Help please ! BSOD Invalid IOSB in IRP at APC IopCompleteRequest

NTDEV
1

Help me , help please ;

i load my driver with utility “Driver verifier” ,
my driver which manage a virtual disk system (NTFS,FAT etc.) and virtual disk filesystem.

In IRP_MJ_WRITE i have blue screen in function virtual disk system,
the BSOD is produced before processing IRP function of my virtual disk system.

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on
stack that was unwound)
Arg2: f0c79fec, IOSB address
Arg3: 00000000, IRP address
Arg4: 00000000

NTSTATUS
DrvDispatch (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PIO_STACK_LOCATION irps;
NTSTATUS status=STATUS_NOT_IMPLEMENTED;
KdPrintf((“[VFUM] control\n”));
irps = IoGetCurrentIrpStackLocation(Irp);
if (irps!=NULL)
{
if (irps->MajorFunction==IRP_MJ_PNP)
{
KdPrintf((“IRP_MJ_PNP\n”));
Irp->IoStatus.Status=STATUS_SUCCESS;
status=STATUS_SUCCESS;
}
if (DeviceObject==g_devcontrol) // my function IOCTL
{


}
if (IsRawDisk(DeviceObject)==TRUE) //function called about my virtual disk , it"s function who is interested
{
KdPrintfd ((“In RawDisk\n”));
status=controldiskrawsystem(DeviceObject,Irp,irps);
if (status==STATUS_PENDING)
return status; //BUG ??? No because IoMarkIrpPending Called
//if other than STATUS_PENDING , it’s IoCompleteRequest
}
#endif
else
{


}
}

KdPrintf((“Return information : %x\n”,Irp->IoStatus.Information));
IoCompleteRequest(Irp, IO_NO_INCREMENT);
gty:
return status;

}

void IjThreadDiskRaw(PPARAM_RAWDISK pvr,IN PIRP irp)
{
PENTRYLR entryl;
HANDLE hp;

KIRQL oldirql;
hp=PsGetCurrentProcessId();

KdPrintfdr1((“Begin IjThreadDiskRaw (%x)\n”,hp));
irp->IoStatus.Status=STATUS_PENDING;

IoMarkIrpPending(irp);

entryl=(PENTRYLR)ExAllocatePoolWithTag(NonPagedPool,sizeof (TENTRYLR),45);
if (entryl!=NULL)
{
entryl->irp=irp;
entryl->processID=hp;

ExInterlockedInsertTailList(&pvr->list_head,
&entryl->le,
&pvr->list_lock);

/* ExInterlockedInsertTailList(&pvd->list_head,
&irp->Tail.Overlay.ListEntry,
&pvd->list_lock);*/

}
else
KdPrintfdr1((“Error allocation entryl\n”,NULL));

KeSetEvent(&pvr->request_event, (KPRIORITY) 0, FALSE);
}

NTSTATUS controldiskrawsystem(PDEVICE_OBJECT DeviceObject,PIRP irp,PIO_STACK_LOCATION irps)
{
NTSTATUS status=STATUS_INTERNAL_ERROR;
PPARAM_RAWDISK vdr=vdr_GetParam(DeviceObject);
irp->IoStatus.Information=0;
if (vdr!=NULL)
{
if (vdr->terminate_thread==FALSE)
{
if ((vdr->used==TRUE) && (vdr->parameter==TRUE))
{

//if (irps->MajorFunction==IRP_DEVICEIOCONTROL;
BOOLEAN ok=TRUE;
if (irps->MajorFunction==IRP_MJ_READ)
{
if (irps->Parameters.Read.Length==0)
{
KdPrintfdr1((“[Internal]IRP_MJ_READ=NULL\n”));
ok=FALSE;
}
}
if (irps->MajorFunction==IRP_MJ_WRITE)
{
if (irps->Parameters.Write.Length==0)
{
KdPrintfdr1((“[Internal]IRP_MJ_READ=NULL\n”));
ok=FALSE;
}
}
if (ok==TRUE)
{
IjThreadDiskRaw(vdr,irp);
return STATUS_PENDING;
}
else
{
KdPrintfdr1((“[Internal]IRP_MJ_READ=NULL\n”));
KdPrintfdr1((“[Internal]OK=FALSE\n”));
irp->IoStatus.Status=STATUS_SUCCESS;
return STATUS_SUCCESS;
}
}
else
{
KdPrintfdr1((“[Internal]STATUS_DEVICE_NOT_READY\n”));
irp->IoStatus.Status=status=STATUS_DEVICE_NOT_READY;
}

