IRQL_NOT_GREATER_OR_EQUAL

OSR_Community_User · July 23, 2002, 2:08pm

I encountered a BSOD with a IRQL_NOT_GREATER_OR_EQUAL bugcheck. The
documentation on this has the verbose statement “This bug check appears very
infrequently.”

I then did an “!analyze -v”, see below, to look at the stack. It appears as
if el90xbc5.sys has registered a callback routine with
KeRegisterBugCheckCallback() with the intention of writing to the error log.
However, for whatever reason, IoAllocateErrorLogEntry() attempted to acquire
a spin lock causing the above bugcheck since acquiring spin locks are not
allowed in the bugcheck callback routines.

Digging a bit further, it appears as if smwdm.sys called a pageable function
at DISPATCH_LEVEL causing the initial bugcheck that called the registered
bugcheck callback routines since the page was paged out to disk, verified
through !pte.

I initially thought, and don’t preclude the possibility, that my driver
would have caused this. Driver verifier is monitoring my driver, with Force
IRQL Checking and Special Pool, on Win2K Pro SP2 with a checked kernel.

Does my conclusion sound valid?
Any other thoughts or directions I should look into?
I find the odds of discovering two bugs in two different drivers extremely
low, so what types of activites could have caused this, assuming my driver
is at fault?

My driver is a passive filter driver.
All help appreciated, Thanks.

Stanislaw

kd> !analyze -v
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***

IRQL_NOT_GREATER_OR_EQUAL (9)
Arguments:
Arg1: 804be7f0
Arg2: 00000002
Arg3: 00000000
Arg4: 00000004

