Driver Verifier gives undocumented BugCheck code 0xC9_307

Hi!

Driver Verifier gives BUGCHECK_STR: 0xc9_307 which does not seem to be documented here: https://msdn.microsoft.com/en-us/library/windows/hardware/ff560205(v=vs.85).aspx

How do I figure out what it means?

It is a IoCallDriver() call the triggers the bugcheck.

Please see Bugcheck Analysis below for more info:

BugCheck C9, {307, fffff80144ca1367, ffffcf8086daaca0, 0}

Probably caused by : kcany.sys ( kcany!call_lower_driver_sync+118 )

Followup: MachineOwner

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000307, Code that specifies the violation
Arg2: fffff80144ca1367
Arg3: ffffcf8086daaca0
Arg4: 0000000000000000

Debugging Details:

ADDITIONAL_DEBUG_TEXT:
You can run ‘.symfix; .reload’ to try to fix the symbol path and load symbols.

MODULE_NAME: kcany

FAULTING_MODULE: fffff8009a216000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 57862727

BUGCHECK_STR: 0xc9_307

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 307

FAULTING_IP:
ACPI!ACPIIrpDispatchDeviceControl+97
fffff801`44ca1367 8bf8 mov edi,eax

FOLLOWUP_IP:
kcany!call_lower_driver_sync+118 [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 723]
fffff801`47b28588 89442430 mov dword ptr [rsp+30h],eax

IRP_ADDRESS: ffffcf8086daaca0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

CURRENT_IRQL: 0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER: from fffff8009a94fabc to fffff8009a365480

