Problem to resend an IRP

OSR_Community_User-393 · March 15, 2004, 12:47pm

Thanks Alexei for the suggestion to resend an IRP with IRP_MJ_CREATE. I
updated the IRP's parameters and resent it to the underlying driver. The
driver returned status 0. But finally the machine crashed.

Here is the piece of code after the first request returns with
STATUS_REPARSE.

irpSp = IoGetCurrentIrpStackLocation(Irp);
irpSp->Parameters.Create.Options |= FILE_OPEN_REPARSE_POINT;
IoCopyCurrentIrpStackLocationToNext( Irp );

KeResetEvent(&pContext->waitEvent);
status = IoCallDriver( ((PDEVICE_EXTENSION)
DeviceObject->DeviceExtension)->AttachedToDeviceObject,
Irp );

if (STATUS_PENDING == status)
{
NTSTATUS localStatus = KeWaitForSingleObject(&pContext->waitEvent,
Executive, KernelMode, FALSE, NULL);
ASSERT(STATUS_SUCCESS == localStatus);
}

What else do I need to reset the IRP before I resend it? Do I need to reset
the completion routine?

Any response is appreciated.

Shangwu

OSR_Community_User-393 · March 15, 2004, 2:33pm

I also got this information after the crash.
kd> !analyze -v
**************************************************************************
*
* *
* Bugcheck Analysis *
* *
**************************************************************************
*
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: 863a3ce0, Address of the IRP
Arg2: 00000d60
Arg3: 00000000
Arg4: 00000000
Debugging Details:

IRP_ADDRESS: 863a3ce0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x44
DEVICE_OBJECT: 861e6f10
DRIVER_OBJECT: 86540a70
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 3ec1d807
MODULE_NAME: SYMEVENT
FAULTING_MODULE: f26e2000 SYMEVENT
LAST_CONTROL_TRANSFER: from 804f3100 to 8051ac9c
STACK_TEXT:
f24925c8 804f3100 00000003 f24928f8 863a3ce0
nt!RtlpBreakWithStatusInstruction
f2492614 804f3b87 00000003 863a3cf0 863a3ce0 nt!KiBugCheckDebugBreak+0x19
f24929e0 804f4103 00000044 863a3ce0 00000d60 nt!KeBugCheck2+0x46d
f2492a00 804ec65c 00000044 863a3ce0 00000d60 nt!KeBugCheckEx+0x19
f2492a38 f26e83ec 804eaeba f26e8498 863a3cf0 nt!IopfCompleteRequest+0x2c4
WARNING: Stack unwind information not available. Following frames may be
wrong.
f2492b64 8059a2c6 8669e030 00000000 8617aab8 SYMEVENT+0x63ec
f2492bec 80596c27 00000000 f2492c2c 00000040 nt!ObpLookupObjectName+0x56a
f2492c40 80553f0d 00000000 00000000 00000001 nt!ObOpenObjectByName+0xe9
f2492cbc 80554688 01e4f060 00030000 01e4f014 nt!IopCreateFile+0x407
f2492d04 80557bcd 01e4f060 00030000 01e4f014 nt!IoCreateFile+0x36
f2492d44 8052d571 01e4f060 00030000 01e4f014 nt!NtOpenFile+0x25
f2492d44 7ffe0304 01e4f060 00030000 01e4f014 nt!KiSystemService+0xc4
01e4efe4 77f5bb84 774095f8 01e4f060 00030000
SharedUserData!SystemCallStub+0x4
01e4efe8 774095f8 01e4f060 00030000 01e4f014 ntdll!ZwOpenFile+0xc
01e4f068 77411669 001430e4 01e4f738 001430e4 SHELL32!IsFileDeletable+0x1ff
01e4f078 77412fcb 001430e4 001430e4 00000000 SHELL32!_IsFileDeletable+0x30
01e4f70c 77413b98 001430e4 01e4f738 00142ff0 SHELL32!DeleteFileBB+0xc2
01e4f73c 7741406b 00142ff0 01e4fbbc 001430e4 SHELL32!DoFile_Delete+0x51
01e4fe6c 774143dd 00000000 01e4fee6 8007000e SHELL32!MoveCopyDriver+0x3b2
01e4feb0 7743679b 00000000 00000000 00000000 SHELL32!SHFileOperationW+0x179
01e4ff00 77436832 00020178 00139ac0 00000001 SHELL32!TransferDelete+0x9c
01e4ff38 77492ef8 00020178 20104000 0012af14
SHELL32!DeleteFilesInDataObject+0x68
01e4ff50 70aac487 000c6df0 0064006e 00530020
SHELL32!FileDeleteThreadProc+0x2d
01e4ffb4 77e7d33b 00000000 0064006e 00530020 SHLWAPI!WrapperThreadProc+0x92
01e4ffec 00000000 70aac3f5 01bcedd0 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_NAME: MachineOwner
BUCKET_ID: 0x44_IMAGE_SYMEVENT.SYS_DATE_5_14_2003
Followup: MachineOwner