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 9

LAST_CONTROL_TRANSFER: from 80438523 to 8049df08

STACK_TEXT:
eb17eea8 80438523 00000004 eb17eef0 804be7f0
nt!RtlpBreakWithStatusInstruction
eb17eed8 80438d6f 00000004 0000005e 000000b4 nt!KiBugCheckDebugBreak+0x31
eb17f260 800630c6 00000000 804be7f0 00000002 nt!KeBugCheckEx+0x5e9
eb17f2c0 80423a8a 817549b8 81755278 00000092 HALACPI!KfAcquireSpinLock+0x46
eb17f2c0 80423a8a 817549b8 81755278 00000092 nt!IoAllocateErrorLogEntry+0x2c
eb17f2d4 bfed37f3 817549b8 00000092 81735c58 nt!IoAllocateErrorLogEntry+0x2c
eb17f2f4 eb052437 81754ee0 c0001389 00000001
NDIS!NdisWriteErrorLogEntry+0x78
eb17f308 eb05b522 81735008 c0001389 00000084
el90xbc5!WriteErrorLogEntry+0x17
eb17f328 eb056940 81735008 00000020 bfed30f3 el90xbc5!IssueKeepAlive+0x3c8
eb17f340 bfed3109 000186a0 80438f29 81754a70 el90xbc5!NICShutdown+0x1f0
eb17f348 80438f29 81754a70 00000048 000001df NDIS!ndisBugcheckHandler+0x16
eb17f398 80438c1f bae15336 bae15336 00000000
nt!KiScanBugCheckCallbackList+0x99
eb17f71c 804b54c0 00000000 bae15336 00000002 nt!KeBugCheckEx+0x499
eb17f71c bae15336 00000000 bae15336 00000002 nt!KiTrap0E+0x2a4
WARNING: Stack unwind information not available. Following frames may be
wrong.
eb17f7a8 badc6ac6 816d2008 00000000 00000004 smwdm+0x54336
eb17f8dc bae1af83 14000004 816d2fd8 816d2fd8 smwdm+0x5ac6
eb17f910 badb503e 816d2dec 00000004 bfa06f94 smwdm+0x59f83
eb17f928 badb5192 8174aef0 00000004 8174aef0
portcls!PowerNotifySubdevices+0x31
eb17f948 badb4f29 bfa06f00 00000000 8174ae38 portcls!ProcessPowerIrp+0x91
eb17f96c 80424606 8174ae38 bfa06f00 bfa06f00 portcls!DispatchPower+0x3a
eb17f984 80497e24 bfa06f00 bfa06f94 8174afd8 nt!IopfCallDriver+0x4f
eb17f9a4 80497c1b bfa06f01 bfa06f00 80498894 nt!PopPresentIrp+0xce
eb17f9c8 80498888 8174ae38 badb4fc5 8174aef0 nt!PoCallDriver+0x282
eb17f9e4 badb4fc5 81839e38 ff57b902 00000004 nt!PoRequestPowerIrp+0x13b
eb17fa14 80424606 00000004 bc262f48 bc262f48 portcls!DispatchPower+0xd6
eb17fa2c 80497e24 bc262f48 bc262fdc 8174afd8 nt!IopfCallDriver+0x4f
eb17fa4c 80497c1b bc262f01 bc262f48 ff118008 nt!PopPresentIrp+0xce
eb17fa70 804f52a0 8174ae38 804f502f ff50cf70 nt!PoCallDriver+0x282
eb17fa90 804f502f 804ca6e0 fdbbd648 ff50cf70 nt!PopNotifyDevice+0x1bd
eb17faac 804f4997 ff118000 ff50cf70 10000000 nt!PopNotifyDeviceList+0x2b
eb17fad0 804f42e3 00000000 eb17fbcc eb17fc5c
nt!PopSetDevicesSystemState+0x131
eb17fbb8 804b19ba 00000005 00000004 c0000004 nt!NtSetSystemPowerState+0x40b
eb17fbb8 80441683 00000005 00000004 c0000004 nt!KiSystemService+0x10a
eb17fc48 804f3f48 00000005 00000004 c0000004 nt!ZwSetSystemPowerState+0xb
eb17fd38 804fba32 00000005 00000004 c0000004 nt!NtSetSystemPowerState+0x70
eb17fd4c 804b19ba 00000001 010149c0 00000000 nt!NtShutdownSystem+0x30
eb17fd4c 77f9a0ff 00000001 010149c0 00000000 nt!KiSystemService+0x10a
0006fe98 010114ad 00000001 00000000 00076ee0 ntdll!NtShutdownSystem+0xb
0006feb0 010117a5 000000d0 0000000b 0000000b winlogon!ShutdownMachine+0x165
0006ff08 010188a1 00076ee0 0000000b 01008e64 winlogon!Logoff+0x1d6
0006ff24 01002150 00076ee0 00000005 00073114 winlogon!MainLoop+0x1fb
0006ff58 01001edf 00071fc8 00000000 00073114 winlogon!WinMain+0x32f
0006fff4 00000000 7ffdf000 000000c8 00000100
winlogon!WinMainCRTStartup+0x156

FOLLOWUP_IP:
el90xbc5!WriteErrorLogEntry+17
eb052437 83c410 add esp,0x10

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: el90xbc5!WriteErrorLogEntry+17

MODULE_NAME: el90xbc5

IMAGE_NAME: el90xbc5.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 380ca5be

STACK_COMMAND: kb

BUCKET_ID: 0x9_el90xbc5!WriteErrorLogEntry+17

Followup: MachineOwner

After looking at disassembly, smwdm+0x54336 = bae15336
kd> !pte bae15336
BAE15336 - PDE at C0300BAC PTE at C02EB854
contains 010AE963 contains 01EF9080
pfn 10ae G-DA–KWV not valid
PageFile 0
Offset 1ef9
Protect: 4

OSR_Community_User · July 23, 2002, 3:49pm

The call to NDIS!NdisWriteErrorLogEntry is indeed illegal in an ndis
shutdown handler. (And it is a bad idea as well :-). However, since you are
already in a bugcheck for other reasons, this is an artifact of the initial
bug. You didn’t cause the error in the ethernet driver, you exposed it. The
force irql checking could certainly have the consequence that other drivers
might see paged out virtual addresses that they normally don’t encounter, as
that is, it appears, what happened to smwdm.

So who is smwdm?

