Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars

Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 3  
17 Jul 17 14:49
ntdev member 168611
Join Date:
Posts To This List: 38
bug check in wdf01000.sys

Hello, I developed and installed a KMDF driver for a PCIe FPGA. O.S: Win7-64 Upon trying to write a HW register with IOCTL from application I got a blue screen. Can you please help: How can a bug in my driver can cause a crash in wdf01000.sys ? Thank you, Zvika Following are the details: Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [D:\module\FIO\071717-46691-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\MySymbols* Executable search path is: C:\Windows\System32 Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.23796.amd64fre.win7sp1_ldr.170427-1518 Machine Name: Kernel base = 0xfffff800`0300b000 PsLoadedModuleList = 0xfffff800`0324d730 Debug session time: Mon Jul 17 16:44:40.768 2017 (UTC + 3:00) System Uptime: 0 days 0:06:40.672 Loading Kernel Symbols ............................................................... ................................................................ ................................................ Loading User Symbols Loading unloaded module list .......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff88000e5188d, fffff880035a82f8, fffff880035a7b50} Probably caused by : Wdf01000.sys ( Wdf01000!FxRequest::CompleteInternal+21 ) Followup: MachineOwner --------- 7: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff88000e5188d, The address that the exception occurred at Arg3: fffff880035a82f8, Exception Record Address Arg4: fffff880035a7b50, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: Wdf01000!FxRequest::CompleteInternal+21 fffff880`00e5188d 498b9db8000000 mov rbx,qword ptr [r13+0B8h] EXCEPTION_RECORD: fffff880035a82f8 -- (.exr 0xfffff880035a82f8) ExceptionAddress: fffff88000e5188d (Wdf01000!FxRequest::CompleteInternal+0x0000000000000021) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000000000b8 Attempt to read from address 00000000000000b8 CONTEXT: fffff880035a7b50 -- (.cxr 0xfffff880035a7b50) rax=0000000000000000 rbx=fffffa800b4c4b60 rcx=fffffa800b4c4b60 rdx=0000000000000000 rsi=0000000000000000 rdi=fffffa8009b4fa20 rip=fffff88000e5188d rsp=fffff880035a8530 rbp=0000000000000000 r8=0000000000000000 r9=fffff880051e40f0 r10=fffffa8009b4fba0 r11=fffffa800b4c4b50 r12=0000057ff4b3b498 r13=0000000000000000 r14=0000000000000000 r15=fffffa8009b8d8f0 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 Wdf01000!FxRequest::CompleteInternal+0x21: fffff880`00e5188d 498b9db8000000 mov rbx,qword ptr [r13+0B8h] ds:002b:00000000`000000b8=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 00000000000000b8 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b7100 00000000000000b8 FOLLOWUP_IP: Wdf01000!FxRequest::CompleteInternal+21 fffff880`00e5188d 498b9db8000000 mov rbx,qword ptr [r13+0B8h] BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88000e5188d STACK_TEXT: fffff880`035a8530 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Wdf01000!FxRequest::CompleteInternal+0x21 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: Wdf01000!FxRequest::CompleteInternal+21 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Wdf01000 IMAGE_NAME: Wdf01000.sys DEBUG_FLR_IMAGE_TIMESTAMP: 51c55683 STACK_COMMAND: .cxr 0xfffff880035a7b50 ; kb FAILURE_BUCKET_ID: X64_0x7E_Wdf01000!FxRequest::CompleteInternal+21 BUCKET_ID: X64_0x7E_Wdf01000!FxRequest::CompleteInternal+21 Followup: MachineOwner ---------
  Message 2 of 3  
17 Jul 17 19:43
Pavel A
Join Date: 21 Jul 2008
Posts To This List: 2422
bug check in wdf01000.sys

> Can you please help: How can a bug in my driver can cause a crash in wdf01000.sys ? Very simple. Your driver can pass invalid pointer to KMDF and it will dereference it. Or invalid structure/array size. Really, consider my previous advice. -- pa
  Message 3 of 3  
18 Jul 17 02:47
ntdev member 168611
Join Date:
Posts To This List: 38
bug check in wdf01000.sys

Hi Pavel, The cause to the crash: After calling WdfRequestCompleteWithInformation at the end of the IOCTL message handler I called also to WdfRequestComplete by mistake. Thank you, Zvika
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 23:41.

Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license