"Shangwu" wrote in message news:xxxxx@ntfsd...
> Thanks Alexei for the suggestion to resend an IRP with IRP_MJ_CREATE. I
> updated the IRP's parameters and resent it to the underlying driver. The
> driver returned status 0. But finally the machine crashed.
>
> Here is the piece of code after the first request returns with
> STATUS_REPARSE.
> ===========================================
> irpSp = IoGetCurrentIrpStackLocation(Irp);
> irpSp->Parameters.Create.Options |= FILE_OPEN_REPARSE_POINT;
> IoCopyCurrentIrpStackLocationToNext( Irp );
>
> KeResetEvent(&pContext->waitEvent);
> status = IoCallDriver( ((PDEVICE_EXTENSION)
> DeviceObject->DeviceExtension)->AttachedToDeviceObject,
> Irp );
>
> if (STATUS_PENDING == status)
> {
> NTSTATUS localStatus = KeWaitForSingleObject(&pContext->waitEvent,
> Executive, KernelMode, FALSE, NULL);
> ASSERT(STATUS_SUCCESS == localStatus);
> }
> ===========================================
>
> What else do I need to reset the IRP before I resend it? Do I need to
reset
> the completion routine?
>
> Any response is appreciated.
>
> Shangwu
>
>
>

OSR_Community_User-393 · March 15, 2004, 3:54pm

I resolved the problem by putting a call of IoMarkIrpPending before calling
IoCallDriver and returning
STATUS_PENDING after the call.

Thanks you all,

Shangwu

“Shangwu” wrote in message news:xxxxx@ntfsd…
> Thanks Alexei for the suggestion to resend an IRP with IRP_MJ_CREATE. I
> updated the IRP’s parameters and resent it to the underlying driver. The
> driver returned status 0. But finally the machine crashed.
>
> Here is the piece of code after the first request returns with
> STATUS_REPARSE.
> ===========================================
> irpSp = IoGetCurrentIrpStackLocation(Irp);
> irpSp->Parameters.Create.Options |= FILE_OPEN_REPARSE_POINT;
> IoCopyCurrentIrpStackLocationToNext( Irp );
>
> KeResetEvent(&pContext->waitEvent);
> status = IoCallDriver( ((PDEVICE_EXTENSION)
> DeviceObject->DeviceExtension)->AttachedToDeviceObject,
> Irp );
>
> if (STATUS_PENDING == status)
> {
> NTSTATUS localStatus = KeWaitForSingleObject(&pContext->waitEvent,
> Executive, KernelMode, FALSE, NULL);
> ASSERT(STATUS_SUCCESS == localStatus);
> }
> ===========================================
>
> What else do I need to reset the IRP before I resend it? Do I need to
reset
> the completion routine?
>
> Any response is appreciated.
>
> Shangwu
>
>
>

Problem to resend an IRP

Here is the piece of code after the first request returns with STATUS_REPARSE.

if (STATUS_PENDING == status) { NTSTATUS localStatus = KeWaitForSingleObject(&pContext->waitEvent, Executive, KernelMode, FALSE, NULL); ASSERT(STATUS_SUCCESS == localStatus); }

STACK_COMMAND: .bugcheck ; kb FOLLOWUP_NAME: MachineOwner BUCKET_ID: 0x44_IMAGE_SYMEVENT.SYS_DATE_5_14_2003 Followup: MachineOwner

Here is the piece of code after the first request returns with
STATUS_REPARSE.

if (STATUS_PENDING == status)
{
NTSTATUS localStatus = KeWaitForSingleObject(&pContext->waitEvent,
Executive, KernelMode, FALSE, NULL);
ASSERT(STATUS_SUCCESS == localStatus);
}

STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_NAME: MachineOwner
BUCKET_ID: 0x44_IMAGE_SYMEVENT.SYS_DATE_5_14_2003
Followup: MachineOwner