STACK_TEXT:
ffffd001702d5e78 fffff8009a94fabc : 00000000000000c9 0000000000000307 fffff80144ca1367 ffffcf8086daaca0 : nt!KeBugCheckEx
ffffd001702d5e80 fffff8009a9524e1 : fffff8009a941aa0 fffff80144ca1367 ffffcf8086daaca0 0000000000000000 : nt!IoIsValidIrpStatus+0x9dc4
ffffd001702d5ec0 fffff8009a94f06b : fffff80144ca1367 0000000000000307 0000000000000000 0000000000000000 : nt!IoIsValidIrpStatus+0xc7e9
ffffd001702d5f20 fffff8009a94305b : ffffcf8086daac00 ffffcf8086daaca0 ffffcf8086daaca0 0000000000000002 : nt!IoIsValidIrpStatus+0x9373
ffffd001702d5fc0 fffff8009a230ed2 : ffffcf8086daaca0 ffffcf8086daaca0 ffffe0018923e240 ffffe00187b9d510 : nt!MmIsDriverSuspectForVerifier+0x2a1f
ffffd001702d6020 fffff80144ca1367 : ffff7a349ae5ea3d fffff8009a958de6 0000000000000000 ffffe00186cad898 : nt!IofCallDriver+0x72
ffffd001702d6060 fffff80144ca10be : ffffe001888ccc70 0000000000000007 ffffcf8086daaf68 fffff80146966bfa : ACPI!ACPIIrpDispatchDeviceControl+0x97
ffffd001702d60a0 fffff8009a943044 : 0000000000000007 ffffcf8086daaca0 ffffe0018923e240 0000000000000002 : ACPI!ACPIDispatchIrp+0xbe
ffffd001702d6110 fffff8009a230ed2 : ffffe00187aae1b0 0000000000000000 ffffe00187aae060 ffffe00189fa7320 : nt!MmIsDriverSuspectForVerifier+0x2a08
ffffd001702d6170 fffff80146966bfa : 0000000000000482 0000000000000028 0000000000220003 0000000000000000 : nt!IofCallDriver+0x72
ffffd001702d61b0 fffff80146972c63 : ffffcf8086daac00 000000004f494449 ffffcf8086daaf68 ffffcf8086daaca0 : usbhub!UsbhPdoInternalDeviceControl+0x64a
ffffd001702d6220 fffff8009a943044 : ffffcf8086daaca0 0000000000000002 0000000000000000 ffffcf8086daaca0 : usbhub!UsbhGenDispatch+0x43
ffffd001702d6250 fffff8009a230ed2 : ffffcf8087aa4c60 ffffe001879b4920 0000000000000002 ffffe0018a0643f0 : nt!MmIsDriverSuspectForVerifier+0x2a08
ffffd001702d62b0 fffff80147b28588 : ffffcf8087aa4fb8 ffffe00187805a50 ffffe001878059b0 fffff8009a2d2e33 : nt!IofCallDriver+0x72
ffffd001702d62f0 fffff80147b283e7 : fffff80147b4b260 ffffcf8086daaca0 0000000000000065 0000000000000001 : kcany!call_lower_driver_sync+0x118 [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 723]
ffffd001702d6370 fffff80147b29f1e : fffff80147b4b260 ffffe00187af3940 0000000000000000 00000000001d994a : kcany!usb_call_usbd_sync+0xe7 [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 541]
ffffd001702d6410 fffff80147b19b6e : fffff80147b4b260 0000000000000008 0000000000000065 0000000000000001 : kcany!usb_get_configuration+0x1be [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 1357]
ffffd001702d6480 fffff80147b456cb : fffff80147b4b260 fffff80147b4a340 0000000000000065 0000000000000001 : kcany!hwif_probe+0x2e [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\kcany\hydra.c @ 2760]
ffffd001702d64c0 fffff8009a943044 : ffffe001879b4920 ffffcf8087aa4c60 ffffe0012b707249 ffffe00186840700 : kcany!pnp_irp_handler+0xc2b [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\common\pnp.c @ 551]
ffffd001702d6650 fffff8009a230ed2 : ffffcf8087aa4c60 ffffd001702d6760 ffffe001879b4920 ffffe001878059b0 : nt!MmIsDriverSuspectForVerifier+0x2a08
ffffd001702d66b0 fffff8009a616d81 : ffffe00187aae060 ffffd001702d6760 ffffe001879b4920 ffffe00187aae060 : nt!IofCallDriver+0x72
ffffd001702d66f0 fffff8009a21cf29 : ffffe00187aae060 ffffd001702d6799 0000000000000000 ffffd001702d6799 : nt!IoGetDevicePropertyData+0x901
ffffd001702d6730 fffff8009a615971 : ffffe001879e1d30 ffffe001879e1d30 ffffe0018a0d01a0 0000000000000000 : nt!PoFxIdleComponent+0x4a5
ffffd001702d6800 fffff8009a6157e3 : ffffe001879e1d30 ffffe001879e1d30 0000000000000000 0000000000000000 : nt!LsaDeregisterLogonProcess+0x25a9
ffffd001702d68d0 fffff8009a61a4bb : ffffe001879e1d30 0000000000000001 ffffd001702d6a10 0000000000000001 : nt!LsaDeregisterLogonProcess+0x241b
ffffd001702d6910 fffff8009a676fbd : ffffe0018999eed0 0000000000000001 0000000000000000 fffff8009a61ab06 : nt!PoRegisterPowerSettingCallback+0x2007
ffffd001702d6b90 fffff8009a310e2b : 0000000100000003 0000000000000000 0000000000000000 0000000000000000 : nt!IoQueryVolumeInformation+0x1d9d
ffffd001702d6be0 fffff8009a22b319 : ffffe001879a2040 fffff8009a552280 fffff8009a5ef340 fffff8009a5ef340 : nt!IoSynchronousCallDriver+0x657
ffffd001702d6cb0 fffff8009a2de6b4 : 0000000000000000 0000000000000080 fffff8009a5ef340 ffffe001879a2040 : nt!ObDereferenceObjectDeferDeleteWithTag+0x149
ffffd001702d6d40 fffff8009a36a566 : ffffd0016bf5d180 ffffe001879a2040 ffffe00187aea040 0000000000000000 : nt!KeQueryNodeActiveAffinity+0x110
ffffd001702d6da0 0000000000000000 : ffffd001702d7000 ffffd001702d1000 0000000000000000 0000000000000000 : nt!KeSynchronizeExecution+0x4496

STACK_COMMAND: kb

FAULTING_SOURCE_LINE: c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c

FAULTING_SOURCE_FILE: c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c

FAULTING_SOURCE_LINE_NUMBER: 723

FAULTING_SOURCE_CODE:
No source found for ‘c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c’

SYMBOL_STACK_INDEX: e

SYMBOL_NAME: kcany!call_lower_driver_sync+118

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: kcany.sys

BUCKET_ID: WRONG_SYMBOLS

FAILURE_BUCKET_ID: WRONG_SYMBOLS

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:wrong_symbols

FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8}

Followup: MachineOwner

Hello,

1. Thanks for the report: This sub-code is in process of documentation.
2. 0x307 means that your driver issued an I/O request with an event that was already signaled and received a STATUS_PENDING response, which can result in unwinding before the I/O gets completed.
3. If you can, please fix the symbol.

Regards,
James

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Thursday, July 14, 2016 1:25 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Driver Verifier gives undocumented BugCheck code 0xC9_307

Hi!

