Hi,
My Tdi Filter Driver Monitors certain applications and blocks their IRPs
based on user choice.Everything works well but some times the following code
for denying IRPs generates bugcheck 4E.As soon as IoCompleteRequest is
called a Bug Check 4E appears. It seems that Io Manager is calling
MmUnlockPages Twice on the MDL when i call IoCompleteRequest.But why ? how
to avoid this bug check ? any ideas ? Is there any way to check the validity
of this MDL attached with IRP before calling IoCompleteRequest or any
workarounds ?
if(pIrp != NULL)
{
// Just Complete it with error code
pIrp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
pIrp->IoStatus.Information = 0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
pEntry->pHoldingIrp = NULL;
}
The stack looks like this -
kd> !analyze -v
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 00000007, A driver has unlocked a page more times than it locked it
Arg2: 00001573, page frame number
Arg3: 00000001, current share count
Arg4: 00000000, 0
Debugging Details:
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x4E
LAST_CONTROL_TRANSFER: from 8042c0c3 to 80455d74
STACK_TEXT:
b79b994c 8042c0c3 00000003 b79b9994 00000007
nt!RtlpBreakWithStatusInstruction
b79b997c 8042c487 00000003 00001573 818e32c8 nt!KiBugCheckDebugBreak+0x31
b79b9d08 8044cc80 0000004e 00000007 00001573 nt!KeBugCheckEx+0x390
b79b9d28 80437612 8154a5c8 81660de8 b79b9d64
nt!MiDecrementReferenceCount+0xbf
b79b9d40 8041faa2 8154a500 8153a6a8 8046d41c nt!MmUnlockPages+0x10f
b79b9d64 ed3ec755 8153a6a8 81660de8 8158d9a8 nt!IopfCompleteRequest+0x1e9
b79b9d78 80418dc7 8153a6a8 00000000 00000000
netfilter!NetFilterDenyIrpFreeMemoryWorkRoutine+0x6a
[E:\NetFilter\NetFilter\Timer.c @ 398]
b79b9da8 804553af 8153a6a8 00000000 00000000 nt!ExpWorkerThread+0xae
b79b9ddc 804695b2 80418d02 80000001 00000000 nt!PspSystemThreadStartup+0x69
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
netfilter!NetFilterDenyIrpFreeMemoryWorkRoutine+6a
ed3ec755 6880c63eed push 0xed3ec680
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: netfilter!NetFilterDenyIrpFreeMemoryWorkRoutine+6a
MODULE_NAME: netfilter
IMAGE_NAME: netfilter.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 3f8a7fbb
STACK_COMMAND: kb
BUCKET_ID: 0x4E_netfilter!NetFilterDenyIrpFreeMemoryWorkRoutine+6a
Followup: MachineOwner
any help is appreciated.
Regards…
Subodh