Hi, I’m developing an FSFilterSystem driver, and I get an “IRQL_NOT_LESS_OR_EQUAL” BSOD when I’m trying to allocate the instance context (in the InstanceSetupCallback).
I added a test to check the IRQL and it seems like the IRQL was at passive level before calling FltAllocateContext so it was probably raised while allocating the buffer… I also tried to replace the call with ExAllocatePoolWithTag but the behavior stays the same.
Does anyone know what can cause this BSOD and how to avoid it?
-
*
-
Bugcheck Analysis *
-
*
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffe38410eb5022, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8053ac57ce8, address which referenced memory
Debugging Details:
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6562
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-V7FOB5H
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 227576
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: rs5_release
Key : WER.OS.Timestamp
Value: 2018-09-14T14:34:00Z
Key : WER.OS.Version
Value: 10.0.17763.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: a
BUGCHECK_P1: ffffe38410eb5022
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8053ac57ce8
READ_ADDRESS: ffffe38410eb5022 Nonpaged pool
PROCESS_NAME: System
TRAP_FRAME: fffff40a38405b40 – (.trap 0xfffff40a38405b40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000002bed rbx=0000000000000000 rcx=00000000000ae000
rdx=78616fec48ad0a4e rsi=0000000000000000 rdi=0000000000000000
rip=fffff8053ac57ce8 rsp=fffff40a38405cd0 rbp=fffff40a38405d70
r8=0000000078616fec r9=0000000000000000 r10=ffffe38410eb5000
r11=0000000000ff0000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!RtlpHpVsContextAllocateInternal+0x208:
fffff8053ac57ce8 410fb74a22 movzx ecx,word ptr [r10+22h] ds:ffffe384
10eb5022=???
Resetting default scope
LOCK_ADDRESS: fffff8053aed9ee0 – (!locks fffff8053aed9ee0)
Resource @ nt!PiEngineLock (0xfffff8053aed9ee0) Exclusively owned
Contention Count = 7
Threads: ffffe38419143080-01<*>
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff8053aed9ee0
Thread Count : 1
Thread address: 0xffffe38419143080
Thread wait : 0x2773a
STACK_TEXT:
fffff40a38405238 fffff805
3ad34402 : ffffe38410eb5022 00000000
00000003 fffff40a384053a0 fffff805
3ac03cb0 : nt!DbgBreakPointWithStatus
fffff40a38405240 fffff805
3ad33b87 : 0000000000000003 fffff40a
384053a0 fffff8053ac70ae0 00000000
0000000a : nt!KiBugCheckDebugBreak+0x12
fffff40a384052a0 fffff805
3ac5cc07 : ffffb988eae4a000 ffffb988
f0efda24 ffffe38410f63fe8 00000000
00000000 : nt!KeBugCheck2+0x957
fffff40a384059c0 fffff805
3ac6e2e9 : 000000000000000a ffffe384
10eb5022 0000000000000002 00000000
00000000 : nt!KeBugCheckEx+0x107
fffff40a38405a00 fffff805
3ac6a6d4 : ffffb988fa126790 fffff40a
384055e0 fffff40a38405e40 ffffb988
eb236d00 : nt!KiBugCheckDispatch+0x69
fffff40a38405b40 fffff805
3ac57ce8 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiPageFault+0x454
fffff40a38405cd0 fffff805
3abb3926 : ffffe38411000000 00000000
000000a0 fffff40a0000000c fffff805
3ad9f1b2 : nt!RtlpHpVsContextAllocateInternal+0x208
fffff40a38405d40 fffff805
3abb2126 : ffffe38411000000 fffff40a
38405e49 0000000046534100 00000000
00032670 : nt!RtlpHpVsContextAllocate+0x46
fffff40a38405dc0 fffff805
3adee06d : 0000000000000000 00000000
00000088 0000000046534100 ffffe384
158aa660 : nt!ExAllocateHeapPool+0x9d6
fffff40a38405eb0 fffff805
3dd6a0c6 : ffffe384158aa660 00000000
00000000 ffffe384119e0520 fffff805
3feb23e1 : nt!ExAllocatePoolWithTag+0x3d
fffff40a38405f90 fffff805
3feb241e : ffffe384158aa660 00000000
00000001 ffffe3841e2ddcb0 00000000
00000000 : FLTMGR!FltAllocateContext+0x246
fffff40a38405fd0 fffff805
3dda2634 : fffff40a38406090 ffffe384
00000001 ffffe38400000008 00000000
00000002 : SBox!SBox::MiniFilter::StaticAdapters::InstanceSetup+0x6e [C:\Projects\sbox\RSBox\SBox\MiniFilter\Filter.cpp @ 83]
