My driver has a BSOD with a very low probability of recurrence,
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000018800111, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80424257d38, address which referenced memory
My Stack:
STACK_TEXT:
ffffdd09`92d567a8 fffff804`2422bf29 : 00000000`0000000a 00000000`18800111 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffdd09`92d567b0 fffff804`24227389 : 00001000`00000000 00000000`00000000 ffff8008`20d9d3b0 fffff804`00001000 : nt!KiBugCheckDispatch+0x69
ffffdd09`92d568f0 fffff804`24257d38 : ffffdd09`92d56ad8 00000000`00000001 ffff8008`00000003 ffffcb80`3f000000 : nt!KiPageFault+0x489
ffffdd09`92d56a80 fffff804`24257bf4 : ffffcb80`3f051180 ffff8008`21ac71a0 ffff8008`20d9d300 00000000`00000000 : nt!KxWaitForLockOwnerShipWithIrql+0x50
ffffdd09`92d56ae0 fffff804`2413b4f6 : ffff8008`20d9d270 ffff8008`4b07b9d0 ffff8008`20d9d368 ffff8008`20d9d358 : nt!KiAcquireQueuedSpinLockInstrumented+0x66
ffffdd09`92d56b20 fffff804`21dc8b41 : ffff8008`25ae1010 ffffdd09`92d56be9 00000000`00000004 00000000`00000000 : nt!KeAcquireInStackQueuedSpinLock+0xa6
ffffdd09`92d56b50 fffff804`21dc85e0 : ffff8008`20d9d200 00000000`00000000 00000000`00060400 00000000`00000000 : FLTMGR!FltpPerformPostCallbacksWorker+0x1b1
ffffdd09`92d56c20 fffff804`21dca741 : ffffdd09`92d51000 ffffdd09`92d58000 ffff8008`20d9d270 00000000`00000001 : FLTMGR!FltpPassThroughCompletionWorker+0x120
ffffdd09`92d56cd0 fffff804`21dc7e43 : ffffdd09`92d56d60 00000000`c0000005 00000000`00000000 fffff804`244a4f42 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x6a1
ffffdd09`92d56d40 fffff804`24112695 : ffff8008`255039d0 fffff804`2404fe87 ffff8008`255039d0 ffff8008`2dd44080 : FLTMGR!FltpDispatch+0xa3
ffffdd09`92d56da0 fffff804`2407f7c7 : ffff8008`2f043b40 ffff8008`37ec76a8 00000000`00000403 00000000`00000002 : nt!IofCallDriver+0x55
ffffdd09`92d56de0 fffff804`2400cef8 : ffff8008`1d89c5c0 fffff804`24143398 ffff8008`1d89c620 ffff8008`1d89c5e0 : nt!IoPageReadEx+0x2d7
ffffdd09`92d56e50 fffff804`244a408b : ffff8008`1d89c5c0 ffff8008`2dd44080 ffff8008`1d89c6d0 00000000`00000001 : nt!MiPageRead+0x28
ffffdd09`92d56ea0 fffff804`244a3ed6 : ffffdd09`92d57018 00000000`00000001 ffff8008`2dd44080 00000000`00000000 : nt!MiPfExecuteReadList+0xf3
ffffdd09`92d56f10 fffff804`24022003 : ffff8008`37ec7630 00000000`00001000 00000000`00001000 00000000`00000000 : nt!MmPrefetchForCacheManager+0x10a
ffffdd09`92d56f90 fffff804`244a7603 : 00000000`00000000 00000000`00000000 ffff8008`2f045a80 00000000`00000018 : nt!CcFetchDataForRead+0x123
ffffdd09`92d56ff0 fffff804`2401e29b : ffff8008`2f045a80 00000000`00000000 00000000`00000000 ffff8008`190d5201 : nt!CcMapAndCopyFromCache+0xf3
ffffdd09`92d570b0 fffff804`245998e3 : 00000000`00000000 00000000`00000000 ffff8008`00000018 ffff8008`28cbc101 : nt!CcCopyReadEx+0x22b
ffffdd09`92d57170 fffff804`3f738aa0 : ffff8008`28cbc0f8 00000000`00000018 00000000`00000000 00000000`00000000 : nt!CcCopyRead+0x23
