Hi,
I am facing a problem while cancelling a receive irp issued to a
tdi tcp end point. I understand that this problem might be specific
to my driver, but I am hoping someone might have faced similar issue
and might be able to help.
Normal i/o and a few (hundreds) cancels happen succesfully. However,
every once in a while the dual processor windows 2000 server SP4 machine
bug checks with bug code 0xD1 with stack attached below. I unmap the
mdl buffers in my routine that issues the receive, after I ensure that
my completion routine is called (in this case for cancel of irp), ie.
irp->IoStatus.Status == STATUS_CANCELLED;
Hope someone on the list has some suggestions for me to try/ or insights
into what I might be doing wrong else I might have to go to a different
design and implementation. Thanks in advance for any help.
-Shyam
My pseudo code:
mdl = IoAllocateMdl
MmProbeAndLockPages
IoAllocateIrp
TdiBuildReceive
IoCallDriver
status = KeWaitForSingleObject
if (status == STATUS_TIMEOUT)
IoCancelIrp
MmUnlockPages (mdl)
IoFreeMdl
IoFreeIrp
In my completion routine for the above irp, I always return
STATUS_MORE_PROCESSING_REQUIRED, to the irp stays valid in the
allocating routine.
!analyze -v info is as follows:
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pagable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000020, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f1e3ac85, address which referenced memory
Debugging Details:
READ_ADDRESS: 00000020
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!BufferData+42
f1e3ac85 8b5320 mov edx,[ebx+0x20]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 8042aa0f to 804564d0
STACK_TEXT:
80473d68 8042aa0f 00000003 80473db0 00000020
nt!RtlpBreakWithStatusInstruction
80473d98 8042b002 00000003 00000020 f1e3ac85 nt!KiBugCheckDebugBreak+0x31
80474124 8046987c 00000000 00000020 00000002 nt!KeBugCheckEx+0x390
80474124 f1e3ac85 00000000 00000020 00000002 nt!KiTrap0E+0x284
804741e0 f1e26466 8187c5c8 00001050 804742fc tcpip!BufferData+0x42
80474248 f1e2415d 00000000 8504020a b304020a tcpip!TCPRcv+0xad1
80474294 f1e2405d f1e261c7 8190a148 81e4300e tcpip!DeliverToUser+0xf9
8047434c f1e2398c 8190a148 81e43022 000005c8 tcpip!IPRcvPacket+0x5f8
8047438c f1e239ed 00000000 81ed3a7c 81e43000
tcpip!ARPRcvIndicationNew+0x172
804743c8 f87c1183 81910d48 00000000 00000000 tcpip!ARPRcvPacket+0x5c
80474420 f1f8d757 81fa8b00 80474440 00000008
NDIS!ethFilterDprIndicateReceivePacket+0x2ea
WARNING: Stack unwind information not available. Following frames may be
wrong.
80474554 f1f8d4fb 81f9e008 80474580 81f9e35c e1000nt5+0x757
80474578 f87aabb8 81f9e000 80470370 ffdff848 e1000nt5+0x4fb
8047458c 80465728 81f9e370 81f9e35c 00000000 NDIS!ndisMDpcX+0x2b
804745a4 80465680 0000000e 00000000 00000000 nt!KiRetireDpcList+0x47
804745ac 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x28
FOLLOWUP_IP:
tcpip!BufferData+42
f1e3ac85 8b5320 mov edx,[ebx+0x20]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: tcpip!BufferData+42
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3eaf053b
STACK_COMMAND: kb
BUCKET_ID: 0xD1_tcpip!BufferData+42