Driver Verifier gives BUGCHECK_STR: 0xc9_307 which does not seem to be documented here: https://msdn.microsoft.com/en-us/library/windows/hardware/ff560205(v=vs.85).aspx

How do I figure out what it means?

It is a IoCallDriver() call the triggers the bugcheck.

Please see Bugcheck Analysis below for more info:

BugCheck C9, {307, fffff80144ca1367, ffffcf8086daaca0, 0}

Probably caused by : kcany.sys ( kcany!call_lower_driver_sync+118 )

Followup: MachineOwner
---------

3: kd> !analyze -v


Bugcheck Analysis



DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9) The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000307, Code that specifies the violation
Arg2: fffff80144ca1367
Arg3: ffffcf8086daaca0
Arg4: 0000000000000000

Debugging Details:
------------------

ADDITIONAL_DEBUG_TEXT:
You can run ‘.symfix; .reload’ to try to fix the symbol path and load symbols.

MODULE_NAME: kcany

FAULTING_MODULE: fffff8009a216000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 57862727

BUGCHECK_STR: 0xc9_307

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 307

FAULTING_IP:
ACPI!ACPIIrpDispatchDeviceControl+97
fffff80144ca1367 8bf8 mov edi,eax<br><br>FOLLOWUP_IP: <br>kcany!call_lower_driver_sync+118 [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 723]<br>fffff80147b28588 89442430 mov dword ptr [rsp+30h],eax

IRP_ADDRESS: ffffcf8086daaca0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

CURRENT_IRQL: 0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER: from fffff8009a94fabc to fffff8009a365480