}
else
{
KdPrintfdr1((“[Internal]STATUS_DEVICE_REMOVED\n”));
irp->IoStatus.Status=status=STATUS_DEVICE_REMOVED;
}
}
return status;
}

Thank you for me help;

2

You should provide the complete output of !analyze -v when asking BSOD
questions. In this case it is easy, you test for Irp == NULL but at the
end of the routine you call IoCompleteRequest even if the request is
NULL. Since you can see that Arg3 of the BugCheck is NULL and
represents the Irp, you have problems.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

xxxxx@sivaller.no-ip.org” wrote in
message news:xxxxx@ntdev:

> Help me , help please ;
>
> i load my driver with utility “Driver verifier” ,
> my driver which manage a virtual disk system (NTFS,FAT etc.) and virtual disk filesystem.
>
> In IRP_MJ_WRITE i have blue screen in function virtual disk system,
> the BSOD is produced before processing IRP function of my virtual disk system.
>
> *
> *
> * Bugcheck Analysis
> *
>
>
> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
> The IO manager has caught a misbehaving driver.
> Arguments:
> Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on
> stack that was unwound)
> Arg2: f0c79fec, IOSB address
> Arg3: 00000000, IRP address
> Arg4: 00000000
>
> NTSTATUS
> DrvDispatch (
> IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp
> )
> {
> PIO_STACK_LOCATION irps;
> NTSTATUS status=STATUS_NOT_IMPLEMENTED;
> KdPrintf((“[VFUM] control\n”));
> irps = IoGetCurrentIrpStackLocation(Irp);
> if (irps!=NULL)
> {
> if (irps->MajorFunction==IRP_MJ_PNP)
> {
> KdPrintf((“IRP_MJ_PNP\n”));
> Irp->IoStatus.Status=STATUS_SUCCESS;
> status=STATUS_SUCCESS;
> }
> if (DeviceObject==g_devcontrol) // my function IOCTL
> {
> …
> …
> }
> if (IsRawDisk(DeviceObject)==TRUE) //function called about my virtual disk , it"s function who is interested
> {
> KdPrintfd ((“In RawDisk\n”));
> status=controldiskrawsystem(DeviceObject,Irp,irps);
> if (status==STATUS_PENDING)
> return status; //BUG ??? No because IoMarkIrpPending Called
> //if other than STATUS_PENDING , it’s IoCompleteRequest
> }
> #endif
> else
> {
> …
> …
> }
> }
>
> KdPrintf((“Return information : %x\n”,Irp->IoStatus.Information));
> IoCompleteRequest(Irp, IO_NO_INCREMENT);
> gty:
> return status;
>
> }
>
> void IjThreadDiskRaw(PPARAM_RAWDISK pvr,IN PIRP irp)
> {
> PENTRYLR entryl;
> HANDLE hp;
>
> KIRQL oldirql;
> hp=PsGetCurrentProcessId();
>
> KdPrintfdr1((“Begin IjThreadDiskRaw (%x)\n”,hp));
> irp->IoStatus.Status=STATUS_PENDING;
>
> IoMarkIrpPending(irp);
>
>
>
>
>
> entryl=(PENTRYLR)ExAllocatePoolWithTag(NonPagedPool,sizeof (TENTRYLR),45);
> if (entryl!=NULL)
> {
> entryl->irp=irp;
> entryl->processID=hp;
>
>
> ExInterlockedInsertTailList(&pvr->list_head,
> &entryl->le,
> &pvr->list_lock);
>
>
> / ExInterlockedInsertTailList(&pvd->list_head,
> &irp->Tail.Overlay.ListEntry,
> &pvd->list_lock);/
>
>
> }
> else
> KdPrintfdr1((“Error allocation entryl\n”,NULL));
>
> KeSetEvent(&pvr->request_event, (KPRIORITY) 0, FALSE);
> }
>
>
> NTSTATUS controldiskrawsystem(PDEVICE_OBJECT DeviceObject,PIRP irp,PIO_STACK_LOCATION irps)
> {
> NTSTATUS status=STATUS_INTERNAL_ERROR;
> PPARAM_RAWDISK vdr=vdr_GetParam(DeviceObject);
> irp->IoStatus.Information=0;
> if (vdr!=NULL)
> {
> if (vdr->terminate_thread==FALSE)
> {
> if ((vdr->used==TRUE) && (vdr->parameter==TRUE))
> {
>
> //if (irps->MajorFunction==IRP_DEVICEIOCONTROL;
> BOOLEAN ok=TRUE;
> if (irps->MajorFunction==IRP_MJ_READ)
> {
> if (irps->Parameters.Read.Length==0)
> {
> KdPrintfdr1((“[Internal]IRP_MJ_READ=NULL\n”));
> ok=FALSE;
> }
> }
> if (irps->MajorFunction==IRP_MJ_WRITE)
> {
> if (irps->Parameters.Write.Length==0)
> {
> KdPrintfdr1((“[Internal]IRP_MJ_READ=NULL\n”));
> ok=FALSE;
> }
> }
> if (ok==TRUE)
> {
> IjThreadDiskRaw(vdr,irp);
> return STATUS_PENDING;
> }
> else
> {
> KdPrintfdr1((“[Internal]IRP_MJ_READ=NULL\n”));
> KdPrintfdr1((“[Internal]OK=FALSE\n”));
> irp->IoStatus.Status=STATUS_SUCCESS;
> return STATUS_SUCCESS;
> }
> }
> else
> {
> KdPrintfdr1((“[Internal]STATUS_DEVICE_NOT_READY\n”));
> irp->IoStatus.Status=status=STATUS_DEVICE_NOT_READY;
> }
>
> }
> else
> {
> KdPrintfdr1((“[Internal]STATUS_DEVICE_REMOVED\n”));
> irp->IoStatus.Status=status=STATUS_DEVICE_REMOVED;
> }
> }
> return status;
> }
>
>
> Thank you for me help;

