bugcheck c9 in verifier

Bedanto · September 11, 2009, 9:00am

experts,

SUT: winxp sp3 32
DTM - 1.4
Test catagory: Unclassified, PnpD test (run remove pnpD test)

Xp crashes consistently, note that the same driver binary passes on vista
32sp2, win7-32 RTM

here is analysis.

I would be most grateful, if one of you can help.

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead of
passing it down.
Arg2: b9bfc5c6, The address in the driver's code where the error was
detected.
Arg3: 8a770ed8, IRP address.
Arg4: 00000000
Debugging Details:

*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
SYMSRV: ntkrpamp.exe from http://msdl.microsoft.com/download/symbols:
930731 bytes - copied
DBGHELP: c:\websymbols\ntkrpamp.exe\4802516A20d000\ntkrpamp.exe - OK
SYMSRV: c:\websymbols\COSD.sys\4AA798B05a100\Cosd.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/Cosd.sys/4AA798B05a100/Cosd.sysnot
found
DBGHELP: C:\Work\Branches\DeviceDriver\Package\32-bit\p\Cosd.sys - OK
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sysnot
found
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sysnot
found
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sysnot
found
ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.
EXCEPTION_CODE: (Win32) 0xc9 (201) - The operating system cannot run %1.
EXCEPTION_PARAMETER1: 0000022e
EXCEPTION_PARAMETER2: b9bfc5c6
EXCEPTION_PARAMETER3: 8a770ed8
EXCEPTION_PARAMETER4: 0
BUGCHECK_STR: 0xc9_22e
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22e
FAULTING_IP:
Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
b9bfc5c6 8bff mov edi,edi
FOLLOWUP_IP:
Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
b9bfc5c6 8bff mov edi,edi
IRP_ADDRESS: 8a770ed8
DEVICE_OBJECT: 89b81cb8
DRIVER_OBJECT: 89d10ca0
IMAGE_NAME: Cosd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4aa798b0
MODULE_NAME: Cosd
FAULTING_MODULE: 00000000
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
LOCK_ADDRESS: 8055b560 -- (!locks 8055b560)
Resource @ nt!IopDeviceTreeLock (0x8055b560) Shared 1 owning threads
Threads: 89db1640-01<*>
1 total locks, 1 locks currently held
PNP_TRIAGE:
Lock address : 0x8055b560
Thread Count : 1
Thread address: 0x89db1640
Thread wait : 0xc57
LAST_CONTROL_TRANSFER: from 80661e0b to 804f9f33
STACK_TEXT:
bad03434 80661e0b 0000004c 000000c9 bad03454 nt!KeBugCheckEx+0x1b
bad035bc 80662571 bad03897 80691090 00040000 nt!ViBugcheckHalt+0xc3
bad03860 80662657 80695630 0000022e bad0388c
nt!VfBugcheckThrowException+0xa1
bad03950 806640bb 0000022e 00000009 b9bfc5c6
nt!VfBugcheckThrowIoException+0xb5
bad03988 80661775 8857f5c0 8857f520 00000001
nt!VfPnpVerifyIrpStackUpward+0xdd
bad039ac 80665600 8857f520 00000001 8851f000
nt!VfMajorVerifyIrpStackUpward+0x45
bad039ec 806582df 8a770f93 8a770ed8 00000000 nt!IovpCompleteRequest2+0xb4
bad03a04 804f16b0 89b81cb8 8a770ed8 bad03a68
nt!IovpLocalCompletionRoutine+0x63
bad03a34 806587b8 89d108a8 8a770ed8 00000000 nt!IopfCompleteRequest+0xa2
bad03aa0 b9bfc860 89d107f0 89ca2588 8a770f00 nt!IovCompleteRequest+0x9a
bad03abc 804ef18f 89d107f0 8a770f90 806e6428 Cosd!CosdPnpDispatch+0x29a
[c:\work\branches\devicedriver\Cosd\pnp.cpp @ 402]
bad03acc 80658128 8a770fac 8a770fd0 8a770f90 nt!IopfCallDriver+0x31
bad03af0 80662c0b 89b81cb8 89d10ca0 8a770e00 nt!IovCallDriver+0xa0
bad03b04 804ef18f 89d107f0 8a770ed8 806e6428 nt!ViDriverDispatchPnp+0xd7
bad03b14 80658128 8a770fd0 89b81b90 8a770ed8 nt!IopfCallDriver+0x31
bad03b38 bab3a5a9 89b81ad8 89b81b90 89b81a60 nt!IovCallDriver+0xa0
WARNING: Stack unwind information not available. Following frames may be
wrong.
bad03b5c bab3ac57 89b81b90 8a770ed8 8a770ed8 pnpfiltr+0x25a9
bad03b78 bab3a7c7 89b81ad8 8a770ed8 89b81ad8 pnpfiltr+0x2c57
bad03b90 804ef18f 89b81ad8 8a770ed8 806e6428 pnpfiltr+0x27c7
bad03ba0 80658128 8a770ffc bad03c40 8a770ed8 nt!IopfCallDriver+0x31
bad03bc4 80592b63 89dd5df0 89dd5df0 00000003 nt!IovCallDriver+0xa0
bad03bf0 80592dc5 89b81ad8 bad03c1c 00000000 nt!IopSynchronousCall+0xb7
bad03c44 8059397b 89dd5df0 00000003 00000000 nt!IopRemoveDevice+0x93
bad03c5c 805947b0 89dd5ca8 bad03d20 bad03ce8
nt!IopQueryRemoveLockedDeviceNode+0x3f
bad03c74 805947fd 89dd5ca8 00000000 e113c7b0
nt!IopDeleteLockedDeviceNode+0x4e
bad03ca8 8059a297 89dd5df0 0213c7b0 00000000
nt!IopDeleteLockedDeviceNodes+0x3f
bad03d3c 8059a72e bad03d78 806e6974 e11bfe78
nt!PiProcessQueryRemoveAndEject+0x597
bad03d58 8059a874 bad03d78 89bf5350 8056485c
nt!PiProcessTargetDeviceEvent+0x2a
bad03d7c 8053876d 89bf5350 00000000 89db1640 nt!PiWalkDeviceList+0xea
bad03dac 805cff64 89bf5350 00000000 00000000 nt!ExpWorkerThread+0xef
bad03ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: .bugcheck ; kb
FAULTING_SOURCE_CODE:
34: NTSTATUS CosdPnpDispatch(
35: IN PDEVICE_OBJECT DeviceObject,
36: IN PIRP Irp
37: )

38: {
39: PCosd_DEVICE_EXTENSION deviceExtension;
40: PIO_STACK_LOCATION irpStack;
41: NTSTATUS status = STATUS_NO_SUCH_DEVICE;
42: PDEVICE_CAPABILITIES deviceCapabilities;
43: ULONG requestCount;

SYMBOL_NAME: Cosd!CosdPnpDispatch+0
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
Followup: MachineOwner

0: kd> !devobj ffffffff89b81cb8 f
Device object (89b81cb8) is for:
\DRIVER\VERIFIER DriverObject 89d10ca0
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000010
DevExt 89b81d70 DevObjExt 89b81d80
ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
AttachedDevice (Upper) 89b81ad8 \Driver\pnpstress
AttachedTo (Lower) 89d107f0 \Driver\Cosd
Device queue is not busy.
0: kd> !drvobj ffffffff89d10ca0 f
Driver object (89d10ca0) is for:
\DRIVER\VERIFIER
Driver Extension List: (id , addr)
Device Object list:
89b81cb8 89d10b68
DriverEntry: 80662c3a nt!ViDriverEntry
DriverStartIo: 00000000
DriverUnload: 00000000
AddDevice: 80662a48 nt!ViDriverAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE 80662afe nt!ViDriverDispatchGeneric
[01] IRP_MJ_CREATE_NAMED_PIPE 80662afe nt!ViDriverDispatchGeneric
[02] IRP_MJ_CLOSE 80662afe nt!ViDriverDispatchGeneric
[03] IRP_MJ_READ 80662afe nt!ViDriverDispatchGeneric
[04] IRP_MJ_WRITE 80662afe nt!ViDriverDispatchGeneric
[05] IRP_MJ_QUERY_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[06] IRP_MJ_SET_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[07] IRP_MJ_QUERY_EA 80662afe nt!ViDriverDispatchGeneric
[08] IRP_MJ_SET_EA 80662afe nt!ViDriverDispatchGeneric
[09] IRP_MJ_FLUSH_BUFFERS 80662afe nt!ViDriverDispatchGeneric
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[0b] IRP_MJ_SET_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[0c] IRP_MJ_DIRECTORY_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0d] IRP_MJ_FILE_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0e] IRP_MJ_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
[10] IRP_MJ_SHUTDOWN 80662afe nt!ViDriverDispatchGeneric
[11] IRP_MJ_LOCK_CONTROL 80662afe nt!ViDriverDispatchGeneric
[12] IRP_MJ_CLEANUP 80662afe nt!ViDriverDispatchGeneric
[13] IRP_MJ_CREATE_MAILSLOT 80662afe nt!ViDriverDispatchGeneric
[14] IRP_MJ_QUERY_SECURITY 80662afe nt!ViDriverDispatchGeneric
[15] IRP_MJ_SET_SECURITY 80662afe nt!ViDriverDispatchGeneric
[16] IRP_MJ_POWER 80662abe nt!ViDriverDispatchPower
[17] IRP_MJ_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
[18] IRP_MJ_DEVICE_CHANGE 80662afe nt!ViDriverDispatchGeneric
[19] IRP_MJ_QUERY_QUOTA 80662afe nt!ViDriverDispatchGeneric
[1a] IRP_MJ_SET_QUOTA 80662afe nt!ViDriverDispatchGeneric
[1b] IRP_MJ_PNP 80662b34 nt!ViDriverDispatchPnp

Scott_Noone_OSR · September 11, 2009, 9:45am

The bugcheck code is pretty explicit:

The caller has completed a successful IRP_MJ_PNP instead of passing it
down.

See here for more details on processing IRP_MJ_PNP IRPs:

http://msdn.microsoft.com/en-us/library/ms794961.aspx

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Bedanto” wrote in message news:xxxxx@ntdev…
experts,

SUT: winxp sp3 32
DTM - 1.4
Test catagory: Unclassified, PnpD test (run remove pnpD test)

Xp crashes consistently, note that the same driver binary passes on vista
32sp2, win7-32 RTM

here is analysis.

I would be most grateful, if one of you can help.

