Assertion failed: MiLockedCommit > 0

Keith_Starsmeare · August 24, 2005, 7:20am

I’m trying to track down the cause of a PFN_LIST_CORRUPT BSOD caused by my
driver. So I’m running on a partially checked build with verifier checking
Special Pool on my driver. And now I’ve hit an assert:

*** Assertion failed: MiLockedCommit > 0
*** Source File: …\mi.h, line 3517

A stack dump shows I was calling MmUnlockPages:

ChildEBP RetAddr Args to Child
ba2478c4 811529f6 810046ec 8206f0f8 00000002 nt!DbgBreakPoint (FPO:
[0,0,0])
ba247bac 810757ac 81005564 810046ec 00000dbd nt!RtlAssert+0xba (FPO:
[Non-Fpo])
ba247bf8 81481b0f 85933f88 b9e64520 b9e551a3 nt!MmUnlockPages+0x11ba (FPO:
[Non-Fpo])
ba247c04 b9e551a3 85933f88 811759b4 899c8fc8 nt!VerifierMmUnlockPages+0x4f
(FPO: [Non-Fpo])
ba247c14 b9e56290 899c8fc8 00000001 ba247c98 MYDRV!MyFreeChunk+0x3b (FPO:
[1,0,0]) (CONV: stdcall)
[snip]

And !analyze gives me some hints:

FOLLOWUP_IP:
nt!MmUnlockPages+11ba
810757ac ff0de47b2681 dec dword ptr [nt!MiLockedCommit (81267be4)]

SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!MmUnlockPages+11ba

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42435c1a

STACK_COMMAND: kb

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0x0_nt!MmUnlockPages+11ba

BUCKET_ID: 0x0_nt!MmUnlockPages+11ba

Can anyone explain/guess what driver verifier is trying to tell me?

Keith

–

Slava_Imameyev · August 24, 2005, 5:10pm

I guess- you use MmBuildMdlForNonPagedPool() to build MDL for NonPaged pool.
You must not call MmUnlockPages() for this MDL because pages in NonPaged
pool already have been locked, therefore lock reference count is not
incremented in MmBuildMdlForNonPagedPool() .

“Keith Starsmeare” wrote in message
news:xxxxx@ntfsd…
> I’m trying to track down the cause of a PFN_LIST_CORRUPT BSOD caused by my
> driver. So I’m running on a partially checked build with verifier checking
> Special Pool on my driver. And now I’ve hit an assert:
>
> Assertion failed: MiLockedCommit > 0
> Source File: …\mi.h, line 3517
>
> A stack dump shows I was calling MmUnlockPages:
>
> ChildEBP RetAddr Args to Child
> ba2478c4 811529f6 810046ec 8206f0f8 00000002 nt!DbgBreakPoint (FPO:
> [0,0,0])
> ba247bac 810757ac 81005564 810046ec 00000dbd nt!RtlAssert+0xba (FPO:
> [Non-Fpo])
> ba247bf8 81481b0f 85933f88 b9e64520 b9e551a3 nt!MmUnlockPages+0x11ba
> (FPO: [Non-Fpo])
> ba247c04 b9e551a3 85933f88 811759b4 899c8fc8
> nt!VerifierMmUnlockPages+0x4f (FPO: [Non-Fpo])
> ba247c14 b9e56290 899c8fc8 00000001 ba247c98 MYDRV!MyFreeChunk+0x3b (FPO:
> [1,0,0]) (CONV: stdcall)
> [snip]
>
> And !analyze gives me some hints:
>
> FOLLOWUP_IP:
> nt!MmUnlockPages+11ba
> 810757ac ff0de47b2681 dec dword ptr [nt!MiLockedCommit
> (81267be4)]
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: nt!MmUnlockPages+11ba
>
> MODULE_NAME: nt
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 42435c1a
>
> STACK_COMMAND: kb
>
> IMAGE_NAME: memory_corruption
>
> FAILURE_BUCKET_ID: 0x0_nt!MmUnlockPages+11ba
>
> BUCKET_ID: 0x0_nt!MmUnlockPages+11ba
>
> Can anyone explain/guess what driver verifier is trying to tell me?
>
> Keith
>
> –
>
>
>
>