STATUS_DATATYPE_MISALIGNMENT question

Hi,
I have a memory dump generated by my test driver. Looks like
KeReleaseSemaphore triggered STATUS_DATATYPE_MISALIGNMENT exception. I have
no idea what may cause it. Any help is greatly appreciated!

This is from debugger -

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000047, The exception code that was not handled
Arg2: 8051d1b8, The address that the exception occurred at
Arg3: fafd07f4, Trap Frame
Arg4: 00000000

Debugging Details:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

EXCEPTION_CODE: c0000047

FAULTING_IP:
nt!IoSetFileOrigin+52c4
8051d1b8 e911c6fcff jmp nt!KeReleaseSemaphore+0x31 (804e97ce)

TRAP_FRAME: fafd07f4 – (.trap fffffffffafd07f4)
ESP EDITED! New esp=fafd0ba4
ErrCode = 00000000
eax=00000001 ebx=00000001 ecx=00000000 edx=00000000 esi=fc74e9a0
edi=00000002
eip=8051d1b8 esp=fafd0868 ebp=fafd0bb8 iopl=0 nv up ei pl zr na po
nc
cs=0000 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000246
nt!IoSetFileOrigin+52c4:
8051d1b8 e911c6fcff jmp nt!KeReleaseSemaphore+0x31 (804e97ce)
Resetting default context

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from fc74e3c2 to 8051d1b8

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
fafd0bb8 fc74e3c2 fc74e9a0 00000000 00000001 nt!IoSetFileOrigin+0x52c4
fafd0c08 fc74d1a5 812a78e0 8110fd00 00000004 Test!ProcessIoctl+0x1ec
fafd0c34 804e37f7 812a78e0 8110fd00 806f3760
Test!DispatchDeviceIoControlDispatch+0x183
fafd0c58 80579a8a 812a78e0 8110fd00 810c9298 nt!IofCallDriver+0x32
fafd0d00 8057bfa5 00000210 00000000 00000000
nt!IoCreateFileSpecifyDeviceObjectHint+0x347
fafd0d34 804de7ec 00000210 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
fafd0d64 7c90eb94 badb0d00 0103ea28 00000000 nt!ZwYieldExecution+0xb78
0103ea80 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
Test!ProcessIoctl+1ec
fc74e3c2 8b550c mov edx,[ebp+0xc]

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Test!ProcessIoctl+1ec

MODULE_NAME: Test

IMAGE_NAME: Test.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43960d76

STACK_COMMAND: .trap fffffffffafd07f4 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

8051d187 f1 ???
8051d188 e5fb in eax,fb
8051d18a ffe9 jmp ecx
8051d18c a0e1fdffff mov al,[fffffde1]
8051d191 7008 jo nt!IoSetFileOrigin+0x52a7 (8051d19b)
8051d193 6840145680 push 0x80561440
8051d198 53 push ebx
8051d199 50 push eax
8051d19a 6896000000 push 0x96
8051d19f e85f610100 call nt!KeBugCheckEx (80533303)
8051d1a4 e9766ffcff jmp nt!KeRemoveQueue+0x19d (804e411f)
8051d1a9 e8cee5fbff call nt!ExReleaseResourceLite+0x12c (804db77c)
8051d1ae 68470000c0 push 0xc0000047
8051d1b3 e82ef4fbff call nt!ExRaiseStatus (804dc5e6)
8051d1b8 e911c6fcff jmp nt!KeReleaseSemaphore+0x31 (804e97ce)
8051d1bd 64a124010000 mov eax,fs:[00000124]
8051d1c3 88485a mov [eax+0x5a],cl
8051d1c6 8a4dff mov cl,[ebp-0x1]
8051d1c9 884858 mov [eax+0x58],cl
8051d1cc e91ec6fcff jmp nt!KeReleaseSemaphore+0x52 (804e97ef)
8051d1d1 e938e2fdff jmp nt!wcsnicmp+0x153 (804fb40e)
8051d1d6 ff80a0010000 inc dword ptr [eax+0x1a0]
8051d1dc c60200 mov byte ptr [edx],0x0
8051d1df c60100 mov byte ptr [ecx],0x0
8051d1e2 8d889c010000 lea ecx,[eax+0x19c]
8051d1e8 33d2 xor edx,edx
8051d1ea e88cebfbff call nt!KiDispatchInterrupt+0x507 (804dbd7b)
8051d1ef e99bccfdff jmp nt!KeTerminateThread+0x126 (804f9e8f)

Actually it looks like the exception code is c0000047 which is
STATUS_SEMAPHORE_LIMIT_EXCEEDED, which if you read the doc on
KeReleaseSemaphore, this is directly invoked by the interface if the release
operation is bogus. Is the fileobject you passed to IoSetFileOrigin really a
fileobject? What are you actually trying to do? You might want to supply the
ioctl code in your driver that results in this crash.

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Green
Sent: Tuesday, December 06, 2005 10:22 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] STATUS_DATATYPE_MISALIGNMENT question

Hi,
I have a memory dump generated by my test driver. Looks like
KeReleaseSemaphore triggered STATUS_DATATYPE_MISALIGNMENT exception. I have
no idea what may cause it. Any help is greatly appreciated!

