BUGCHECK_STR: 0xc9_302 by Driver verifier on Windows 7

Manoj_Pattanaik · March 15, 2010, 9:40am

Hi,

I have a legacy driver where I am trying to open a file by using ZwOpenFile. On Windows 7 if Driver verifier is enabled then the driver is crashing with bugcheck 0xC9_302 at ZwOpenFile call.

Following is the code:

InitializeObjectAttributes( &ObjAttributes, Path, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL );
if( ZwOpenFile( &handle, FILE_READ_ATTRIBUTES, &ObjAttributes, &Status, 0,
FILE_SYNCHRONOUS_IO_NONALERT ) == STATUS_SUCCESS )

Bugcheck Analysis:

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000302, Code that specifies the violation
Arg2: fffff80001982477
Arg3: fffff9800c814c60
Arg4: 0000000000000001

Debugging Details:

BUGCHECK_STR: 0xc9_302

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 302

FAULTING_IP:
nt!IopParseDevice+5a7
fffff800`01982477 448bc8 mov r9d,eax

FOLLOWUP_IP:
mydrv+14a6b
fffff880`02a14a6b 85c0 test eax,eax

IRP_ADDRESS: fffff9800c814c60

DEVICE_OBJECT: 0000000000000000

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80001b0b3dc to fffff80001681f00

STACK_TEXT:
fffff880039a5048 fffff80001b0b3dc : 00000000000000c9 0000000000000302 fffff80001982477 fffff9800c814c60 : nt!KeBugCheckEx
fffff880039a5050 fffff80001b1547a : fffff80001b099f0 fffff80001982477 fffff9800c814c60 0000000000000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880039a5090 fffff80001b16060 : 0000000000000302 0000000000000001 fffff9800c814c60 00000000ffffffff : nt!ViErrorFinishReport+0xda
fffff880039a50e0 fffff80001b16ace : fffff9800c814c60 fffff80001b0ce56 0000000000000002 0000000000000000 : nt!VfErrorReport11+0x70
fffff880039a51b0 fffff80001b0ae36 : fffff9800c814c60 fffff80001b19e3f fffffa80021345d0 fffffa80021345d0 : nt!ViGenericVerifyNewIrp+0x6e
fffff880039a51e0 fffff80001b23b05 : fffffa8002152d70 fffffa80023ac2f0 fffff9800c814c60 fffffa800491f510 : nt!VfMajorVerifyNewIrp+0x86
fffff880039a5220 fffff80001b23d86 : fffffa8000000001 fffffa8000000001 fffffa8000000001 fffff80001982477 : nt!IovpCallDriver1+0x455
fffff880039a52d0 fffff80001b27bb2 : fffff9800c814c60 0000000000000002 0000000000000040 0000000000000000 : nt!VfBeforeCallDriver+0x186
fffff880039a5330 fffff80001982477 : 0000000000000004 fffff80001981ed0 fffffa800489a610 fffffa8002f70a50 : nt!IovCallDriver+0x502
