Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL

TheMSsForum.com: The Microsoft Software Forum

Hi

My driver works ok but crashes only on a specific computer - IBM
thinkpad laptop. I did a kernel memory dump but didn't find my driver
in the stack. Also, it crashes on different functions every time! here
is a WinDbg analyze output... Any help ?

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000016, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804dc352, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000016

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiWaitTest+30
804dc352 6683781601 cmp word ptr [eax+0x16],0x1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352

IRP_ADDRESS: 824818b8

DEVICE_OBJECT: 82f3ba68

DRIVER_OBJECT: 82f562b8

IMAGE_NAME: ftdisk.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419

MODULE_NAME: ftdisk

FAULTING_MODULE: f85f3000 ftdisk

TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
ErrCode = 00000000
eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
edi=00000000
eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010217
nt!KiWaitTest+0x30:
804dc352 6683781601 cmp word ptr [eax+0x16],0x1
ds:0023:00000016=????
Resetting default scope

STACK_TEXT:
eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
nt!IopCompleteRequest+0x22f
eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
eecebcfc bf802ec4 00000001 0000000d 00000001
nt!KeWaitForSingleObject+0x1c2
eecebd38 bf8036ca 000024ff 00000000 00000001
win32k!xxxSleepThread+0x192
eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
win32k!xxxRealWaitMessageEx+0x12
eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
win32k!NtUserWaitMessage+0x14
eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be
wrong.
00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94


SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

STACK_COMMAND: .trap ffffffffeecebb70 ; kb

FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001

BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001

Followup: MachineOwner
---------
Top

Re: Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL by Arkady

Arkady
Mon Jul 04 03:26:27 CDT 2005

Hi, Omer !
Someone ( maybe not you but in your context ) call Wait ( sure with some
timeout ) in your DPC ( level 2 ) which is forbidden
Arkady

"Omer" <Omerb99@gmail.com> wrote in message
news:1120381401.087489.266440@g14g2000cwa.googlegroups.com...
> Hi
>
> My driver works ok but crashes only on a specific computer - IBM
> thinkpad laptop. I did a kernel memory dump but didn't find my driver
> in the stack. Also, it crashes on different functions every time! here
> is a WinDbg analyze output... Any help ?
>
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000016, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: 804dc352, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> READ_ADDRESS: 00000016
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!KiWaitTest+30
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352
>
> IRP_ADDRESS: 824818b8
>
> DEVICE_OBJECT: 82f3ba68
>
> DRIVER_OBJECT: 82f562b8
>
> IMAGE_NAME: ftdisk.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419
>
> MODULE_NAME: ftdisk
>
> FAULTING_MODULE: f85f3000 ftdisk
>
> TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
> ErrCode = 00000000
> eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
> edi=00000000
> eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
> po cy
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010217
> nt!KiWaitTest+0x30:
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
> ds:0023:00000016=????
> Resetting default scope
>
> STACK_TEXT:
> eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
> eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
> eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
> nt!IopCompleteRequest+0x22f
> eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
> eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
> eecebcfc bf802ec4 00000001 0000000d 00000001
> nt!KeWaitForSingleObject+0x1c2
> eecebd38 bf8036ca 000024ff 00000000 00000001
> win32k!xxxSleepThread+0x192
> eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
> win32k!xxxRealWaitMessageEx+0x12
> eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
> win32k!NtUserWaitMessage+0x14
> eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> STACK_COMMAND: .trap ffffffffeecebb70 ; kb
>
> FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> Followup: MachineOwner
> ---------
>


Top

Re: Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL by Omer

Omer
Mon Jul 04 04:39:39 CDT 2005

ok... so where do i go from here ?
i even cant see my driver in the stack trace...

Top

Re: Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL by Arkady

Arkady
Mon Jul 04 08:51:53 CDT 2005

I can't propose something other that find what part of your code cause that
to happen ( close parts I mean ) :(
Hard way...
Arkady

"Omer" <Omerb99@gmail.com> wrote in message
news:1120469979.407010.13410@g43g2000cwa.googlegroups.com...
> ok... so where do i go from here ?
> i even cant see my driver in the stack trace...
>


Top

Re: Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL by Maxim

Maxim
Mon Jul 04 19:04:21 CDT 2005

The event pointer at Irp->UserEvent is invalid.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

