I fixed one issue in my mini filter where I was issuing multiple FltCompletePendedPostoperation calls, but now I am experiencing a similar problem.
In my DisconnectNotifyCallback routine, I flush all items out of my cancel-safe queues and complete them by calling FltCompletePendedPostOperation. I am positive that I have NOT issued a previous completion by returning FLT_POSTOP_FINISHED_PROCESSING or by calling FltCompletePendedPostOperation.
The basic workflow:
- In post-create, add to CSQ, return FLT_POSTOP_MORE_PROCESSING_REQUIRED
- User-mode service disconnects at some point
- In disconnect callback, I remove all CallbackData from my CSQs for all instances of my filter and call FltCompletePendedPostoperation on each one
- Shortly after exiting Disconnect Callback, get MULTIPLE_IRP_COMPLETE_REQUESTS stop with data seen below.
I am testing with just one instance of my filter and one single IRP. I don’t understand how this IRP can be completed after I have already completed it. I search for enlightenment…
-Bill
==============================
*** Fatal System Error: 0x00000044
(0x8118F008,0x00001B1F,0x00000000,0x00000000)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows 2000 2195 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols
…
Loading User Symbols
…
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 44, {8118f008, 1b1f, 0, 0}
Probably caused by : ntoskrnl.exe ( nt!IopParseDevice+b4f )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
80455554 cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: 8118f008, Address of the IRP
Arg2: 00001b1f
Arg3: 00000000
Arg4: 00000000
Debugging Details:
IRP_ADDRESS: 8118f008
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x44
PROCESS_NAME: IEXPLORE.EXE
LAST_CONTROL_TRANSFER: from 8042a9e7 to 80455554
STACK_TEXT:
f2149e04 8042a9e7 00000003 f2149e4c 8118f008 nt!RtlpBreakWithStatusInstruction
f2149e34 8042afda 00000003 00000000 8118f008 nt!KiBugCheckDebugBreak+0x31
f214a1c0 8041e658 00000044 8118f008 00001b1f nt!KeBugCheckEx+0x390
f214a1e8 8041e634 8118f008 804bfbb9 8118f008 nt!IopFreeIrp+0x20
f214a1f0 804bfbb9 8118f008 804825a0 804bf06a nt!IoFreeIrp+0xa
f214a384 80450893 8181ebb0 00000000 f214a43c nt!IopParseDevice+0xb4f
f214a3fc 804d5b3e 00000000 8181cc00 00000040 nt!ObpLookupObjectName+0x4e7
f214a50c 8049fadd 00000000 00000000 00000001 nt!ObOpenObjectByName+0xc8
f214a5e8 8049f682 00129a88 80100080 00129a24 nt!IopCreateFile+0x407
f214a630 804a719a 00129a88 80100080 00129a24 nt!IoCreateFile+0x36
f214a670 80465014 00129a88 80100080 00129a24 nt!NtCreateFile+0x2e
f214a670 77f88283 00129a88 80100080 00129a24 nt!KiSystemService+0xc4
001299e4 7c58c588 00129a88 80100080 00129a24 ntdll!NtCreateFile+0xb
00129a80 7cebb825 00000000 80000000 00000000 KERNEL32!CreateFileW+0x343
00129cd4 7cebb4ad 0012a318 00129f00 00000000 ole32!CFileStream::Init_OpenOrCreate+0x6b
0012a528 7ceb80ff 0012a5a0 00000000 00000000 ole32!CFileStream::InitWorker+0xbf
0012a570 7ceb87f7 0012a5a0 00000340 00000000 ole32!DfFromName+0x81
0012a804 7ce43b8a 0012a900 00000000 00000000 ole32!DfOpenDocfile+0x19d
0012a830 7177ac13 0012a900 00000000 00000010 ole32!StgOpenStorage+0x1f
0012a8f0 7177acc8 0012a900 00166f08 003a0043 SHDOCVW!_StorageIsBrowsable+0x21
0012ab08 7177ae15 00166f08 0012ab90 00000000 SHDOCVW!_IEIsBrowsable+0x69
0012ab2c 7177bb85 0015f0f4 0012ab4c 00166f4c SHDOCVW!_IEGetAttributesOf+0x13f