fffff880039a5390 fffff80001978764 : fffffa8001ea36c0 0000000000000000 fffffa8004288b10 0000000000000000 : nt!IopParseDevice+0x5a7
fffff880039a5520 fffff8000197d876 : fffffa8004288b10 fffff880039a56a0 0000000000000040 fffffa8000cccf30 : nt!ObpLookupObjectName+0x585
fffff880039a5620 fffff80001984587 : 0000000000000000 0000000000000001 0000000000000000 0000000000000000 : nt!ObOpenObjectByName+0x306
fffff880039a56f0 fffff8000199d2a4 : fffff880039a5aa0 0000000000000080 fffff880039a57c0 fffff880039a5aa8 : nt!IopCreateFile+0x2b7
fffff880039a5790 fffff80001681153 : 7ff0000000000000 0000000000000001 fffffa8000b386e0 fffff781c0000000 : nt!NtOpenFile+0x58
fffff880039a5820 fffff8000167d6f0 : fffff80001b10dc5 fffffa8001510f80 00000000000000c4 00000000000000c1 : nt!KiSystemServiceCopyEnd+0x13
fffff880039a5a28 fffff80001b10dc5 : fffffa8001510f80 00000000000000c4 00000000000000c1 0000000000000081 : nt!KiServiceLinkage
fffff880039a5a30 fffff88002a14a6b : 0000000000000000 0000000000000080 fffff880039a5b60 fffff880039a5b10 : nt!VfZwOpenFile+0x75
fffff880039a5a70 fffff88002a1551c : fffff88002a15560 fffff9800156af50 0000000000000001 fffff800016beec0 : mydrv+0x14a6b
fffff880039a5b40 fffff88002a155bb : fffff88002a155d0 fffff9800156af50 0000000000000001 fffff800016beec0 : mydrv+0x1551c
fffff880039a5ba0 fffff88002a17043 : fffff88002a17060 fffff9800156af50 0000000000000000 0000000000000000 : mydrv+0x155bb
fffff880039a5bd0 fffff88002a13cc4 : fffff98002644fd0 0000000000050024 fffff88002a292f0 0000000000050024 : mydrv+0x17043
fffff880039a5c10 fffff88002a18ff5 : 0000000000000000 fffff88002a19020 fffff88002a19030 0000000000000008 : mydrv+0x13cc4
fffff880039a5c40 fffff88002a19170 : 000000000005007a fffff88002a18e2c 000000000005007a fffff800016862aa : mydrv+0x18ff5
fffff880039a5c70 fffff88002a192b5 : fffff88002a292f0 0000000000000080 fffffa8000cc8148 fffff8000167d6f0 : mydrv+0x19170
fffff880039a5cb0 fffff88002a1a49c : 0000000000000000 000000000005007a fffff88001476d00 fffffa8000cc8148 : mydrv+0x192b5
fffff880039a5d00 fffff80001925166 : 0000000000000010 fffff8000192510c 0000000000000010 0000000000010286 : mydrv+0x1a49c
fffff880039a5d40 fffff80001660486 : fffff800017fae80 fffffa80021544c0 fffffa8000cce040 fffff88002f0cd30 : nt!PspSystemThreadStartup+0x5a
fffff880039a5d80 0000000000000000 : fffff880039a6000 fffff880039a0000 fffff880039a5750 0000000000000000 : nt!KxStartSystemThread+0x16

