Bugcheck 1A in IoBuild[Sync or Async]hronousFsdRequest

NTDEV
1

In Windows 2012, I’m getting a bugcheck that does not occur in Windows 2008 R2 and earlier. The bugcheck is 1A (MEMORY_MANAGEMENT), and arg1 is 61946 (invalid MDL).

The buffer that I’m using to build the IRP with is one that was passed to me in an IRP_MJ_READ request. I’m redirecting the read to a different device by creating a new IRP, but this is resulting in the bugcheck. Any ideas what might be causing this? Thanks!

Ernie Coskrey

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)

Any other values for parameter 1 must be individually examined.

Arguments:
Arg1: 0000000000061946, The subtype of the bugcheck.
Arg2: fffffa80043f5f40
Arg3: 00000000000045ec
Arg4: 0000000000000000

Debugging Details:

BUGCHECK_STR: 0x1a_61946

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff801e2be6c66 to fffff801e2ae6970

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: fffff88005c453b8

STACK_COMMAND: dds FFFFF88005C453B8-0x20 ; kb

STACK_TEXT:
fffff88005c45398 e2ae2d0c fffff88005c4539c fffff801
fffff88005c453a0 02c5d180 fffff88005c453a4 fffff880
fffff880`05c453a8 e2b692ef
(etc…)

2

The 0x1A/0x61946 bugcheck happens when the memory manager issues a paging read and some driver then tries to create a secondary, write-access MDL describing the same physical pages. This is bad because when that secondary MDL is unlocked the pages will get marked dirty when they’re not supposed be, causing various problems downstream.

The bugcheck is new in win8. Prior to win8 it used to be an assert so you would likely see the same problem on a checked win7 build.

To fix this you need to reuse the original MDL instead of creating a new one. See the end of this thread for more information:

https://www.osronline.com/ShowThread.cfm?link=213360

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@steeleye.com
Sent: Friday, March 22, 2013 1:36 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Bugcheck 1A in IoBuild[Sync or Async]hronousFsdRequest

In Windows 2012, I’m getting a bugcheck that does not occur in Windows 2008 R2 and earlier. The bugcheck is 1A (MEMORY_MANAGEMENT), and arg1 is 61946 (invalid MDL).

The buffer that I’m using to build the IRP with is one that was passed to me in an IRP_MJ_READ request. I’m redirecting the read to a different device by creating a new IRP, but this is resulting in the bugcheck. Any ideas what might be causing this? Thanks!

Ernie Coskrey

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)

Any other values for parameter 1 must be individually examined.

Arguments:
Arg1: 0000000000061946, The subtype of the bugcheck.
Arg2: fffffa80043f5f40
Arg3: 00000000000045ec
Arg4: 0000000000000000

Debugging Details:

BUGCHECK_STR: 0x1a_61946

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff801e2be6c66 to fffff801e2ae6970

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: fffff88005c453b8

STACK_COMMAND: dds FFFFF88005C453B8-0x20 ; kb

STACK_TEXT:
fffff88005c45398 e2ae2d0c fffff88005c4539c fffff801
fffff88005c453a0 02c5d180 fffff88005c453a4 fffff880
fffff880`05c453a8 e2b692ef
(etc…)