Re: Query Regarding Fltmgr.sys ?
- From: Mark Roddy <markr@xxxxxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 11:13:07 -0400
Sharanabasappa Biradar wrote:
Hi,
I removed our filter driver from the service, I checked with Device tree, Device tree is not showing our driver in the system . I ran the service,system crash with bug check c2. I am giving windbg information here, if anything concludes from the following information please suggest me.
Thanks in Advance,
The call stack look like this,
Now try again with the correct symbols. ".symfix " usually does it.
Have you run with driver verifier turned on for your filter driver?
kd> !analyze -v;lmtn.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000121a, (reserved)
Arg3: 04250422, Memory contents of the pool block
Arg4: e145fee0, Address of the block of pool being deallocated
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_HEADER ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES ***
*** ***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
POOL_ADDRESS: e145fee0
BUGCHECK_STR: 0xc2_7
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from 808927bb to 80827c63
STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong.
f5afc8bc 808927bb 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b
f5afc924 f72509c9 e145fee0 6e664d46 f5afc940 nt!ExFreePoolWithTag+0x477
f5afc934 f7250a0b e145ff0c f5afc958 f7250c8d fltmgr!FltDeletePushLock+0x197
f5afc940 f7250c8d e145ff0c 85797000 85895120 fltmgr!FltReleaseFileNameInformation+0x1d
f5afc958 f7250cb5 00000000 85895134 ffffffff fltmgr!FltReleaseFileNameInformation+0x29f
f5afc974 f7250ce3 85ac0c18 00000000 85895134 fltmgr!FltReleaseFileNameInformation+0x2c7
f5afc98c f723bea3 85895120 85ac0c18 c000003a fltmgr!FltReleaseFileNameInformation+0x2f5
f5afc9a8 f723e451 85801d68 00000000 00000000 fltmgr!FltRequestOperationStatusCallback+0x8ed
f5afc9c0 f723ebb9 85801d68 00000000 85ae47a8 fltmgr!FltGetIrpName+0xa09
f5afc9e8 f724c5de f5afca08 c000003a 00000000 fltmgr!FltGetIrpName+0x1171
f5afca24 8081df65 8587e688 85ae47a8 85ae47a8 fltmgr!FltProcessFileLock+0x220c
f5afca38 808f8f71 8585d028 85b064e8 00000000 nt!IofCallDriver+0x45
f5afcb20 808f93b8 8587e688 00000000 858e17b0 nt!NtWriteFile+0x647d
f5afcb58 809374b1 8585d028 00000000 858e17b0 nt!NtWriteFile+0x68c4
f5afcbd8 80933a76 000007e8 f5afcc18 00000040 nt!NtMakePermanentObject+0x97f
f5afcc2c 808eae25 00000000 00000000 00000001 nt!ObOpenObjectByName+0xea
f5afcca8 808ec0bf 0012f418 00100001 0012f3d0 nt!IoCreateController+0x507
f5afcd04 808efc4f 0012f418 00100001 0012f3d0 nt!IoCreateFile+0xa3
f5afcd44 8088978c 0012f418 00100001 0012f3d0 nt!NtOpenFile+0x27
f5afcd64 7c8285ec badb0d00 0012f3ac 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb64
0012f698 00000000 00000000 00000000 00000000 0x7c8285ec
FOLLOWUP_IP: fltmgr!FltDeletePushLock+197
f72509c9 5d pop ebp
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: fltmgr!FltDeletePushLock+197
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 45d697cc
STACK_COMMAND: kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
start end module name
80800000 80a56000 nt ntkrpamp.exe Sat Feb 17 05:48:00 2007 (45D69710)
