> Hi All,
I have a SCSI driver which enumerates and creates a virtual library devices.
There is a bugcheck that is occuring when ever i try to configure the virtual
library.2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************PFN_LIST_CORRUPT (> Hi All,
I have a SCSI driver which enumerates and creates a virtual library devices.
There is a bugcheck that is occuring when ever i try to configure the virtual
library.2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 00000007, A driver has unlocked a page more times than it locked it
Arg2: 000cbd9e, page frame number
Arg3: 00000001, current share count
Arg4: 00000000, 0Debugging Details:
Page 1289d1 not present in the dump file. Type “.hh dbgerr004” for details
Page 128b2f not present in the dump file. Type “.hh dbgerr004” for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type “.hh dbgerr001” for detailsBUGCHECK_STR: 0x4E_7
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: tpeng.exe
CURRENT_IRQL: 2
IRP_ADDRESS: 87fa42f8
DEVICE_OBJECT: 888c5e68
DRIVER_OBJECT: 8a348410
IMAGE_NAME: rmtprt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a0a5470
MODULE_NAME: rmtprt
FAULTING_MODULE: b9733000 rmtprt
LAST_CONTROL_TRANSFER: from 808659d4 to 80827c83
STACK_TEXT:
b92017e4 808659d4 0000004e 00000007 000cbd9e nt!KeBugCheckEx+0x1b
b9201810 8083e852 00000000 814dbe98 87daa000 nt!MiDecrementReferenceCount+0x42
b9201868 8089174a 8b3dd990 808aeae0 033d7ed8 nt!MiDeferredUnlockPages+0x20c
b92018a0 808925bb 87daa000 886a9160 87daa000 nt!MiFreePoolPages+0x59a
b92018f8 80821695 20206f49 00000000 87fa4338 nt!ExFreePoolWithTag+0x277
b920194c 8082dfe3 87fa4338 b9201998 b920198c nt!IopCompleteRequest+0xf9
b920199c 80a60199 00000000 00000000 00000000 nt!KiDeliverApc+0xbb
b92019bc 80a603d9 8b31cb01 00000000 00000000 hal!HalpDispatchSoftwareInterrupt+0x49
b92019d8 80a60456 00000001 8b31cb00 b9201a04 hal!HalpCheckForSoftwareInterrupt+0x81
b92019e8 808312be 8b31cb40 87fa4338 f773fa7c hal!KfLowerIrql+0x62
b9201a04 8082ab9b 87fa4338 87fa42f8 00000000 nt!KiExitDispatcher+0x130
b9201a24 8081e257 87fa4338 886a9160 00000000 nt!KeInsertQueueApc+0x57
b9201a58 b9737a95 b9737a39 87fa42f8 8a348410 nt!IopfCompleteRequest+0x201
b9201a5c b9737a39 87fa42f8 8a348410 87fa42f8 rmtprt!RemoteDevicePortDeviceControl+0xbd5
b9201c3c 8081df85 888c5e68 87fa42f8 886a9160 rmtprt!RemoteDevicePortDeviceControl+0xb79
b9201c50 808f5437 87fa4368 886a9160 87fa42f8 nt!IofCallDriver+0x45
b9201c64 808f61bf 888c5e68 87fa42f8 886a9160 nt!IopSynchronousServiceTail+0x10b
b9201d00 808eed08 000003e0 00000000 00000000 nt!IopXxxControlFile+0x5e5
b9201d34 808897bc 000003e0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
b9201d34 7c8285ec 000003e0 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
030aff28 00000000 00000000 00000000 00000000 0x7c8285ecSTACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x4E_7_IMAGE_rmtprt.sys_DATE_2009_05_13
BUCKET_ID: 0x4E_7_IMAGE_rmtprt.sys_DATE_2009_05_13
Followup: MachineOwner
2: kd> !devobj ffffffff888c5e68 f
Device object (888c5e68) is for:
RemoteDevicePort0 \Driver\rmtprt DriverObject 8a348410
Current Irp 00000000 RefCount 5 Type 00000004 Flags 00000050
Dacl e13fd02c DevExt 888c5f20 DevObjExt 888c5fd0
ExtensionFlags (0000000000)
Device queue is not busy.
