IoFreeIrp bugchecks with Driver Verifier

I am using the following simple construct: in a completion routine: It is
performing a IRP_MJ_READ.

IoAllocateIrp
IoGetNextIrpStackLocation
KeInitializeEvent
IoSetCompletionRoutine
IoCallDriver
KeWaitForSingleObject
IoFreeIrp

It works great, however, with Driver Verifier Level 2 I/O verifying, I
occassionally get bugcheck SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION on the
IoFreeIrp. If I use Level 1 I/O verifying, it all works fine. Does anyone
know how to interpret this? There is precious little at Microsoft’s web
site. I checked all buffers, all allocate and free pools, all buffer
lengths, etc. but could come up with nothing.

Thanks.

Neil


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

First, you should not be doing any of these operations in a completion
routine. A completion routine may come in at DPC level and most of
these operations are not valid at DPC level. You need to either queue
the request to a worker thread or have your completion routine sync back
to your dispatch routine to perform these operations.

Now to answer your real question. Are you returning
STATUS_MORE_PROCESSING_REQUIRED from your completion routine? If not
this is the problem. Whenever you allocate and free your own IRPs your
completion routine must return STATUS_MORE_PROCESSING_REQUIRED. If you
don’t then the IoManager will also cleanup and free the IRP which is
causing the pool corruption.

Neal Christiansen

-----Original Message-----
From: Neil Weicher [mailto:xxxxx@netlib.com]
Sent: Thursday, January 04, 2001 2:14 PM
To: File Systems Developers
Subject: [ntfsd] IoFreeIrp bugchecks with Driver Verifier

I am using the following simple construct: in a completion routine: It
is
performing a IRP_MJ_READ.

IoAllocateIrp
IoGetNextIrpStackLocation
KeInitializeEvent
IoSetCompletionRoutine
IoCallDriver
KeWaitForSingleObject
IoFreeIrp

It works great, however, with Driver Verifier Level 2 I/O verifying, I
occassionally get bugcheck SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION on
the
IoFreeIrp. If I use Level 1 I/O verifying, it all works fine. Does
anyone
know how to interpret this? There is precious little at Microsoft’s web
site. I checked all buffers, all allocate and free pools, all buffer
lengths, etc. but could come up with nothing.

Thanks.

Neil


You are currently subscribed to ntfsd as: xxxxx@Exchange.Microsoft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

The reason turned out to be this line:

if (Irp->PendingReturned) IoMarkIrpPending(Irp);

Since I was the top level driver (I created the Irp), it was completed by the
time it got back to me, so irp->CurrentStackLocation was no longer valid.
What is really a mystery to me is why it didn’t bugcheck all the time.

Yes, I am returning SMPR.

Thank you very much for the reply.

Neil

Subject: RE: IoFreeIrp bugchecks with Driver Verifier
From: “Neal Christiansen”
Date: Mon, 8 Jan 2001 11:06:37 -0800
X-Message-Number: 2

First, you should not be doing any of these operations in a completion
routine. A completion routine may come in at DPC level and most of
these operations are not valid at DPC level. You need to either queue
the request to a worker thread or have your completion routine sync back
to your dispatch routine to perform these operations.

Now to answer your real question. Are you returning
STATUS_MORE_PROCESSING_REQUIRED from your completion routine? If not
this is the problem. Whenever you allocate and free your own IRPs your
completion routine must return STATUS_MORE_PROCESSING_REQUIRED. If you
don’t then the IoManager will also cleanup and free the IRP which is
causing the pool corruption.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

If you allocate and free your own IRP, your completion routine must not
call IoMarkIrpPending on that IRP.

-----Original Message-----
From: Neil Weicher [mailto:xxxxx@netlib.com]
Sent: Tuesday, January 09, 2001 3:35 AM
To: File Systems Developers
Subject: [ntfsd] RE: IoFreeIrp bugchecks with Driver Verifier

The reason turned out to be this line:

if (Irp->PendingReturned) IoMarkIrpPending(Irp);

Since I was the top level driver (I created the Irp), it was completed
by the
time it got back to me, so irp->CurrentStackLocation was no longer
valid.
What is really a mystery to me is why it didn’t bugcheck all the time.

Yes, I am returning SMPR.

Thank you very much for the reply.

Neil

Subject: RE: IoFreeIrp bugchecks with Driver Verifier
From: “Neal Christiansen”
Date: Mon, 8 Jan 2001 11:06:37 -0800
X-Message-Number: 2

First, you should not be doing any of these operations in a completion
routine. A completion routine may come in at DPC level and most of
these operations are not valid at DPC level. You need to either queue
the request to a worker thread or have your completion routine sync back
to your dispatch routine to perform these operations.

Now to answer your real question. Are you returning
STATUS_MORE_PROCESSING_REQUIRED from your completion routine? If not
this is the problem. Whenever you allocate and free your own IRPs your
completion routine must return STATUS_MORE_PROCESSING_REQUIRED. If you
don’t then the IoManager will also cleanup and free the IRP which is
causing the pool corruption.


You are currently subscribed to ntfsd as: xxxxx@exchange.microsoft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com