Hi,
I am working on a legacy driver, which crashes very rarely (once in a year) due to page table page corruption, this issue is seen only on Windows 2008 x86.
For mapping driver uses MmMapLockedPagesSpecifyCache routine in user mode and for unmapping MmUnmapLockedPages routine.
Dump analysis
MEMORY_MANAGEMENT (1a)
Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041790, The subtype of the bugcheck.
Arg2: c0802086
Arg3: 00000200
Arg4: 00000000
Debugging Details:
BUGCHECK_STR: 0x1a_41790
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: ClusTranspo
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e1f15fe2 to e1d10979
STACK_TEXT:
da70ea14 e1f15fe2 0000001a 00041790 c0802086 nt!KeBugCheckEx+0x1e
da70eafc e1cc2b6b 02e00000 c4c4ac70 c45a24c0 nt!MiUnmapLockedPagesInUserSpace+0x315
da70eb34 d8fefcbb 02d40000 c633bbe0 028f7e03 nt!MmUnmapLockedPages+0x22
WARNING: Stack unwind information not available. Following frames may be wrong.
da70ebfc d8fef04f c45a24c0 c62ea208 000f6444 MncTransport+0x4cbb
da70ec2c e1c8797a c45a24c0 c62ea208 c62ea208 MncTransport+0x404f
da70ec44 e1e89e35 c4c4ac70 c62ea208 c62ea278 nt!IofCallDriver+0x63
da70ec64 e1e8a5da c45a24c0 c4c4ac70 00000000 nt!IopSynchronousServiceTail+0x1d9
da70ed00 e1e8b6a4 c45a24c0 c62ea208 00000000 nt!IopXxxControlFile+0x6b7
da70ed34 e1c8dc56 00000094 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
da70ed34 77ac5cd4 00000094 00000000 00000000 nt!KiSystemServicePostCall
0173f8e4 00000000 00000000 00000000 00000000 0x77ac5cd4
I tried verifier, and driver crashed , now I get
Arg1: 000000b5, MmUnmapLockedPages called on a partial MDL (created with IoBuildPartialMdl).
Arg2: 8def2ce0, MDL address.
Arg3: ffff8193, MDL flags.
Arg4: 00000100, Unexpected partial MDL flag.
Debugging Details:
Page 12fc93 not present in the dump file. Type “.hh dbgerr004” for details
Page 133ff3 not present in the dump file. Type “.hh dbgerr004” for details
BUGCHECK_STR: 0xc4_b5
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: ClusTranspo
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81b205a7 to 819029bd
STACK_TEXT:
94deaad8 81b205a7 000000c4 000000b5 8def2ce0 nt!KeBugCheckEx+0x1e
94deaaf8 81b2467e 8def2ce0 ffff8193 8df0b430 nt!VerifierBugCheckIfAppropriate+0x32
94deab14 8c920cbb 00190000 8def2ce0 184c0285 nt!VerifierMmUnmapLockedPages+0x5c
WARNING: Stack unwind information not available. Following frames may be wrong.
94deabdc 8c92004f 81529bc8 97a8ea90 000f6444 MncTransport+0x4cbb
94deac0c 81b186be 81529bc8 97a8ea90 8de2d198 MncTransport+0x404f
94deac30 81879931 97a8eb00 97a8ea90 81529bc8 nt!IovCallDriver+0x23f
94deac44 81a7be25 8de2d198 97a8ea90 97a8eb00 nt!IofCallDriver+0x1b
94deac64 81a7c5ca 81529bc8 8de2d198 00000000 nt!IopSynchronousServiceTail+0x1d9
94dead00 81a7d694 81529bc8 97a8ea90 00000000 nt!IopXxxControlFile+0x6b7
94dead34 8187fc96 00000094 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
94dead34 77125d14 00000094 00000000 00000000 nt!KiSystemServicePostCall
0140fa74 00000000 00000000 00000000 00000000 0x77125d14
Should I use other routines for mapping and unmapping?
Thanks
Shiv