3

Thank you
but I’m sorry , it’s don’t all work !

NTSTATUS
DrvDispatch (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PIO_STACK_LOCATION irps;
NTSTATUS status=STATUS_NOT_IMPLEMENTED;
KdPrintf((“[VFUM] control\n”));
irps=NULL;
if (Irp!=NULL)
{

4

thank you
but i’m sorry , don’t all work

NTSTATUS
DrvDispatch (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
PIO_STACK_LOCATION irps;
NTSTATUS status=STATUS_NOT_IMPLEMENTED;
KdPrintf((“[VFUM] control\n”));
irps=NULL;
if (Irp!=NULL)
{


}
else
return STATUS_SUCCESS;

it’s don’t work !
Same BSOD with :
The IO manager has caught a misbehaving driver.
Arguments: Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on stack that was unwound)
Arg2: f0c79fec, IOSB address
Arg3: 00000000, IRP address Arg4: 00000000

my function init vector :
DriverObject->MajorFunction[IRP_MJ_CREATE] =
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
DriverObject->MajorFunction[IRP_MJ_READ] =
DriverObject->MajorFunction[IRP_MJ_WRITE] =
DriverObject->MajorFunction[IRP_MJ_QUERY_INFORMATION] =
DriverObject->MajorFunction[IRP_MJ_SET_INFORMATION] =
DriverObject->MajorFunction[IRP_MJ_QUERY_EA] =
DriverObject->MajorFunction[IRP_MJ_SET_EA] =
DriverObject->MajorFunction[IRP_MJ_FLUSH_BUFFERS] =
DriverObject->MajorFunction[IRP_MJ_QUERY_VOLUME_INFORMATION] =
DriverObject->MajorFunction[IRP_MJ_SET_VOLUME_INFORMATION] =
DriverObject->MajorFunction[IRP_MJ_CLEANUP] =
DriverObject->MajorFunction[IRP_MJ_DIRECTORY_CONTROL] =
DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] =
DriverObject->MajorFunction[IRP_MJ_LOCK_CONTROL] =
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] =
DriverObject->MajorFunction[IRP_MJ_PNP] = (PDRIVER_DISPATCH)DrvDispatch;

5

The give us the !analyze -v and the complete listing of the routine.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

xxxxx@sivaller.no-ip.org” wrote in
message news:xxxxx@ntdev:

> Thank you
> but I’m sorry , it’s don’t all work !
>
> NTSTATUS
> DrvDispatch (
> IN PDEVICE_OBJECT DeviceObject,
> IN PIRP Irp
> )
> {
> PIO_STACK_LOCATION irps;
> NTSTATUS status=STATUS_NOT_IMPLEMENTED;
> KdPrintf((“[VFUM] control\n”));
> irps=NULL;
> if (Irp!=NULL)
> {

6

thank you ,
but i have error No export analyse found.