STACK_TEXT:
ffffd001702d5e78 fffff8009a94fabc : 00000000000000c9 0000000000000307 fffff80144ca1367 ffffcf8086daaca0 : nt!KeBugCheckEx
ffffd001702d5e80 fffff8009a9524e1 : fffff8009a941aa0 fffff80144ca1367 ffffcf8086daaca0 0000000000000000 : nt!IoIsValidIrpStatus+0x9dc4
ffffd001702d5ec0 fffff8009a94f06b : fffff80144ca1367 0000000000000307 0000000000000000 0000000000000000 : nt!IoIsValidIrpStatus+0xc7e9
ffffd001702d5f20 fffff8009a94305b : ffffcf8086daac00 ffffcf8086daaca0 ffffcf8086daaca0 0000000000000002 : nt!IoIsValidIrpStatus+0x9373
ffffd001702d5fc0 fffff8009a230ed2 : ffffcf8086daaca0 ffffcf8086daaca0 ffffe0018923e240 ffffe00187b9d510 : nt!MmIsDriverSuspectForVerifier+0x2a1f
ffffd001702d6020 fffff80144ca1367 : ffff7a349ae5ea3d fffff8009a958de6 0000000000000000 ffffe00186cad898 : nt!IofCallDriver+0x72
ffffd001702d6060 fffff80144ca10be : ffffe001888ccc70 0000000000000007 ffffcf8086daaf68 fffff80146966bfa : ACPI!ACPIIrpDispatchDeviceControl+0x97
ffffd001702d60a0 fffff8009a943044 : 0000000000000007 ffffcf8086daaca0 ffffe0018923e240 0000000000000002 : ACPI!ACPIDispatchIrp+0xbe
ffffd001702d6110 fffff8009a230ed2 : ffffe00187aae1b0 0000000000000000 ffffe00187aae060 ffffe00189fa7320 : nt!MmIsDriverSuspectForVerifier+0x2a08
ffffd001702d6170 fffff80146966bfa : 0000000000000482 0000000000000028 0000000000220003 0000000000000000 : nt!IofCallDriver+0x72
ffffd001702d61b0 fffff80146972c63 : ffffcf8086daac00 000000004f494449 ffffcf8086daaf68 ffffcf8086daaca0 : usbhub!UsbhPdoInternalDeviceControl+0x64a
ffffd001702d6220 fffff8009a943044 : ffffcf8086daaca0 0000000000000002 0000000000000000 ffffcf8086daaca0 : usbhub!UsbhGenDispatch+0x43
ffffd001702d6250 fffff8009a230ed2 : ffffcf8087aa4c60 ffffe001879b4920 0000000000000002 ffffe0018a0643f0 : nt!MmIsDriverSuspectForVerifier+0x2a08
ffffd001702d62b0 fffff80147b28588 : ffffcf8087aa4fb8 ffffe00187805a50 ffffe001878059b0 fffff8009a2d2e33 : nt!IofCallDriver+0x72
ffffd001702d62f0 fffff80147b283e7 : fffff80147b4b260 ffffcf8086daaca0 0000000000000065 0000000000000001 : kcany!call_lower_driver_sync+0x118 [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 723]
ffffd001702d6370 fffff80147b29f1e : fffff80147b4b260 ffffe00187af3940 0000000000000000 00000000001d994a : kcany!usb_call_usbd_sync+0xe7 [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 541]
ffffd001702d6410 fffff80147b19b6e : fffff80147b4b260 0000000000000008 0000000000000065 0000000000000001 : kcany!usb_get_configuration+0x1be [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c @ 1357]
ffffd001702d6480 fffff80147b456cb : fffff80147b4b260 fffff80147b4a340 0000000000000065 0000000000000001 : kcany!hwif_probe+0x2e [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\kcany\hydra.c @ 2760]
ffffd001702d64c0 fffff8009a943044 : ffffe001879b4920 ffffcf8087aa4c60 ffffe0012b707249 ffffe00186840700 : kcany!pnp_irp_handler+0xc2b [c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\common\pnp.c @ 551]
ffffd001702d6650 fffff8009a230ed2 : ffffcf8087aa4c60 ffffd001702d6760 ffffe001879b4920 ffffe001878059b0 : nt!MmIsDriverSuspectForVerifier+0x2a08
ffffd001702d66b0 fffff8009a616d81 : ffffe00187aae060 ffffd001702d6760 ffffe001879b4920 ffffe00187aae060 : nt!IofCallDriver+0x72
ffffd001702d66f0 fffff8009a21cf29 : ffffe00187aae060 ffffd001702d6799 0000000000000000 ffffd001702d6799 : nt!IoGetDevicePropertyData+0x901
ffffd001702d6730 fffff8009a615971 : ffffe001879e1d30 ffffe001879e1d30 ffffe0018a0d01a0 0000000000000000 : nt!PoFxIdleComponent+0x4a5
ffffd001702d6800 fffff8009a6157e3 : ffffe001879e1d30 ffffe001879e1d30 0000000000000000 0000000000000000 : nt!LsaDeregisterLogonProcess+0x25a9
ffffd001702d68d0 fffff8009a61a4bb : ffffe001879e1d30 0000000000000001 ffffd001702d6a10 0000000000000001 : nt!LsaDeregisterLogonProcess+0x241b
ffffd001702d6910 fffff8009a676fbd : ffffe0018999eed0 0000000000000001 0000000000000000 fffff8009a61ab06 : nt!PoRegisterPowerSettingCallback+0x2007
ffffd001702d6b90 fffff8009a310e2b : 0000000100000003 0000000000000000 0000000000000000 0000000000000000 : nt!IoQueryVolumeInformation+0x1d9d
ffffd001702d6be0 fffff8009a22b319 : ffffe001879a2040 fffff8009a552280 fffff8009a5ef340 fffff8009a5ef340 : nt!IoSynchronousCallDriver+0x657
ffffd001702d6cb0 fffff8009a2de6b4 : 0000000000000000 0000000000000080 fffff8009a5ef340 ffffe001879a2040 : nt!ObDereferenceObjectDeferDeleteWithTag+0x149
ffffd001702d6d40 fffff8009a36a566 : ffffd0016bf5d180 ffffe001879a2040 ffffe00187aea040 0000000000000000 : nt!KeQueryNodeActiveAffinity+0x110
ffffd001702d6da0 0000000000000000 : ffffd001702d7000 ffffd001702d1000 0000000000000000 0000000000000000 : nt!KeSynchronizeExecution+0x4496

STACK_COMMAND: kb

FAULTING_SOURCE_LINE: c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c

FAULTING_SOURCE_FILE: c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c

FAULTING_SOURCE_LINE_NUMBER: 723

FAULTING_SOURCE_CODE:
No source found for ‘c:\users\extcd\desktop\temp\build_canlib_v5_16\default_release\src\drv\usb\usb_routines.c’

SYMBOL_STACK_INDEX: e

SYMBOL_NAME: kcany!call_lower_driver_sync+118

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: kcany.sys

BUCKET_ID: WRONG_SYMBOLS

FAILURE_BUCKET_ID: WRONG_SYMBOLS

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:wrong_symbols

FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8}

Followup: MachineOwner
---------

—
NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>

On Thu, Jul 14, 2016 at 4:24 AM, wrote:

> IoIsValidIrpStatus

IoIsValidIrpStatus - that would be a clue, right?

If you fixed your symbols it would show you a bit more about exactly what
your driver did around line 723 in \build_canlib_v5_16\default_
release\src\drv\usb\usb_routines.c, but between knowing that it is an
invalid irp status and the exact line of your code that is involved in the
error, perhaps that can get you going?

Mark Roddy