0: kd> !analyze -v

Bugcheck Analysis

******
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead of
passing it down.
Arg2: b9bfc5c6, The address in the driver’s code where the error was
detected.
Arg3: 8a770ed8, IRP address.
Arg4: 00000000
Debugging Details:
------------------
No owner thread found for resource 8055b4e0
No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
SYMSRV: ntkrpamp.exe from http://msdl.microsoft.com/download/symbols:
930731 bytes - copied
DBGHELP: c:\websymbols\ntkrpamp.exe\4802516A20d000\ntkrpamp.exe - OK
SYMSRV: c:\websymbols\COSD.sys\4AA798B05a100\Cosd.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/Cosd.sys/4AA798B05a100/Cosd.sys
not found
DBGHELP: C:\Work\Branches\DeviceDriver\Package\32-bit\p\Cosd.sys - OK
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
not found
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
not found
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
not found
ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.
EXCEPTION_CODE: (Win32) 0xc9 (201) - The operating system cannot run %1.
EXCEPTION_PARAMETER1: 0000022e
EXCEPTION_PARAMETER2: b9bfc5c6
EXCEPTION_PARAMETER3: 8a770ed8
EXCEPTION_PARAMETER4: 0
BUGCHECK_STR: 0xc9_22e
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22e
FAULTING_IP:
Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
b9bfc5c6 8bff mov edi,edi
FOLLOWUP_IP:
Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
b9bfc5c6 8bff mov edi,edi
IRP_ADDRESS: 8a770ed8
DEVICE_OBJECT: 89b81cb8
DRIVER_OBJECT: 89d10ca0
IMAGE_NAME: Cosd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4aa798b0
MODULE_NAME: Cosd
FAULTING_MODULE: 00000000
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
LOCK_ADDRESS: 8055b560 – (!locks 8055b560)
Resource @ nt!IopDeviceTreeLock (0x8055b560) Shared 1 owning threads
Threads: 89db1640-01<*>
1 total locks, 1 locks currently held
PNP_TRIAGE:
Lock address : 0x8055b560
Thread Count : 1
Thread address: 0x89db1640
Thread wait : 0xc57
LAST_CONTROL_TRANSFER: from 80661e0b to 804f9f33
STACK_TEXT:
bad03434 80661e0b 0000004c 000000c9 bad03454 nt!KeBugCheckEx+0x1b
bad035bc 80662571 bad03897 80691090 00040000 nt!ViBugcheckHalt+0xc3
bad03860 80662657 80695630 0000022e bad0388c
nt!VfBugcheckThrowException+0xa1
bad03950 806640bb 0000022e 00000009 b9bfc5c6
nt!VfBugcheckThrowIoException+0xb5
bad03988 80661775 8857f5c0 8857f520 00000001
nt!VfPnpVerifyIrpStackUpward+0xdd
bad039ac 80665600 8857f520 00000001 8851f000
nt!VfMajorVerifyIrpStackUpward+0x45
bad039ec 806582df 8a770f93 8a770ed8 00000000 nt!IovpCompleteRequest2+0xb4
bad03a04 804f16b0 89b81cb8 8a770ed8 bad03a68
nt!IovpLocalCompletionRoutine+0x63
bad03a34 806587b8 89d108a8 8a770ed8 00000000 nt!IopfCompleteRequest+0xa2
bad03aa0 b9bfc860 89d107f0 89ca2588 8a770f00 nt!IovCompleteRequest+0x9a
bad03abc 804ef18f 89d107f0 8a770f90 806e6428 Cosd!CosdPnpDispatch+0x29a
[c:\work\branches\devicedriver\Cosd\pnp.cpp @ 402]
bad03acc 80658128 8a770fac 8a770fd0 8a770f90 nt!IopfCallDriver+0x31
bad03af0 80662c0b 89b81cb8 89d10ca0 8a770e00 nt!IovCallDriver+0xa0
bad03b04 804ef18f 89d107f0 8a770ed8 806e6428 nt!ViDriverDispatchPnp+0xd7
bad03b14 80658128 8a770fd0 89b81b90 8a770ed8 nt!IopfCallDriver+0x31
bad03b38 bab3a5a9 89b81ad8 89b81b90 89b81a60 nt!IovCallDriver+0xa0
WARNING: Stack unwind information not available. Following frames may be
wrong.
bad03b5c bab3ac57 89b81b90 8a770ed8 8a770ed8 pnpfiltr+0x25a9
bad03b78 bab3a7c7 89b81ad8 8a770ed8 89b81ad8 pnpfiltr+0x2c57
bad03b90 804ef18f 89b81ad8 8a770ed8 806e6428 pnpfiltr+0x27c7
bad03ba0 80658128 8a770ffc bad03c40 8a770ed8 nt!IopfCallDriver+0x31
bad03bc4 80592b63 89dd5df0 89dd5df0 00000003 nt!IovCallDriver+0xa0
bad03bf0 80592dc5 89b81ad8 bad03c1c 00000000 nt!IopSynchronousCall+0xb7
bad03c44 8059397b 89dd5df0 00000003 00000000 nt!IopRemoveDevice+0x93
bad03c5c 805947b0 89dd5ca8 bad03d20 bad03ce8
nt!IopQueryRemoveLockedDeviceNode+0x3f
bad03c74 805947fd 89dd5ca8 00000000 e113c7b0
nt!IopDeleteLockedDeviceNode+0x4e
bad03ca8 8059a297 89dd5df0 0213c7b0 00000000
nt!IopDeleteLockedDeviceNodes+0x3f
bad03d3c 8059a72e bad03d78 806e6974 e11bfe78
nt!PiProcessQueryRemoveAndEject+0x597
bad03d58 8059a874 bad03d78 89bf5350 8056485c
nt!PiProcessTargetDeviceEvent+0x2a
bad03d7c 8053876d 89bf5350 00000000 89db1640 nt!PiWalkDeviceList+0xea
bad03dac 805cff64 89bf5350 00000000 00000000 nt!ExpWorkerThread+0xef
bad03ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: .bugcheck ; kb
FAULTING_SOURCE_CODE:
34: NTSTATUS CosdPnpDispatch(
35: IN PDEVICE_OBJECT DeviceObject,
36: IN PIRP Irp
37: )
> 38: {
39: PCosd_DEVICE_EXTENSION deviceExtension;
40: PIO_STACK_LOCATION irpStack;
41: NTSTATUS status = STATUS_NO_SUCH_DEVICE;
42: PDEVICE_CAPABILITIES deviceCapabilities;
43: ULONG requestCount;

SYMBOL_NAME: Cosd!CosdPnpDispatch+0
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
Followup: MachineOwner
---------
0: kd> !devobj ffffffff89b81cb8 f
Device object (89b81cb8) is for:
\DRIVER\VERIFIER DriverObject 89d10ca0
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000010
DevExt 89b81d70 DevObjExt 89b81d80
ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
AttachedDevice (Upper) 89b81ad8 \Driver\pnpstress
AttachedTo (Lower) 89d107f0 \Driver\Cosd
Device queue is not busy.
0: kd> !drvobj ffffffff89d10ca0 f
Driver object (89d10ca0) is for:
\DRIVER\VERIFIER
Driver Extension List: (id , addr)
Device Object list:
89b81cb8 89d10b68
DriverEntry: 80662c3a nt!ViDriverEntry
DriverStartIo: 00000000
DriverUnload: 00000000
AddDevice: 80662a48 nt!ViDriverAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE 80662afe nt!ViDriverDispatchGeneric
[01] IRP_MJ_CREATE_NAMED_PIPE 80662afe nt!ViDriverDispatchGeneric
[02] IRP_MJ_CLOSE 80662afe nt!ViDriverDispatchGeneric
[03] IRP_MJ_READ 80662afe nt!ViDriverDispatchGeneric
[04] IRP_MJ_WRITE 80662afe nt!ViDriverDispatchGeneric
[05] IRP_MJ_QUERY_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[06] IRP_MJ_SET_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[07] IRP_MJ_QUERY_EA 80662afe nt!ViDriverDispatchGeneric
[08] IRP_MJ_SET_EA 80662afe nt!ViDriverDispatchGeneric
[09] IRP_MJ_FLUSH_BUFFERS 80662afe nt!ViDriverDispatchGeneric
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[0b] IRP_MJ_SET_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[0c] IRP_MJ_DIRECTORY_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0d] IRP_MJ_FILE_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0e] IRP_MJ_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
[10] IRP_MJ_SHUTDOWN 80662afe nt!ViDriverDispatchGeneric
[11] IRP_MJ_LOCK_CONTROL 80662afe nt!ViDriverDispatchGeneric
[12] IRP_MJ_CLEANUP 80662afe nt!ViDriverDispatchGeneric
[13] IRP_MJ_CREATE_MAILSLOT 80662afe nt!ViDriverDispatchGeneric
[14] IRP_MJ_QUERY_SECURITY 80662afe nt!ViDriverDispatchGeneric
[15] IRP_MJ_SET_SECURITY 80662afe nt!ViDriverDispatchGeneric
[16] IRP_MJ_POWER 80662abe nt!ViDriverDispatchPower
[17] IRP_MJ_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
[18] IRP_MJ_DEVICE_CHANGE 80662afe nt!ViDriverDispatchGeneric
[19] IRP_MJ_QUERY_QUOTA 80662afe nt!ViDriverDispatchGeneric
[1a] IRP_MJ_SET_QUOTA 80662afe nt!ViDriverDispatchGeneric
[1b] IRP_MJ_PNP 80662b34 nt!ViDriverDispatchPnp

Bedanto · September 11, 2009, 1:28pm

that is correct scott, it is very self explanatory, but when I do a !irp
1 on the falting IRP I get

0: kd> !irp 8a770ed8 1
Irp is active with 5 stacks 4 is current (= 0x8a770fb4)
No Mdl: No System Buffer: Thread 89db1640: Irp stack trace.
Flags = 40000000
ThreadListEntry.Flink = 89db1850
ThreadListEntry.Blink = 89db1850
IoStatus.Status = 00000000
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = bad03be8
UserEvent = bad03bd8
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = 8a770f18
Tail.Overlay.Thread = 89db1640
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 8a770fb4
Tail.Overlay.OriginalFileObject = 00000000
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 10 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[1b, 3] 0 e0 89d107f0 00000000 8066510e-8a770fb4 Success Error Cancel
\Driver\COSD nt!IovpInternalCompletionTrap
Args: 00000000 00000000 00000000 00000000
>[1b, 3] 0 e0 89b81cb8 00000000 bab38b5a-bad03b4c Success Error Cancel
\DRIVER\VERIFIER pnpfiltr
Args: 00000000 00000000 00000000 00000000
[1b, 3] 0 0 89b81ad8 00000000 00000000-00000000
\Driver\pnpstress
Args: 00000000 00000000 00000000 00000000

Indicating that it is IRP_MN_CANCEL_REMOVE_DEVICE

So here is the code for it.