7

Slow down and be methodical.

Use the American spelling, with a “Z”… like Don told you… !analyze -v

And please be sure you have the symbols set up properly. Please don’t post the output without symbols.

If the whole thing is too trying for you, zip the dump and PDB for the driver up and upload it here:

http://www.osronline.com/page.cfm?name=analyze

Post the output…

Peter
OSR

8

for more precision :
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f073eb44 8067279f 000000c9 0000000c f073dfec nt!KeBugCheckEx+0x1b
f073eb60 80520887 82872fa8 f073ec00 f073ec04 nt!RtlCompressBuffer+0x35fc
f073ebbc 804f2dd5 82872fa8 f073ec08 f073ebfc nt!IoSetFileOrigin+0x416d
f073ec0c 804f2e14 00000000 00000000 00000000 nt!ExAcquireSharedWaitForExclusive+0x132
f073ec50 8059c9b4 00000000 00000000 f073ec70 nt!ExAcquireSharedWaitForExclusive+0x171
f073ec80 80574a54 81f07a68 81f07a68 81f07cb0 nt!IoGetDeviceInterfaces+0x1e64
f073ed08 80574bb5 00000000 81f07a68 00000000 nt!ObLogSecurityDescriptor+0x3db
f073ed28 8058c4dd 81f07a68 00000000 f073ed64 nt!ObLogSecurityDescriptor+0x53c
f073ed54 804dd99f 00000000 00000000 0007fee4 nt!ExRundownCompleted+0x3ab
f073eddc 804ec7a1 ba54ab85 824b94b8 00000000 nt!KiDeliverApc+0xb9e
f073ede0 ba54ab85 824b94b8 00000000 0000027f nt!KeInitializeTimerEx+0x1e6
f073ede4 824b94b8 00000000 0000027f 00000000 NDIS!NdisFreeToBlockPool+0x15e1
f073ede8 00000000 0000027f 00000000 00000000 0x824b94b8

9

Give us the whole !analyze -v doing it piecemeal is just making work for
people who are helping you for free.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

xxxxx@sivaller.no-ip.org” wrote in
message news:xxxxx@ntdev:

> for more precision :
> STACK_TEXT:
> WARNING: Stack unwind information not available. Following frames may be wrong.
> f073eb44 8067279f 000000c9 0000000c f073dfec nt!KeBugCheckEx+0x1b
> f073eb60 80520887 82872fa8 f073ec00 f073ec04 nt!RtlCompressBuffer+0x35fc
> f073ebbc 804f2dd5 82872fa8 f073ec08 f073ebfc nt!IoSetFileOrigin+0x416d
> f073ec0c 804f2e14 00000000 00000000 00000000 nt!ExAcquireSharedWaitForExclusive+0x132
> f073ec50 8059c9b4 00000000 00000000 f073ec70 nt!ExAcquireSharedWaitForExclusive+0x171
> f073ec80 80574a54 81f07a68 81f07a68 81f07cb0 nt!IoGetDeviceInterfaces+0x1e64
> f073ed08 80574bb5 00000000 81f07a68 00000000 nt!ObLogSecurityDescriptor+0x3db
> f073ed28 8058c4dd 81f07a68 00000000 f073ed64 nt!ObLogSecurityDescriptor+0x53c
> f073ed54 804dd99f 00000000 00000000 0007fee4 nt!ExRundownCompleted+0x3ab
> f073eddc 804ec7a1 ba54ab85 824b94b8 00000000 nt!KiDeliverApc+0xb9e
> f073ede0 ba54ab85 824b94b8 00000000 0000027f nt!KeInitializeTimerEx+0x1e6
> f073ede4 824b94b8 00000000 0000027f 00000000 NDIS!NdisFreeToBlockPool+0x15e1
> f073ede8 00000000 0000027f 00000000 00000000 0x824b94b8

10

I do not understand about the BSOD
I detect whether if the IRP is NULL, if so, I return directly STATUS_SUCCESS without calling IoCompleteRequest.
And still always have the BSOD telling me IRP = 00000000 (NULL) with invalid iocompletequest

“-analyse v” give :


Your debugger is not using the correct symbols

PEB is paged out (Peb.Ldr = 7ffdb00c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type “.hh dbgerr001” for details

ADDITIONAL_DEBUG_TEXT:
Use ‘!findthebuild’ command to search for the target build information.
If the build information is available, run ‘!findthebuild -s ; .reload’ to set symbol path and load symbols.

