Hi ,
In my WFP driver, I am getting BSOD while unloading driver. Following is the dump with driver verifier:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000018, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff802c9c517b0, address which referenced memory
Debugging Details:
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
0000000000000018
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TcpValidateReceive+64
fffff802`c9c517b0 837f1814 cmp dword ptr [rdi+18h],14h
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
TAG_NOT_DEFINED_c000000f: FFFFF80194081FB0
TRAP_FRAME: fffff801940809a0 – (.trap 0xfffff801940809a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffdb0c07b68030 rbx=0000000000000000 rcx=0000000000000002
rdx=ffffdb0c03251000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802c9c517b0 rsp=fffff80194080b30 rbp=ffffdb0c0310b8f0
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff80194080990 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
tcpip!TcpValidateReceive+0x64:
fffff802c9c517b0 837f1814 cmp dword ptr [rdi+18h],14h ds:00000000
00000018=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80191e16529 to fffff80191e03430
STACK_TEXT:
fffff80194080b30 fffff802
c9c2c6dc : 0000000000056069 00000000
00000001 ffffdb0c03251000 00000000
00000000 : tcpip!TcpValidateReceive+0x64
fffff80194080bd0 fffff802
c9c587b2 : ffffdb0c0310b8f0 00000000
00000000 0000000000000000 ffffdb0c
0310b890 : tcpip!TcpReceive+0x42c
fffff80194080ca0 fffff802
c9c097fe : 0000000000000000 fffff801
91c12356 0000000000000000 00000000
00000000 : tcpip!TcpNlClientReceiveDatagrams+0x22
fffff80194080ce0 fffff802
c9c09453 : 0000000000000000 00000000
00000000 fffff80194080e70 fffff802
c9da4000 : tcpip!IppDeliverListToProtocol+0x6a
fffff80194080da0 fffff802
c9c29c8f : 0000000000000000 fffff801
91e0455d ffffdb0c03ec4180 00000000
00000000 : tcpip!IppProcessDeliverList+0x63
fffff80194080e10 fffff802
c9c29767 : fffff802c9da4000 ffffdb0c
0314a940 0000000000000000 ffffdb0c
08188a00 : tcpip!IppReceiveHeaderBatch+0x25f
fffff80194080f10 fffff802
c9be6b7c : ffffdb0c08189530 ffffdb0c
07b68030 0000000000000001 00000000
00000000 : tcpip!IppFlcReceivePacketsCore+0x317
fffff80194081030 fffff802
c9be68b6 : ffffdb0c07b68030 00000000
00000000 fffff80194081148 00000000
00000000 : tcpip!IpFlcReceivePackets+0xc
fffff80194081060 fffff802
c9c2a798 : ffffdb0c08180002 fffff801
00000001 fffff802c9c44c70 00000000
00000001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x256
fffff80194081140 fffff801
91d1e7fb : ffffdb0c03129860 ffffdb0c
039c2700 fffff802c9c2a640 fffff801
94081410 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x158
fffff80194081270 fffff801
91d1e75d : ffffdb0c03132980 00000000
00000000 0000000000000002 00000000
00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x8b
fffff801940812c0 fffff802
c9c44907 : 0000000000000000 fffff802
c904652d ffffdb0c05aecb70 ffffdb0c
04bfffc0 : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff80194081300 fffff802
c9c43f83 : 0000000000000001 fffff801
94081460 ffffdb0c08187010 00000000
00000000 : tcpip!NetioExpandKernelStackAndCallout+0x87
fffff80194081360 fffff802
c8f14fae : ffffdb0c041051a0 ffffdb0c
08194561 0000000000000001 00000000
00000001 : tcpip!FlReceiveNetBufferListChain+0x243
fffff80194081590 fffff802
c8f14c81 : ffffdb0c08157a01 fffff802
c83f0000 0000000000000000 fffff802
00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x13e
fffff80194081660 fffff802
c8f15583 : ffffdb0c041051a0 fffff801
94081801 fffff802c8f14a50 ffffdb0c
041051a0 : ndis!ndisMTopReceiveNetBufferLists+0x231
fffff80194081760 fffff802
c8f1498e : 000a307830206e6f 00000000
00000000 0000000000000000 00000000
00000000 : ndis!ndisCallReceiveHandler+0x43
fffff801940817b0 fffff802
cad4f979 : ffffdb0c04eb71c0 00000000
00000001 ffffdb0c05603750 fffff802
cab93cf4 : ndis!NdisMIndicateReceiveNetBufferLists+0x5ae
fffff80194081920 fffff802
cacdbc71 : ffffdb0c04ec8120 00000000
00000000 0000000000000000 ffffdb0c
0558a000 : NETwew01!doApiIndicateReceiveNbl+0x9d
fffff80194081960 fffff802
cab94515 : ffffdb0c03229930 00000000
3534a77c 0000000000000001 ffffdb0c
009fd1ff : NETwew01!mStatFldConstructor+0x161
fffff801940819d0 fffff802
cab8f662 : 0000000000000001 fffff801
91d4c596 fffff80191ffc5ff 00000000
00000000 : NETwew01!rfdQueueProcessFragments+0x1e5