2: kd> !drvobj ffffffff8a348410 f
Driver object (8a348410) is for:
\Driver\rmtprt
Driver Extension List: (id , addr)Device Object list:
888c5e68 888a0c78DriverEntry: b973a000 rmtprt!GsDriverEntry
DriverStartIo: 00000000
DriverUnload: b9735df6 rmtprt!RemoteDevicePortUnload
AddDevice: 00000000Dispatch routines:
[00] IRP_MJ_CREATE b9735020 rmtprt!RemoteDevicePortGenericFunction
[01] IRP_MJ_CREATE_NAMED_PIPE b9735020 rmtprt!RemoteDevicePortGenericFunction
[02] IRP_MJ_CLOSE b9735020 rmtprt!RemoteDevicePortGenericFunction
[03] IRP_MJ_READ b9735020 rmtprt!RemoteDevicePortGenericFunction
[04] IRP_MJ_WRITE b9735020 rmtprt!RemoteDevicePortGenericFunction
[05] IRP_MJ_QUERY_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[06] IRP_MJ_SET_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[07] IRP_MJ_QUERY_EA b9735020 rmtprt!RemoteDevicePortGenericFunction
[08] IRP_MJ_SET_EA b9735020 rmtprt!RemoteDevicePortGenericFunction
[09] IRP_MJ_FLUSH_BUFFERS b9735020 rmtprt!RemoteDevicePortGenericFunction
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[0b] IRP_MJ_SET_VOLUME_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[0c] IRP_MJ_DIRECTORY_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[0d] IRP_MJ_FILE_SYSTEM_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[0e] IRP_MJ_DEVICE_CONTROL b9736ec0 rmtprt!RemoteDevicePortDeviceControl
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[10] IRP_MJ_SHUTDOWN b9735020 rmtprt!RemoteDevicePortGenericFunction
[11] IRP_MJ_LOCK_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[12] IRP_MJ_CLEANUP b9735020 rmtprt!RemoteDevicePortGenericFunction
[13] IRP_MJ_CREATE_MAILSLOT b9735020 rmtprt!RemoteDevicePortGenericFunction
[14] IRP_MJ_QUERY_SECURITY b9735020 rmtprt!RemoteDevicePortGenericFunction
[15] IRP_MJ_SET_SECURITY b9735020 rmtprt!RemoteDevicePortGenericFunction
[16] IRP_MJ_POWER 80821064 nt!IopInvalidDeviceRequest
[17] IRP_MJ_SYSTEM_CONTROL 80821064 nt!IopInvalidDeviceRequest
[18] IRP_MJ_DEVICE_CHANGE 80821064 nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA 80821064 nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA 80821064 nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP 80821064 nt!IopInvalidDeviceRequest2: kd> !irp 87fa42f8
Irp is active with 1 stacks 3 is current (= 00000000)
No Mdl: System buffer=87daa000: Thread 8b31cb68: Irp is completed.
cmd flg cl Device File Completion-Context
[e, 0] 0 0 888c5e68 00000000 00000000-00000000
\Driver\rmtprt
Args: 00000000 00000000 00000000 00000000I am pretty sure that irp->AssociatedIrp.SystemBuffer is intact before the call to IoCompleteRequest was made. I am not doing any MDL allocs or unallocs in my code.
I am kind of lost with this one. Can some one help me in getting to the root cause of this problem.
I appreciate your help on this.
Thx,
Gautham
)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 00000007, A driver has unlocked a page more times than it locked it
Arg2: 000cbd9e, page frame number
Arg3: 00000001, current share count
Arg4: 00000000, 0Debugging Details:
Page 1289d1 not present in the dump file. Type “.hh dbgerr004” for details
Page 128b2f not present in the dump file. Type “.hh dbgerr004” for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffd400c). Type “.hh dbgerr001” for detailsBUGCHECK_STR: 0x4E_7
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: tpeng.exe
CURRENT_IRQL: 2
IRP_ADDRESS: 87fa42f8
DEVICE_OBJECT: 888c5e68
DRIVER_OBJECT: 8a348410
IMAGE_NAME: rmtprt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a0a5470
MODULE_NAME: rmtprt
FAULTING_MODULE: b9733000 rmtprt
LAST_CONTROL_TRANSFER: from 808659d4 to 80827c83
STACK_TEXT:
b92017e4 808659d4 0000004e 00000007 000cbd9e nt!KeBugCheckEx+0x1b
b9201810 8083e852 00000000 814dbe98 87daa000 nt!MiDecrementReferenceCount+0x42
b9201868 8089174a 8b3dd990 808aeae0 033d7ed8 nt!MiDeferredUnlockPages+0x20c
b92018a0 808925bb 87daa000 886a9160 87daa000 nt!MiFreePoolPages+0x59a
b92018f8 80821695 20206f49 00000000 87fa4338 nt!ExFreePoolWithTag+0x277
b920194c 8082dfe3 87fa4338 b9201998 b920198c nt!IopCompleteRequest+0xf9
b920199c 80a60199 00000000 00000000 00000000 nt!KiDeliverApc+0xbb
b92019bc 80a603d9 8b31cb01 00000000 00000000 hal!HalpDispatchSoftwareInterrupt+0x49
b92019d8 80a60456 00000001 8b31cb00 b9201a04 hal!HalpCheckForSoftwareInterrupt+0x81
b92019e8 808312be 8b31cb40 87fa4338 f773fa7c hal!KfLowerIrql+0x62
b9201a04 8082ab9b 87fa4338 87fa42f8 00000000 nt!KiExitDispatcher+0x130
b9201a24 8081e257 87fa4338 886a9160 00000000 nt!KeInsertQueueApc+0x57
b9201a58 b9737a95 b9737a39 87fa42f8 8a348410 nt!IopfCompleteRequest+0x201
b9201a5c b9737a39 87fa42f8 8a348410 87fa42f8 rmtprt!RemoteDevicePortDeviceControl+0xbd5
b9201c3c 8081df85 888c5e68 87fa42f8 886a9160 rmtprt!RemoteDevicePortDeviceControl+0xb79
b9201c50 808f5437 87fa4368 886a9160 87fa42f8 nt!IofCallDriver+0x45
b9201c64 808f61bf 888c5e68 87fa42f8 886a9160 nt!IopSynchronousServiceTail+0x10b
b9201d00 808eed08 000003e0 00000000 00000000 nt!IopXxxControlFile+0x5e5
b9201d34 808897bc 000003e0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
b9201d34 7c8285ec 000003e0 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
030aff28 00000000 00000000 00000000 00000000 0x7c8285ecSTACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x4E_7_IMAGE_rmtprt.sys_DATE_2009_05_13
BUCKET_ID: 0x4E_7_IMAGE_rmtprt.sys_DATE_2009_05_13
Followup: MachineOwner
2: kd> !devobj ffffffff888c5e68 f
Device object (888c5e68) is for:
RemoteDevicePort0 \Driver\rmtprt DriverObject 8a348410
Current Irp 00000000 RefCount 5 Type 00000004 Flags 00000050
Dacl e13fd02c DevExt 888c5f20 DevObjExt 888c5fd0
ExtensionFlags (0000000000)
Device queue is not busy.
