RE: [BULK] IRP passed to IoCompleteRequest still has cancel routine set

Can you set a hardware breakpoint on it and see who’s messing it up? I
think we can safely assume that’s not a real cancel routine address, so
maybe somebody is using it as a sentinel value?

HW breakpoint stuff:
http://www.nynaeve.net/?p=80
http://www.nynaeve.net/?p=81

disclaimer: I’ve never tried this, but if I were seeing something as
weird as that, it’s probably what I’d try. Also, you’re going to need
that irp address somehow. If you’re putting the IRP in a CSQ, one of
the callbacks gets a context with a pointer to the actual IRP, as I
recall.

~Eric

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Tuesday, September 23, 2008 9:39 AM
To: Windows File Systems Devs Interest List
Subject: [BULK] [ntfsd] IRP passed to IoCompleteRequest still has cancel
routine set
Importance: Low

I’m hitting an issue while testing my minifilter on Win2k3 sp1 checked
build. I have not tried to reproduce this on any other platform as of
now. It’s most likely due to my filter corrupting some memory. Before I
start to go down that path, please share if you have seen this problem
in any other situation. Note that being a minifilter, I don’t touch the
irp.

The problem happens when multiple instances of the test appln are
communicating with the filter using communication port. I have not seen
this problem before, but I’m still in the early stages of testing.

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9) The IO manager has caught a
misbehaving driver.
Arguments:
Arg1: 00000007, IRP passed to IoCompleteRequest still has cancel routine
set
Arg2: ffffffff, the cancel routine pointer
Arg3: 828c1890, the IRP
Arg4: 00000000, 0

BUGCHECK_STR: 0xc9_7

DRIVER_VERIFIER_IO_VIOLATION_TYPE: 7

IRP_CANCEL_ROUTINE:
+ffffffffffffffff
ffffffff ?? ???

FAULTING_IP:
+ffffffffffffffff
ffffffff ?? ???

FOLLOWUP_IP:
+ffffffffffffffff
ffffffff ?? ???

IRP_ADDRESS: 828c1890

DEVICE_OBJECT: 8606aab8

DRIVER_OBJECT: 86072e10

IMAGE_NAME: disk.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42435b4a

MODULE_NAME: disk

FAULTING_MODULE: f74d7000 disk

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: FilterTest.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 80874b79 to 8081d98e

STACK_TEXT:
f78a6978 80874b79 00000003 00000007 00000000
nt!RtlpBreakWithStatusInstruction
f78a69c4 80875996 00000003 00000000 85bbf988
nt!KiBugCheckDebugBreak+0x19 f78a6d5c 80875dae 000000c9 00000007
ffffffff nt!KeBugCheck2+0x5b2 f78a6d7c 809cc8b1 000000c9 00000007
ffffffff nt!KeBugCheckEx+0x1b
f78a6df8 f73417ab f78a6e28 f7341ba9 8606aab8 nt!IovCompleteRequest+0x13e
f78a6e00 f7341ba9 8606aab8 828c1890 00000001
CLASSPNP!ClassCompleteRequest+0x11
f78a6e28 809cc283 00000000 86800f48 85bbf988
CLASSPNP!TransferPktComplete+0x1fd
f78a6e4c 80828ddf 00000000 86800f48 f78a6eb0
nt!IovpLocalCompletionRoutine+0xb4
f78a6e7c 809cc80d 828c14f0 828c14f0 85bbfa34 nt!IopfCompleteRequest+0xcd
f78a6ee8 f735551f 86061570 86800f48 f78a6f2c nt!IovCompleteRequest+0x9a
f78a6ef8 f7354a7c 828c14f0 00000001 00000000
SCSIPORT!SpCompleteRequest+0x5e f78a6f2c f73541d8 86061570 828c14f0
f78a6fa3 SCSIPORT!SpProcessCompletedRequest+0x6a7
f78a6fa4 80828878 8606152c 860614b8 00000000
SCSIPORT!ScsiPortCompletionDpc+0x2bd
f78a6ff4 80820813 b9d2794c 00000000 00000000 nt!KiRetireDpcList+0xca
f78a6ff8 b9d2794c 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x38
WARNING: Frame IP not in any known module. Following frames may be
wrong.
80820813 00000000 0000000a bb835b75 00000128 0xb9d2794c

While looking at this particular IRP, except the cancel routine the
other part of it seems fine. This makes me wonder whether this is
really a corruption issue.

kd> !irp 828c1890 1
Irp is active with 9 stacks 4 is current (= 0x828c196c)
Mdl=bacbbb48: No System Buffer: Thread 82e45020: Irp stack trace.
Flags = 40000043
ThreadListEntry.Flink = 828c18a0
ThreadListEntry.Blink = 828c18a0
IoStatus.Status = 00000000
IoStatus.Information = 00001000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = bacbbd54
UserEvent = bacbbbdc
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = ffffffff
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = 828c18d0 Tail.Overlay.Thread = 82e45020
Tail.Overlay.AuxiliaryBuffer = 00000000 Tail.Overlay.ListEntry.Flink =
00000000 Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = 828c196c
Tail.Overlay.OriginalFileObject = 826b88a0 Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[4,34] 0 e1 8606aab8 00000000 f74c8582-8606a880 Success Error
Cancel pending
\Driver\Disk PartMgr!PmIoCompletion
Args: 00001000 00000000 c2168e00 00000001
[4, 0] 0 e1 8606a880 00000000 f73f6558-86021c40 Success Error
Cancel pending
\Driver\PartMgr ftdisk!FtpRefCountCompletionRoutine
Args: e9b5520a 0000005a c2168e00 00000001
[4, 0] 0 e1 86021b88 00000000 f73a0638-8601fbd0 Success Error
Cancel pending
\Driver\Ftdisk volsnap!VspRefCountCompletionRoutine
Args: e9b551f9 0000005a c2161000 00000001
[4, 0] 0 e1 8601fb18 00000000 f7204779-bacbb6d0 Success Error
Cancel pending
\Driver\VolSnap Ntfs!NtfsSingleSyncCompletionRoutine
Args: 00001000 00000000 c2161000 00000001
[4, 0] 0 e0 85fe8020 826b88a0 f72d4d04-828c16d8 Success Error
Cancel
\FileSystem\Ntfs fltmgr!FltpPassThroughCompletion
Args: 00001000 00000000 00000000 00000000
[4, 0] 0 1 85bd8620 826b88a0 00000000-00000000 pending
\FileSystem\FltMgr
Args: 00001000 00000000 00000000 00000000
kd> dd 828c1890
828c1890 01b40006 bacbbb48 40000043 00000000 828c18a0 828c18a0
828c18a0 00000000 00001000 828c18b0 04090000 80000000 bacbbd54 bacbbbdc
828c18c0 00000000 00000000 ffffffff 00000000 828c18d0 00000000
00000000 00000000 00000000 828c18e0 82e45020 00000000 00000000 00000000
828c18f0 828c196c 826b88a0 00000000 00000000 828c1900 00000000
00000000 00000000 00000000


NTFSD is sponsored by OSR

For our schedule debugging and file system seminars (including our new
fs mini-filter seminar) visit:
http://www.osr.com/seminars

You are currently subscribed to ntfsd as: xxxxx@edsiohio.com To
unsubscribe send a blank email to xxxxx@lists.osr.com