0012ab50 7177bca1 00000001 00166f08 00000000 SHDOCVW!_IEBindToObjectInternal+0x56
0012ab68 7150f5d3 00166f08 00000000 7150d0c0 SHDOCVW!IEBindToObjectEx+0x17
0012ab88 7150f645 00000000 00000400 0012aba4 BROWSEUI!GetBrowserFrameOptionsPidl+0x2a
0012aba8 715179f7 00166f08 00000400 00000001 BROWSEUI!IsBrowserFrameOptionsPidlSet+0x1b
0012abc4 71723d3b 00139c34 00166f08 00000000 BROWSEUI!CShellBrowser2::_NavigateToPidl+0x2a
0012ae10 71725df7 00000700 00139c34 0012ae3c SHDOCVW!CBaseBrowser2::_OnGoto+0x17a
0012ae20 7153f6b2 001466ec 00030166 00000700 SHDOCVW!CBaseBrowser2::WndProcBS+0x316
0012ae3c 7151f5f4 00139c34 00030166 00000700 BROWSEUI!CCommonBrowser::WndProcBS+0x1e
0012ae78 7152006f 00139c20 00030166 00000700 BROWSEUI!CShellBrowser2::WndProcBS+0x8f
0012aea4 77e4158f 00139c20 00000700 00000000 BROWSEUI!IEFrameWndProc+0x4d
0012af14 7171f937 00030166 00000700 00000000 USER32!__ClientCharToWchar+0x38
0012af28 71725ec2 00000001 00166f08 001466e8 SHDOCVW!CBaseBrowser2::_SendAsyncOperation+0x1f
0012af3c 7172605d 00166f08 00000001 00000000 SHDOCVW!CBaseBrowser2::_NavigateToPidlAsync+0x9e
0012af60 7153fadb 001466d8 00166e98 00000001 SHDOCVW!CBaseBrowser2::BrowseObject+0x182
0012af70 7151be82 00139c30 00166e98 00000001 BROWSEUI!CCommonBrowser::BrowseObject+0x18
0012afa0 7174c5e4 00000000 00166e98 00000001 BROWSEUI!CShellBrowser2::BrowseObject+0xf6
0012afb0 7174f6f4 00166e98 00000001 00139c34 SHDOCVW!CIEFrameAuto::_BrowseObject+0x18
0012c070 717527dc 00165aa8 00000000 00000000 SHDOCVW!CIEFrameAuto::_NavigateHelper+0x32a
0012c094 7151ffde 00147b0c 00165aa8 00000000 SHDOCVW!CIEFrameAuto::Navigate+0x21
0012c0d4 7152006f 00139c20 00030166 00000705 BROWSEUI!CShellBrowser2::WndProcBS+0xa79
0012c100 77e4158f 00139c20 00000705 00000001 BROWSEUI!IEFrameWndProc+0x4d
0012c13c 77e3c1ca 004b4100 00000705 00000001 USER32!__ClientCharToWchar+0x38
0012c5a8 7c2ef02c 00130000 00000000 00148f58 USER32!InternalEnumProps+0xbd
0012c5f0 7c2ef1de 0012c7a8 00000196 0012c7bc ADVAPI32!LsapQueryTrustedDomainInfo+0x74
0012c630 0041004d 00480043 004e0049 005c0045 ADVAPI32!LsapSetTrustedDomainInformation+0x58
0012c694 77fa3510 0012c79e 0012c700 00000008 iexplore!_NULL_IMPORT_DESCRIPTOR (iexplore+0x1004d)
0012c730 77f97eed 0015e0c6 0012c954 02000000 ntdll!RtlIntegerToUnicode+0xf4
0012c970 77fcb7c2 00130e38 00148f58 02000000 ntdll!RtlConvertSidToUnicodeString+0x189
0012ca2c 77fcae15 0012ca8c 0012ca8c 0012ee64 ntdll!RtlFreeHeap+0xf8
0012ccb4 7c58e5a2 00130000 00000000 001660e0 ntdll!RtlAllocateHeap+0x12b
0012ccfc 745e25b0 001660e0 00000000 745ea6fa KERNEL32!GlobalFree+0x53
0012cd08 745ea6fa 0012cde8 745eb538 745ea707 msi!CAPITempBuffer::Destroy+0x13
0012d050 0038002d 00390033 00320035 00310032 msi!OpenSpecificUsersAdvertisedSubKeyPacked+0x142
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012d084 77fb2c0c 00130000 0012d0c4 00000029 0x38002d
00130640 00000000 ffeeffee 00000000 00130000 ntdll!RtlpAllocateFromHeapLookaside+0x40
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IopParseDevice+b4f
804bfbb9 8a8d18ffffff mov cl,byte ptr [ebp-0E8h]
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: nt!IopParseDevice+b4f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45069e6e
FAILURE_BUCKET_ID: 0x44_nt!IopParseDevice+b4f
BUCKET_ID: 0x44_nt!IopParseDevice+b4f
Followup: MachineOwner
---------