case IRP_MN_CANCEL_REMOVE_DEVICE:
// First check to see whether we have received a prior query
// remove request. It could happen that we did not if
// someone above us failed a query remove and passed down the
// subsequent cancel remove request.
if (PnpStateRemovePending == deviceExtension->PnpState)
{
status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject,
Irp);
if (NT_SUCCESS(status))
{
// restore pnp state, since remove was canceled
deviceExtension->PnpState =
deviceExtension->PreviousPnpState;
// restart the queues
COSDRestartQueues(deviceExtension);
}
else
{
// Nobody can fail this IRP. This is a fatal error.
ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal
error!”, FALSE);
COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
STATUS %x", Irp, status);
}
}
else
{
// Spurious cancel remove request so we just complete it
status = STATUS_SUCCESS;
}
break;

and here is the intended fix, please tell me if the fix is correct…

case IRP_MN_CANCEL_REMOVE_DEVICE:
// First check to see whether we have received a prior query
// remove request. It could happen that we did not if
// someone above us failed a query remove and passed down the
// subsequent cancel remove request.
if (PnpStateRemovePending == deviceExtension->PnpState)
{
status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject,
Irp);
if (NT_SUCCESS(status))
{
// restore pnp state, since remove was canceled
deviceExtension->PnpState =
deviceExtension->PreviousPnpState;
// restart the queues
COSDRestartQueues(deviceExtension);
}
else
{
// Nobody can fail this IRP. This is a fatal error.
ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal
error!”, FALSE);
COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
STATUS %x", Irp, status);
}
}
else
{
// Spurious cancel remove request so we just complete it
status = STATUS_SUCCESS;
// send the request down, and we are done
Irp->IoStatus.Status = STATUS_SUCCESS;
status = DefaultPnpHandler(DeviceObject, Irp);
COSDReleaseRemoveLock(deviceExtension);
COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p STATUS
%x", Irp, status);
return status;
}
break;

On Fri, Sep 11, 2009 at 7:14 PM, Scott Noone wrote:

> The bugcheck code is pretty explicit:
>
> > The caller has completed a successful IRP_MJ_PNP instead of passing it
> > down.
>
> See here for more details on processing IRP_MJ_PNP IRPs:
>
> http://msdn.microsoft.com/en-us/library/ms794961.aspx
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Bedanto” wrote in message news:xxxxx@ntdev…
> experts,
>
> SUT: winxp sp3 32
> DTM - 1.4
> Test catagory: Unclassified, PnpD test (run remove pnpD test)
>
>
> Xp crashes consistently, note that the same driver binary passes on vista
> 32sp2, win7-32 RTM
>
> here is analysis.
>
> I would be most grateful, if one of you can help.
>
>
> 0: kd> !analyze -v
>
> ****
>
>
> * Bugcheck Analysis
>
>
>
>
>
> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
> The IO manager has caught a misbehaving driver.
> Arguments:
> Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead of
> passing it down.
> Arg2: b9bfc5c6, The address in the driver’s code where the error was
> detected.
> Arg3: 8a770ed8, IRP address.
> Arg4: 00000000
> Debugging Details:
> ------------------
> No owner thread found for resource 8055b4e0
> No owner thread found for resource 8055b4e0
> *** No owner thread found for resource 8055b4e0
> SYMSRV: ntkrpamp.exe from http://msdl.microsoft.com/download/symbols:
> 930731 bytes - copied
> DBGHELP: c:\websymbols\ntkrpamp.exe\4802516A20d000\ntkrpamp.exe - OK
> SYMSRV: c:\websymbols\COSD.sys\4AA798B05a100\Cosd.sys not found
> SYMSRV:
> http://msdl.microsoft.com/download/symbols/Cosd.sys/4AA798B05a100/Cosd.sys
> not found
> DBGHELP: C:\Work\Branches\DeviceDriver\Package\32-bit\p\Cosd.sys - OK
> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
> SYMSRV:
>
> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
> not found
> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
> SYMSRV:
>
> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
> not found
> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
> SYMSRV:
>
> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
> not found
> ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.
> EXCEPTION_CODE: (Win32) 0xc9 (201) - The operating system cannot run %1.
> EXCEPTION_PARAMETER1: 0000022e
> EXCEPTION_PARAMETER2: b9bfc5c6
> EXCEPTION_PARAMETER3: 8a770ed8
> EXCEPTION_PARAMETER4: 0
> BUGCHECK_STR: 0xc9_22e
> DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22e
> FAULTING_IP:
> Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
> b9bfc5c6 8bff mov edi,edi
> FOLLOWUP_IP:
> Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
> b9bfc5c6 8bff mov edi,edi
> IRP_ADDRESS: 8a770ed8
> DEVICE_OBJECT: 89b81cb8
> DRIVER_OBJECT: 89d10ca0
> IMAGE_NAME: Cosd.sys
> DEBUG_FLR_IMAGE_TIMESTAMP: 4aa798b0
> MODULE_NAME: Cosd
> FAULTING_MODULE: 00000000
> DEFAULT_BUCKET_ID: DRIVER_FAULT
> PROCESS_NAME: System
> LOCK_ADDRESS: 8055b560 – (!locks 8055b560)
> Resource @ nt!IopDeviceTreeLock (0x8055b560) Shared 1 owning threads
> Threads: 89db1640-01<>
> 1 total locks, 1 locks currently held
> PNP_TRIAGE:
> Lock address : 0x8055b560
> Thread Count : 1
> Thread address: 0x89db1640
> Thread wait : 0xc57
> LAST_CONTROL_TRANSFER: from 80661e0b to 804f9f33
> STACK_TEXT:
> bad03434 80661e0b 0000004c 000000c9 bad03454 nt!KeBugCheckEx+0x1b
> bad035bc 80662571 bad03897 80691090 00040000 nt!ViBugcheckHalt+0xc3
> bad03860 80662657 80695630 0000022e bad0388c
> nt!VfBugcheckThrowException+0xa1
> bad03950 806640bb 0000022e 00000009 b9bfc5c6
> nt!VfBugcheckThrowIoException+0xb5
> bad03988 80661775 8857f5c0 8857f520 00000001
> nt!VfPnpVerifyIrpStackUpward+0xdd
> bad039ac 80665600 8857f520 00000001 8851f000
> nt!VfMajorVerifyIrpStackUpward+0x45
> bad039ec 806582df 8a770f93 8a770ed8 00000000 nt!IovpCompleteRequest2+0xb4
> bad03a04 804f16b0 89b81cb8 8a770ed8 bad03a68
> nt!IovpLocalCompletionRoutine+0x63
> bad03a34 806587b8 89d108a8 8a770ed8 00000000 nt!IopfCompleteRequest+0xa2
> bad03aa0 b9bfc860 89d107f0 89ca2588 8a770f00 nt!IovCompleteRequest+0x9a
> bad03abc 804ef18f 89d107f0 8a770f90 806e6428 Cosd!CosdPnpDispatch+0x29a
> [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 402]
> bad03acc 80658128 8a770fac 8a770fd0 8a770f90 nt!IopfCallDriver+0x31
> bad03af0 80662c0b 89b81cb8 89d10ca0 8a770e00 nt!IovCallDriver+0xa0
> bad03b04 804ef18f 89d107f0 8a770ed8 806e6428 nt!ViDriverDispatchPnp+0xd7
> bad03b14 80658128 8a770fd0 89b81b90 8a770ed8 nt!IopfCallDriver+0x31
> bad03b38 bab3a5a9 89b81ad8 89b81b90 89b81a60 nt!IovCallDriver+0xa0
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> bad03b5c bab3ac57 89b81b90 8a770ed8 8a770ed8 pnpfiltr+0x25a9
> bad03b78 bab3a7c7 89b81ad8 8a770ed8 89b81ad8 pnpfiltr+0x2c57
> bad03b90 804ef18f 89b81ad8 8a770ed8 806e6428 pnpfiltr+0x27c7
> bad03ba0 80658128 8a770ffc bad03c40 8a770ed8 nt!IopfCallDriver+0x31
> bad03bc4 80592b63 89dd5df0 89dd5df0 00000003 nt!IovCallDriver+0xa0
> bad03bf0 80592dc5 89b81ad8 bad03c1c 00000000 nt!IopSynchronousCall+0xb7
> bad03c44 8059397b 89dd5df0 00000003 00000000 nt!IopRemoveDevice+0x93
> bad03c5c 805947b0 89dd5ca8 bad03d20 bad03ce8
> nt!IopQueryRemoveLockedDeviceNode+0x3f
> bad03c74 805947fd 89dd5ca8 00000000 e113c7b0
> nt!IopDeleteLockedDeviceNode+0x4e
> bad03ca8 8059a297 89dd5df0 0213c7b0 00000000
> nt!IopDeleteLockedDeviceNodes+0x3f
> bad03d3c 8059a72e bad03d78 806e6974 e11bfe78
> nt!PiProcessQueryRemoveAndEject+0x597
> bad03d58 8059a874 bad03d78 89bf5350 8056485c
> nt!PiProcessTargetDeviceEvent+0x2a
> bad03d7c 8053876d 89bf5350 00000000 89db1640 nt!PiWalkDeviceList+0xea
> bad03dac 805cff64 89bf5350 00000000 00000000 nt!ExpWorkerThread+0xef
> bad03ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
> STACK_COMMAND: .bugcheck ; kb
> FAULTING_SOURCE_CODE:
> 34: NTSTATUS CosdPnpDispatch(
> 35: IN PDEVICE_OBJECT DeviceObject,
> 36: IN PIRP Irp
> 37: )
> > 38: {
> 39: PCosd_DEVICE_EXTENSION deviceExtension;
> 40: PIO_STACK_LOCATION irpStack;
> 41: NTSTATUS status = STATUS_NO_SUCH_DEVICE;
> 42: PDEVICE_CAPABILITIES deviceCapabilities;
> 43: ULONG requestCount;
>
> SYMBOL_NAME: Cosd!CosdPnpDispatch+0
> FOLLOWUP_NAME: MachineOwner
> FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
> BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
> Followup: MachineOwner
> ---------
> 0: kd> !devobj ffffffff89b81cb8 f
> Device object (89b81cb8) is for:
> \DRIVER\VERIFIER DriverObject 89d10ca0
> Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000010
> DevExt 89b81d70 DevObjExt 89b81d80
> ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
> AttachedDevice (Upper) 89b81ad8 \Driver\pnpstress
> AttachedTo (Lower) 89d107f0 \Driver\Cosd
> Device queue is not busy.
> 0: kd> !drvobj ffffffff89d10ca0 f
> Driver object (89d10ca0) is for:
> \DRIVER\VERIFIER
> Driver Extension List: (id , addr)
> Device Object list:
> 89b81cb8 89d10b68
> DriverEntry: 80662c3a nt!ViDriverEntry
> DriverStartIo: 00000000
> DriverUnload: 00000000
> AddDevice: 80662a48 nt!ViDriverAddDevice
> Dispatch routines:
> [00] IRP_MJ_CREATE 80662afe nt!ViDriverDispatchGeneric
> [01] IRP_MJ_CREATE_NAMED_PIPE 80662afe nt!ViDriverDispatchGeneric
> [02] IRP_MJ_CLOSE 80662afe nt!ViDriverDispatchGeneric
> [03] IRP_MJ_READ 80662afe nt!ViDriverDispatchGeneric
> [04] IRP_MJ_WRITE 80662afe nt!ViDriverDispatchGeneric
> [05] IRP_MJ_QUERY_INFORMATION 80662afe nt!ViDriverDispatchGeneric
> [06] IRP_MJ_SET_INFORMATION 80662afe nt!ViDriverDispatchGeneric
> [07] IRP_MJ_QUERY_EA 80662afe nt!ViDriverDispatchGeneric
> [08] IRP_MJ_SET_EA 80662afe nt!ViDriverDispatchGeneric
> [09] IRP_MJ_FLUSH_BUFFERS 80662afe nt!ViDriverDispatchGeneric
> [0a] IRP_MJ_QUERY_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
> [0b] IRP_MJ_SET_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
> [0c] IRP_MJ_DIRECTORY_CONTROL 80662afe nt!ViDriverDispatchGeneric
> [0d] IRP_MJ_FILE_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
> [0e] IRP_MJ_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
> [0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
> [10] IRP_MJ_SHUTDOWN 80662afe nt!ViDriverDispatchGeneric
> [11] IRP_MJ_LOCK_CONTROL 80662afe nt!ViDriverDispatchGeneric
> [12] IRP_MJ_CLEANUP 80662afe nt!ViDriverDispatchGeneric
> [13] IRP_MJ_CREATE_MAILSLOT 80662afe nt!ViDriverDispatchGeneric
> [14] IRP_MJ_QUERY_SECURITY 80662afe nt!ViDriverDispatchGeneric
> [15] IRP_MJ_SET_SECURITY 80662afe nt!ViDriverDispatchGeneric
> [16] IRP_MJ_POWER 80662abe nt!ViDriverDispatchPower
> [17] IRP_MJ_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
> [18] IRP_MJ_DEVICE_CHANGE 80662afe nt!ViDriverDispatchGeneric
> [19] IRP_MJ_QUERY_QUOTA 80662afe nt!ViDriverDispatchGeneric
> [1a] IRP_MJ_SET_QUOTA 80662afe nt!ViDriverDispatchGeneric
> [1b] IRP_MJ_PNP 80662b34 nt!ViDriverDispatchPnp
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Michael_Zhu · September 11, 2009, 3:09pm