80a56000 80a82000 hal halmacpi.dll Sat Feb 17 05:48:26 2007 (45D6972A)
bf800000 bf9cf000 win32k win32k.sys Sat Feb 17 06:31:05 2007 (45D6A129)
bf9cf000 bf9e6000 dxg dxg.sys Sat Feb 17 06:14:39 2007 (45D69D4F)
bff40000 bff48000 framebuf framebuf.dll Tue Mar 25 09:46:25 2003 (3E802571)
f5d2d000 f5d58000 RDPWD RDPWD.SYS Sat Feb 17 05:44:38 2007 (45D69646)
f5e10000 f5e1b000 TDTCP TDTCP.SYS Sat Feb 17 05:44:32 2007 (45D69640)
f609c000 f609f100 vstor2_p2v30 vstor2-p2v30.sys Fri Apr 20 01:22:55 2007 (462807DF)
f6528000 f6552000 Fastfat Fastfat.SYS Sat Feb 17 06:27:55 2007 (45D6A06B)
f666a000 f66c7000 srv srv.sys Sat Feb 17 06:27:20 2007 (45D6A048)
f69bf000 f69df000 RepliStor RepliStor.sys Thu Jun 15 11:40:53 2006 (44913935)
f6b47000 f6b5c000 Cdfs Cdfs.SYS Sat Feb 17 06:27:08 2007 (45D6A03C)
f6b84000 f6b95000 Fips Fips.SYS Sat Feb 17 06:26:33 2007 (45D6A019)
f6b95000 f6c0b000 mrxsmb mrxsmb.sys Sat Feb 17 06:28:15 2007 (45D6A07F)
f6c0b000 f6c3b000 rdbss rdbss.sys Sat Feb 17 06:27:37 2007 (45D6A059)
f6cdb000 f6d05000 afd afd.sys Sat Feb 17 06:28:16 2007 (45D6A080)
f6d05000 f6d36000 netbt netbt.sys Sat Feb 17 06:28:57 2007 (45D6A0A9)
f6d36000 f6dc6000 tcpip tcpip.sys Sat Feb 17 06:28:05 2007 (45D6A075)
f6dc6000 f6ddf000 ipsec ipsec.sys Sat Feb 17 06:29:28 2007 (45D6A0C8)
f6e27000 f6e3c000 usbhub usbhub.sys Sat Feb 17 06:13:05 2007 (45D69CF1)
f6e53000 f6e9d000 update update.sys Sat Feb 17 06:28:59 2007 (45D6A0AB)
f6ead000 f6eaf760 dump_vmscsi dump_vmscsi.sys Wed Feb 18 18:23:31 2004 (4033ADA3)
f6ec5000 f6efc000 rdpdr rdpdr.sys Sat Feb 17 05:51:00 2007 (45D697C4)
f6f7c000 f6f86000 Dxapi Dxapi.sys Tue Mar 25 07:06:01 2003 (3E7FFFD9)
f6f8c000 f6f96000 dump_diskdump dump_diskdump.sys Sat Feb 17 06:07:44 2007 (45D69BB0)
f6f9c000 f6fae000 raspptp raspptp.sys Sat Feb 17 06:29:20 2007 (45D6A0C0)
f6fae000 f6fc7000 ndiswan ndiswan.sys Sat Feb 17 06:29:22 2007 (45D6A0C2)
f6fc7000 f6fdb000 rasl2tp rasl2tp.sys Sat Feb 17 06:29:02 2007 (45D6A0AE)
f6fdb000 f6ff7000 VIDEOPRT VIDEOPRT.SYS Sat Feb 17 06:10:30 2007 (45D69C56)
f6ff7000 f7021000 USBPORT USBPORT.SYS Sat Feb 17 06:12:59 2007 (45D69CEB)
f7021000 f7048000 ks ks.sys Sat Feb 17 06:30:40 2007 (45D6A110)
f7048000 f705c000 redbook redbook.sys Sat Feb 17 06:07:26 2007 (45D69B9E)
f705c000 f7071000 cdrom cdrom.sys Sat Feb 17 06:07:48 2007 (45D69BB4)
f7071000 f7086000 serial serial.sys Sat Feb 17 06:06:46 2007 (45D69B76)
f7086000 f709e000 parport parport.sys Sat Feb 17 06:06:42 2007 (45D69B72)
f709e000 f70b1000 i8042prt i8042prt.sys Sat Feb 17 06:30:40 2007 (45D6A110)
f7121000 f7140000 Mup Mup.sys Sat Feb 17 06:27:41 2007 (45D6A05D)
f7140000 f717f000 NDIS NDIS.sys Sat Feb 17 06:28:49 2007 (45D6A0A1)
f717f000 f7214000 Ntfs Ntfs.sys Sat Feb 17 06:27:23 2007 (45D6A04B)
f7214000 f723a000 KSecDD KSecDD.sys Sat Feb 17 05:46:32 2007 (45D696B8)
f723a000 f725f000 fltmgr fltmgr.sys Sat Feb 17 05:51:08 2007 (45D697CC)
f725f000 f7272000 CLASSPNP CLASSPNP.SYS Sat Feb 17 06:28:16 2007 (45D6A080)
f7272000 f7283000 symmpi symmpi.sys Mon Dec 13 21:03:14 2004 (41BE0392)
f7283000 f72a2000 SCSIPORT SCSIPORT.SYS Sat Feb 17 06:28:41 2007 (45D6A099)
f72a2000 f72bf000 atapi atapi.sys Sat Feb 17 06:07:34 2007 (45D69BA6)
f72bf000 f72e9000 volsnap volsnap.sys Sat Feb 17 06:08:23 2007 (45D69BD7)
