bsod (irq_not_less_or_equal)

bsod (irq_not_less_or_equal)

Post by Frank van » Sat, 28 Apr 2007 22:05:46


I have a bsod if I use my own driver which allocates 2 MB of contiguous memory.
Windows XP is started with the option /3GB. The driver is able to allocate the
memory, but after logging off and shut down, the system is giving a bsod (see
below). If I enable the debug mode and only startup (no login) and shutdown, no
error occurs. I can see my driver is started up and closed correctly. As soon as
I login and shutdown (no interaction with my driver is done from my application)
the bsod is back again. Minidumps are not generated (I think the system is too
far with shutting down). How do I know what causes the bsod?


0: kd> !analyze -v
* *
* Bugcheck Analysis *
* *

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel de *** is available get the stack backtrace.
Arg1: 00000000, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: e0b8b228, address which referenced memory

Debugging Details:

READ_ADDRESS: 00000000


e0b8b228 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]




TRAP_FRAME: f71fcb58 -- (.trap fffffffff71fcb58)
ErrCode = 00000000
eax=000ca000 ebx=00000078 ecx=00032800 edx=00000000 esi=00000000 edi=f83fc000
eip=e0b8b228 esp=f71fcbcc ebp=f71fcbe0 iopl=0 nv up di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010006
e0b8b228 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
es:0023:f83fc000=00000000 ds:0023:00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from e0bc6b11 to e0bf85ec

f71fc70c e0bc6b11 00000003 f71fca68 00000000 nt!RtlpBreakWithStatusInstruction
f71fc758 e0bc76fc 00000003 00000000 e0b8b228 nt!KiBugCheckDebugBreak+0x19
f71fcb38 e0c116e0 0000000a 00000000 000000ff nt!KeBugCheck2+0x574
f71fcb38 e0b8b228 0000000a 00000000 000000ff nt!KiTrap0E+0x238
f71fcbe0 e0b996ec 00000000 f71fcce0 ffdff120 hal!HalpPreserveNvsArea+0x58
f71fcbfc e0b978a9 00000877 00000296 f71fccb4 hal!HalpAcpiPreSleep+0x104
f71fcc34 e0d2073f 00000877 00000000 00000000 hal!HaliAcpiSleep+0x51
f71fcc5c e0d207e0 f71fcce0 f71fccb4 e0b8bb92 nt!PopHandleNextState+0xb9
f71fcc74 e0d20af9 f71fcce0 f71fccb4 00000005 nt!PopIssueNextState+0x26
f71fcd38 e0d20c3b 00000006 00000000 e0c2ff70 nt!PopInvokeSystemStateHandler+0x303
f71fcd64 e0d1cb9b 00000006 e0c31720 f9473da8 nt!PopShutdownSystem+0x61
f71fcd7c e0c0576b 00000000 00000000 f9473da8 nt!PopGracefulShutdown+0x191
f71fcdac e0c9c7b2 00000000 00000000 00000000 nt!ExpWorkerThread+0xef
f71fcddc e0c130de e0c0567c 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

bsod (irq_not_less_or_equal)

Post by Leo Havmle » Sat, 28 Apr 2007 23:31:14

> Arg1: 00000000, memory referenced

Someone is using a null-pointer.

Leo Havmler.


bsod (irq_not_less_or_equal)

Post by Frank van » Sun, 29 Apr 2007 06:14:32

But how can I find out who is using a null-pointer?


bsod (irq_not_less_or_equal)

Post by Gary G. Li » Sun, 29 Apr 2007 06:40:47

Step back into the call stack and analyze what's happening.

The personal opinion of
Gary G. Little

bsod (irq_not_less_or_equal)

Post by Frank van » Wed, 02 May 2007 16:47:25

As you can see in my first post, the call stack only contains os kernel calls.
Does this mean the os is using a null pointer???

bsod (irq_not_less_or_equal)

Post by Don Bur » Wed, 02 May 2007 21:26:26

No, it most likely means that something cleared the wrong memory, and the
OS is now trying to use it.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam to reply

bsod (irq_not_less_or_equal)

Post by Frank van » Wed, 02 May 2007 22:16:17

Do you know any methods to detect who did this illegal action? The system is too
far with shutting down to write a minidump file.

bsod (irq_not_less_or_equal)

Post by Gary G. Li » Wed, 02 May 2007 22:27:55

How old is the WinDbg you are using? If the latest, did you run the .cxr
command that is dumped as part of !analyze? If not the latest, may I suggest
an upgrade?

The personal opinion of
Gary G. Little

bsod (irq_not_less_or_equal)

Post by Frank van » Wed, 02 May 2007 23:06:18

I am using the one of the latest versions ( and I will have a look at
it. Thank you.