I think you should not change Irp->IoStatus.Status before you send the IRP
down. I mean you should remove the following line of code.

Irp->IoStatus.Status = STATUS_SUCCESS;

On Fri, Sep 11, 2009 at 1:21 PM, Bedanto wrote:

> that is correct scott, it is very self explanatory, but when I do a !irp
> 1 on the falting IRP I get
>
>
> 0: kd> !irp 8a770ed8 1
> Irp is active with 5 stacks 4 is current (= 0x8a770fb4)
> No Mdl: No System Buffer: Thread 89db1640: Irp stack trace.
> Flags = 40000000
> ThreadListEntry.Flink = 89db1850
> ThreadListEntry.Blink = 89db1850
> IoStatus.Status = 00000000
> IoStatus.Information = 00000000
> RequestorMode = 00000000
> Cancel = 00
> CancelIrql = 0
> ApcEnvironment = 00
> UserIosb = bad03be8
> UserEvent = bad03bd8
> Overlay.AsynchronousParameters.UserApcRoutine = 00000000
> Overlay.AsynchronousParameters.UserApcContext = 00000000
> Overlay.AllocationSize = 00000000 - 00000000
> CancelRoutine = 00000000
> UserBuffer = 00000000
> &Tail.Overlay.DeviceQueueEntry = 8a770f18
> Tail.Overlay.Thread = 89db1640
> Tail.Overlay.AuxiliaryBuffer = 00000000
> Tail.Overlay.ListEntry.Flink = 00000000
> Tail.Overlay.ListEntry.Blink = 00000000
> Tail.Overlay.CurrentStackLocation = 8a770fb4
> Tail.Overlay.OriginalFileObject = 00000000
> Tail.Apc = 00000000
> Tail.CompletionKey = 00000000
> cmd flg cl Device File Completion-Context
> [0, 0] 0 0 00000000 00000000 00000000-00000000
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 10 00000000 00000000 00000000-00000000
> Args: 00000000 00000000 00000000 00000000
> [1b, 3] 0 e0 89d107f0 00000000 8066510e-8a770fb4 Success Error Cancel
> \Driver\COSD nt!IovpInternalCompletionTrap
> Args: 00000000 00000000 00000000 00000000
> >[1b, 3] 0 e0 89b81cb8 00000000 bab38b5a-bad03b4c Success Error Cancel
> \DRIVER\VERIFIER pnpfiltr
> Args: 00000000 00000000 00000000 00000000
> [1b, 3] 0 0 89b81ad8 00000000 00000000-00000000
> \Driver\pnpstress
> Args: 00000000 00000000 00000000 00000000
>
>
> Indicating that it is IRP_MN_CANCEL_REMOVE_DEVICE
>
> So here is the code for it.
>
> case IRP_MN_CANCEL_REMOVE_DEVICE:
> // First check to see whether we have received a prior query
> // remove request. It could happen that we did not if
> // someone above us failed a query remove and passed down the
> // subsequent cancel remove request.
> if (PnpStateRemovePending == deviceExtension->PnpState)
> {
> status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject,
> Irp);
> if (NT_SUCCESS(status))
> {
> // restore pnp state, since remove was canceled
> deviceExtension->PnpState =
> deviceExtension->PreviousPnpState;
> // restart the queues
> COSDRestartQueues(deviceExtension);
> }
> else
> {
> // Nobody can fail this IRP. This is a fatal error.
> ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal
> error!”, FALSE);
> COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
> STATUS %x", Irp, status);
> }
> }
> else
> {
> // Spurious cancel remove request so we just complete it
> status = STATUS_SUCCESS;
> }
> break;
>
>
> and here is the intended fix, please tell me if the fix is correct…
>
> case IRP_MN_CANCEL_REMOVE_DEVICE:
> // First check to see whether we have received a prior query
> // remove request. It could happen that we did not if
> // someone above us failed a query remove and passed down the
> // subsequent cancel remove request.
> if (PnpStateRemovePending == deviceExtension->PnpState)
> {
> status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject,
> Irp);
> if (NT_SUCCESS(status))
> {
> // restore pnp state, since remove was canceled
> deviceExtension->PnpState =
> deviceExtension->PreviousPnpState;
> // restart the queues
> COSDRestartQueues(deviceExtension);
> }
> else
> {
> // Nobody can fail this IRP. This is a fatal error.
> ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal
> error!”, FALSE);
> COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
> STATUS %x", Irp, status);
> }
> }
> else
> {
> // Spurious cancel remove request so we just complete it
> status = STATUS_SUCCESS;
> // send the request down, and we are done
> Irp->IoStatus.Status = STATUS_SUCCESS;
> status = DefaultPnpHandler(DeviceObject, Irp);
> COSDReleaseRemoveLock(deviceExtension);
> COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p STATUS
> %x", Irp, status);
> return status;
> }
> break;
>
>
>
>
>
>
>
> On Fri, Sep 11, 2009 at 7:14 PM, Scott Noone wrote:
>
>> The bugcheck code is pretty explicit:
>>
>> > The caller has completed a successful IRP_MJ_PNP instead of passing it
>> > down.
>>
>> See here for more details on processing IRP_MJ_PNP IRPs:
>>
>> http://msdn.microsoft.com/en-us/library/ms794961.aspx
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> “Bedanto” wrote in message news:xxxxx@ntdev…
>> experts,
>>
>> SUT: winxp sp3 32
>> DTM - 1.4
>> Test catagory: Unclassified, PnpD test (run remove pnpD test)
>>
>>
>> Xp crashes consistently, note that the same driver binary passes on vista
>> 32sp2, win7-32 RTM
>>
>> here is analysis.
>>
>> I would be most grateful, if one of you can help.
>>
>>
>> 0: kd> !analyze -v
>>
>> ****
>>
>>
>> * Bugcheck Analysis
>>
>>
>>
>>
>>
>> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
>> The IO manager has caught a misbehaving driver.
>> Arguments:
>> Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead
>> of
>> passing it down.
>> Arg2: b9bfc5c6, The address in the driver’s code where the error was
>> detected.
>> Arg3: 8a770ed8, IRP address.
>> Arg4: 00000000
>> Debugging Details:
>> ------------------
>> No owner thread found for resource 8055b4e0
>> No owner thread found for resource 8055b4e0
>> *** No owner thread found for resource 8055b4e0
>> SYMSRV: ntkrpamp.exe from http://msdl.microsoft.com/download/symbols:
>> 930731 bytes - copied
>> DBGHELP: c:\websymbols\ntkrpamp.exe\4802516A20d000\ntkrpamp.exe - OK
>> SYMSRV: c:\websymbols\COSD.sys\4AA798B05a100\Cosd.sys not found
>> SYMSRV:
>> http://msdl.microsoft.com/download/symbols/Cosd.sys/4AA798B05a100/Cosd.sys
>> not found
>> DBGHELP: C:\Work\Branches\DeviceDriver\Package\32-bit\p\Cosd.sys - OK
>> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
>> SYMSRV:
>>
>> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
>> not found
>> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
>> SYMSRV:
>>
>> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
>> not found
>> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
>> SYMSRV:
>>
>> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
>> not found
>> ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.
>> EXCEPTION_CODE: (Win32) 0xc9 (201) - The operating system cannot run %1.
>> EXCEPTION_PARAMETER1: 0000022e
>> EXCEPTION_PARAMETER2: b9bfc5c6
>> EXCEPTION_PARAMETER3: 8a770ed8
>> EXCEPTION_PARAMETER4: 0
>> BUGCHECK_STR: 0xc9_22e
>> DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22e
>> FAULTING_IP:
>> Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
>> b9bfc5c6 8bff mov edi,edi
>> FOLLOWUP_IP:
>> Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
>> b9bfc5c6 8bff mov edi,edi
>> IRP_ADDRESS: 8a770ed8
>> DEVICE_OBJECT: 89b81cb8
>> DRIVER_OBJECT: 89d10ca0
>> IMAGE_NAME: Cosd.sys
>> DEBUG_FLR_IMAGE_TIMESTAMP: 4aa798b0
>> MODULE_NAME: Cosd
>> FAULTING_MODULE: 00000000
>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>> PROCESS_NAME: System
>> LOCK_ADDRESS: 8055b560 – (!locks 8055b560)
>> Resource @ nt!IopDeviceTreeLock (0x8055b560) Shared 1 owning threads
>> Threads: 89db1640-01<>
>> 1 total locks, 1 locks currently held
>> PNP_TRIAGE:
>> Lock address : 0x8055b560
>> Thread Count : 1
>> Thread address: 0x89db1640
>> Thread wait : 0xc57
>> LAST_CONTROL_TRANSFER: from 80661e0b to 804f9f33
>> STACK_TEXT:
>> bad03434 80661e0b 0000004c 000000c9 bad03454 nt!KeBugCheckEx+0x1b
>> bad035bc 80662571 bad03897 80691090 00040000 nt!ViBugcheckHalt+0xc3
>> bad03860 80662657 80695630 0000022e bad0388c
>> nt!VfBugcheckThrowException+0xa1
>> bad03950 806640bb 0000022e 00000009 b9bfc5c6
>> nt!VfBugcheckThrowIoException+0xb5
>> bad03988 80661775 8857f5c0 8857f520 00000001
>> nt!VfPnpVerifyIrpStackUpward+0xdd
>> bad039ac 80665600 8857f520 00000001 8851f000
>> nt!VfMajorVerifyIrpStackUpward+0x45
>> bad039ec 806582df 8a770f93 8a770ed8 00000000 nt!IovpCompleteRequest2+0xb4
>> bad03a04 804f16b0 89b81cb8 8a770ed8 bad03a68
>> nt!IovpLocalCompletionRoutine+0x63
>> bad03a34 806587b8 89d108a8 8a770ed8 00000000 nt!IopfCompleteRequest+0xa2
>> bad03aa0 b9bfc860 89d107f0 89ca2588 8a770f00 nt!IovCompleteRequest+0x9a
>> bad03abc 804ef18f 89d107f0 8a770f90 806e6428 Cosd!CosdPnpDispatch+0x29a
>> [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 402]
>> bad03acc 80658128 8a770fac 8a770fd0 8a770f90 nt!IopfCallDriver+0x31
>> bad03af0 80662c0b 89b81cb8 89d10ca0 8a770e00 nt!IovCallDriver+0xa0
>> bad03b04 804ef18f 89d107f0 8a770ed8 806e6428 nt!ViDriverDispatchPnp+0xd7
>> bad03b14 80658128 8a770fd0 89b81b90 8a770ed8 nt!IopfCallDriver+0x31
>> bad03b38 bab3a5a9 89b81ad8 89b81b90 89b81a60 nt!IovCallDriver+0xa0
>> WARNING: Stack unwind information not available. Following frames may be
>> wrong.
>> bad03b5c bab3ac57 89b81b90 8a770ed8 8a770ed8 pnpfiltr+0x25a9
>> bad03b78 bab3a7c7 89b81ad8 8a770ed8 89b81ad8 pnpfiltr+0x2c57
>> bad03b90 804ef18f 89b81ad8 8a770ed8 806e6428 pnpfiltr+0x27c7
>> bad03ba0 80658128 8a770ffc bad03c40 8a770ed8 nt!IopfCallDriver+0x31
>> bad03bc4 80592b63 89dd5df0 89dd5df0 00000003 nt!IovCallDriver+0xa0
>> bad03bf0 80592dc5 89b81ad8 bad03c1c 00000000 nt!IopSynchronousCall+0xb7
>> bad03c44 8059397b 89dd5df0 00000003 00000000 nt!IopRemoveDevice+0x93
>> bad03c5c 805947b0 89dd5ca8 bad03d20 bad03ce8
>> nt!IopQueryRemoveLockedDeviceNode+0x3f
>> bad03c74 805947fd 89dd5ca8 00000000 e113c7b0
>> nt!IopDeleteLockedDeviceNode+0x4e
>> bad03ca8 8059a297 89dd5df0 0213c7b0 00000000
>> nt!IopDeleteLockedDeviceNodes+0x3f
>> bad03d3c 8059a72e bad03d78 806e6974 e11bfe78
>> nt!PiProcessQueryRemoveAndEject+0x597
>> bad03d58 8059a874 bad03d78 89bf5350 8056485c
>> nt!PiProcessTargetDeviceEvent+0x2a
>> bad03d7c 8053876d 89bf5350 00000000 89db1640 nt!PiWalkDeviceList+0xea
>> bad03dac 805cff64 89bf5350 00000000 00000000 nt!ExpWorkerThread+0xef
>> bad03ddc 805460de 8053867e 00000001 00000000
>> nt!PspSystemThreadStartup+0x34
>> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>>
>> STACK_COMMAND: .bugcheck ; kb
>> FAULTING_SOURCE_CODE:
>> 34: NTSTATUS CosdPnpDispatch(
>> 35: IN PDEVICE_OBJECT DeviceObject,
>> 36: IN PIRP Irp
>> 37: )
>> > 38: {
>> 39: PCosd_DEVICE_EXTENSION deviceExtension;
>> 40: PIO_STACK_LOCATION irpStack;
>> 41: NTSTATUS status = STATUS_NO_SUCH_DEVICE;
>> 42: PDEVICE_CAPABILITIES deviceCapabilities;
>> 43: ULONG requestCount;
>>
>> SYMBOL_NAME: Cosd!CosdPnpDispatch+0
>> FOLLOWUP_NAME: MachineOwner
>> FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
>> BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
>> Followup: MachineOwner
>> ---------
>> 0: kd> !devobj ffffffff89b81cb8 f
>> Device object (89b81cb8) is for:
>> \DRIVER\VERIFIER DriverObject 89d10ca0
>> Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000010
>> DevExt 89b81d70 DevObjExt 89b81d80
>> ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
>> AttachedDevice (Upper) 89b81ad8 \Driver\pnpstress
>> AttachedTo (Lower) 89d107f0 \Driver\Cosd
>> Device queue is not busy.
>> 0: kd> !drvobj ffffffff89d10ca0 f
>> Driver object (89d10ca0) is for:
>> \DRIVER\VERIFIER
>> Driver Extension List: (id , addr)
>> Device Object list:
>> 89b81cb8 89d10b68
>> DriverEntry: 80662c3a nt!ViDriverEntry
>> DriverStartIo: 00000000
>> DriverUnload: 00000000
>> AddDevice: 80662a48 nt!ViDriverAddDevice
>> Dispatch routines:
>> [00] IRP_MJ_CREATE 80662afe
>> nt!ViDriverDispatchGeneric
>> [01] IRP_MJ_CREATE_NAMED_PIPE 80662afe
>> nt!ViDriverDispatchGeneric
>> [02] IRP_MJ_CLOSE 80662afe
>> nt!ViDriverDispatchGeneric
>> [03] IRP_MJ_READ 80662afe
>> nt!ViDriverDispatchGeneric
>> [04] IRP_MJ_WRITE 80662afe
>> nt!ViDriverDispatchGeneric
>> [05] IRP_MJ_QUERY_INFORMATION 80662afe
>> nt!ViDriverDispatchGeneric
>> [06] IRP_MJ_SET_INFORMATION 80662afe
>> nt!ViDriverDispatchGeneric
>> [07] IRP_MJ_QUERY_EA 80662afe
>> nt!ViDriverDispatchGeneric
>> [08] IRP_MJ_SET_EA 80662afe
>> nt!ViDriverDispatchGeneric
>> [09] IRP_MJ_FLUSH_BUFFERS 80662afe
>> nt!ViDriverDispatchGeneric
>> [0a] IRP_MJ_QUERY_VOLUME_INFORMATION 80662afe
>> nt!ViDriverDispatchGeneric
>> [0b] IRP_MJ_SET_VOLUME_INFORMATION 80662afe
>> nt!ViDriverDispatchGeneric
>> [0c] IRP_MJ_DIRECTORY_CONTROL 80662afe
>> nt!ViDriverDispatchGeneric
>> [0d] IRP_MJ_FILE_SYSTEM_CONTROL 80662afe
>> nt!ViDriverDispatchGeneric
>> [0e] IRP_MJ_DEVICE_CONTROL 80662afe
>> nt!ViDriverDispatchGeneric
>> [0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 80662afe
>> nt!ViDriverDispatchGeneric
>> [10] IRP_MJ_SHUTDOWN 80662afe
>> nt!ViDriverDispatchGeneric
>> [11] IRP_MJ_LOCK_CONTROL 80662afe
>> nt!ViDriverDispatchGeneric
>> [12] IRP_MJ_CLEANUP 80662afe
>> nt!ViDriverDispatchGeneric
>> [13] IRP_MJ_CREATE_MAILSLOT 80662afe
>> nt!ViDriverDispatchGeneric
>> [14] IRP_MJ_QUERY_SECURITY 80662afe
>> nt!ViDriverDispatchGeneric
>> [15] IRP_MJ_SET_SECURITY 80662afe
>> nt!ViDriverDispatchGeneric
>> [16] IRP_MJ_POWER 80662abe nt!ViDriverDispatchPower
>> [17] IRP_MJ_SYSTEM_CONTROL 80662afe
>> nt!ViDriverDispatchGeneric
>> [18] IRP_MJ_DEVICE_CHANGE 80662afe
>> nt!ViDriverDispatchGeneric
>> [19] IRP_MJ_QUERY_QUOTA 80662afe
>> nt!ViDriverDispatchGeneric
>> [1a] IRP_MJ_SET_QUOTA 80662afe
>> nt!ViDriverDispatchGeneric
>> [1b] IRP_MJ_PNP 80662b34 nt!ViDriverDispatchPnp
>>
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Bedanto · September 12, 2009, 5:06am

thanks Mike!