This is from debugger -

kd> !analyze -v
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
An exception code of 0x80000002 (STATUS_DATATYPE_MISALIGNMENT) indicates
that an unaligned data reference was encountered. The trap frame will
supply additional information.
Arguments:
Arg1: c0000047, The exception code that was not handled
Arg2: 8051d1b8, The address that the exception occurred at
Arg3: fafd07f4, Trap Frame
Arg4: 00000000

Debugging Details:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

EXCEPTION_CODE: c0000047

FAULTING_IP:
nt!IoSetFileOrigin+52c4
8051d1b8 e911c6fcff jmp nt!KeReleaseSemaphore+0x31 (804e97ce)

TRAP_FRAME: fafd07f4 – (.trap fffffffffafd07f4)
ESP EDITED! New esp=fafd0ba4
ErrCode = 00000000
eax=00000001 ebx=00000001 ecx=00000000 edx=00000000 esi=fc74e9a0
edi=00000002
eip=8051d1b8 esp=fafd0868 ebp=fafd0bb8 iopl=0 nv up ei pl zr na po
nc
cs=0000 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000246
nt!IoSetFileOrigin+52c4:
8051d1b8 e911c6fcff jmp nt!KeReleaseSemaphore+0x31 (804e97ce)
Resetting default context

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from fc74e3c2 to 8051d1b8

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
fafd0bb8 fc74e3c2 fc74e9a0 00000000 00000001 nt!IoSetFileOrigin+0x52c4
fafd0c08 fc74d1a5 812a78e0 8110fd00 00000004 Test!ProcessIoctl+0x1ec
fafd0c34 804e37f7 812a78e0 8110fd00 806f3760
Test!DispatchDeviceIoControlDispatch+0x183
fafd0c58 80579a8a 812a78e0 8110fd00 810c9298 nt!IofCallDriver+0x32
fafd0d00 8057bfa5 00000210 00000000 00000000
nt!IoCreateFileSpecifyDeviceObjectHint+0x347
fafd0d34 804de7ec 00000210 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
fafd0d64 7c90eb94 badb0d00 0103ea28 00000000 nt!ZwYieldExecution+0xb78
0103ea80 00000000 00000000 00000000 00000000 0x7c90eb94

FOLLOWUP_IP:
Test!ProcessIoctl+1ec
fc74e3c2 8b550c mov edx,[ebp+0xc]

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Test!ProcessIoctl+1ec

MODULE_NAME: Test

IMAGE_NAME: Test.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43960d76

STACK_COMMAND: .trap fffffffffafd07f4 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

8051d187 f1 ???
8051d188 e5fb in eax,fb
8051d18a ffe9 jmp ecx
8051d18c a0e1fdffff mov al,[fffffde1]
8051d191 7008 jo nt!IoSetFileOrigin+0x52a7 (8051d19b)
8051d193 6840145680 push 0x80561440
8051d198 53 push ebx
8051d199 50 push eax
8051d19a 6896000000 push 0x96
8051d19f e85f610100 call nt!KeBugCheckEx (80533303)
8051d1a4 e9766ffcff jmp nt!KeRemoveQueue+0x19d (804e411f)
8051d1a9 e8cee5fbff call nt!ExReleaseResourceLite+0x12c (804db77c)
8051d1ae 68470000c0 push 0xc0000047
8051d1b3 e82ef4fbff call nt!ExRaiseStatus (804dc5e6)
8051d1b8 e911c6fcff jmp nt!KeReleaseSemaphore+0x31 (804e97ce)
8051d1bd 64a124010000 mov eax,fs:[00000124]
8051d1c3 88485a mov [eax+0x5a],cl
8051d1c6 8a4dff mov cl,[ebp-0x1]
8051d1c9 884858 mov [eax+0x58],cl
8051d1cc e91ec6fcff jmp nt!KeReleaseSemaphore+0x52 (804e97ef)
8051d1d1 e938e2fdff jmp nt!wcsnicmp+0x153 (804fb40e)
8051d1d6 ff80a0010000 inc dword ptr [eax+0x1a0]
8051d1dc c60200 mov byte ptr [edx],0x0
8051d1df c60100 mov byte ptr [ecx],0x0
8051d1e2 8d889c010000 lea ecx,[eax+0x19c]
8051d1e8 33d2 xor edx,edx
8051d1ea e88cebfbff call nt!KiDispatchInterrupt+0x507 (804dbd7b)
8051d1ef e99bccfdff jmp nt!KeTerminateThread+0x126 (804f9e8f)

— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email
to xxxxx@lists.osr.com

> Debugging Details:

---

***** Kernel symbols are WRONG. Please fix symbols
to do analysis.

Do it first!

STACK_TEXT:
WARNING: Stack unwind information not available.
Following frames may be
wrong.

Find your next car at http://autos.yahoo.ca

Mark, You’re right. The problem is KeReleaseSemaphore was called twice while
the call limit is 1. Thanks!

On 12/7/05, Calvin Guan wrote:
>
> > Debugging Details:
> > ------------------
> >
> > ***** Kernel symbols are WRONG. Please fix symbols
> > to do analysis.
>
> Do it first!
>
>
> > STACK_TEXT:
> > WARNING: Stack unwind information not available.
> > Following frames may be
> > wrong.
>
>
>
>
>
>
>
>
> __________________________________________________________
> Find your next car at http://autos.yahoo.ca
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>