-----Original Message-----
From: Stanislaw Kowalczyk [mailto:xxxxx@relicore.com]
Sent: Tuesday, July 23, 2002 2:04 PM
To: NT Developers Interest List
Subject: [ntdev] IRQL_NOT_GREATER_OR_EQUAL

I encountered a BSOD with a IRQL_NOT_GREATER_OR_EQUAL bugcheck. The
documentation on this has the verbose statement “This bug
check appears very
infrequently.”

I then did an “!analyze -v”, see below, to look at the stack.
It appears as
if el90xbc5.sys has registered a callback routine with
KeRegisterBugCheckCallback() with the intention of writing to
the error log.
However, for whatever reason, IoAllocateErrorLogEntry()
attempted to acquire
a spin lock causing the above bugcheck since acquiring spin
locks are not
allowed in the bugcheck callback routines.

Digging a bit further, it appears as if smwdm.sys called a
pageable function
at DISPATCH_LEVEL causing the initial bugcheck that called
the registered
bugcheck callback routines since the page was paged out to
disk, verified
through !pte.

I initially thought, and don’t preclude the possibility, that
my driver
would have caused this. Driver verifier is monitoring my
driver, with Force
IRQL Checking and Special Pool, on Win2K Pro SP2 with a
checked kernel.

Does my conclusion sound valid?
Any other thoughts or directions I should look into?
I find the odds of discovering two bugs in two different
drivers extremely
low, so what types of activites could have caused this,
assuming my driver
is at fault?

My driver is a passive filter driver.
All help appreciated, Thanks.

Stanislaw

kd> !analyze -v
**************************************************************
**************
***
*
*
* Bugcheck Analysis
*
*
*
**************************************************************
**************
***

IRQL_NOT_GREATER_OR_EQUAL (9)
Arguments:
Arg1: 804be7f0
Arg2: 00000002
Arg3: 00000000
Arg4: 00000004

