Caller has changed the status field of an IRP it does not understand.

NTDEV
1

Hello,

I’m working on a driver based on WDK(6000) example vhidmini.

When I use verifier to test the driver on win7 , I got BSOD like follows:

************************************************************
Driver Verifier detected violation:

Caller has changed the status field of an IRP it does not understand.

CulpritAddress = 957BFA8C, Irp = 968C0DE0.
************************************************************

1: kd> u 0x957BFA8C
HIDCLASS!HidpMajorHandler:
957bfa8c 8bff mov edi,edi
957bfa8e 55 push ebp
957bfa8f 8bec mov ebp,esp
957bfa91 53 push ebx
957bfa92 56 push esi
957bfa93 57 push edi
957bfa94 a100707c95 mov eax,dword ptr [HIDCLASS!WPP_GLOBAL_Control
(957c7000)]
957bfa99 be1c627c95 mov esi,offset
HIDCLASS!GUID_POWER_DEVICE_WAKE_ENABLE+0x30 (957c621c)
1: kd> lmv m Bthavrcp
start end module name
83b08000 83b15200 BthAvrcp (private pdb symbols)
e:\workspace\pdb\BthAvrcp.pdb
Loaded symbol image file: BthAvrcp.sys
Image path: BthAvrcp.sys
Image name: BthAvrcp.sys
Timestamp: Mon Apr 18 13:07:32 2011 (4DABC714)
CheckSum: 0001A2CC
ImageSize: 0000D200
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Unable to enumerate user-mode unloaded modules, Win32 error 0n30

1: kd> !irp 0x968C0DE0 1
Irp is active with 12 stacks 11 is current (= 0x968c0fb8)
No Mdl: No System Buffer: Thread 00000000: Irp stack trace.
Flags = 40000000
ThreadListEntry.Flink = 968c0df0
ThreadListEntry.Blink = 968c0df0
IoStatus.Status = c0000010
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = 00000000
UserEvent = 00000000
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = 968c0e20
Tail.Overlay.Thread = 00000000
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 968c0fb8
Tail.Overlay.OriginalFileObject = 00000000
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 2 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 c0000010
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[16,ff] 0 e2 8352f030 00000000 957c3412-8352f0e8 Success Error Cancel
\Driver\BthAvrcp.sys HIDCLASS!HidpFdoPowerCompletion
Args: 00000000 00000000 00000000 00000000

[16,ff] 0 e0 8352f030 00000000 84574d56-968c0fdc Success Error Cancel
\Driver\BthAvrcp.sys nt!IovpInternalCompletionTrap
Args: 00000000 00000000 00000000 00000000
[16,ff] 0 e0 8352d0b8 00000000 84573c41-89f179c0 Success Error Cancel
\DRIVER\VERIFIER_FILTER nt!ViIrpSynchronousCompletionRoutine
Args: 00000000 00000000 00000000 00000000

16(IRP_MJ_POWER) IrpMinorFunction = 0xFF

I’m not sure if it is caused by HIDCLASS driver or my source code.

My Power Dispatch routine code is :

NTSTATUS
Power(
__in PDEVICE_OBJECT DeviceObject,
__in PIRP Irp
)
{
//
// Make sure to store and restore the device context depending
// on whether the system is going into lower power state
// or resuming. The job of converting S-IRPs to D-IRPs is done
// by HIDCLASS. All you need to do here is handle Set-Power request
// for device power state according to the guidelines given in the
// power management documentation of the DDK. Before powering down
// your device make sure to cancel any pending IRPs, if any, sent by
// you to the lower device stack.
//
PoStartNextPowerIrp(Irp);
IoSkipCurrentIrpStackLocation(Irp);

return PoCallDriver(GET_NEXT_DO (DeviceObject), Irp);
}

How can I fix this?

Thanks!


Danny

2

I don’t know why, but after i comment PoStartNextPowerIrp(Irp); in
power routine,
and add a passthrough routine for other kinds of IRP, this problem solved.