MODULE_NAME: NDIS

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 41107ec3

BUGCHECK_STR: 0xc9_c

DRIVER_VERIFIER_IO_VIOLATION_TYPE: c

IOSB_ADDRESS: fffffffff073dfec

IRP_ADDRESS: 00000000

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 8067279f to 805373ca

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f073eb44 8067279f 000000c9 0000000c f073dfec nt!KeBugCheckEx+0x1b
f073eb60 80520887 82872fa8 f073ec00 f073ec04 nt!RtlCompressBuffer+0x35fc
f073ebbc 804f2dd5 82872fa8 f073ec08 f073ebfc nt!IoSetFileOrigin+0x416d
f073ec0c 804f2e14 00000000 00000000 00000000 nt!ExAcquireSharedWaitForExclusive+0x132
f073ec50 8059c9b4 00000000 00000000 f073ec70 nt!ExAcquireSharedWaitForExclusive+0x171
f073ec80 80574a54 81f07a68 81f07a68 81f07cb0 nt!IoGetDeviceInterfaces+0x1e64
f073ed08 80574bb5 00000000 81f07a68 00000000 nt!ObLogSecurityDescriptor+0x3db
f073ed28 8058c4dd 81f07a68 00000000 f073ed64 nt!ObLogSecurityDescriptor+0x53c
f073ed54 804dd99f 00000000 00000000 0007fee4 nt!ExRundownCompleted+0x3ab
f073eddc 804ec7a1 ba54ab85 824b94b8 00000000 nt!KiDeliverApc+0xb9e
f073ede0 ba54ab85 824b94b8 00000000 0000027f nt!KeInitializeTimerEx+0x1e6
f073ede4 824b94b8 00000000 0000027f 00000000 NDIS!NdisFreeToBlockPool+0x15e1
f073ede8 00000000 0000027f 00000000 00000000 0x824b94b8

11

On Sun, Feb 27, 2011 at 1:15 PM, wrote:
> Your debugger is not using the correct symbols

You have to try to help yourself first. Post the output from analyze
-v with the correct symbols and without you editing anything.

Your code is confusing as you have named your variable for the
PIO_STACK_LOCATION "irps’, instead of something less ambiguous like
irpStack. So it looks superficially like you are testing the if PIRP
is null. Instead you are testing if the return from
IoGetCurrentIrpStackLocation is null, which isn’t going to happen as
that call will bugcheck if there are no IO_STACK_LOCATIONs in the IRP.

Mark Roddy

12

APPARENTLY you don't understand about following directions, either.

Did I *not* ask tell you:

And please be sure you have the symbols set up properly. Please don't post the
output without symbols.

And did I *not* tell you how to trivially accomplish this:

If the whole thing is too trying for you, zip the dump and PDB for the driver up
and upload it here:

Post the output...

C'mon dude... we'll help you, but you REALLY do need to at least make SOME effort to do what we ask. Considering all we're asking you to do is a) upload, b) Click submit, c) cut, d) paste I DON'T think we're asking too much of you.

Peter
OSR

13

Driver Verifier on Windows Seven about my driver : even worse!!
it’s freeze! when windows access to my virtual drive.

Impossible to debug!

14

I doubt that verifier freezes, your driver already has bugs, but you are
not giving us the data to help you fix them!

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

xxxxx@sivaller.no-ip.org” wrote in
message news:xxxxx@ntdev:

> Driver Verifier on Windows Seven about my driver : even worse!!
> it’s freeze! when windows access to my virtual drive.
>
> Impossible to debug!

15

On Sun, Feb 27, 2011 at 3:03 PM, wrote:
> Impossible to debug!

Yes, I have to agree, I’m finding this impossible to debug.

Mark Roddy

16

i had submit the FILE PDB SYS et file DMP , in osronline.

