BSOD due to DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)

Hi friends,

My driver has encountered a BSOD on win7 x86. The Windbg analysis is as below:

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 00000006, IRP passed to IoCompleteRequest contains invalid status
Arg2: 00000103, the status
Arg3: a88eae70, the IRP
Arg4: 00000000

Debugging Details:

*** WARNING: Unable to verify timestamp for hyland.sys

BUGCHECK_STR: 0xc9_6

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 6

IRP_ADDRESS: a88eae70

DEVICE_OBJECT: 922ad038

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME: TestCom.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 82b68ac0 to 82915d10

STACK_TEXT:
87c42ac4 82b68ac0 000000c9 00000006 00000103 nt!KeBugCheckEx+0x1e
87c42b40 8d84bd6b 00000000 00000000 8d84a8d0 nt!IovCompleteRequest+0x91
87c42b80 8d84c05d 922ad1e0 922ad1c0 87c42bcc hyland!global_history+0x51eb
87c42bd8 8d84aa80 922ad0f0 8d84b470 00000001 hyland!global_history+0x54dd
87c42c20 8285fe33 922ad038 a891ae70 82807844 hyland!global_history+0x3f00
87c42c3c 82a92326 a891ae01 8aca0b70 8707e930 nt!IoCancelIrp+0x7c
87c42c68 82a81b2b e12adc2c 8aa1fb20 8aa1f8a0 nt!IoCancelThreadIo+0x3a
87c42cdc 82aaf50e 00000000 00000000 8aa1f8a0 nt!PspExitThread+0x48c
87c42cfc 82aad958 8aa1f8a0 00000000 00000001 nt!PspTerminateThreadByPointer+0x61
87c42d24 8287c42a 00000000 00000000 02f4fd1c nt!NtTerminateThread+0x74
87c42d24 770064f4 00000000 00000000 02f4fd1c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
02f4fd1c 00000000 00000000 00000000 00000000 0x770064f4

STACK_COMMAND: kb

FOLLOWUP_IP:
hyland!global_history+51eb
8d84bd6b ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: hyland!global_history+51eb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: hyland

IMAGE_NAME: hyland.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5108c117

FAILURE_BUCKET_ID: 0xc9_6_VRF_hyland!global_history+51eb

BUCKET_ID: 0xc9_6_VRF_hyland!global_history+51eb

Followup: MachineOwner

And the very irp is that :

2: kd> dt !_irp a88eae70 -r1
nt!_IRP
+0x000 Type : 6
+0x002 Size : 0x190
+0x004 MdlAddress : (null)
+0x008 Flags : 0x40060970
+0x00c AssociatedIrp :
+0x000 MasterIrp : 0xa8808ff8 _IRP
+0x000 IrpCount : -1467969544
+0x000 SystemBuffer : 0xa8808ff8
+0x010 ThreadListEntry : _LIST_ENTRY [0x8ac4ecac - 0x8ac4ecac]
+0x000 Flink : 0x8ac4ecac _LIST_ENTRY
+0x004 Blink : 0x8ac4ecac _LIST_ENTRY
+0x018 IoStatus : _IO_STATUS_BLOCK
+0x000 Status : 259
+0x000 Pointer : 0x00000103
+0x004 Information : 2
+0x020 RequestorMode : 1 ‘’
+0x021 PendingReturned : 0 ‘’
+0x022 StackCount : 8 ‘’
+0x023 CurrentLocation : 7 ‘’
+0x024 Cancel : 0 ‘’
+0x025 CancelIrql : 0 ‘’
+0x026 ApcEnvironment : 0 ‘’
+0x027 AllocationFlags : 0x81 ‘’
+0x028 UserIosb : 0x02b7f8d4 _IO_STATUS_BLOCK
+0x000 Status : ??
+0x000 Pointer : ???
+0x004 Information : ??
+0x02c UserEvent : 0x8a5dd318 _KEVENT
+0x000 Header : _DISPATCHER_HEADER
+0x030 Overlay :
+0x000 AsynchronousParameters :
+0x000 AllocationSize : _LARGE_INTEGER 0x2b7f8d4`00000000
+0x038 CancelRoutine : (null)
+0x03c UserBuffer : 0x02b7f8e8
+0x040 Tail :
+0x000 Overlay :
+0x000 Apc : _KAPC
+0x000 CompletionKey : (null)

I think it should be caused by the read pending irp, but I haven’t found any error in my codes.
Any lead would be greatly appreciated!