STACK_COMMAND: kb

SYMBOL_STACK_INDEX: 11

SYMBOL_NAME: mydrv+14a6b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mydrv

IMAGE_NAME: mydrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b9a00e2

FAILURE_BUCKET_ID: X64_0xc9_302_VRF_mydrv+14a6b

BUCKET_ID: X64_0xc9_302_VRF_mydrv+14a6b

Followup: MachineOwner

Can anyone help me to understand the problem?

Thanks
Manoj

Scott_Noone_OSR · March 15, 2010, 10:22am

The docs and debugger need to be updated. I think this means that you’re
making the Zw call at an incorrect IRQL, make sure you’re not making any Zw
calls if KeAreAllApcsDisabled returns TRUE.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I have a legacy driver where I am trying to open a file by using
> ZwOpenFile. On Windows 7 if Driver verifier is enabled then the driver is
> crashing with bugcheck 0xC9_302 at ZwOpenFile call.
>
> Following is the code:
>
> InitializeObjectAttributes( &ObjAttributes, Path, OBJ_CASE_INSENSITIVE |
> OBJ_KERNEL_HANDLE, NULL, NULL );
> if( ZwOpenFile( &handle, FILE_READ_ATTRIBUTES, &ObjAttributes, &Status, 0,
> FILE_SYNCHRONOUS_IO_NONALERT ) == STATUS_SUCCESS )
>
>
>
> Bugcheck Analysis:
>
> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
> The IO manager has caught a misbehaving driver.
> Arguments:
> Arg1: 0000000000000302, Code that specifies the violation
> Arg2: fffff80001982477
> Arg3: fffff9800c814c60
> Arg4: 0000000000000001
>
> Debugging Details:
> ------------------
>
>
> BUGCHECK_STR: 0xc9_302
>
> DRIVER_VERIFIER_IO_VIOLATION_TYPE: 302
>
> FAULTING_IP:
> nt!IopParseDevice+5a7
> fffff80001982477 448bc8 mov r9d,eax > > FOLLOWUP_IP: > mydrv+14a6b > fffff88002a14a6b 85c0 test eax,eax
>
> IRP_ADDRESS: fffff9800c814c60
>
> DEVICE_OBJECT: 0000000000000000
>
> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>
> PROCESS_NAME: System
>
> CURRENT_IRQL: 2
>
> LAST_CONTROL_TRANSFER: from fffff80001b0b3dc to fffff80001681f00
>
> STACK_TEXT:
> fffff880039a5048 fffff80001b0b3dc : 00000000000000c9 0000000000000302
> fffff80001982477 fffff9800c814c60 : nt!KeBugCheckEx
> fffff880039a5050 fffff80001b1547a : fffff80001b099f0 fffff80001982477
> fffff9800c814c60 0000000000000001 :
> nt!VerifierBugCheckIfAppropriate+0x3c
> fffff880039a5090 fffff80001b16060 : 0000000000000302 0000000000000001
> fffff9800c814c60 00000000ffffffff : nt!ViErrorFinishReport+0xda
> fffff880039a50e0 fffff80001b16ace : fffff9800c814c60 fffff80001b0ce56
> 0000000000000002 0000000000000000 : nt!VfErrorReport11+0x70
> fffff880039a51b0 fffff80001b0ae36 : fffff9800c814c60 fffff80001b19e3f
> fffffa80021345d0 fffffa80021345d0 : nt!ViGenericVerifyNewIrp+0x6e
> fffff880039a51e0 fffff80001b23b05 : fffffa8002152d70 fffffa80023ac2f0
> fffff9800c814c60 fffffa800491f510 : nt!VfMajorVerifyNewIrp+0x86
> fffff880039a5220 fffff80001b23d86 : fffffa8000000001 fffffa8000000001
> fffffa8000000001 fffff80001982477 : nt!IovpCallDriver1+0x455
> fffff880039a52d0 fffff80001b27bb2 : fffff9800c814c60 0000000000000002
> 0000000000000040 0000000000000000 : nt!VfBeforeCallDriver+0x186
