Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL

Prev: SysHook and STATUS_ACCESS_VIOLATION
Next: USB device access via DeviceIoControl and WriteFile / ReadFile

From: Omer on 3 Jul 2005 05:03

---

Hi

My driver works ok but crashes only on a specific computer - IBM
thinkpad laptop. I did a kernel memory dump but didn't find my driver
in the stack. Also, it crashes on different functions every time! here
is a WinDbg analyze output... Any help ?

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000016, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804dc352, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000016

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiWaitTest+30
804dc352 6683781601 cmp word ptr [eax+0x16],0x1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352

IRP_ADDRESS: 824818b8

DEVICE_OBJECT: 82f3ba68

DRIVER_OBJECT: 82f562b8

IMAGE_NAME: ftdisk.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419

MODULE_NAME: ftdisk

FAULTING_MODULE: f85f3000 ftdisk

TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
ErrCode = 00000000
eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
edi=00000000
eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010217
nt!KiWaitTest+0x30:
804dc352 6683781601 cmp word ptr [eax+0x16],0x1
ds:0023:00000016=????
Resetting default scope

STACK_TEXT:
eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
nt!IopCompleteRequest+0x22f
eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
eecebcfc bf802ec4 00000001 0000000d 00000001
nt!KeWaitForSingleObject+0x1c2
eecebd38 bf8036ca 000024ff 00000000 00000001
win32k!xxxSleepThread+0x192
eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
win32k!xxxRealWaitMessageEx+0x12
eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
win32k!NtUserWaitMessage+0x14
eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be
wrong.
00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94


SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

STACK_COMMAND: .trap ffffffffeecebb70 ; kb

FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001

BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001

Followup: MachineOwner
---------

From: Arkady Frenkel on 4 Jul 2005 04:26

---

Hi, Omer !
Someone ( maybe not you but in your context ) call Wait ( sure with some
timeout ) in your DPC ( level 2 ) which is forbidden
Arkady

"Omer" <Omerb99(a)gmail.com> wrote in message
news:1120381401.087489.266440(a)g14g2000cwa.googlegroups.com...
> Hi
>
> My driver works ok but crashes only on a specific computer - IBM
> thinkpad laptop. I did a kernel memory dump but didn't find my driver
> in the stack. Also, it crashes on different functions every time! here
> is a WinDbg analyze output... Any help ?
>
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000016, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: 804dc352, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> READ_ADDRESS: 00000016
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!KiWaitTest+30
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352
>
> IRP_ADDRESS: 824818b8
>
> DEVICE_OBJECT: 82f3ba68
>
> DRIVER_OBJECT: 82f562b8
>
> IMAGE_NAME: ftdisk.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419
>
> MODULE_NAME: ftdisk
>
> FAULTING_MODULE: f85f3000 ftdisk
>
> TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
> ErrCode = 00000000
> eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
> edi=00000000
> eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
> po cy
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010217
> nt!KiWaitTest+0x30:
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
> ds:0023:00000016=????
> Resetting default scope
>
> STACK_TEXT:
> eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
> eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
> eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
> nt!IopCompleteRequest+0x22f
> eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
> eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
> eecebcfc bf802ec4 00000001 0000000d 00000001
> nt!KeWaitForSingleObject+0x1c2
> eecebd38 bf8036ca 000024ff 00000000 00000001
> win32k!xxxSleepThread+0x192
> eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
> win32k!xxxRealWaitMessageEx+0x12
> eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
> win32k!NtUserWaitMessage+0x14
> eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> STACK_COMMAND: .trap ffffffffeecebb70 ; kb
>
> FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> Followup: MachineOwner
> ---------
>

From: Omer on 4 Jul 2005 05:39

---

ok... so where do i go from here ?
i even cant see my driver in the stack trace...

From: Arkady Frenkel on 4 Jul 2005 09:51

---

I can't propose something other that find what part of your code cause that
to happen ( close parts I mean ) :(
Hard way...
Arkady

"Omer" <Omerb99(a)gmail.com> wrote in message
news:1120469979.407010.13410(a)g43g2000cwa.googlegroups.com...
> ok... so where do i go from here ?
> i even cant see my driver in the stack trace...
>

From: Maxim S. Shatskih on 4 Jul 2005 20:04

---

The event pointer at Irp->UserEvent is invalid.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim(a)storagecraft.com
http://www.storagecraft.com

"Omer" <Omerb99(a)gmail.com> wrote in message
news:1120381401.087489.266440(a)g14g2000cwa.googlegroups.com...
> Hi
>
> My driver works ok but crashes only on a specific computer - IBM
> thinkpad laptop. I did a kernel memory dump but didn't find my driver
> in the stack. Also, it crashes on different functions every time! here
> is a WinDbg analyze output... Any help ?
>
>
*******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
>
*******************************************************************************
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000016, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: 804dc352, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> READ_ADDRESS: 00000016
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!KiWaitTest+30
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352
>
> IRP_ADDRESS: 824818b8
>
> DEVICE_OBJECT: 82f3ba68
>
> DRIVER_OBJECT: 82f562b8
>
> IMAGE_NAME: ftdisk.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419
>
> MODULE_NAME: ftdisk
>
> FAULTING_MODULE: f85f3000 ftdisk
>
> TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
> ErrCode = 00000000
> eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
> edi=00000000
> eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
> po cy
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010217
> nt!KiWaitTest+0x30:
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
> ds:0023:00000016=????
> Resetting default scope
>
> STACK_TEXT:
> eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
> eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
> eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
> nt!IopCompleteRequest+0x22f
> eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
> eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
> eecebcfc bf802ec4 00000001 0000000d 00000001
> nt!KeWaitForSingleObject+0x1c2
> eecebd38 bf8036ca 000024ff 00000000 00000001
> win32k!xxxSleepThread+0x192
> eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
> win32k!xxxRealWaitMessageEx+0x12
> eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
> win32k!NtUserWaitMessage+0x14
> eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> STACK_COMMAND: .trap ffffffffeecebb70 ; kb
>
> FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> Followup: MachineOwner
> ---------
>

 |  Next  |  Last
Pages: 1 2
Prev: SysHook and STATUS_ACCESS_VIOLATION
Next: USB device access via DeviceIoControl and WriteFile / ReadFile