2011/4/18 Danny

> Hello,
>
> I’m working on a driver based on WDK(6000) example vhidmini.
>
> When I use verifier to test the driver on win7 , I got BSOD like follows:
>
>
>
> Driver Verifier detected violation:
>
> Caller has changed the status field of an IRP it does not understand.
>
> CulpritAddress = 957BFA8C, Irp = 968C0DE0.
>
>
>
>
> 1: kd> u 0x957BFA8C
> HIDCLASS!HidpMajorHandler:
> 957bfa8c 8bff mov edi,edi
> 957bfa8e 55 push ebp
> 957bfa8f 8bec mov ebp,esp
> 957bfa91 53 push ebx
> 957bfa92 56 push esi
> 957bfa93 57 push edi
> 957bfa94 a100707c95 mov eax,dword ptr [HIDCLASS!WPP_GLOBAL_Control
> (957c7000)]
> 957bfa99 be1c627c95 mov esi,offset
> HIDCLASS!GUID_POWER_DEVICE_WAKE_ENABLE+0x30 (957c621c)
> 1: kd> lmv m Bthavrcp
> start end module name
> 83b08000 83b15200 BthAvrcp (private pdb symbols)
> e:\workspace\pdb\BthAvrcp.pdb
> Loaded symbol image file: BthAvrcp.sys
> Image path: BthAvrcp.sys
> Image name: BthAvrcp.sys
> Timestamp: Mon Apr 18 13:07:32 2011 (4DABC714)
> CheckSum: 0001A2CC
> ImageSize: 0000D200
> Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
>
> Unable to enumerate user-mode unloaded modules, Win32 error 0n30
>
> 1: kd> !irp 0x968C0DE0 1
> Irp is active with 12 stacks 11 is current (= 0x968c0fb8)
> No Mdl: No System Buffer: Thread 00000000: Irp stack trace.
> Flags = 40000000
> ThreadListEntry.Flink = 968c0df0
> ThreadListEntry.Blink = 968c0df0
> IoStatus.Status = c0000010
> IoStatus.Information = 00000000
> RequestorMode = 00000000
> Cancel = 00
> CancelIrql = 0
> ApcEnvironment = 00
> UserIosb = 00000000
> UserEvent = 00000000
> Overlay.AsynchronousParameters.UserApcRoutine = 00000000
> Overlay.AsynchronousParameters.UserApcContext = 00000000
> Overlay.AllocationSize = 00000000 - 00000000
> CancelRoutine = 00000000
> UserBuffer = 00000000
> &Tail.Overlay.DeviceQueueEntry = 968c0e20
> Tail.Overlay.Thread = 00000000
> Tail.Overlay.AuxiliaryBuffer = 00000000
> Tail.Overlay.ListEntry.Flink = 00000000
> Tail.Overlay.ListEntry.Blink = 00000000
> Tail.Overlay.CurrentStackLocation = 968c0fb8
> Tail.Overlay.OriginalFileObject = 00000000
> Tail.Apc = 00000000
> Tail.CompletionKey = 00000000
> cmd flg cl Device File Completion-Context
> [0, 0] 0 2 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 c0000010
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [0, 0] 0 0 00000000 00000000 00000000-00000000
>
> Args: 00000000 00000000 00000000 00000000
> [16,ff] 0 e2 8352f030 00000000 957c3412-8352f0e8 Success Error Cancel
> \Driver\BthAvrcp.sys HIDCLASS!HidpFdoPowerCompletion
> Args: 00000000 00000000 00000000 00000000
> >[16,ff] 0 e0 8352f030 00000000 84574d56-968c0fdc Success Error Cancel
> \Driver\BthAvrcp.sys nt!IovpInternalCompletionTrap
> Args: 00000000 00000000 00000000 00000000
> [16,ff] 0 e0 8352d0b8 00000000 84573c41-89f179c0 Success Error Cancel
> \DRIVER\VERIFIER_FILTER nt!ViIrpSynchronousCompletionRoutine
> Args: 00000000 00000000 00000000 00000000
>
> 16(IRP_MJ_POWER) IrpMinorFunction = 0xFF
>
> I’m not sure if it is caused by HIDCLASS driver or my source code.
>
> My Power Dispatch routine code is :
>
> NTSTATUS
> Power(
> in PDEVICE_OBJECT DeviceObject,
> in PIRP Irp
> )
> {
> //
> // Make sure to store and restore the device context depending
> // on whether the system is going into lower power state
> // or resuming. The job of converting S-IRPs to D-IRPs is done
> // by HIDCLASS. All you need to do here is handle Set-Power request
> // for device power state according to the guidelines given in the
> // power management documentation of the DDK. Before powering down
> // your device make sure to cancel any pending IRPs, if any, sent by
> // you to the lower device stack.
> //
> PoStartNextPowerIrp(Irp);
> IoSkipCurrentIrpStackLocation(Irp);
>
> return PoCallDriver(GET_NEXT_DO (DeviceObject), Irp);
> }
>
> How can I fix this?
>
> Thanks!
>
> –
> Danny
>


Danny