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 9

LAST_CONTROL_TRANSFER: from 80438523 to 8049df08

STACK_TEXT:
eb17eea8 80438523 00000004 eb17eef0 804be7f0
nt!RtlpBreakWithStatusInstruction
eb17eed8 80438d6f 00000004 0000005e 000000b4
nt!KiBugCheckDebugBreak+0x31
eb17f260 800630c6 00000000 804be7f0 00000002 nt!KeBugCheckEx+0x5e9
eb17f2c0 80423a8a 817549b8 81755278 00000092
HALACPI!KfAcquireSpinLock+0x46
eb17f2c0 80423a8a 817549b8 81755278 00000092
nt!IoAllocateErrorLogEntry+0x2c
eb17f2d4 bfed37f3 817549b8 00000092 81735c58
nt!IoAllocateErrorLogEntry+0x2c
eb17f2f4 eb052437 81754ee0 c0001389 00000001
NDIS!NdisWriteErrorLogEntry+0x78
eb17f308 eb05b522 81735008 c0001389 00000084
el90xbc5!WriteErrorLogEntry+0x17
eb17f328 eb056940 81735008 00000020 bfed30f3
el90xbc5!IssueKeepAlive+0x3c8
eb17f340 bfed3109 000186a0 80438f29 81754a70
el90xbc5!NICShutdown+0x1f0
eb17f348 80438f29 81754a70 00000048 000001df
NDIS!ndisBugcheckHandler+0x16
eb17f398 80438c1f bae15336 bae15336 00000000
nt!KiScanBugCheckCallbackList+0x99
eb17f71c 804b54c0 00000000 bae15336 00000002 nt!KeBugCheckEx+0x499
eb17f71c bae15336 00000000 bae15336 00000002 nt!KiTrap0E+0x2a4
WARNING: Stack unwind information not available. Following
frames may be
wrong.
eb17f7a8 badc6ac6 816d2008 00000000 00000004 smwdm+0x54336
eb17f8dc bae1af83 14000004 816d2fd8 816d2fd8 smwdm+0x5ac6
eb17f910 badb503e 816d2dec 00000004 bfa06f94 smwdm+0x59f83
eb17f928 badb5192 8174aef0 00000004 8174aef0
portcls!PowerNotifySubdevices+0x31
eb17f948 badb4f29 bfa06f00 00000000 8174ae38
portcls!ProcessPowerIrp+0x91
eb17f96c 80424606 8174ae38 bfa06f00 bfa06f00
portcls!DispatchPower+0x3a
eb17f984 80497e24 bfa06f00 bfa06f94 8174afd8 nt!IopfCallDriver+0x4f
eb17f9a4 80497c1b bfa06f01 bfa06f00 80498894 nt!PopPresentIrp+0xce
eb17f9c8 80498888 8174ae38 badb4fc5 8174aef0 nt!PoCallDriver+0x282
eb17f9e4 badb4fc5 81839e38 ff57b902 00000004
nt!PoRequestPowerIrp+0x13b
eb17fa14 80424606 00000004 bc262f48 bc262f48
portcls!DispatchPower+0xd6
eb17fa2c 80497e24 bc262f48 bc262fdc 8174afd8 nt!IopfCallDriver+0x4f
eb17fa4c 80497c1b bc262f01 bc262f48 ff118008 nt!PopPresentIrp+0xce
eb17fa70 804f52a0 8174ae38 804f502f ff50cf70 nt!PoCallDriver+0x282
eb17fa90 804f502f 804ca6e0 fdbbd648 ff50cf70 nt!PopNotifyDevice+0x1bd
eb17faac 804f4997 ff118000 ff50cf70 10000000
nt!PopNotifyDeviceList+0x2b
eb17fad0 804f42e3 00000000 eb17fbcc eb17fc5c
nt!PopSetDevicesSystemState+0x131
eb17fbb8 804b19ba 00000005 00000004 c0000004
nt!NtSetSystemPowerState+0x40b
eb17fbb8 80441683 00000005 00000004 c0000004 nt!KiSystemService+0x10a
eb17fc48 804f3f48 00000005 00000004 c0000004
nt!ZwSetSystemPowerState+0xb
eb17fd38 804fba32 00000005 00000004 c0000004
nt!NtSetSystemPowerState+0x70
eb17fd4c 804b19ba 00000001 010149c0 00000000 nt!NtShutdownSystem+0x30
eb17fd4c 77f9a0ff 00000001 010149c0 00000000 nt!KiSystemService+0x10a
0006fe98 010114ad 00000001 00000000 00076ee0
ntdll!NtShutdownSystem+0xb
0006feb0 010117a5 000000d0 0000000b 0000000b
winlogon!ShutdownMachine+0x165
0006ff08 010188a1 00076ee0 0000000b 01008e64 winlogon!Logoff+0x1d6
0006ff24 01002150 00076ee0 00000005 00073114 winlogon!MainLoop+0x1fb
0006ff58 01001edf 00071fc8 00000000 00073114 winlogon!WinMain+0x32f
0006fff4 00000000 7ffdf000 000000c8 00000100
winlogon!WinMainCRTStartup+0x156

FOLLOWUP_IP:
el90xbc5!WriteErrorLogEntry+17
eb052437 83c410 add esp,0x10

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: el90xbc5!WriteErrorLogEntry+17

MODULE_NAME: el90xbc5

IMAGE_NAME: el90xbc5.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 380ca5be

STACK_COMMAND: kb

BUCKET_ID: 0x9_el90xbc5!WriteErrorLogEntry+17

Followup: MachineOwner

After looking at disassembly, smwdm+0x54336 = bae15336
kd> !pte bae15336
BAE15336 - PDE at C0300BAC PTE at C02EB854
contains 010AE963 contains 01EF9080
pfn 10ae G-DA–KWV not valid
PageFile 0
Offset 1ef9
Protect: 4

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · July 23, 2002, 3:57pm

As far as I was able to gather, it is an audio driver.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Roddy, Mark
Sent: Tuesday, July 23, 2002 3:38 PM
To: NT Developers Interest List
Subject: [ntdev] RE: IRQL_NOT_GREATER_OR_EQUAL

The call to NDIS!NdisWriteErrorLogEntry is indeed illegal in an ndis
shutdown handler. (And it is a bad idea as well :-). However, since you are
already in a bugcheck for other reasons, this is an artifact of the initial
bug. You didn’t cause the error in the ethernet driver, you exposed it. The
force irql checking could certainly have the consequence that other drivers
might see paged out virtual addresses that they normally don’t encounter, as
that is, it appears, what happened to smwdm.