Result :
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp2_gdr.100216-1441
Machine Name:*** WARNING: Unable to verify timestamp for srv.sys
*** ERROR: Module load completed but symbols could not be loaded for srv.sys

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Mon Feb 28 12:09:53.874 2011 (UTC - 5:00)
System Uptime: 0 days 0:02:29.732
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on
stack that was unwound)
Arg2: f0b81fec, IOSB address
Arg3: 00000000, IRP address
Arg4: 00000000

Debugging Details:

BUGCHECK_STR: 0xc9_c

DRIVER_VERIFIER_IO_VIOLATION_TYPE: c

IOSB_ADDRESS: fffffffff0b81fec

IRP_ADDRESS: 828ccf68

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

LAST_CONTROL_TRANSFER: from 8067279f to 805373ca

STACK_TEXT:
f0b82b44 8067279f 000000c9 0000000c f0b81fec nt!KeBugCheckEx+0x1b
f0b82b60 80520887 828ccfa8 f0b82c00 f0b82c04 nt!IovpCompleteRequest+0x4c
f0b82bbc 804f2dd5 828ccfa8 f0b82c08 f0b82bfc nt!IopCompleteRequest+0x39
f0b82c0c 804f2e14 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
f0b82c24 804e161a 806ff410 823d0818 806ff3b8 nt!KiSwapThread+0xa8
f0b82c50 8059c9b4 00000000 00000000 f0b82c70 nt!KeDelayExecutionThread+0x1c9
f0b82c80 80574a54 823d0608 823d0608 823d0850 nt!IoCancelThreadIo+0x68
f0b82d08 80574bb5 00000000 823d0608 00000000 nt!PspExitThread+0x403
f0b82d28 8058c4dd 823d0608 00000000 f0b82d64 nt!PspTerminateThreadByPointer+0x52
f0b82d54 804dd99f 00000000 00000000 0007fee4 nt!NtTerminateProcess+0x118
f0b82d54 7c91e514 00000000 00000000 0007fee4 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0007fee4 00000000 00000000 00000000 00000000 0x7c91e514

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!IovpCompleteRequest+4c
8067279f 5d pop ebp

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!IovpCompleteRequest+4c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7a9ae0

FAILURE_BUCKET_ID: 0xc9_c_nt!IovpCompleteRequest+4c

BUCKET_ID: 0xc9_c_nt!IovpCompleteRequest+4c

Followup: MachineOwner

This free analysis is provided by OSR Open Systems Resources, Inc.
Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
Hide DivCrash Code Links

View the MSDN page for DRIVER_VERIFIER_IOMANAGER_VIOLATION
Search Google for DRIVER_VERIFIER_IOMANAGER_VIOLATION

Thank you

17

So we are back to square one with the fact that you are mishandling
IRP completion. Your code appears to be a bit of a mess, from the
excerpts you posted. I realize that is not very helpful and probably
insulting, for which I apologize, but that was what I got out of
staring at what you posted. I have to wonder why you chose to
implement this driver of yours using WDM rather than KMDF.