ffffdd09`92d571c0 fffff804`3f7371b2 : ffff8008`28cbc0f8 ffffdd09`92d57560 ffff8008`2a2f8730 ffffdd09`92d57579 : MyDrv!MyFsdCommonRead+0x11d0 [d:\MyFsdRead.c @ 1011]
ffffdd09`92d57480 fffff804`21dc963b : ffff8008`28cbc0f8 ffffdd09`92d57560 ffffdd09`92d57538 ffffdd09`92d57500 : MyDrv!PtPreOperationRead+0x102 [d:\MyFsdRead.c @ 205]
ffffdd09`92d574d0 fffff804`21dc90c1 : ffffdd09`92d576f0 00000000`00000003 00000000`00000000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacksWorker+0x37b
ffffdd09`92d575e0 fffff804`21dc8049 : ffffdd09`92d58000 ffffdd09`92d51000 00000000`00000000 ffffdd09`92d57700 : FLTMGR!FltpPassThroughInternal+0xd1
ffffdd09`92d57630 fffff804`21dc7e2b : 00000000`00000042 00000000`00000000 00000000`00000200 ffff8008`00000000 : FLTMGR!FltpPassThrough+0x179
ffffdd09`92d576d0 fffff804`24112695 : ffff8008`265eb990 fffff804`2424aee8 ffff8008`1d6cdd30 00000000`00000001 : FLTMGR!FltpDispatch+0x8b
ffffdd09`92d57730 fffff804`245c3590 : ffff8008`265eb990 ffffdd09`92d577d1 ffffdd09`92d577d1 00000000`4af5d900 : nt!IofCallDriver+0x55
ffffdd09`92d57770 fffff804`245e1114 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff8008`2f045a80 : nt!IopSynchronousServiceTail+0x1d0
ffffdd09`92d57820 fffff804`245e0c0b : ffff8008`2f045a80 00000000`00000000 00000000`00000000 00000000`4af5d968 : nt!IopReadFile+0x4d4
ffffdd09`92d57920 fffff804`2422b605 : ffff8008`2dd44080 ffffdd09`92d57aa0 00000000`4af5d8d8 ffffdd09`92d579c8 : nt!NtReadFile+0xdb
ffffdd09`92d579b0 00007ffe`fd3101f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`4af5d8b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`fd3101f4
function MyFsdCommonRead :
if (!FlagOn(IrpContext->MinorFunction, IRP_MN_MDL)) {
CHAR* DecryptBuf = NULL;
SystemBuffer = MyFsdMapUserBuffer( Data );
if (!CcCopyRead( FileObject,
(PLARGE_INTEGER)&StartingByte,
(ULONG)ByteCount,
Wait,
SystemBuffer,
&Data->IoStatus ))
{
try_return( PostIrp = TRUE );
}
dv:
Wait = 0x01 ''
StartingByte = {0}
FltObjects = 0xffffdd09`92d57560
ByteCount = 0x18
SystemBuffer = 0x00000000`4af5d988
I suspect there is something wrong with my buffering.
2: kd> db 0x00000000`4af5d988
00000000`4af5d988 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d998 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d9a8 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d9b8 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d9c8 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d9d8 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d9e8 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
00000000`4af5d9f8 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
Does this mean that the buffer cannot be read or written??
Part of the code of MyFsdMapUserBuffer function
SystemBuffer = MmGetSystemAddressForMdlSafe(MdlAddress, NormalPagePriority);
if (SystemBuffer == NULL)
{
X70FsdRaiseStatus(NULL, STATUS_INSUFFICIENT_RESOURCES);
}
return SystemBuffer;
Is there something wrong with my call to MmGetSystemAddressForMdlSafe, or is it that I cannot use this function at all in this place?