Dear friends.
I have a bugcheck in my driver.
BugCheck 19, {20, 85ed4a78, 85ed4c80, a410001}
Ourput from !analyze -v
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 85ed4a78, The pool entry we were looking for within the page.
Arg3: 85ed4c80, The next pool entry.
Arg4: 0a410001, (reserved)
Debugging Details:
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: 85ed4a78 Nonpaged pool
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: pru_tabic.exe
LAST_CONTROL_TRANSFER: from 8054be41 to 805339ae
STACK_TEXT:
ee307ab4 8054be41 00000019 00000020 85ed4a78 nt!KeBugCheckEx+0x1b
ee307b04 80514cb1 85ed4a80 00000000 8568b1d0 nt!ExFreePoolWithTag+0x2be
ee307b20 806f11f6 85ed4a80 ee307b54 f6fe7386 nt!MmFreeContiguousMemory+0x121
ee307b2c f6fe7386 85f791c8 00000200 05ed4a80 hal!HalFreeCommonBuffer+0xe
ee307b54 f6fcd896 85e50a80 804e59ec 8568b210 tabic!LiberaCommonBuffersPCI+0x76 [c:\icfnt\driversnt\tabic\dma.c @ 2644]
ee307ba4 f6fc11f2 85e50a80 8568b1d0 8568b264 tabic!TabicIoctlStartDMAEx+0x2d6 [c:\icfnt\driversnt\tabic\ioctl.c @ 2405]
ee307c34 804e3d77 85e509c8 8568b1d0 806ef2d0 tabic!TabicDispatch+0xc02 [c:\icfnt\driversnt\tabic\dispatch.c @ 542]
ee307c44 8056a9ab 8568b264 85e922e8 8568b1d0 nt!IopfCallDriver+0x31
ee307c58 8057d9f7 85e509c8 8568b1d0 85e922e8 nt!IopSynchronousServiceTail+0x60
ee307d00 8057fbfa 000007d4 00000000 00000000 nt!IopXxxControlFile+0x611
ee307d34 804df06b 000007d4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
ee307d34 7c91eb94 000007d4 00000000 00000000 nt!KiFastCallEntry+0xf8
0012fac0 7c91d8ef 7c801671 000007d4 00000000 ntdll!KiFastSystemCallRet
0012fac4 7c801671 000007d4 00000000 00000000 ntdll!ZwDeviceIoControlFile+0xc
0012fb24 00401338 000007d4 9c40a16c 0012fe6c kernel32!DeviceIoControl+0xdd
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fba8 004036fd 000007d4 9c40a16c 0012fe6c pru_tabic+0x1338
0012ff80 004077dc 00000002 00392860 003928a8 pru_tabic+0x36fd
0012ffc0 7c816d4f 0000001a 00000000 7ffde000 pru_tabic+0x77dc
0012fff0 00000000 004076e0 00000000 78746341 kernel32!BaseProcessStart+0x23
STACK_COMMAND: kb
FOLLOWUP_IP:
tabic!LiberaCommonBuffersPCI+76 [c:\icfnt\driversnt\tabic\dma.c @ 2644]
f6fe7386 8b4508 mov eax,dword ptr [ebp+8]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: tabic!LiberaCommonBuffersPCI+76
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tabic
IMAGE_NAME: tabic.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 46287837
FAILURE_BUCKET_ID: 0x19_20_tabic!LiberaCommonBuffersPCI+76
BUCKET_ID: 0x19_20_tabic!LiberaCommonBuffersPCI+76
Followup: MachineOwner
In WinDbg I can dump the entire memory range at 85ED4A80 (virtual address of the common buffer passed to FreeCommonBuffer) everything seems OK (the common buffer is 512 bytes long and is filled with 0x55). As suggested, I have enabled driver verifier for my driver (tabic.sys). The problem is that with driver verifier enabled the system does not crash.
Is there any way to search fro more information in the dump?
System is Windows XP SP2, WinDbg 6.6.0007.5, DDK 3790.1830
Best regards.