Mark Roddy

On Mon, Feb 28, 2011 at 12:16 PM, wrote:
> i had submit the FILE PDB SYS et file DMP , in osronline.
>
> Result :
> Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
> Online Crash Dump Analysis Service
> See http://www.osronline.com for more information
> Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
> Product: WinNt
> Built by: 2600.xpsp_sp2_gdr.100216-1441
> Machine Name: WARNING: Unable to verify timestamp for srv.sys
> ERROR: Module load completed but symbols could not be loaded for srv.sys
>
> Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> Debug session time: Mon Feb 28 12:09:53.874 2011 (UTC - 5:00)
> System Uptime: 0 days 0:02:29.732
> *
> * ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> * ? ? ? ? ? ? ? ? ? ? ? ?Bugcheck Analysis ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> * ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
>
>
> DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
> The IO manager has caught a misbehaving driver.
> Arguments:
> Arg1: 0000000c, Invalid IOSB in IRP at APC IopCompleteRequest (appears to be on
> ? ? ? ?stack that was unwound)
> Arg2: f0b81fec, IOSB address
> Arg3: 00000000, IRP address
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
>
> BUGCHECK_STR: ?0xc9_c
>
> DRIVER_VERIFIER_IO_VIOLATION_TYPE: ?c
>
> IOSB_ADDRESS: fffffffff0b81fec
>
> IRP_ADDRESS: ?828ccf68
>
> DEFAULT_BUCKET_ID: ?INTEL_CPU_MICROCODE_ZERO
>
> LAST_CONTROL_TRANSFER: ?from 8067279f to 805373ca
>
> STACK_TEXT:
> f0b82b44 8067279f 000000c9 0000000c f0b81fec nt!KeBugCheckEx+0x1b
> f0b82b60 80520887 828ccfa8 f0b82c00 f0b82c04 nt!IovpCompleteRequest+0x4c
> f0b82bbc 804f2dd5 828ccfa8 f0b82c08 f0b82bfc nt!IopCompleteRequest+0x39
> f0b82c0c 804f2e14 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
> f0b82c24 804e161a 806ff410 823d0818 806ff3b8 nt!KiSwapThread+0xa8
> f0b82c50 8059c9b4 00000000 00000000 f0b82c70 nt!KeDelayExecutionThread+0x1c9
> f0b82c80 80574a54 823d0608 823d0608 823d0850 nt!IoCancelThreadIo+0x68
> f0b82d08 80574bb5 00000000 823d0608 00000000 nt!PspExitThread+0x403
> f0b82d28 8058c4dd 823d0608 00000000 f0b82d64 nt!PspTerminateThreadByPointer+0x52
> f0b82d54 804dd99f 00000000 00000000 0007fee4 nt!NtTerminateProcess+0x118
> f0b82d54 7c91e514 00000000 00000000 0007fee4 nt!KiFastCallEntry+0xfc
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 0007fee4 00000000 00000000 00000000 00000000 0x7c91e514
>
>
> STACK_COMMAND: ?kb
>
> FOLLOWUP_IP:
> nt!IovpCompleteRequest+4c
> 8067279f 5d ? ? ? ? ? ? ?pop ? ? ebp
>
> SYMBOL_STACK_INDEX: ?1
>
> SYMBOL_NAME: ?nt!IovpCompleteRequest+4c
>
> FOLLOWUP_NAME: ?MachineOwner
>
> MODULE_NAME: nt
>
> IMAGE_NAME: ?ntkrnlmp.exe
>
> DEBUG_FLR_IMAGE_TIMESTAMP: ?4b7a9ae0
>
> FAILURE_BUCKET_ID: ?0xc9_c_nt!IovpCompleteRequest+4c
>
> BUCKET_ID: ?0xc9_c_nt!IovpCompleteRequest+4c
>
> Followup: MachineOwner
> ---------
>
>
> This free analysis is provided by OSR Open Systems Resources, Inc.
> Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
> Hide DivCrash Code Links
>
> View the MSDN page for DRIVER_VERIFIER_IOMANAGER_VIOLATION
> Search Google for DRIVER_VERIFIER_IOMANAGER_VIOLATION
>
> Thank you
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

18

i try use kernel function KeEnterCriticalRegion and KeLeaveCriticalRegion



if (IsRawDisk(DeviceObject)==TRUE)
{
KdPrintfd ((“In RawDisk\n”));
KeEnterCriticalRegion();
status=controldiskrawsystem(DeviceObject,Irp,irps);
KeLeaveCriticalRegion();
if (status==STATUS_PENDING)
return status;
}
else

my problem always not resolved
Don’t all work ! in IRP_MJ_WRITE ! with Driver Verifier !

19

xxxxx@sivaller.no-ip.org wrote:

i try use kernel function KeEnterCriticalRegion and KeLeaveCriticalRegion


if (IsRawDisk(DeviceObject)==TRUE)
{
KdPrintfd ((“In RawDisk\n”));
KeEnterCriticalRegion();
status=controldiskrawsystem(DeviceObject,Irp,irps);
KeLeaveCriticalRegion();
if (status==STATUS_PENDING)
return status;
}
else

my problem always not resolved
Don’t all work ! in IRP_MJ_WRITE ! with Driver Verifier !

Why do you think this code is involved? Where does it crash, exactly?
You should show us the output of !analyze -v.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

20

Tim… He DID provide the output from !analyze -v (message 16 of this thread).

OP… Don’t you think the problem is more likely to be, oh, the fact that the IOSB specified by the caller might have been specified as a local variable, thus located on the stack, and that stack unwound so that the IOSB is no longer valid?

I got this wonderful insight from the !analyze -v output, which points to exactly this problem.

Peter
OSR