A computer that is running Windows 7 or Windows Server 2008 R2 crashes when an application sends an I/O request to a USB-connected CD drive


Symptoms


Consider the following scenario:
  • You have a computer that is running Windows 7 or Windows Server 2008 R2. 
  • A CD drive is connected to the computer through a USB port.
  • An application sends an IOCTL_SCSI_PASS_THROUGH_DIRECT I/O request to the CD drive.
In this scenario, the computer crashes. Additionally, you may receive a Stop error message on a blue screen. This Stop error message resembles the following: STOP 0x000000D1, (parameter1. parameter2, parameter3, parameter4)

Cause


This issue occurs because the system kernel-mode driver accesses the data buffer by unexpectedly using a user-mode address.

When a user-mode application issues the IOCTL_SCSI_PASS_THROUGH_DIRECT I/O request to a USB-connected CD drive, the Mode Sense (6) command is sent to the CD drive. Then, there is a conversion from the Mode Sense (6) command to the Mode Sense (10) command. When this I/O request is completed by the CD drive, a conversion from the Mode Sense (10) command to the Mode Sense (6) command occurs. During this conversion process, the system kernel-mode driver accesses the data buffer by using a user-mode address. Therefore, the computer crashes.

Resolution


This problem is planned to be fixed in the next service pack.

More Information


For information on the same problem on Windows Vista or Windows Server 2008, see the following KB:
http://support.microsoft.com/kb/974711/en-us

For more information about the IOCTL_SCSI_PASS_THROUGH_DIRECT request, visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/ff560521.aspx 

For more information about the Mode Sense command, visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/dd424451.aspx