On Sat, Sep 12, 2009 at 12:39 AM, Michael Zhu > wrote:

> I think you should not change Irp->IoStatus.Status before you send the IRP
> down. I mean you should remove the following line of code.
>
> Irp->IoStatus.Status = STATUS_SUCCESS;
>
>
>
> On Fri, Sep 11, 2009 at 1:21 PM, Bedanto wrote:
>
>> that is correct scott, it is very self explanatory, but when I do a
>> !irp 1 on the falting IRP I get
>>
>>
>> 0: kd> !irp 8a770ed8 1
>> Irp is active with 5 stacks 4 is current (= 0x8a770fb4)
>> No Mdl: No System Buffer: Thread 89db1640: Irp stack trace.
>> Flags = 40000000
>> ThreadListEntry.Flink = 89db1850
>> ThreadListEntry.Blink = 89db1850
>> IoStatus.Status = 00000000
>> IoStatus.Information = 00000000
>> RequestorMode = 00000000
>> Cancel = 00
>> CancelIrql = 0
>> ApcEnvironment = 00
>> UserIosb = bad03be8
>> UserEvent = bad03bd8
>> Overlay.AsynchronousParameters.UserApcRoutine = 00000000
>> Overlay.AsynchronousParameters.UserApcContext = 00000000
>> Overlay.AllocationSize = 00000000 - 00000000
>> CancelRoutine = 00000000
>> UserBuffer = 00000000
>> &Tail.Overlay.DeviceQueueEntry = 8a770f18
>> Tail.Overlay.Thread = 89db1640
>> Tail.Overlay.AuxiliaryBuffer = 00000000
>> Tail.Overlay.ListEntry.Flink = 00000000
>> Tail.Overlay.ListEntry.Blink = 00000000
>> Tail.Overlay.CurrentStackLocation = 8a770fb4
>> Tail.Overlay.OriginalFileObject = 00000000
>> Tail.Apc = 00000000
>> Tail.CompletionKey = 00000000
>> cmd flg cl Device File Completion-Context
>> [0, 0] 0 0 00000000 00000000 00000000-00000000
>> Args: 00000000 00000000 00000000 00000000
>> [0, 0] 0 10 00000000 00000000 00000000-00000000
>> Args: 00000000 00000000 00000000 00000000
>> [1b, 3] 0 e0 89d107f0 00000000 8066510e-8a770fb4 Success Error Cancel
>> \Driver\COSD nt!IovpInternalCompletionTrap
>> Args: 00000000 00000000 00000000 00000000
>> >[1b, 3] 0 e0 89b81cb8 00000000 bab38b5a-bad03b4c Success Error Cancel
>> \DRIVER\VERIFIER pnpfiltr
>> Args: 00000000 00000000 00000000 00000000
>> [1b, 3] 0 0 89b81ad8 00000000 00000000-00000000
>> \Driver\pnpstress
>> Args: 00000000 00000000 00000000 00000000
>>
>>
>> Indicating that it is IRP_MN_CANCEL_REMOVE_DEVICE
>>
>> So here is the code for it.
>>
>> case IRP_MN_CANCEL_REMOVE_DEVICE:
>> // First check to see whether we have received a prior query
>> // remove request. It could happen that we did not if
>> // someone above us failed a query remove and passed down the
>> // subsequent cancel remove request.
>> if (PnpStateRemovePending == deviceExtension->PnpState)
>> {
>> status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject,
>> Irp);
>> if (NT_SUCCESS(status))
>> {
>> // restore pnp state, since remove was canceled
>> deviceExtension->PnpState =
>> deviceExtension->PreviousPnpState;
>> // restart the queues
>> COSDRestartQueues(deviceExtension);
>> }
>> else
>> {
>> // Nobody can fail this IRP. This is a fatal error.
>> ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal
>> error!”, FALSE);
>> COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
>> STATUS %x", Irp, status);
>> }
>> }
>> else
>> {
>> // Spurious cancel remove request so we just complete it
>> status = STATUS_SUCCESS;
>> }
>> break;
>>
>>
>> and here is the intended fix, please tell me if the fix is correct…
>>
>> case IRP_MN_CANCEL_REMOVE_DEVICE:
>> // First check to see whether we have received a prior query
>> // remove request. It could happen that we did not if
>> // someone above us failed a query remove and passed down the
>> // subsequent cancel remove request.
>> if (PnpStateRemovePending == deviceExtension->PnpState)
>> {
>> status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject,
>> Irp);
>> if (NT_SUCCESS(status))
>> {
>> // restore pnp state, since remove was canceled
>> deviceExtension->PnpState =
>> deviceExtension->PreviousPnpState;
>> // restart the queues
>> COSDRestartQueues(deviceExtension);
>> }
>> else
>> {
>> // Nobody can fail this IRP. This is a fatal error.
>> ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal
>> error!”, FALSE);
>> COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
>> STATUS %x", Irp, status);
>> }
>> }
>> else
>> {
>> // Spurious cancel remove request so we just complete it
>> status = STATUS_SUCCESS;
>> // send the request down, and we are done
>> Irp->IoStatus.Status = STATUS_SUCCESS;
>> status = DefaultPnpHandler(DeviceObject, Irp);
>> COSDReleaseRemoveLock(deviceExtension);
>> COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p
>> STATUS %x", Irp, status);
>> return status;
>> }
>> break;
>>
>>
>>
>>
>>
>>
>>
>> On Fri, Sep 11, 2009 at 7:14 PM, Scott Noone wrote:
>>
>>> The bugcheck code is pretty explicit:
>>>
>>> > The caller has completed a successful IRP_MJ_PNP instead of passing it
>>> > down.
>>>
>>> See here for more details on processing IRP_MJ_PNP IRPs:
>>>
>>> http://msdn.microsoft.com/en-us/library/ms794961.aspx
>>>
>>> -scott
>>>
>>> –
>>> Scott Noone
>>> Consulting Associate
>>> OSR Open Systems Resources, Inc.
>>> http://www.osronline.com
>>>
>>>
>>> “Bedanto” wrote in message news:xxxxx@ntdev…
>>> experts,
>>>
>>> SUT: winxp sp3 32
>>> DTM - 1.4
>>> Test catagory: Unclassified, PnpD test (run remove pnpD test)
>>>
>>>
>>> Xp crashes consistently, note that the same driver binary passes on vista
>>> 32sp2, win7-32 RTM
>>>
>>> here is analysis.
>>>
>>> I would be most grateful, if one of you can help.
>>>
>>>
>>> 0: kd> !analyze -v
>>>
>>> ****
>>>
>>>
>>> * Bugcheck Analysis
>>>
>>>
>>>
>>>
>>>
>>> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
>>> The IO manager has caught a misbehaving driver.
>>> Arguments:
>>> Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead
>>> of
>>> passing it down.
>>> Arg2: b9bfc5c6, The address in the driver’s code where the error was
>>> detected.
>>> Arg3: 8a770ed8, IRP address.
>>> Arg4: 00000000
>>> Debugging Details:
>>> ------------------
>>> No owner thread found for resource 8055b4e0
>>> No owner thread found for resource 8055b4e0
>>> *** No owner thread found for resource 8055b4e0
>>> SYMSRV: ntkrpamp.exe from http://msdl.microsoft.com/download/symbols:
>>> 930731 bytes - copied
>>> DBGHELP: c:\websymbols\ntkrpamp.exe\4802516A20d000\ntkrpamp.exe - OK
>>> SYMSRV: c:\websymbols\COSD.sys\4AA798B05a100\Cosd.sys not found
>>> SYMSRV:
>>>
>>> http://msdl.microsoft.com/download/symbols/Cosd.sys/4AA798B05a100/Cosd.sys
>>> not found
>>> DBGHELP: C:\Work\Branches\DeviceDriver\Package\32-bit\p\Cosd.sys - OK
>>> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
>>> SYMSRV:
>>>
>>> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
>>> not found
>>> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
>>> SYMSRV:
>>>
>>> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
>>> not found
>>> SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
>>> SYMSRV:
>>>
>>> http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
>>> not found
>>> ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.
>>> EXCEPTION_CODE: (Win32) 0xc9 (201) - The operating system cannot run %1.
>>> EXCEPTION_PARAMETER1: 0000022e
>>> EXCEPTION_PARAMETER2: b9bfc5c6
>>> EXCEPTION_PARAMETER3: 8a770ed8
>>> EXCEPTION_PARAMETER4: 0
>>> BUGCHECK_STR: 0xc9_22e
>>> DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22e
>>> FAULTING_IP:
>>> Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
>>> b9bfc5c6 8bff mov edi,edi
>>> FOLLOWUP_IP:
>>> Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
>>> b9bfc5c6 8bff mov edi,edi
>>> IRP_ADDRESS: 8a770ed8
>>> DEVICE_OBJECT: 89b81cb8
>>> DRIVER_OBJECT: 89d10ca0
>>> IMAGE_NAME: Cosd.sys
>>> DEBUG_FLR_IMAGE_TIMESTAMP: 4aa798b0
>>> MODULE_NAME: Cosd
>>> FAULTING_MODULE: 00000000
>>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>>> PROCESS_NAME: System
>>> LOCK_ADDRESS: 8055b560 – (!locks 8055b560)
>>> Resource @ nt!IopDeviceTreeLock (0x8055b560) Shared 1 owning threads
>>> Threads: 89db1640-01<>
>>> 1 total locks, 1 locks currently held
>>> PNP_TRIAGE:
>>> Lock address : 0x8055b560
>>> Thread Count : 1
>>> Thread address: 0x89db1640
>>> Thread wait : 0xc57
>>> LAST_CONTROL_TRANSFER: from 80661e0b to 804f9f33
>>> STACK_TEXT:
>>> bad03434 80661e0b 0000004c 000000c9 bad03454 nt!KeBugCheckEx+0x1b
>>> bad035bc 80662571 bad03897 80691090 00040000 nt!ViBugcheckHalt+0xc3
>>> bad03860 80662657 80695630 0000022e bad0388c
>>> nt!VfBugcheckThrowException+0xa1
>>> bad03950 806640bb 0000022e 00000009 b9bfc5c6
>>> nt!VfBugcheckThrowIoException+0xb5
>>> bad03988 80661775 8857f5c0 8857f520 00000001
>>> nt!VfPnpVerifyIrpStackUpward+0xdd
>>> bad039ac 80665600 8857f520 00000001 8851f000
>>> nt!VfMajorVerifyIrpStackUpward+0x45
>>> bad039ec 806582df 8a770f93 8a770ed8 00000000 nt!IovpCompleteRequest2+0xb4
>>> bad03a04 804f16b0 89b81cb8 8a770ed8 bad03a68
>>> nt!IovpLocalCompletionRoutine+0x63
>>> bad03a34 806587b8 89d108a8 8a770ed8 00000000 nt!IopfCompleteRequest+0xa2
>>> bad03aa0 b9bfc860 89d107f0 89ca2588 8a770f00 nt!IovCompleteRequest+0x9a
>>> bad03abc 804ef18f 89d107f0 8a770f90 806e6428 Cosd!CosdPnpDispatch+0x29a
>>> [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 402]
>>> bad03acc 80658128 8a770fac 8a770fd0 8a770f90 nt!IopfCallDriver+0x31
>>> bad03af0 80662c0b 89b81cb8 89d10ca0 8a770e00 nt!IovCallDriver+0xa0
>>> bad03b04 804ef18f 89d107f0 8a770ed8 806e6428 nt!ViDriverDispatchPnp+0xd7
>>> bad03b14 80658128 8a770fd0 89b81b90 8a770ed8 nt!IopfCallDriver+0x31
>>> bad03b38 bab3a5a9 89b81ad8 89b81b90 89b81a60 nt!IovCallDriver+0xa0
>>> WARNING: Stack unwind information not available. Following frames may be
>>> wrong.
>>> bad03b5c bab3ac57 89b81b90 8a770ed8 8a770ed8 pnpfiltr+0x25a9
>>> bad03b78 bab3a7c7 89b81ad8 8a770ed8 89b81ad8 pnpfiltr+0x2c57
>>> bad03b90 804ef18f 89b81ad8 8a770ed8 806e6428 pnpfiltr+0x27c7
>>> bad03ba0 80658128 8a770ffc bad03c40 8a770ed8 nt!IopfCallDriver+0x31
>>> bad03bc4 80592b63 89dd5df0 89dd5df0 00000003 nt!IovCallDriver+0xa0
>>> bad03bf0 80592dc5 89b81ad8 bad03c1c 00000000 nt!IopSynchronousCall+0xb7
>>> bad03c44 8059397b 89dd5df0 00000003 00000000 nt!IopRemoveDevice+0x93
>>> bad03c5c 805947b0 89dd5ca8 bad03d20 bad03ce8
>>> nt!IopQueryRemoveLockedDeviceNode+0x3f
>>> bad03c74 805947fd 89dd5ca8 00000000 e113c7b0
>>> nt!IopDeleteLockedDeviceNode+0x4e
>>> bad03ca8 8059a297 89dd5df0 0213c7b0 00000000
>>> nt!IopDeleteLockedDeviceNodes+0x3f
>>> bad03d3c 8059a72e bad03d78 806e6974 e11bfe78
>>> nt!PiProcessQueryRemoveAndEject+0x597
>>> bad03d58 8059a874 bad03d78 89bf5350 8056485c
>>> nt!PiProcessTargetDeviceEvent+0x2a
>>> bad03d7c 8053876d 89bf5350 00000000 89db1640 nt!PiWalkDeviceList+0xea
>>> bad03dac 805cff64 89bf5350 00000000 00000000 nt!ExpWorkerThread+0xef
>>> bad03ddc 805460de 8053867e 00000001 00000000
>>> nt!PspSystemThreadStartup+0x34
>>> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>>>
>>> STACK_COMMAND: .bugcheck ; kb
>>> FAULTING_SOURCE_CODE:
>>> 34: NTSTATUS CosdPnpDispatch(
>>> 35: IN PDEVICE_OBJECT DeviceObject,
>>> 36: IN PIRP Irp
>>> 37: )
>>> > 38: {
>>> 39: PCosd_DEVICE_EXTENSION deviceExtension;
>>> 40: PIO_STACK_LOCATION irpStack;
>>> 41: NTSTATUS status =
>>> STATUS_NO_SUCH_DEVICE;
>>> 42: PDEVICE_CAPABILITIES deviceCapabilities;
>>> 43: ULONG requestCount;
>>>
>>> SYMBOL_NAME: Cosd!CosdPnpDispatch+0
>>> FOLLOWUP_NAME: MachineOwner
>>> FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
>>> BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
>>> Followup: MachineOwner
>>> ---------
>>> 0: kd> !devobj ffffffff89b81cb8 f
>>> Device object (89b81cb8) is for:
>>> \DRIVER\VERIFIER DriverObject 89d10ca0
>>> Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000010
>>> DevExt 89b81d70 DevObjExt 89b81d80
>>> ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
>>> AttachedDevice (Upper) 89b81ad8 \Driver\pnpstress
>>> AttachedTo (Lower) 89d107f0 \Driver\Cosd
>>> Device queue is not busy.
>>> 0: kd> !drvobj ffffffff89d10ca0 f
>>> Driver object (89d10ca0) is for:
>>> \DRIVER\VERIFIER
>>> Driver Extension List: (id , addr)
>>> Device Object list:
>>> 89b81cb8 89d10b68
>>> DriverEntry: 80662c3a nt!ViDriverEntry
>>> DriverStartIo: 00000000
>>> DriverUnload: 00000000
>>> AddDevice: 80662a48 nt!ViDriverAddDevice
>>> Dispatch routines:
>>> [00] IRP_MJ_CREATE 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [01] IRP_MJ_CREATE_NAMED_PIPE 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [02] IRP_MJ_CLOSE 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [03] IRP_MJ_READ 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [04] IRP_MJ_WRITE 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [05] IRP_MJ_QUERY_INFORMATION 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [06] IRP_MJ_SET_INFORMATION 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [07] IRP_MJ_QUERY_EA 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [08] IRP_MJ_SET_EA 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [09] IRP_MJ_FLUSH_BUFFERS 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [0a] IRP_MJ_QUERY_VOLUME_INFORMATION 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [0b] IRP_MJ_SET_VOLUME_INFORMATION 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [0c] IRP_MJ_DIRECTORY_CONTROL 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [0d] IRP_MJ_FILE_SYSTEM_CONTROL 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [0e] IRP_MJ_DEVICE_CONTROL 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [10] IRP_MJ_SHUTDOWN 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [11] IRP_MJ_LOCK_CONTROL 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [12] IRP_MJ_CLEANUP 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [13] IRP_MJ_CREATE_MAILSLOT 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [14] IRP_MJ_QUERY_SECURITY 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [15] IRP_MJ_SET_SECURITY 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [16] IRP_MJ_POWER 80662abe nt!ViDriverDispatchPower
>>> [17] IRP_MJ_SYSTEM_CONTROL 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [18] IRP_MJ_DEVICE_CHANGE 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [19] IRP_MJ_QUERY_QUOTA 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [1a] IRP_MJ_SET_QUOTA 80662afe
>>> nt!ViDriverDispatchGeneric
>>> [1b] IRP_MJ_PNP 80662b34 nt!ViDriverDispatchPnp
>>>
>>>
>>>
>>> —
>>> NTDEV is sponsored by OSR
>>>
>>> For our schedule of WDF, WDM, debugging and other seminars visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>
>> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
>> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
>> the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · September 16, 2009, 11:58am