So who is smwdm?

-----Original Message-----
From: Stanislaw Kowalczyk [mailto:xxxxx@relicore.com]
Sent: Tuesday, July 23, 2002 2:04 PM
To: NT Developers Interest List
Subject: [ntdev] IRQL_NOT_GREATER_OR_EQUAL

I encountered a BSOD with a IRQL_NOT_GREATER_OR_EQUAL bugcheck. The
documentation on this has the verbose statement “This bug
check appears very
infrequently.”

I then did an “!analyze -v”, see below, to look at the stack.
It appears as
if el90xbc5.sys has registered a callback routine with
KeRegisterBugCheckCallback() with the intention of writing to
the error log.
However, for whatever reason, IoAllocateErrorLogEntry()
attempted to acquire
a spin lock causing the above bugcheck since acquiring spin
locks are not
allowed in the bugcheck callback routines.

Digging a bit further, it appears as if smwdm.sys called a
pageable function
at DISPATCH_LEVEL causing the initial bugcheck that called
the registered
bugcheck callback routines since the page was paged out to
disk, verified
through !pte.

I initially thought, and don’t preclude the possibility, that
my driver
would have caused this. Driver verifier is monitoring my
driver, with Force
IRQL Checking and Special Pool, on Win2K Pro SP2 with a
checked kernel.

Does my conclusion sound valid?
Any other thoughts or directions I should look into?
I find the odds of discovering two bugs in two different
drivers extremely
low, so what types of activites could have caused this,
assuming my driver
is at fault?

My driver is a passive filter driver.
All help appreciated, Thanks.

Stanislaw

kd> !analyze -v
**************************************************************
**************
***
*
*
* Bugcheck Analysis
*
*
*
**************************************************************
**************
***

IRQL_NOT_GREATER_OR_EQUAL (9)
Arguments:
Arg1: 804be7f0
Arg2: 00000002
Arg3: 00000000
Arg4: 00000004