f72e9000 f7315000 dmio dmio.sys Sat Feb 17 06:10:44 2007 (45D69C64)
f7315000 f733c000 ftdisk ftdisk.sys Sat Feb 17 06:08:05 2007 (45D69BC5)
f733c000 f7352000 pci pci.sys Sat Feb 17 05:59:03 2007 (45D699A7)
f7352000 f7386000 ACPI ACPI.sys Sat Feb 17 05:58:47 2007 (45D69997)
f7487000 f7490000 WMILIB WMILIB.SYS Tue Mar 25 07:13:00 2003 (3E80017C)
f7497000 f74a6000 isapnp isapnp.sys Sat Feb 17 05:58:57 2007 (45D699A1)
f74a7000 f74b4000 PCIIDEX PCIIDEX.SYS Sat Feb 17 06:07:32 2007 (45D69BA4)
f74b7000 f74c7000 MountMgr MountMgr.sys Sat Feb 17 06:05:35 2007 (45D69B2F)
f74c7000 f74d2000 PartMgr PartMgr.sys Sat Feb 17 06:29:25 2007 (45D6A0C5)
f74d7000 f74e7000 disk disk.sys Sat Feb 17 06:07:51 2007 (45D69BB7)
f74e7000 f74f3000 Dfs Dfs.sys Sat Feb 17 05:51:17 2007 (45D697D5)
f74f7000 f7501000 crcdisk crcdisk.sys Sat Feb 17 06:09:50 2007 (45D69C2E)
f7507000 f7517000 agp440 agp440.sys Sat Feb 17 05:58:53 2007 (45D6999D)
f7517000 f7524000 Npfs Npfs.SYS Sat Feb 17 05:50:36 2007 (45D697AC)
f7527000 f7535000 msgpc msgpc.sys Sat Feb 17 05:58:37 2007 (45D6998D)
f7537000 f7544000 wanarp wanarp.sys Sat Feb 17 05:59:17 2007 (45D699B5)
f7547000 f7554000 netbios netbios.sys Sat Feb 17 05:58:29 2007 (45D69985)
f7587000 f7591000 ndisuio ndisuio.sys Sat Feb 17 05:58:25 2007 (45D69981)
f75c7000 f75d6000 intelppm intelppm.sys Sat Feb 17 05:48:30 2007 (45D6972E)
f75d7000 f75e2000 kbdclass kbdclass.sys Sat Feb 17 06:05:39 2007 (45D69B33)
f75e7000 f75f1000 mouclass mouclass.sys Tue Mar 25 07:03:09 2003 (3E7FFF2D)
f75f7000 f7601000 serenum serenum.sys Sat Feb 17 06:06:44 2007 (45D69B74)
f7607000 f7612000 fdc fdc.sys Sat Feb 17 06:07:16 2007 (45D69B94)
f7617000 f7623000 vgapnp vgapnp.sys Sat Feb 17 06:10:30 2007 (45D69C56)
f7627000 f7630000 watchdog watchdog.sys Sat Feb 17 06:11:45 2007 (45D69CA1)
f7637000 f763fa00 pcntpci5 pcntpci5.sys Tue Jun 05 20:54:43 2001 (3B1D3903)
f7647000 f7650000 ndistapi ndistapi.sys Sat Feb 17 05:59:19 2007 (45D699B7)
f7657000 f7666000 raspppoe raspppoe.sys Sat Feb 17 05:59:23 2007 (45D699BB)
f7667000 f7672000 TDI TDI.SYS Sat Feb 17 06:01:19 2007 (45D69A2F)
f7677000 f7682000 ptilink ptilink.sys Sat Feb 17 06:06:38 2007 (45D69B6E)
f7687000 f7690000 raspti raspti.sys Sat Feb 17 05:59:23 2007 (45D699BB)
f7697000 f76a6000 termdd termdd.sys Sat Feb 17 05:44:32 2007 (45D69640)
f76a7000 f76b0000 mssmbios mssmbios.sys Sat Feb 17 05:59:12 2007 (45D699B0)
f76b7000 f76c5000 NDProxy NDProxy.SYS Sat Feb 17 05:59:21 2007 (45D699B9)
f76d7000 f76e1000 flpydisk flpydisk.sys Tue Mar 25 07:04:32 2003 (3E7FFF80)
f76f7000 f7702000 Msfs Msfs.SYS Sat Feb 17 05:50:33 2007 (45D697A9)
f7707000 f770f000 kdcom kdcom.dll Tue Mar 25 07:08:00 2003 (3E800050)
f770f000 f7717000 BOOTVID BOOTVID.dll Tue Mar 25 07:07:58 2003 (3E80004E)
f7717000 f771e000 PCIIde PCIIde.sys Tue Mar 25 07:04:46 2003 (3E7FFF8E)
f771f000 f7726000 intelide intelide.sys Sat Feb 17 06:07:32 2007 (45D69BA4)
f7727000 f772e000 dmload dmload.sys Tue Mar 25 07:08:08 2003 (3E800058)
f772f000 f7737000 cpqarry2 cpqarry2.sys Sat Dec 07 03:36:59 2002 (3DF16CDB)
f7737000 f773b080 cpqcissm cpqcissm.sys Fri Dec 10 18:19:51 2004 (41B9E8C7)
f77cf000 f77d4180 usbuhci usbuhci.sys Sat Feb 17 06:13:02 2007 (45D69CEE)