> fffff880039a5330 fffff80001982477 : 0000000000000004 fffff80001981ed0
> fffffa800489a610 fffffa8002f70a50 : nt!IovCallDriver+0x502
> fffff880039a5390 fffff80001978764 : fffffa8001ea36c0 0000000000000000
> fffffa8004288b10 0000000000000000 : nt!IopParseDevice+0x5a7
> fffff880039a5520 fffff8000197d876 : fffffa8004288b10 fffff880039a56a0
> 0000000000000040 fffffa8000cccf30 : nt!ObpLookupObjectName+0x585
> fffff880039a5620 fffff80001984587 : 0000000000000000 0000000000000001
> 0000000000000000 0000000000000000 : nt!ObOpenObjectByName+0x306
> fffff880039a56f0 fffff8000199d2a4 : fffff880039a5aa0 0000000000000080
> fffff880039a57c0 fffff880039a5aa8 : nt!IopCreateFile+0x2b7
> fffff880039a5790 fffff80001681153 : 7ff0000000000000 0000000000000001
> fffffa8000b386e0 fffff781c0000000 : nt!NtOpenFile+0x58
> fffff880039a5820 fffff8000167d6f0 : fffff80001b10dc5 fffffa8001510f80
> 00000000000000c4 00000000000000c1 : nt!KiSystemServiceCopyEnd+0x13
> fffff880039a5a28 fffff80001b10dc5 : fffffa8001510f80 00000000000000c4
> 00000000000000c1 0000000000000081 : nt!KiServiceLinkage
> fffff880039a5a30 fffff88002a14a6b : 0000000000000000 0000000000000080
> fffff880039a5b60 fffff880039a5b10 : nt!VfZwOpenFile+0x75
> fffff880039a5a70 fffff88002a1551c : fffff88002a15560 fffff9800156af50
> 0000000000000001 fffff800016beec0 : mydrv+0x14a6b
> fffff880039a5b40 fffff88002a155bb : fffff88002a155d0 fffff9800156af50
> 0000000000000001 fffff800016beec0 : mydrv+0x1551c
> fffff880039a5ba0 fffff88002a17043 : fffff88002a17060 fffff9800156af50
> 0000000000000000 0000000000000000 : mydrv+0x155bb
> fffff880039a5bd0 fffff88002a13cc4 : fffff98002644fd0 0000000000050024
> fffff88002a292f0 0000000000050024 : mydrv+0x17043
> fffff880039a5c10 fffff88002a18ff5 : 0000000000000000 fffff88002a19020
> fffff88002a19030 0000000000000008 : mydrv+0x13cc4
> fffff880039a5c40 fffff88002a19170 : 000000000005007a fffff88002a18e2c
> 000000000005007a fffff800016862aa : mydrv+0x18ff5
> fffff880039a5c70 fffff88002a192b5 : fffff88002a292f0 0000000000000080
> fffffa8000cc8148 fffff8000167d6f0 : mydrv+0x19170
> fffff880039a5cb0 fffff88002a1a49c : 0000000000000000 000000000005007a
> fffff88001476d00 fffffa8000cc8148 : mydrv+0x192b5
> fffff880039a5d00 fffff80001925166 : 0000000000000010 fffff8000192510c
> 0000000000000010 0000000000010286 : mydrv+0x1a49c
> fffff880039a5d40 fffff80001660486 : fffff800017fae80 fffffa80021544c0
> fffffa8000cce040 fffff88002f0cd30 : nt!PspSystemThreadStartup+0x5a
> fffff880039a5d80 0000000000000000 : fffff880039a6000 fffff880039a0000
> fffff880039a5750 0000000000000000 : nt!KxStartSystemThread+0x16
>
>
> STACK_COMMAND: kb
>
> SYMBOL_STACK_INDEX: 11
>
> SYMBOL_NAME: mydrv+14a6b
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: mydrv
>
> IMAGE_NAME: mydrv.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4b9a00e2
>
> FAILURE_BUCKET_ID: X64_0xc9_302_VRF_mydrv+14a6b
>
> BUCKET_ID: X64_0xc9_302_VRF_mydrv+14a6b
>
> Followup: MachineOwner
>
> Can anyone help me to understand the problem?
>
> Thanks
> Manoj
>
>