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 9

LAST_CONTROL_TRANSFER: from 80438523 to 8049df08

STACK_TEXT:
eb17eea8 80438523 00000004 eb17eef0 804be7f0
nt!RtlpBreakWithStatusInstruction
eb17eed8 80438d6f 00000004 0000005e 000000b4
nt!KiBugCheckDebugBreak+0x31
eb17f260 800630c6 00000000 804be7f0 00000002 nt!KeBugCheckEx+0x5e9
eb17f2c0 80423a8a 817549b8 81755278 00000092
HALACPI!KfAcquireSpinLock+0x46
eb17f2c0 80423a8a 817549b8 81755278 00000092
nt!IoAllocateErrorLogEntry+0x2c
eb17f2d4 bfed37f3 817549b8 00000092 81735c58
nt!IoAllocateErrorLogEntry+0x2c
eb17f2f4 eb052437 81754ee0 c0001389 00000001
NDIS!NdisWriteErrorLogEntry+0x78
eb17f308 eb05b522 81735008 c0001389 00000084
el90xbc5!WriteErrorLogEntry+0x17
eb17f328 eb056940 81735008 00000020 bfed30f3
el90xbc5!IssueKeepAlive+0x3c8
eb17f340 bfed3109 000186a0 80438f29 81754a70
el90xbc5!NICShutdown+0x1f0
eb17f348 80438f29 81754a70 00000048 000001df
NDIS!ndisBugcheckHandler+0x16
eb17f398 80438c1f bae15336 bae15336 00000000
nt!KiScanBugCheckCallbackList+0x99
eb17f71c 804b54c0 00000000 bae15336 00000002 nt!KeBugCheckEx+0x499
eb17f71c bae15336 00000000 bae15336 00000002 nt!KiTrap0E+0x2a4
WARNING: Stack unwind information not available. Following
frames may be
wrong.
eb17f7a8 badc6ac6 816d2008 00000000 00000004 smwdm+0x54336
eb17f8dc bae1af83 14000004 816d2fd8 816d2fd8 smwdm+0x5ac6
eb17f910 badb503e 816d2dec 00000004 bfa06f94 smwdm+0x59f83
eb17f928 badb5192 8174aef0 00000004 8174aef0
portcls!PowerNotifySubdevices+0x31
eb17f948 badb4f29 bfa06f00 00000000 8174ae38
portcls!ProcessPowerIrp+0x91
eb17f96c 80424606 8174ae38 bfa06f00 bfa06f00
portcls!DispatchPower+0x3a
eb17f984 80497e24 bfa06f00 bfa06f94 8174afd8 nt!IopfCallDriver+0x4f
eb17f9a4 80497c1b bfa06f01 bfa06f00 80498894 nt!PopPresentIrp+0xce
eb17f9c8 80498888 8174ae38 badb4fc5 8174aef0 nt!PoCallDriver+0x282
eb17f9e4 badb4fc5 81839e38 ff57b902 00000004
nt!PoRequestPowerIrp+0x13b
eb17fa14 80424606 00000004 bc262f48 bc262f48
portcls!DispatchPower+0xd6
eb17fa2c 80497e24 bc262f48 bc262fdc 8174afd8 nt!IopfCallDriver+0x4f
eb17fa4c 80497c1b bc262f01 bc262f48 ff118008 nt!PopPresentIrp+0xce
eb17fa70 804f52a0 8174ae38 804f502f ff50cf70 nt!PoCallDriver+0x282
eb17fa90 804f502f 804ca6e0 fdbbd648 ff50cf70 nt!PopNotifyDevice+0x1bd
eb17faac 804f4997 ff118000 ff50cf70 10000000
nt!PopNotifyDeviceList+0x2b
eb17fad0 804f42e3 00000000 eb17fbcc eb17fc5c
nt!PopSetDevicesSystemState+0x131
eb17fbb8 804b19ba 00000005 00000004 c0000004
nt!NtSetSystemPowerState+0x40b
eb17fbb8 80441683 00000005 00000004 c0000004 nt!KiSystemService+0x10a
eb17fc48 804f3f48 00000005 00000004 c0000004
nt!ZwSetSystemPowerState+0xb
eb17fd38 804fba32 00000005 00000004 c0000004
nt!NtSetSystemPowerState+0x70
eb17fd4c 804b19ba 00000001 010149c0 00000000 nt!NtShutdownSystem+0x30
eb17fd4c 77f9a0ff 00000001 010149c0 00000000 nt!KiSystemService+0x10a
0006fe98 010114ad 00000001 00000000 00076ee0
ntdll!NtShutdownSystem+0xb
0006feb0 010117a5 000000d0 0000000b 0000000b
winlogon!ShutdownMachine+0x165
0006ff08 010188a1 00076ee0 0000000b 01008e64 winlogon!Logoff+0x1d6
0006ff24 01002150 00076ee0 00000005 00073114 winlogon!MainLoop+0x1fb
0006ff58 01001edf 00071fc8 00000000 00073114 winlogon!WinMain+0x32f
0006fff4 00000000 7ffdf000 000000c8 00000100
winlogon!WinMainCRTStartup+0x156

FOLLOWUP_IP:
el90xbc5!WriteErrorLogEntry+17
eb052437 83c410 add esp,0x10

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: el90xbc5!WriteErrorLogEntry+17

MODULE_NAME: el90xbc5

IMAGE_NAME: el90xbc5.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 380ca5be

STACK_COMMAND: kb

BUCKET_ID: 0x9_el90xbc5!WriteErrorLogEntry+17

Followup: MachineOwner

After looking at disassembly, smwdm+0x54336 = bae15336
kd> !pte bae15336
BAE15336 - PDE at C0300BAC PTE at C02EB854
contains 010AE963 contains 01EF9080
pfn 10ae G-DA–KWV not valid
PageFile 0
Offset 1ef9
Protect: 4

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntdev as: xxxxx@relicore.com
To unsubscribe send a blank email to %%email.unsub%%