At a quick look, it seems that the problematic path was this one:

// Spurious cancel remove request so we just complete it

http://msdn.microsoft.com/en-us/library/aa489858.aspx says:

“An IRP_MN_CANCEL_REMOVE_DEVICE request must be handled first by the parent bus driver for a device and then by each higher driver in the device stack. A driver handles remove IRPs in its DispatchPnP routine.”

But from your description, the “spurious” code path completes the IRP in a higher driver, without forwarding the IRP to the lower driver first. Probably that’s why Verifier complained.

Dan

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Bedanto
Sent: Saturday, September 12, 2009 2:06 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] bugcheck c9 in verifier

thanks Mike!
On Sat, Sep 12, 2009 at 12:39 AM, Michael Zhu wrote:
I think you should not change Irp->IoStatus.Status before you send the IRP down. I mean you should remove the following line of code.

Irp->IoStatus.Status = STATUS_SUCCESS;

On Fri, Sep 11, 2009 at 1:21 PM, Bedanto wrote:
that is correct scott, it is very self explanatory, but when I do a !irp 1 on the falting IRP I get

0: kd> !irp 8a770ed8 1
Irp is active with 5 stacks 4 is current (= 0x8a770fb4)
No Mdl: No System Buffer: Thread 89db1640: Irp stack trace.
Flags = 40000000
ThreadListEntry.Flink = 89db1850
ThreadListEntry.Blink = 89db1850
IoStatus.Status = 00000000
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = bad03be8
UserEvent = bad03bd8
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = 8a770f18
Tail.Overlay.Thread = 89db1640
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 8a770fb4
Tail.Overlay.OriginalFileObject = 00000000
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 10 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[1b, 3] 0 e0 89d107f0 00000000 8066510e-8a770fb4 Success Error Cancel
\Driver\COSD nt!IovpInternalCompletionTrap
Args: 00000000 00000000 00000000 00000000
>[1b, 3] 0 e0 89b81cb8 00000000 bab38b5a-bad03b4c Success Error Cancel
\DRIVER\VERIFIER pnpfiltr
Args: 00000000 00000000 00000000 00000000
[1b, 3] 0 0 89b81ad8 00000000 00000000-00000000
\Driver\pnpstress
Args: 00000000 00000000 00000000 00000000

Indicating that it is IRP_MN_CANCEL_REMOVE_DEVICE

So here is the code for it.

case IRP_MN_CANCEL_REMOVE_DEVICE:
// First check to see whether we have received a prior query
// remove request. It could happen that we did not if
// someone above us failed a query remove and passed down the
// subsequent cancel remove request.
if (PnpStateRemovePending == deviceExtension->PnpState)
{
status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject, Irp);
if (NT_SUCCESS(status))
{
// restore pnp state, since remove was canceled
deviceExtension->PnpState = deviceExtension->PreviousPnpState;
// restart the queues
COSDRestartQueues(deviceExtension);
}
else
{
// Nobody can fail this IRP. This is a fatal error.
ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal error!”, FALSE);
COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p STATUS %x", Irp, status);
}
}
else
{
// Spurious cancel remove request so we just complete it
status = STATUS_SUCCESS;
}
break;

and here is the intended fix, please tell me if the fix is correct…

case IRP_MN_CANCEL_REMOVE_DEVICE:
// First check to see whether we have received a prior query
// remove request. It could happen that we did not if
// someone above us failed a query remove and passed down the
// subsequent cancel remove request.
if (PnpStateRemovePending == deviceExtension->PnpState)
{
status = COSDSubmitIrpSync(deviceExtension->LowerDeviceObject, Irp);
if (NT_SUCCESS(status))
{
// restore pnp state, since remove was canceled
deviceExtension->PnpState = deviceExtension->PreviousPnpState;
// restart the queues
COSDRestartQueues(deviceExtension);
}
else
{
// Nobody can fail this IRP. This is a fatal error.
ASSERTMSG(“IRP_MN_CANCEL_REMOVE_DEVICE failed. Fatal error!”, FALSE);
COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p STATUS %x", Irp, status);
}
}
else
{
// Spurious cancel remove request so we just complete it
status = STATUS_SUCCESS;
// send the request down, and we are done
Irp->IoStatus.Status = STATUS_SUCCESS;
status = DefaultPnpHandler(DeviceObject, Irp);
COSDReleaseRemoveLock(deviceExtension);
COSDDbgPrint(DBG_PNP, DBG_TRACE, FUNCTION"–. IRP %p STATUS %x", Irp, status);
return status;
}
break;

On Fri, Sep 11, 2009 at 7:14 PM, Scott Noone wrote:
The bugcheck code is pretty explicit:

> The caller has completed a successful IRP_MJ_PNP instead of passing it
> down.
See here for more details on processing IRP_MJ_PNP IRPs:

http://msdn.microsoft.com/en-us/library/ms794961.aspx

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Bedanto” wrote in message news:xxxxx@ntdev…
experts,

SUT: winxp sp3 32
DTM - 1.4
Test catagory: Unclassified, PnpD test (run remove pnpD test)

Xp crashes consistently, note that the same driver binary passes on vista
32sp2, win7-32 RTM

here is analysis.