2: kd> !drvobj ffffffff8a348410 f
Driver object (8a348410) is for:
\Driver\rmtprt
Driver Extension List: (id , addr)Device Object list:
888c5e68 888a0c78DriverEntry: b973a000 rmtprt!GsDriverEntry
DriverStartIo: 00000000
DriverUnload: b9735df6 rmtprt!RemoteDevicePortUnload
AddDevice: 00000000Dispatch routines:
[00] IRP_MJ_CREATE b9735020 rmtprt!RemoteDevicePortGenericFunction
[01] IRP_MJ_CREATE_NAMED_PIPE b9735020 rmtprt!RemoteDevicePortGenericFunction
[02] IRP_MJ_CLOSE b9735020 rmtprt!RemoteDevicePortGenericFunction
[03] IRP_MJ_READ b9735020 rmtprt!RemoteDevicePortGenericFunction
[04] IRP_MJ_WRITE b9735020 rmtprt!RemoteDevicePortGenericFunction
[05] IRP_MJ_QUERY_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[06] IRP_MJ_SET_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[07] IRP_MJ_QUERY_EA b9735020 rmtprt!RemoteDevicePortGenericFunction
[08] IRP_MJ_SET_EA b9735020 rmtprt!RemoteDevicePortGenericFunction
[09] IRP_MJ_FLUSH_BUFFERS b9735020 rmtprt!RemoteDevicePortGenericFunction
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[0b] IRP_MJ_SET_VOLUME_INFORMATION b9735020 rmtprt!RemoteDevicePortGenericFunction
[0c] IRP_MJ_DIRECTORY_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[0d] IRP_MJ_FILE_SYSTEM_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[0e] IRP_MJ_DEVICE_CONTROL b9736ec0 rmtprt!RemoteDevicePortDeviceControl
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[10] IRP_MJ_SHUTDOWN b9735020 rmtprt!RemoteDevicePortGenericFunction
[11] IRP_MJ_LOCK_CONTROL b9735020 rmtprt!RemoteDevicePortGenericFunction
[12] IRP_MJ_CLEANUP b9735020 rmtprt!RemoteDevicePortGenericFunction
[13] IRP_MJ_CREATE_MAILSLOT b9735020 rmtprt!RemoteDevicePortGenericFunction
[14] IRP_MJ_QUERY_SECURITY b9735020 rmtprt!RemoteDevicePortGenericFunction
[15] IRP_MJ_SET_SECURITY b9735020 rmtprt!RemoteDevicePortGenericFunction
[16] IRP_MJ_POWER 80821064 nt!IopInvalidDeviceRequest
[17] IRP_MJ_SYSTEM_CONTROL 80821064 nt!IopInvalidDeviceRequest
[18] IRP_MJ_DEVICE_CHANGE 80821064 nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA 80821064 nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA 80821064 nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP 80821064 nt!IopInvalidDeviceRequest2: kd> !irp 87fa42f8
Irp is active with 1 stacks 3 is current (= 00000000)
No Mdl: System buffer=87daa000: Thread 8b31cb68: Irp is completed.
cmd flg cl Device File Completion-Context
[e, 0] 0 0 888c5e68 00000000 00000000-00000000
\Driver\rmtprt
Args: 00000000 00000000 00000000 00000000I am pretty sure that irp->AssociatedIrp.SystemBuffer is intact before the call to IoCompleteRequest was made. I am not doing any MDL allocs or unallocs in my code.
I am kind of lost with this one. Can some one help me in getting to the root cause of this problem.
I appreciate your help on this.
Thx,
Gautham