Dan_Mihai_MSFT · March 16, 2010, 9:59am

To add some more details:

Verifier thinks that this particular type of I/O request will require an APC routine to run, to complete the IRP. Since you are sending the request at APC_LEVEL, the APC routine will not be able to run.

Dan

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, March 15, 2010 7:22 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] BUGCHECK_STR: 0xc9_302 by Driver verifier on Windows 7

The docs and debugger need to be updated. I think this means that you’re
making the Zw call at an incorrect IRQL, make sure you’re not making any Zw
calls if KeAreAllApcsDisabled returns TRUE.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I have a legacy driver where I am trying to open a file by using
> ZwOpenFile. On Windows 7 if Driver verifier is enabled then the driver is
> crashing with bugcheck 0xC9_302 at ZwOpenFile call.
>
> Following is the code:
>
> InitializeObjectAttributes( &ObjAttributes, Path, OBJ_CASE_INSENSITIVE |
> OBJ_KERNEL_HANDLE, NULL, NULL );
> if( ZwOpenFile( &handle, FILE_READ_ATTRIBUTES, &ObjAttributes, &Status, 0,
> FILE_SYNCHRONOUS_IO_NONALERT ) == STATUS_SUCCESS )
>
>
>
> Bugcheck Analysis:
>
> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
> The IO manager has caught a misbehaving driver.
> Arguments:
> Arg1: 0000000000000302, Code that specifies the violation
> Arg2: fffff80001982477
> Arg3: fffff9800c814c60
> Arg4: 0000000000000001
>
> Debugging Details:
> ------------------
>
>
> BUGCHECK_STR: 0xc9_302
>
> DRIVER_VERIFIER_IO_VIOLATION_TYPE: 302
>
> FAULTING_IP:
> nt!IopParseDevice+5a7
> fffff80001982477 448bc8 mov r9d,eax > > FOLLOWUP_IP: > mydrv+14a6b > fffff88002a14a6b 85c0 test eax,eax
>
> IRP_ADDRESS: fffff9800c814c60
>
> DEVICE_OBJECT: 0000000000000000
>
> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>
> PROCESS_NAME: System
>
> CURRENT_IRQL: 2
>
> LAST_CONTROL_TRANSFER: from fffff80001b0b3dc to fffff80001681f00
>
> STACK_TEXT:
> fffff880039a5048 fffff80001b0b3dc : 00000000000000c9 0000000000000302
> fffff80001982477 fffff9800c814c60 : nt!KeBugCheckEx
> fffff880039a5050 fffff80001b1547a : fffff80001b099f0 fffff80001982477
> fffff9800c814c60 0000000000000001 :
> nt!VerifierBugCheckIfAppropriate+0x3c
> fffff880039a5090 fffff80001b16060 : 0000000000000302 0000000000000001
> fffff9800c814c60 00000000ffffffff : nt!ViErrorFinishReport+0xda
> fffff880039a50e0 fffff80001b16ace : fffff9800c814c60 fffff80001b0ce56
> 0000000000000002 0000000000000000 : nt!VfErrorReport11+0x70
> fffff880039a51b0 fffff80001b0ae36 : fffff9800c814c60 fffff80001b19e3f
> fffffa80021345d0 fffffa80021345d0 : nt!ViGenericVerifyNewIrp+0x6e
> fffff880039a51e0 fffff80001b23b05 : fffffa8002152d70 fffffa80023ac2f0
> fffff9800c814c60 fffffa800491f510 : nt!VfMajorVerifyNewIrp+0x86
> fffff880039a5220 fffff80001b23d86 : fffffa8000000001 fffffa8000000001
> fffffa8000000001 fffff80001982477 : nt!IovpCallDriver1+0x455
> fffff880039a52d0 fffff80001b27bb2 : fffff9800c814c60 0000000000000002
> 0000000000000040 0000000000000000 : nt!VfBeforeCallDriver+0x186
> fffff880039a5330 fffff80001982477 : 0000000000000004 fffff80001981ed0
> fffffa800489a610 fffffa8002f70a50 : nt!IovCallDriver+0x502
> fffff880039a5390 fffff80001978764 : fffffa8001ea36c0 0000000000000000
> fffffa8004288b10 0000000000000000 : nt!IopParseDevice+0x5a7
> fffff880039a5520 fffff8000197d876 : fffffa8004288b10 fffff880039a56a0