"Omer" <Omerb99@gmail.com> wrote in message
news:1120381401.087489.266440@g14g2000cwa.googlegroups.com...
> Hi
>
> My driver works ok but crashes only on a specific computer - IBM
> thinkpad laptop. I did a kernel memory dump but didn't find my driver
> in the stack. Also, it crashes on different functions every time! here
> is a WinDbg analyze output... Any help ?
>
>
*******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
>
*******************************************************************************
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000016, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: 804dc352, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> READ_ADDRESS: 00000016
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!KiWaitTest+30
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352
>
> IRP_ADDRESS: 824818b8
>
> DEVICE_OBJECT: 82f3ba68
>
> DRIVER_OBJECT: 82f562b8
>
> IMAGE_NAME: ftdisk.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419
>
> MODULE_NAME: ftdisk
>
> FAULTING_MODULE: f85f3000 ftdisk
>
> TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
> ErrCode = 00000000
> eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
> edi=00000000
> eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
> po cy
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010217
> nt!KiWaitTest+0x30:
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
> ds:0023:00000016=????
> Resetting default scope
>
> STACK_TEXT:
> eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
> eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
> eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
> nt!IopCompleteRequest+0x22f
> eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
> eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
> eecebcfc bf802ec4 00000001 0000000d 00000001
> nt!KeWaitForSingleObject+0x1c2
> eecebd38 bf8036ca 000024ff 00000000 00000001
> win32k!xxxSleepThread+0x192
> eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
> win32k!xxxRealWaitMessageEx+0x12
> eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
> win32k!NtUserWaitMessage+0x14
> eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> STACK_COMMAND: .trap ffffffffeecebb70 ; kb
>
> FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> Followup: MachineOwner
> ---------
>


Top

Re: Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL by Calvin

Calvin
Mon Jul 04 17:23:06 CDT 2005

Seems to me a typical memory corruption problem.
Try to enable DV on your drv with special pool checking on if you haven't
done so.

Calvin Guan (Windows DDK MVP)
Staff SW Engineer NetXtreme MINIPORT
Broadcom Corp. Irvine, CA
www.broadcom.com

"Omer" <Omerb99@gmail.com> wrote in message
news:1120381401.087489.266440@g14g2000cwa.googlegroups.com...
> Hi
>
> My driver works ok but crashes only on a specific computer - IBM
> thinkpad laptop. I did a kernel memory dump but didn't find my driver
> in the stack. Also, it crashes on different functions every time! here
> is a WinDbg analyze output... Any help ?
>
>
****************************************************************************
***
> *
> *
> * Bugcheck Analysis
> *
> *
> *
>
****************************************************************************
***
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000016, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000000, value 0 = read operation, 1 = write operation
> Arg4: 804dc352, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> READ_ADDRESS: 00000016
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!KiWaitTest+30
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352
>
> IRP_ADDRESS: 824818b8
>
> DEVICE_OBJECT: 82f3ba68
>
> DRIVER_OBJECT: 82f562b8
>
> IMAGE_NAME: ftdisk.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419
>
> MODULE_NAME: ftdisk
>
> FAULTING_MODULE: f85f3000 ftdisk
>
> TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
> ErrCode = 00000000
> eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
> edi=00000000
> eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
> po cy
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010217
> nt!KiWaitTest+0x30:
> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
> ds:0023:00000016=????
> Resetting default scope
>
> STACK_TEXT:
> eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
> eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
> eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
> nt!IopCompleteRequest+0x22f
> eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
> eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
> eecebcfc bf802ec4 00000001 0000000d 00000001
> nt!KeWaitForSingleObject+0x1c2
> eecebd38 bf8036ca 000024ff 00000000 00000001
> win32k!xxxSleepThread+0x192
> eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
> win32k!xxxRealWaitMessageEx+0x12
> eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
> win32k!NtUserWaitMessage+0x14
> eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94
>
>
> SYMBOL_STACK_INDEX: 2
>
> FOLLOWUP_NAME: MachineOwner
>
> STACK_COMMAND: .trap ffffffffeecebb70 ; kb
>
> FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>
> Followup: MachineOwner
> ---------
>


Top

Re: Please HELP - Analyzing IRQL_NOT_LESS_OR_EQUAL by Alireza

Alireza
Thu Jul 07 01:51:27 CDT 2005

No, this is not the problem. Please see Maxim's response and also note the
memory that is being referenced (0x00000016) which mean eax in
cmp word ptr [eax+0x16],0x1
instruction is 0. A classic NULL reference which could happen for several
reasons including but not limited to a driver corrupting the memory. Please
follow Maxim's suggestion on turning driver verifier on your driver.