fffff40a38406060 fffff805
3dda0cbf : 0000000000000000 fffff40a
38406221 ffffe3841518e5a0 00000000
00000000 : FLTMGR!FltpDoInstanceSetupNotification+0x8c
fffff40a384060d0 fffff805
3dda1e98 : ffffe3841e2ddcb0 ffffe384
1518e5a0 ffffb98800000001 fffff40a
384061f0 : FLTMGR!FltpInitInstance+0x357
fffff40a38406190 fffff805
3dda2165 : 0000000000000000 ffffe384
1518e5a0 0000000000000000 00000000
0000001a : FLTMGR!FltpCreateInstanceFromName+0x1c4
fffff40a38406270 fffff805
3ddad5fc : ffffe3841518e5a0 ffffe384
11f9c848 ffffe3841518e5b0 ffffe384
00000022 : FLTMGR!FltpEnumerateRegistryInstances+0x15d
fffff40a38406310 fffff805
3ddad4dc : ffffe38411f9c780 00000000
00000000 ffffe38419aef2c0 fffff40a
38406454 : FLTMGR!FltpDoVolumeNotificationForNewFilter+0xe0
fffff40a38406370 fffff805
3feb15db : ffffe3841e2ddcb0 fffff40a
00000000 fffff80500000001 ffffe384
19aef2c0 : FLTMGR!FltStartFiltering+0x2c
fffff40a384063c0 fffff805
3febb149 : fffff8053feb8017 fffff40a
38406418 ffffe38416463000 04000000
00020020 : SBox!DrvEnv::FLT::FilterRegisteration::StartFiltering+0x1b [C:\Projects\sbox\RSBox\ASF\DrvEnv\FLT.cpp @ 20]
fffff40a384063f0 fffff805
3febb1e0 : ffffe38419aef2c0 ffffe384
16463000 000000000000000a ffff56cf
5bf306a6 : SBox!DriverEntry+0x149 [C:\Projects\sbox\RSBox\SBox\DriverSetup.cpp @ 41]
fffff40a38406480 fffff805
3b08a2b9 : 0000000000000000 00000000
00000000 ffffe38419aef2c0 00000000
00001000 : SBox!GsDriverEntry+0x20 [minkernel\tools\gs_support\kmodefastfail\gs_driverentry.c @ 47]
fffff40a384064b0 fffff805
3b19da6b : 0000000000000000 00000000
00000000 0000000000000004 ffffb988
00000004 : nt!IopLoadDriver+0x4bd
fffff40a38406690 fffff805
3b17f3f2 : fffff8053adfb301 00000000
00000000 ffffe38417c860a0 ffffffff
80002678 : nt!PipCallDriverAddDeviceQueryRoutine+0x1b7
fffff40a38406730 fffff805
3b17ee79 : 0000000000000000 fffff40a
38406840 ffffe38421fdc9a0 00000000
0000000a : nt!PnpCallDriverQueryServiceHelper+0xda
fffff40a384067e0 fffff805
3b17dfab : ffffe38421fdc9a0 fffff40a
38406a18 ffffe38421fdc9a0 00000000
00000000 : nt!PipCallDriverAddDevice+0x98d
fffff40a384069a0 fffff805
3b1f555f : ffffe38421fdc900 ffffe384
15639401 fffff40a38406ab0 ffffe384
00000000 : nt!PipProcessDevNodeTree+0x1af
fffff40a38406a60 fffff805
3ac02f91 : ffffe30100000003 ffffe384
21fdc9a0 ffffa80000000000 00000000
00000000 : nt!PiRestartDevice+0xab
fffff40a38406ab0 fffff805
3abacdea : ffffe38419143080 fffff805
3aed8780 ffffe3841144c730 ffffe384
00000000 : nt!PnpDeviceActionWorker+0x421
fffff40a38406b70 fffff805
3ab1f015 : ffffe38419143080 ffffe384
11483040 ffffe38419143080 00002425
b19bbdff : nt!ExpWorkerThread+0x16a
fffff40a38406c10 fffff805
3ac63f7c : ffffa800258d9180 ffffe384
19143080 fffff8053ab1efc0 ff004e98
ff004e98 : nt!PspSystemThreadStartup+0x55
fffff40a38406c60 00000000
00000000 : fffff40a38407000 fffff40a
38401000 0000000000000000 00000000
00000000 : nt!KiStartSystemThread+0x1c
FAULTING_SOURCE_LINE: …\Filter.cpp
FAULTING_SOURCE_FILE: …\Filter.cpp
FAULTING_SOURCE_LINE_NUMBER: 83
FAULTING_SOURCE_CODE:
79: FLT_FILESYSTEM_TYPE volumeFilesystemType)
80: {
81: if (FLT_FSTYPE_NTFS != volumeFilesystemType) return STATUS_FLT_DO_NOT_ATTACH;
82: PFLT_CONTEXT context = nullptr;
83: const NTSTATUS status = FltAllocateContext(
84: fltObjects->Filter, FLT_INSTANCE_CONTEXT,
85: sizeof(SBox::MiniFilter::Filter), NonPagedPool, &context);
86: __debugbreak();
87: if (context)
88: {
SYMBOL_NAME: SBox!SBox::MiniFilter::StaticAdapters::InstanceSetup+6e
MODULE_NAME: SBox
IMAGE_NAME: SBox.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 6e
FAILURE_BUCKET_ID: AV_SBox!SBox::MiniFilter::StaticAdapters::InstanceSetup
OS_VERSION: 10.0.17763.1
BUILDLAB_STR: rs5_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {8959c2e9-c730-29c3-8da3-53f0f9a13422}