> 0000000000000040 fffffa8000cccf30 : nt!ObpLookupObjectName+0x585
> fffff880039a5620 fffff80001984587 : 0000000000000000 0000000000000001
> 0000000000000000 0000000000000000 : nt!ObOpenObjectByName+0x306
> fffff880039a56f0 fffff8000199d2a4 : fffff880039a5aa0 0000000000000080
> fffff880039a57c0 fffff880039a5aa8 : nt!IopCreateFile+0x2b7
> fffff880039a5790 fffff80001681153 : 7ff0000000000000 0000000000000001
> fffffa8000b386e0 fffff781c0000000 : nt!NtOpenFile+0x58
> fffff880039a5820 fffff8000167d6f0 : fffff80001b10dc5 fffffa8001510f80
> 00000000000000c4 00000000000000c1 : nt!KiSystemServiceCopyEnd+0x13
> fffff880039a5a28 fffff80001b10dc5 : fffffa8001510f80 00000000000000c4
> 00000000000000c1 0000000000000081 : nt!KiServiceLinkage
> fffff880039a5a30 fffff88002a14a6b : 0000000000000000 0000000000000080
> fffff880039a5b60 fffff880039a5b10 : nt!VfZwOpenFile+0x75
> fffff880039a5a70 fffff88002a1551c : fffff88002a15560 fffff9800156af50
> 0000000000000001 fffff800016beec0 : mydrv+0x14a6b
> fffff880039a5b40 fffff88002a155bb : fffff88002a155d0 fffff9800156af50
> 0000000000000001 fffff800016beec0 : mydrv+0x1551c
> fffff880039a5ba0 fffff88002a17043 : fffff88002a17060 fffff9800156af50
> 0000000000000000 0000000000000000 : mydrv+0x155bb
> fffff880039a5bd0 fffff88002a13cc4 : fffff98002644fd0 0000000000050024
> fffff88002a292f0 0000000000050024 : mydrv+0x17043
> fffff880039a5c10 fffff88002a18ff5 : 0000000000000000 fffff88002a19020
> fffff88002a19030 0000000000000008 : mydrv+0x13cc4
> fffff880039a5c40 fffff88002a19170 : 000000000005007a fffff88002a18e2c
> 000000000005007a fffff800016862aa : mydrv+0x18ff5
> fffff880039a5c70 fffff88002a192b5 : fffff88002a292f0 0000000000000080
> fffffa8000cc8148 fffff8000167d6f0 : mydrv+0x19170
> fffff880039a5cb0 fffff88002a1a49c : 0000000000000000 000000000005007a
> fffff88001476d00 fffffa8000cc8148 : mydrv+0x192b5
> fffff880039a5d00 fffff80001925166 : 0000000000000010 fffff8000192510c
> 0000000000000010 0000000000010286 : mydrv+0x1a49c
> fffff880039a5d40 fffff80001660486 : fffff800017fae80 fffffa80021544c0
> fffffa8000cce040 fffff88002f0cd30 : nt!PspSystemThreadStartup+0x5a
> fffff880039a5d80 0000000000000000 : fffff880039a6000 fffff880039a0000
> fffff880039a5750 0000000000000000 : nt!KxStartSystemThread+0x16
>
>
> STACK_COMMAND: kb
>
> SYMBOL_STACK_INDEX: 11
>
> SYMBOL_NAME: mydrv+14a6b
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: mydrv
>
> IMAGE_NAME: mydrv.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4b9a00e2
>
> FAILURE_BUCKET_ID: X64_0xc9_302_VRF_mydrv+14a6b
>
> BUCKET_ID: X64_0xc9_302_VRF_mydrv+14a6b
>
> Followup: MachineOwner
>
> Can anyone help me to understand the problem?
>
> Thanks
> Manoj
>
>

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Manoj_Pattanaik · March 17, 2010, 2:29am

Hi,

Thanks Scott and Dan for your help.

As per my code I am opening the file to read its attributes. Can you please help me to identify any other way to read file attributes at APC_LEVEL?

Thanks
Manoj

Ayush_Gupta-2 · March 17, 2010, 2:34am

> As per my code I am opening the file to read its attributes. Can you

please help me to identify any other way to read file attributes at
APC_LEVEL?

Just post the request to a worker thread and do the stuff there.

Regards,
Ayush Gupta
AI Consulting.

Manoj_Pattanaik · March 19, 2010, 3:24am

Thanks All for your help.

I am able to resolve the problem by modifying my code.

Regards
Manoj