Hi,
I am developing a file system filter driver for Windows XP, in which we need
to pend some READ IRPs and then complete them after we do some processing.
For this I am marking the IRP as pending in the read request of the file and
then complete it in another function. But the system is crashin once I call
IoMarkIrpPedning().
Could anyone tell why this is happening. Bugcheck analysis is below :
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 44, {81f1e008, 1b90, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** ERROR: Module load completed but symbols could not be loaded for
ntdll.dll
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_IRP ***
*** ***
*************************************************************************
Followup: MachineOwner
nt!DbgBreakPointWithStatus+0x4:
8050d064 cc int 3
kd>
Implicit thread is now 818f8da8
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: 81f1e008, Address of the IRP
Arg2: 00001b90
Arg3: 00000000
Arg4: 00000000
Debugging Details:
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_IRP ***
*** ***
*************************************************************************
MODULE_NAME: nt
FAULTING_MODULE: 804d0000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 3b7de38f
IRP_ADDRESS: 81f1e008
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x44
LAST_CONTROL_TRANSFER: from 80522dea to 8050d064
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
eee28290 80522dea 00000003 819185f8 81f1e008 nt!DbgBreakPointWithStatus+0x4
eee28658 804fc1bb 00000044 81f1e008 00001b90
nt!KeDeregisterBugCheckCallback+0x52d
eee28678 80513206 00000044 81f1e008 00001b90 nt!KeBugCheckEx+0x19
eee286a0 804ed17d 81f1e008 00000103 806b643c nt!ExRaiseStatus+0x2fd9
eee286f0 80571c40 81f1e048 eee2872c eee28738 nt!KeInsertQueueApc+0x20f
eee28718 8057c4be 81d70f10 00000000 819185f8 nt!NtWaitForSingleObject+0x345
eee287c0 804d4e91 0000024c 00000000 00000000 nt!NtReadFile+0x26f
eee287ec 818d36f8 00000008 0000000e 00000000 nt!KeInitializeInterrupt+0xa7c
818d3700 00000100 e347b010 eed7697d e2ce5868 0x818d36f8
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_NAME: MachineOwner
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
Any information is helpful.
Thanks,
Kedar.