-ali

--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Arkady Frenkel" <arkadyf@hotmailxdotx.com> wrote in message
news:OIWBpkGgFHA.1996@TK2MSFTNGP10.phx.gbl...
> Hi, Omer !
> Someone ( maybe not you but in your context ) call Wait ( sure with some
> timeout ) in your DPC ( level 2 ) which is forbidden
> Arkady
>
> "Omer" <Omerb99@gmail.com> wrote in message
> news:1120381401.087489.266440@g14g2000cwa.googlegroups.com...
>> Hi
>>
>> My driver works ok but crashes only on a specific computer - IBM
>> thinkpad laptop. I did a kernel memory dump but didn't find my driver
>> in the stack. Also, it crashes on different functions every time! here
>> is a WinDbg analyze output... Any help ?
>>
>> *******************************************************************************
>> *
>> *
>> * Bugcheck Analysis
>> *
>> *
>> *
>> *******************************************************************************
>>
>> IRQL_NOT_LESS_OR_EQUAL (a)
>> An attempt was made to access a pageable (or completely invalid)
>> address at an
>> interrupt request level (IRQL) that is too high. This is usually
>> caused by drivers using improper addresses.
>> If a kernel debugger is available get the stack backtrace.
>> Arguments:
>> Arg1: 00000016, memory referenced
>> Arg2: 00000002, IRQL
>> Arg3: 00000000, value 0 = read operation, 1 = write operation
>> Arg4: 804dc352, address which referenced memory
>>
>> Debugging Details:
>> ------------------
>>
>>
>> READ_ADDRESS: 00000016
>>
>> CURRENT_IRQL: 2
>>
>> FAULTING_IP:
>> nt!KiWaitTest+30
>> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>>
>> DEFAULT_BUCKET_ID: DRIVER_FAULT
>>
>> BUGCHECK_STR: 0xA
>>
>> LAST_CONTROL_TRANSFER: from 804e3f72 to 804dc352
>>
>> IRP_ADDRESS: 824818b8
>>
>> DEVICE_OBJECT: 82f3ba68
>>
>> DRIVER_OBJECT: 82f562b8
>>
>> IMAGE_NAME: ftdisk.sys
>>
>> DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8419
>>
>> MODULE_NAME: ftdisk
>>
>> FAULTING_MODULE: f85f3000 ftdisk
>>
>> TRAP_FRAME: eecebb70 -- (.trap ffffffffeecebb70)
>> ErrCode = 00000000
>> eax=00000000 ebx=eeceaf48 ecx=eecebbf0 edx=00000000 esi=eeceaf40
>> edi=00000000
>> eip=804dc352 esp=eecebbe4 ebp=eecebc00 iopl=0 nv up ei pl nz ac
>> po cy
>> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
>> efl=00010217
>> nt!KiWaitTest+0x30:
>> 804dc352 6683781601 cmp word ptr [eax+0x16],0x1
>> ds:0023:00000016=????
>> Resetting default scope
>>
>> STACK_TEXT:
>> eecebc00 804e3f72 00000000 00000000 824818b8 nt!KiWaitTest+0x30
>> eecebc14 804ed1e2 eeceaf40 00000000 00000000 nt!KeSetEvent+0x58
>> eecebc6c 804ed15a 824818f8 eecebcb8 eecebcac
>> nt!IopCompleteRequest+0x22f
>> eecebcbc 804ed199 00000000 00000000 00000000 nt!KiDeliverApc+0xb3
>> eecebcd4 804dc6f2 000024ff e334e7e0 00000000 nt!KiSwapThread+0x64
>> eecebcfc bf802ec4 00000001 0000000d 00000001
>> nt!KeWaitForSingleObject+0x1c2
>> eecebd38 bf8036ca 000024ff 00000000 00000001
>> win32k!xxxSleepThread+0x192
>> eecebd4c bf8036e7 000024ff 00000000 00c3ff1c
>> win32k!xxxRealWaitMessageEx+0x12
>> eecebd5c 804df06b 00c3ff44 7c90eb94 badb0d00
>> win32k!NtUserWaitMessage+0x14
>> eecebd5c 7c90eb94 00c3ff44 7c90eb94 badb0d00 nt!KiFastCallEntry+0xf8
>> WARNING: Frame IP not in any known module. Following frames may be
>> wrong.
>> 00c3ff10 00000000 00000000 00000000 00000000 0x7c90eb94
>>
>>
>> SYMBOL_STACK_INDEX: 2
>>
>> FOLLOWUP_NAME: MachineOwner
>>
>> STACK_COMMAND: .trap ffffffffeecebb70 ; kb
>>
>> FAILURE_BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>>
>> BUCKET_ID: 0xA_IMAGE_ftdisk.sys_DATE_8_17_2001
>>
>> Followup: MachineOwner
>> ---------
>>
>
>


Top