Crashing in storport.sys ( storport!StorPortExtendedFunction)

NTDEV
1

Hi
Mine is a storport miniport driver for SAS HBA.
Am facing crashes while running a particular scenario for dual port SAS disk.
I am sending commands from two sources to the targets exposed from a dual ported disk.
(It executes fine in single port setup). The crash is not happening in my miniport code but is pointing to different locations in storport driver.

Error information from Debugview for one of these crashes is as follows :

=========================
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 833a7751, address which referenced memory

Debugging Details:


FAULTING_MODULE: 82c1e000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79a02

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
00000008

CURRENT_IRQL: 0

FAULTING_IP:
storport!StorPortExtendedFunction+56b4
833a7751 8b4308 mov eax,dword ptr [ebx+8]

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 82cfdb81 to 82c99110

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
807e2a14 82cfdb81 00000003 00000008 833a7751 nt!DbgBreakPointWithStatus+0x4
807e2dd8 82c5f5cb 0000000a 00000008 00000002 nt!KeBugCheckEx+0xc7f
807e2df8 833a7751 badb0d00 00000014 87fd7228 nt!Kei386EoiHelper+0x29d3
807e2e78 833a79e2 85e237e8 861026dc 833cc1a0 storport!StorPortExtendedFunction+0x56b4
807e2eac 833a7cc4 00000000 00000000 85e237e8 storport!StorPortExtendedFunction+0x5945
807e2eec 833a7e79 85f32bb8 86791008 862b00e8 storport!StorPortExtendedFunction+0x5c27
807e2f20 8339931e 85f32bb8 862b00a4 85980d04 storport!StorPortExtendedFunction+0x5ddc
807e2f48 82c961b5 862b00a4 862b0030 00000000 storport!DllInitialize+0xfa0
807e2fa4 82c96018 807c2120 85980c80 00000000 nt!KiDispatchInterrupt+0xa05
807e2ff4 82c957dc 8dd77c40 00000000 00000000 nt!KiDispatchInterrupt+0x868
807e2ff8 8dd77c40 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2c
82c957dc 00000000 0000001a 00d6850f bb830000 0x8dd77c40

STACK_COMMAND: kb

FOLLOWUP_IP:
storport!StorPortExtendedFunction+56b4
833a7751 8b4308 mov eax,dword ptr [ebx+8]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: storport!StorPortExtendedFunction+56b4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: storport

IMAGE_NAME: storport.sys

BUCKET_ID: WRONG_SYMBOLS

Any suggestion regarding the suspect or way to proceed would be of large help.

Thanks
-Anuj

2

Correction : The posted logs are from Windbg and not DebugView.

3

The standard first bit of advice here is to fix your symbols so that the analyser can do its job properly.

However, it’s also possible to get a clue about the likely cause of the problem from

Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 833a7751, address which referenced memory

and

FOLLOWUP_IP:
storport!StorPortExtendedFunction+56b4
833a7751 8b4308 mov eax,dword ptr [ebx+8]

, which indicates that someone is passing a NULL pointer which ends up in ebx, so that ebx+8 is the referenced address reported (00000008 in Arg1), which is a ‘completely invalid’ address for these purposes.

Given that the problem is only occurring when you access the device from two sources, I’d look carefully at your code which shares memory.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-592645-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: 06 October 2015 11:19
To: Windows System Software Devs Interest List
Subject: [ntdev] Crashing in storport.sys (
storport!StorPortExtendedFunction)

Hi
Mine is a storport miniport driver for SAS HBA.
Am facing crashes while running a particular scenario for dual port SAS
disk.
I am sending commands from two sources to the targets exposed from a
dual ported disk.
(It executes fine in single port setup). The crash is not happening in
my miniport code but is pointing to different locations in storport
driver.

Error information from Debugview for one of these crashes is as follows
:

=========================
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid)
address at an interrupt request level (IRQL) that is too high. This is
usually caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 833a7751, address which referenced memory

Debugging Details:


FAULTING_MODULE: 82c1e000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79a02

READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get
nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get
nt!MmPoolCodeEnd
00000008

CURRENT_IRQL: 0

FAULTING_IP:
storport!StorPortExtendedFunction+56b4
833a7751 8b4308 mov eax,dword ptr [ebx+8]

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 82cfdb81 to 82c99110

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may
be wrong.
807e2a14 82cfdb81 00000003 00000008 833a7751
nt!DbgBreakPointWithStatus+0x4
807e2dd8 82c5f5cb 0000000a 00000008 00000002 nt!KeBugCheckEx+0xc7f
807e2df8 833a7751 badb0d00 00000014 87fd7228 nt!Kei386EoiHelper+0x29d3
807e2e78 833a79e2 85e237e8 861026dc 833cc1a0
storport!StorPortExtendedFunction+0x56b4
807e2eac 833a7cc4 00000000 00000000 85e237e8
storport!StorPortExtendedFunction+0x5945
807e2eec 833a7e79 85f32bb8 86791008 862b00e8
storport!StorPortExtendedFunction+0x5c27
807e2f20 8339931e 85f32bb8 862b00a4 85980d04
storport!StorPortExtendedFunction+0x5ddc
807e2f48 82c961b5 862b00a4 862b0030 00000000
storport!DllInitialize+0xfa0
807e2fa4 82c96018 807c2120 85980c80 00000000
nt!KiDispatchInterrupt+0xa05
807e2ff4 82c957dc 8dd77c40 00000000 00000000
nt!KiDispatchInterrupt+0x868
807e2ff8 8dd77c40 00000000 00000000 00000000
nt!KiDispatchInterrupt+0x2c 82c957dc 00000000 0000001a 00d6850f
bb830000 0x8dd77c40

STACK_COMMAND: kb

FOLLOWUP_IP:
storport!StorPortExtendedFunction+56b4
833a7751 8b4308 mov eax,dword ptr [ebx+8]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: storport!StorPortExtendedFunction+56b4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: storport

IMAGE_NAME: storport.sys

BUCKET_ID: WRONG_SYMBOLS

Any suggestion regarding the suspect or way to proceed would be of
large help.

Thanks
-Anuj
This email message has been delivered safely and archived online by Mimecast.

For more information please visit http://www.mimecast.com

4

Hi David

Thanks for the suggestion, I will look at that aspect.

  • Anuj