I would be most grateful, if one of you can help.

0: kd> !analyze -v

Bugcheck Analysis

******
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000022e, The caller has completed a successful IRP_MJ_PNP instead of
passing it down.
Arg2: b9bfc5c6, The address in the driver’s code where the error was
detected.
Arg3: 8a770ed8, IRP address.
Arg4: 00000000
Debugging Details:
------------------
No owner thread found for resource 8055b4e0
No owner thread found for resource 8055b4e0
*** No owner thread found for resource 8055b4e0
SYMSRV: ntkrpamp.exe from http://msdl.microsoft.com/download/symbols:
930731 bytes - copied
DBGHELP: c:\websymbols\ntkrpamp.exe\4802516A20d000\ntkrpamp.exe - OK
SYMSRV: c:\websymbols\COSD.sys\4AA798B05a100\Cosd.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/Cosd.sys/4AA798B05a100/Cosd.sys
not found
DBGHELP: C:\Work\Branches\DeviceDriver\Package\32-bit\p\Cosd.sys - OK
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
not found
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
not found
SYMSRV: c:\websymbols\pnpfiltr.sys\49F156655580\pnpfiltr.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/pnpfiltr.sys/49F156655580/pnpfiltr.sys
not found
ERROR_CODE: (NTSTATUS) 0xc9 - The operating system cannot run %1.
EXCEPTION_CODE: (Win32) 0xc9 (201) - The operating system cannot run %1.
EXCEPTION_PARAMETER1: 0000022e
EXCEPTION_PARAMETER2: b9bfc5c6
EXCEPTION_PARAMETER3: 8a770ed8
EXCEPTION_PARAMETER4: 0
BUGCHECK_STR: 0xc9_22e
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 22e
FAULTING_IP:
Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
b9bfc5c6 8bff mov edi,edi
FOLLOWUP_IP:
Cosd!CosdPnpDispatch+0 [c:\work\branches\devicedriver\Cosd\pnp.cpp @ 38]
b9bfc5c6 8bff mov edi,edi
IRP_ADDRESS: 8a770ed8
DEVICE_OBJECT: 89b81cb8
DRIVER_OBJECT: 89d10ca0
IMAGE_NAME: Cosd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4aa798b0
MODULE_NAME: Cosd
FAULTING_MODULE: 00000000
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
LOCK_ADDRESS: 8055b560 – (!locks 8055b560)
Resource @ nt!IopDeviceTreeLock (0x8055b560) Shared 1 owning threads
Threads: 89db1640-01<*>
1 total locks, 1 locks currently held
PNP_TRIAGE:
Lock address : 0x8055b560
Thread Count : 1
Thread address: 0x89db1640
Thread wait : 0xc57
LAST_CONTROL_TRANSFER: from 80661e0b to 804f9f33
STACK_TEXT:
bad03434 80661e0b 0000004c 000000c9 bad03454 nt!KeBugCheckEx+0x1b
bad035bc 80662571 bad03897 80691090 00040000 nt!ViBugcheckHalt+0xc3
bad03860 80662657 80695630 0000022e bad0388c
nt!VfBugcheckThrowException+0xa1
bad03950 806640bb 0000022e 00000009 b9bfc5c6
nt!VfBugcheckThrowIoException+0xb5
bad03988 80661775 8857f5c0 8857f520 00000001
nt!VfPnpVerifyIrpStackUpward+0xdd
bad039ac 80665600 8857f520 00000001 8851f000
nt!VfMajorVerifyIrpStackUpward+0x45
bad039ec 806582df 8a770f93 8a770ed8 00000000 nt!IovpCompleteRequest2+0xb4
bad03a04 804f16b0 89b81cb8 8a770ed8 bad03a68
nt!IovpLocalCompletionRoutine+0x63
bad03a34 806587b8 89d108a8 8a770ed8 00000000 nt!IopfCompleteRequest+0xa2
bad03aa0 b9bfc860 89d107f0 89ca2588 8a770f00 nt!IovCompleteRequest+0x9a
bad03abc 804ef18f 89d107f0 8a770f90 806e6428 Cosd!CosdPnpDispatch+0x29a
[c:\work\branches\devicedriver\Cosd\pnp.cpp @ 402]
bad03acc 80658128 8a770fac 8a770fd0 8a770f90 nt!IopfCallDriver+0x31
bad03af0 80662c0b 89b81cb8 89d10ca0 8a770e00 nt!IovCallDriver+0xa0
bad03b04 804ef18f 89d107f0 8a770ed8 806e6428 nt!ViDriverDispatchPnp+0xd7
bad03b14 80658128 8a770fd0 89b81b90 8a770ed8 nt!IopfCallDriver+0x31
bad03b38 bab3a5a9 89b81ad8 89b81b90 89b81a60 nt!IovCallDriver+0xa0
WARNING: Stack unwind information not available. Following frames may be
wrong.
bad03b5c bab3ac57 89b81b90 8a770ed8 8a770ed8 pnpfiltr+0x25a9
bad03b78 bab3a7c7 89b81ad8 8a770ed8 89b81ad8 pnpfiltr+0x2c57
bad03b90 804ef18f 89b81ad8 8a770ed8 806e6428 pnpfiltr+0x27c7
bad03ba0 80658128 8a770ffc bad03c40 8a770ed8 nt!IopfCallDriver+0x31
bad03bc4 80592b63 89dd5df0 89dd5df0 00000003 nt!IovCallDriver+0xa0
bad03bf0 80592dc5 89b81ad8 bad03c1c 00000000 nt!IopSynchronousCall+0xb7
bad03c44 8059397b 89dd5df0 00000003 00000000 nt!IopRemoveDevice+0x93
bad03c5c 805947b0 89dd5ca8 bad03d20 bad03ce8
nt!IopQueryRemoveLockedDeviceNode+0x3f
bad03c74 805947fd 89dd5ca8 00000000 e113c7b0
nt!IopDeleteLockedDeviceNode+0x4e
bad03ca8 8059a297 89dd5df0 0213c7b0 00000000
nt!IopDeleteLockedDeviceNodes+0x3f
bad03d3c 8059a72e bad03d78 806e6974 e11bfe78
nt!PiProcessQueryRemoveAndEject+0x597
bad03d58 8059a874 bad03d78 89bf5350 8056485c
nt!PiProcessTargetDeviceEvent+0x2a
bad03d7c 8053876d 89bf5350 00000000 89db1640 nt!PiWalkDeviceList+0xea
bad03dac 805cff64 89bf5350 00000000 00000000 nt!ExpWorkerThread+0xef
bad03ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: .bugcheck ; kb
FAULTING_SOURCE_CODE:
34: NTSTATUS CosdPnpDispatch(
35: IN PDEVICE_OBJECT DeviceObject,
36: IN PIRP Irp
37: )
> 38: {
39: PCosd_DEVICE_EXTENSION deviceExtension;
40: PIO_STACK_LOCATION irpStack;
41: NTSTATUS status = STATUS_NO_SUCH_DEVICE;
42: PDEVICE_CAPABILITIES deviceCapabilities;
43: ULONG requestCount;

SYMBOL_NAME: Cosd!CosdPnpDispatch+0
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
Followup: MachineOwner
---------
0: kd> !devobj ffffffff89b81cb8 f
Device object (89b81cb8) is for:
\DRIVER\VERIFIER DriverObject 89d10ca0
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00000010
DevExt 89b81d70 DevObjExt 89b81d80
ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
AttachedDevice (Upper) 89b81ad8 \Driver\pnpstress
AttachedTo (Lower) 89d107f0 \Driver\Cosd
Device queue is not busy.
0: kd> !drvobj ffffffff89d10ca0 f
Driver object (89d10ca0) is for:
\DRIVER\VERIFIER
Driver Extension List: (id , addr)
Device Object list:
89b81cb8 89d10b68
DriverEntry: 80662c3a nt!ViDriverEntry
DriverStartIo: 00000000
DriverUnload: 00000000
AddDevice: 80662a48 nt!ViDriverAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE 80662afe nt!ViDriverDispatchGeneric
[01] IRP_MJ_CREATE_NAMED_PIPE 80662afe nt!ViDriverDispatchGeneric
[02] IRP_MJ_CLOSE 80662afe nt!ViDriverDispatchGeneric
[03] IRP_MJ_READ 80662afe nt!ViDriverDispatchGeneric
[04] IRP_MJ_WRITE 80662afe nt!ViDriverDispatchGeneric
[05] IRP_MJ_QUERY_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[06] IRP_MJ_SET_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[07] IRP_MJ_QUERY_EA 80662afe nt!ViDriverDispatchGeneric
[08] IRP_MJ_SET_EA 80662afe nt!ViDriverDispatchGeneric
[09] IRP_MJ_FLUSH_BUFFERS 80662afe nt!ViDriverDispatchGeneric
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[0b] IRP_MJ_SET_VOLUME_INFORMATION 80662afe nt!ViDriverDispatchGeneric
[0c] IRP_MJ_DIRECTORY_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0d] IRP_MJ_FILE_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0e] IRP_MJ_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 80662afe nt!ViDriverDispatchGeneric
[10] IRP_MJ_SHUTDOWN 80662afe nt!ViDriverDispatchGeneric
[11] IRP_MJ_LOCK_CONTROL 80662afe nt!ViDriverDispatchGeneric
[12] IRP_MJ_CLEANUP 80662afe nt!ViDriverDispatchGeneric
[13] IRP_MJ_CREATE_MAILSLOT 80662afe nt!ViDriverDispatchGeneric
[14] IRP_MJ_QUERY_SECURITY 80662afe nt!ViDriverDispatchGeneric
[15] IRP_MJ_SET_SECURITY 80662afe nt!ViDriverDispatchGeneric
[16] IRP_MJ_POWER 80662abe nt!ViDriverDispatchPower
[17] IRP_MJ_SYSTEM_CONTROL 80662afe nt!ViDriverDispatchGeneric
[18] IRP_MJ_DEVICE_CHANGE 80662afe nt!ViDriverDispatchGeneric
[19] IRP_MJ_QUERY_QUOTA 80662afe nt!ViDriverDispatchGeneric
[1a] IRP_MJ_SET_QUOTA 80662afe nt!ViDriverDispatchGeneric
[1b] IRP_MJ_PNP 80662b34 nt!ViDriverDispatchPnp

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

bugcheck c9 in verifier

SYMBOL_NAME: Cosd!CosdPnpDispatch+0 FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0 BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0 Followup: MachineOwner

SYMBOL_NAME: Cosd!CosdPnpDispatch+0
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
BUCKET_ID: 0xc9_22e_VRF_Cosd!CosdPnpDispatch+0
Followup: MachineOwner