f77d7000 f77df000 audstub audstub.sys Tue Mar 25 07:09:12 2003 (3E800098)
f77df000 f77e7000 Fs_Rec Fs_Rec.SYS Tue Mar 25 07:08:36 2003 (3E800074)
f77e7000 f77ee000 Null Null.SYS Tue Mar 25 07:03:05 2003 (3E7FFF29)
f77ef000 f77f6000 Beep Beep.SYS Tue Mar 25 07:03:04 2003 (3E7FFF28)
f77f7000 f77ff000 mnmdd mnmdd.SYS Tue Mar 25 07:07:53 2003 (3E800049)
f77ff000 f7807000 RDPCDD RDPCDD.sys Tue Mar 25 07:03:05 2003 (3E7FFF29)
f7807000 f780f000 rasacd rasacd.sys Tue Mar 25 07:11:50 2003 (3E800136)
f7827000 f782e000 dxgthk dxgthk.sys Tue Mar 25 07:05:52 2003 (3E7FFFD0)
f785f000 f7864620 VncTransport VncTransport.sys Wed Apr 05 18:37:08 2006 (44340044)
f7887000 f788e000 parvdm parvdm.sys Tue Mar 25 07:03:49 2003 (3E7FFF55)
f788f000 f7897000 OPRGHDLR OPRGHDLR.SYS Tue Mar 25 07:16:25 2003 (3E800249)
f7897000 f7899980 compbatt compbatt.sys Sat Feb 17 05:58:51 2007 (45D6999B)
f789b000 f789e900 BATTC BATTC.SYS Sat Feb 17 05:58:46 2007 (45D69996)
f789f000 f78a1760 vmscsi vmscsi.sys Wed Feb 18 18:23:31 2004 (4033ADA3)
f797f000 f7982700 CmBatt CmBatt.sys Sat Feb 17 05:58:51 2007 (45D6999B)
f79a5000 f79a6280 swenum swenum.sys Sat Feb 17 06:05:56 2007 (45D69B44)
f79ab000 f79ac580 USBD USBD.SYS Tue Mar 25 07:10:39 2003 (3E8000EF)
Unloaded modules:
f7817000 f781e000 OBJINFO.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f66d3000 f6717000 cpqasm2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f68f1000 f6947000 wlbs.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7557000 f7565000 imapi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f76e7000 f76f3000 vga.sys Timestamp: unavailable (00000000)
Checksum: 00000000
Regards
Sharan
"Mark Roddy" wrote:
Sharanabasappa Biradar wrote:I turned on Driver verifier and started "service" , The crash occurs and system restart with bug_check_id 0xC2.
The call stack shows "Fltmgr.sys" and our driver doesn't prasent in the call stack.
When I Check with loaded module(lmtn in windbg), our driver is not loaded.
I restarted the m/c and Driver verifier is turned on and start the Dbgview ,The system crashes automatically without starting the "service".
New Code Is Crappy Code.
fltmgr.sys works fine on w2k3 sp1. Your driver is very likely causing the problem. If you need convincing, clean install a w2k3 system without your driver installed and test to make sure that does not crash. Then add your driver and observe system malfunctions.
Bugcheck 0xc2 is Bad Pool Caller, the actual output from windbg !analyze -v will indicate just what sort of bad pool caller you have. Generally for help with system crashes you need to include the output from windbg's !analyze -v command here.
- References:
- Re: Query Regarding Fltmgr.sys ?
- From: Don Burn
- Re: Query Regarding Fltmgr.sys ?
- From: Sharanabasappa Biradar
- Re: Query Regarding Fltmgr.sys ?
- From: Mark Roddy
- Re: Query Regarding Fltmgr.sys ?
- From: Sharanabasappa Biradar
- Re: Query Regarding Fltmgr.sys ?
- Prev by Date: Re: analyse blue screen data - help!!!!
- Next by Date: Re: Disable Device is persisted, but where?
- Previous by thread: Re: Query Regarding Fltmgr.sys ?
- Next by thread: Re: ExAllocatePoolWithTag / ExFreePoolWithTag failure
- Index(es):
Relevant Pages
|