Thanks in advance,

Joe

When you pend an irp you do NOT have put STATUS_PENDING in IoStatus.Status. but your driver has, and furthermore, it has completed the irp with that status. Check your code again and step through it, it is a bug in your driver

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of luming419@163.com
Sent: Tuesday, February 05, 2013 11:49 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] BSOD due to DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)

Hi friends,

My driver has encountered a BSOD on win7 x86. The Windbg analysis is as below:

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9) The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 00000006, IRP passed to IoCompleteRequest contains invalid status
Arg2: 00000103, the status
Arg3: a88eae70, the IRP
Arg4: 00000000

Debugging Details:

*** WARNING: Unable to verify timestamp for hyland.sys

BUGCHECK_STR: 0xc9_6

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 6

IRP_ADDRESS: a88eae70

DEVICE_OBJECT: 922ad038

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME: TestCom.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 82b68ac0 to 82915d10

STACK_TEXT:
87c42ac4 82b68ac0 000000c9 00000006 00000103 nt!KeBugCheckEx+0x1e
87c42b40 8d84bd6b 00000000 00000000 8d84a8d0 nt!IovCompleteRequest+0x91
87c42b80 8d84c05d 922ad1e0 922ad1c0 87c42bcc hyland!global_history+0x51eb
87c42bd8 8d84aa80 922ad0f0 8d84b470 00000001 hyland!global_history+0x54dd
87c42c20 8285fe33 922ad038 a891ae70 82807844 hyland!global_history+0x3f00 87c42c3c 82a92326 a891ae01 8aca0b70 8707e930 nt!IoCancelIrp+0x7c
87c42c68 82a81b2b e12adc2c 8aa1fb20 8aa1f8a0 nt!IoCancelThreadIo+0x3a 87c42cdc 82aaf50e 00000000 00000000 8aa1f8a0 nt!PspExitThread+0x48c 87c42cfc 82aad958 8aa1f8a0 00000000 00000001 nt!PspTerminateThreadByPointer+0x61
87c42d24 8287c42a 00000000 00000000 02f4fd1c nt!NtTerminateThread+0x74
87c42d24 770064f4 00000000 00000000 02f4fd1c nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
02f4fd1c 00000000 00000000 00000000 00000000 0x770064f4

STACK_COMMAND: kb

FOLLOWUP_IP:
hyland!global_history+51eb
8d84bd6b ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: hyland!global_history+51eb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: hyland

IMAGE_NAME: hyland.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5108c117

FAILURE_BUCKET_ID: 0xc9_6_VRF_hyland!global_history+51eb

BUCKET_ID: 0xc9_6_VRF_hyland!global_history+51eb

Followup: MachineOwner

And the very irp is that :

2: kd> dt !_irp a88eae70 -r1
nt!_IRP
+0x000 Type : 6
+0x002 Size : 0x190
+0x004 MdlAddress : (null)
+0x008 Flags : 0x40060970
+0x00c AssociatedIrp :
+0x000 MasterIrp : 0xa8808ff8 _IRP
+0x000 IrpCount : -1467969544
+0x000 SystemBuffer : 0xa8808ff8
+0x010 ThreadListEntry : _LIST_ENTRY [0x8ac4ecac - 0x8ac4ecac]
+0x000 Flink : 0x8ac4ecac _LIST_ENTRY
+0x004 Blink : 0x8ac4ecac _LIST_ENTRY
+0x018 IoStatus : _IO_STATUS_BLOCK
+0x000 Status : 259
+0x000 Pointer : 0x00000103
+0x004 Information : 2
+0x020 RequestorMode : 1 ‘’
+0x021 PendingReturned : 0 ‘’
+0x022 StackCount : 8 ‘’
+0x023 CurrentLocation : 7 ‘’
+0x024 Cancel : 0 ‘’
+0x025 CancelIrql : 0 ‘’
+0x026 ApcEnvironment : 0 ‘’
+0x027 AllocationFlags : 0x81 ‘’
+0x028 UserIosb : 0x02b7f8d4 _IO_STATUS_BLOCK
+0x000 Status : ??
+0x000 Pointer : ???
+0x004 Information : ??
+0x02c UserEvent : 0x8a5dd318 _KEVENT
+0x000 Header : _DISPATCHER_HEADER
+0x030 Overlay :
+0x000 AsynchronousParameters :
+0x000 AllocationSize : _LARGE_INTEGER 0x2b7f8d4`00000000
+0x038 CancelRoutine : (null)
+0x03c UserBuffer : 0x02b7f8e8
+0x040 Tail :
+0x000 Overlay :
+0x000 Apc : _KAPC
+0x000 CompletionKey : (null)

I think it should be caused by the read pending irp, but I haven’t found any error in my codes.
Any lead would be greatly appreciated!

Thanks in advance,

Joe


NTDEV is sponsored by OSR

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Thank you Doron for your help.

Joe