaueng!CSusDatastore::Init+0x28c
0007fdd8 50048097 00000000 00000000 50040000 wuaueng!CSusDatastoreWrap::CreateStoreObject+0x12f
0007fe1c 50064674 00000108 00000000 00000108 wuaueng!CSusDatastoreWrap::RunComServer+0xd3
0007fea0 00408654 00000108 004140c8 00000001 wuaueng!DSRunStoreAsComServer+0x11d
0007febc 0040b8dd 000adb26 00000000 00020688 wuauclt!RunDatastoreAsComServer+0x7f
0007ff1c 0040bc6d 00400000 00000000 00020688 wuauclt!wWinMain+0x230
0007ffc0 7c816d4f 028dea2c 00000000 7ffda000 wuauclt!wWinMainCRTStartup+0x198
0007fff0 00000000 0040bad5 00000000 78746341 kernel32!BaseProcessStart+0x23

.

---

• Follow-Ups:
  • Re: BugCheck 0xA when verifier enabled
    • From: KS

• References:
  • BugCheck 0xA when verifier enabled
    • From: KS
  • Re: BugCheck 0xA when verifier enabled
    • From: Eliyas Yakub [MSFT]
  • Re: BugCheck 0xA when verifier enabled
    • From: KS

• Prev by Date: Re: Size of a Windows Executable.
• Next by Date: Re: movs instruction, DMA and memcpy
• Previous by thread: Re: BugCheck 0xA when verifier enabled
• Next by thread: Re: BugCheck 0xA when verifier enabled
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Segfault discovered, possibly due to DBI 1.45: FAIL for Perl 5.8.4/Linux/gcc/DBI 1.45/SQLite 1.0 ... No, sorry, the core files themselves are no use to me (without ... The Devel::CoreStack module may help you get a stack trace, ... For the DBI you can do that using "perl Makefile.PL -g". ... The driver might not provide a simple way to do that. ... (perl.dbi.users) Re: ZwClose in ndis minport driver crashing ... On Windows Vista, enabling the Driver Verifier Miscellaneous Checks will enable Handle Tracing for the System process. ... The stack trace history gets lost if the first Close happened a while back though - only the very recent traces are available. ... (microsoft.public.development.device.drivers) Re: BugCheck 0xA when verifier enabled ... IoFreeIrp and my problem is resolved. ... or frees the Irp using ExFreePool function instead of IoFreeIrp. ... the stack trace does not point to my driver at all. ... Here's my stack trace on the fault. ... (microsoft.public.development.device.drivers) Re: WLK: Rebalance test causes BSOD for my parent ... BSOD here too. ... But I got a stack trace as well and it seemed that it ... USB Driver bugcheck, first parameter is USB bugcheck code. ... (microsoft.public.development.device.drivers) Re: Finding the exact location of BSOD. ... Load the proper symbols for your driver to WinDbg ... Can anyone tell me how to convert "covpndrv+0x829" into the exact location ... a94cd829 8b888c000000 mov ecx,dword ptr ... (microsoft.public.development.device.drivers)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.development.device.drivers  > 2007-09