EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Bugcheck in cbfs3.sys

Posted: 07/14/2010 20:14:07
by Mridul Pentapalli (Standard support level)
Joined: 11/30/2009
Posts: 26


We are developing a background application that receives incoming device notifications, and for each device detected creates a CBFS virtual disk.

We have intermittent BSODs that point to CBFS. Here's what we have:

1. If the application is started manually & the devices are connected later, then the drive letter shows up as expected & everything works fine.
2. If the application is set up to start on boot with the 'Run' registry key, and the devices are connected when the system boots, there is a 20 - 50% chance that it BSODs immediately.

All the bugchecks reported are on a x64 machine (Vista, Win 7). Our application is a 32bit application.


The callstack from !analyze -v reports:

0: kd> k
Child-SP          RetAddr           Call Site
fffffa60`06b0e448 fffff800`01f02ada nt!KeBugCheckEx
fffffa60`06b0e450 fffff800`01ea1059 nt! ?? ::FNODOBFM::`string'+0x2c465
fffffa60`06b0e530 fffff800`020dfee4 nt!KiPageFault+0x119
fffffa60`06b0e6c8 fffff800`020bcc4a nt!RtlCompareUnicodeStrings+0x44
fffffa60`06b0e6d0 fffffa60`02b95968 nt!RtlCompareUnicodeString+0x26
fffffa60`06b0e710 fffffa60`02b94eb1 cbfs3+0x43968
fffffa60`06b0e830 fffffa60`02b9506e cbfs3+0x42eb1
fffffa60`06b0e8e0 fffffa60`02b94be0 cbfs3+0x4306e
fffffa60`06b0e980 fffffa60`02b55e95 cbfs3+0x42be0
fffffa60`06b0e9b0 fffffa60`02b531b6 cbfs3+0x3e95
fffffa60`06b0e9e0 fffff800`0210573e cbfs3+0x11b6
fffffa60`06b0ea10 fffff800`0210e1a6 nt!IopXxxControlFile+0x5be
fffffa60`06b0eb40 fffff800`01ea1f73 nt!NtDeviceIoControlFile+0x56
fffffa60`06b0ebb0 00000000`7562385e nt!KiSystemServiceCopyEnd+0x13
00000000`058aed98 00000000`7563ab46 wow64cpu!DeviceIoctlFileFault+0x35
00000000`058aee80 00000000`7563a14c wow64!RunCpuSimulation+0xa
00000000`058aeeb0 00000000`774205a8 wow64!Wow64LdrpInitialize+0x4b4
00000000`058af410 00000000`773d68de ntdll! ?? ::FNODOBFM::`string'+0x20aa1
00000000`058af4c0 00000000`00000000 ntdll!LdrInitializeThunk+0xe
0: kd> !sw
Switched to 32bit mode
0: kd:x86> k
ChildEBP          RetAddr          
059af51c 76eaf13f ntdll_77570000!ZwDeviceIoControlFile+0x15
059af57c 04a03a62 KERNEL32!DeviceIoControl+0x14a
WARNING: Stack unwind information not available. Following frames may be wrong.
059af5b0 04a01245 CBFSNet+0x13a62
00000000 00000000 CBFSNet+0x11245

If you need the memory dumps, I have 2 complete memory dumps that I can send to you.

Posted: 07/15/2010 00:52:13
by Eugene Mayevski (Team)

Please assign the license ticket to your user account before we continue. The ticket itself and the procedure of it's use are specified in the registration e-mail that was sent to you upon license purchase.

Then, yes, it would be great if you could put the dumps somewhere - either on the web server or to some service such as rapidshare.com or depositfiles.com and send us the links via HelpDesk.We will download the dumps and analyze them.

Sincerely yours
Eugene Mayevski
Posted: 07/15/2010 00:52:24
by Volodymyr Zinin (Team)

Hello Mridul,

Yes, please send us the crash dumps first.If it's possible set in the system to generate the _kernel_ type of dumps (not minidump) and give me such one.
Posted: 07/19/2010 14:58:08
by Mridul Pentapalli (Standard support level)
Joined: 11/30/2009
Posts: 26


Sorry for the delay. I was on a break.

The dumps are listed here:


Posted: 08/02/2010 08:51:22
by Mridul Pentapalli (Standard support level)
Joined: 11/30/2009
Posts: 26


You mentioned that you had found & fixed the bug that caused the BSOD. I think you also mentioned that you could not reproduce the error.

Is it possible for us to have a pre-release/beta of the current build so that we can confirm that the BSOD does not occur?

Posted: 08/03/2010 03:19:58
by Volodymyr Zinin (Team)



Topic viewed 4189 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!