fffff80194081a70 fffff802
cab8ace0 : fffff80191b7e100 ffffdb0c
05652b90 ffffdb0c02250000 fffff801
91d42054 : NETwew01!isrHandlerRoutineInta+0x1f2
fffff80194081af0 fffff802
cad56076 : ffffdb0c05825000 fffff801
91d422df 0000000000000002 ffffdb0c
01bfb040 : NETwew01!alonExInterruptHandlerRoutine+0x1c
fffff80194081b20 fffff802
c8f0a4cd : ffffdb0c01bfb040 fffff801
91d41e9c ffffdb0c0582500e ffffdb0c
06155001 : NETwew01!oscHandleInterrupt+0x12
fffff80194081b50 fffff801
91d53ee2 : 0000000000000000 ffffdb0c
014df000 ffffdb0c0614f5e0 fffff801
00000002 : ndis!ndisInterruptDpc+0x17d
fffff80194081c70 fffff801
91d535df : 000000000000001c 00000000
00000000 000000000026a7c7 fffff801
91b7e180 : nt!KiExecuteAllDpcs+0x1d2
fffff80194081db0 fffff801
91e0a725 : 0000000000000000 fffff801
91b7e180 ffff9201f52371f0 00000000
00000000 : nt!KiRetireDpcList+0xdf
fffff80194081fb0 fffff801
91e0a530 : ffffa3e47397a97f ffff9908
1af17000 fffffecc840f75a0 00000000
00006a8b : nt!KxRetireDpcList+0x5
ffff9201f5237140 fffff801
91e07a56 : 0000000000006a8b 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiDispatchInterruptContinue
ffff9201f5237170 fffff801
91cf132c : 0000000000000002 fffff801
920146a0 3fffffffffffffff ffff9201
f52376c0 : nt!KiDpcInterrupt+0x3a6
ffff9201f5237300 fffff801
91cf1670 : 0000000000000000 fffff801
920146a0 0000000000000000 00000000
00000000 : nt!MiWalkPageTablesRecursively+0x31c
ffff9201f52373c0 fffff801
91cf1670 : 0000000000000000 fffff801
920146a0 0000000000000000 00000000
00000000 : nt!MiWalkPageTablesRecursively+0x660
ffff9201f5237480 fffff801
91cf1670 : 0000000000000000 00000000
00000001 0000000000000001 00000000
00000000 : nt!MiWalkPageTablesRecursively+0x660
ffff9201f5237540 fffff801
91cf0f4f : fffff80192014300 00000000
00000300 ffff960000007000 ffff9201
f5237620 : nt!MiWalkPageTablesRecursively+0x660
ffff9201f5237600 fffff801
91c9c8c9 : fffff80100000000 fffff801
91c9f010 fffff801920142b0 fffff801
91eb4b0c : nt!MiWalkPageTables+0x20f
ffff9201f52376a0 fffff801
91ea81ae : 0000000000000001 fffff801
920146a0 fffff801920146a0 00000000
00000001 : nt!MiEmptyWorkingSet+0x105
ffff9201f5237840 fffff801
91ea92ad : ffffb08200000000 00000000
0000c99c 0000000000000000 fffff801
91d31474 : nt!MiEmptyTargetedWorkingSet+0x6e
ffff9201f5237890 fffff801
9242ea3a : 0000000000000000 fffff801
00000000 fffff801922035a0 ffffdb0c
0084be38 : nt!MiTrimAllSystemPagableMemory+0xdd
ffff9201f52378e0 fffff801
92443555 : ffff9201f5232000 ffff9201
f5238000 fffff8018f413202 00000ae3
5fb30f8a : nt!MmVerifierTrimMemory+0x6a
ffff9201f5237910 fffff801
92443206 : fffff8018f413210 ffffdb0c
0a9cbe60 0000000000000000 00000000
00000600 : nt!ViKeRaiseIrqlSanityChecks+0xa5
ffff9201f5237950 fffff801
92441dd2 : 0000000000000000 fffff801
9242f4ea ffffb082cb52ef70 fffff801
8f410000 : nt!ViKeAcquireSpinLockRaiseToDpcCommon+0x2a
ffff9201f5237980 fffff801
8f40de33 : 0000000000000000 ffffdb0c
0a9cbe60 fffff8018f4119f8 fffff801
8f3f0016 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x12
ffff9201f52379c0 fffff801
8f40f90b : fffff8018f4113c8 fffff801
0000010f fffff8018f4119f8 00000000
00000043 : mydriver!EmptyFlowsContextQ+0xb3
ffff9201f5237a20 fffff801
8f40daa6 : 0000000700020018 00000000
00000043 fffff8018f4119f8 00000000
00000000 : mydriver!UnregisterCallouts+0x9b
ffff9201f5237a60 fffff802
c90fc43b : ffffdb0c0a9cbe60 00000000
00000000 ffffdb0c039c2700 fffff801
91cc98a4 : mydriver!DriverUnload+0x86
ffff9201f5237ad0 fffff801
9244b661 : ffffdb0c039c2700 00000000
00000000 ffffdb0c0088e210 ffff9201
f8efb770 : VerifierExt!xdv_DriverUnload_wrapper+0x7b
ffff9201f5237b00 fffff801
922eb96b : 0000000000000010 fffff801
922035a0 0000000000000010 00000000
00210246 : nt!ViGenericDriverUnload+0x31
ffff9201f5237b40 fffff801
91cc94d5 : ffffdb0c0088e210 ffffdb0c
039c2700 fffff802c985cf00 ffffdb0c
039c2700 : nt!IopLoadUnloadDriver+0xe83cb
ffff9201f5237b80 fffff801
91da4b87 : ffffdb0c039c2700 00000000
00000080 ffffdb0c0089b040 ffffdb0c
039c2700 : nt!ExpWorkerThread+0xf5
ffff9201f5237c10 fffff801
91e0abe6 : ffff8000d87e9180 ffffdb0c
039c2700 fffff80191da4b40 00000000
00000000 : nt!PspSystemThreadStartup+0x47
ffff9201f5237c60 00000000
00000000 : ffff9201f5238000 ffff9201
f5232000 0000000000000000 00000000
00000000 : nt!KiStartSystemThread+0x16.
Can any one suggest what could be the possible reason?