I did the following stress test on my driver and find the following the
bug.
1. Open two Dos boxes and run a script to loop on Wget test.
2. Run a building scrtip to build the driver and application code.
After the building scrtip is launched, the driver is crashed on the
following location.
If I do not launch the building script, I can open many DOS boxes and run
the Wget without any problem
From the memory dump, it showed that driver was crashed on the following API
call.
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql);
NdisMCoIndicateReceivePacket(
<--------------------------------------------------------- Crash on this
API.
pLink->NdisVcHandle,
pLink->PacketArray, // PacketArray
pLink->NumberOfPackets // NumberOfPackets
);
KeLowerIrql(oldIrql);
I check my driver code and the memory is allocated by calling
"NdisAllocateMemory", which allocates the memory from
non-pageable memory. How can memory be invalid when I launched the script
to build application and driver?
Can anyone tell me how to attack this problem? Thanks?
0: kd> !analyze -v
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: f7b44ffe, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 0000000c
CURRENT_IRQL: 2
FAULTING_IP:
NDIS!NdisMCoIndicateReceivePacket+cd
f7b44ffe 834b0cff or dword ptr [ebx+0Ch],0FFFFFFFFh
CUSTOMER_CRASH_COUNT: 3
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: F5DialSrv.exe
LAST_CONTROL_TRANSFER: from a5982ecb to f7b44ffe
STACK_TEXT:
a6e12a4c a5982ecb 89f3fe98 88b1ef31 00000000
NDIS!NdisMCoIndicateReceivePacket+0xcd
a6e12a64 a598411c 89d97008 88b63c48 00000000
covpndrv!CardIndicateReceivedPacket+0x13b
[c:\dev\newfea\rh\winbuild\projects\vpn\src\rh\vpn\ driver\cowandrv\card.c @
2086]
a6e12a80 a598e032 89d97008 00000000 00000000 covpndrv!TDI_EventReceive+0x3cc
[c:\dev\newfea\rh\winbuild\projects\vpn\src\rh\vpn\ driver\cowandrv\receive.c
@ 460]
a6e12ac8 a5987a4a 88b63c48 88f20b38 00000fff covpndrv!WritePacket+0x202
[c:\dev\newfea\rh\winbuild\projects\vpn\src\rh\vpn\ driver\cowandrv\userio.c
@ 172]
a6e12b8c f7b2c4bb 89d7d030 88f20b38 88b4f018
covpndrv!URVPNDriverDispatch+0x9fa
[c:\dev\newfea\rh\winbuild\projects\vpn\src\rh\vpn\ driver\cowandrv\dispatch.c
@ 330]
a6e12ba4 f7b2c947 89d7d030 88f20b38 88b681f8 NDIS!ndisDummyIrpHandler+0x48
a6e12c40 804e13d9 89d7d030 88f20b38 806ff410
NDIS!ndisDeviceControlIrpHandler+0x5c
a6e12c50 8056f50b 88f20ba8 88b15aa0 88f20b38 nt!IopfCallDriver+0x31
a6e12c64 8057cfc3 89d7d030 88f20b38 88b15aa0
nt!IopSynchronousServiceTail+0x60
a6e12d00 805896c4 00000154 00000000 00000000 nt!IopXxxControlFile+0x5ef
a6e12d34 804dd99f 00000154 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a6e12d34 7c90eb94 00000154 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f7a8 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
covpndrv!CardIndicateReceivedPacket+13b
[c:\dev\newfea\rh\winbuild\projects\vpn\src\rh\vpn\ driver\cowandrv\card.c @
2086]
a5982ecb 8b4d08 mov ecx,dword ptr [ebp+8]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: covpndrv!CardIndicateReceivedPacket+13b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: covpndrv
IMAGE_NAME: covpndrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47c8a144
FAILURE_BUCKET_ID: 0xD1_W_covpndrv!CardIndicateReceivedPacket+13b
BUCKET_ID: 0xD1_W_covpndrv!CardIndicateReceivedPacket+13b
Followup: MachineOwner
---------
