Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Monthly Seminars at OSR Headquarters

East Coast USA
Windows Internals and SW Drivers, Dulles (Sterling) VA, 13 November 2017

Kernel Debugging & Crash Analysis for Windows, Nashua (Amherst) NH, 4 December 2017

Writing WDF Drivers I: Core Concepts, Nashua (Amherst) NH, 8 January 2018

WDF Drivers II: Advanced Implementation Techniques, Nashua (Amherst) NH, 15 January 2018


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 4  
13 Nov 17 01:46
thanh dang
xxxxxx@gmail.com
Join Date: 01 Oct 2014
Posts To This List: 18
Windwos 10 RS3 UCM Bug

Hi, I'm upgrade to Windows 10 x64 RS3 and got BSOD from one of my old driver. Analyzing the memory dump point out that driver UCMCx.sys caused the BSOD when create UCM Connecter. The UCM Initialization was follow guideline on MSDN here: https://msdn.microsoft.com/en-us/library/windows/hardware/mt187909(v=vs.85).aspx. This issue not occurs on Windows 10 x64 RS2. Below is snippet from memory dump analyze: The test driver was named UCM_Test. 1: kd> kb Call Site nt!KeBugCheckEx nt!PspSystemThreadStartup$filt$0+0x44 nt!_C_specific_handler+0x9f nt!RtlpExecuteHandlerForException+0xd nt!RtlDispatchException+0x430 nt!KiDispatchException+0x144 nt!KiExceptionDispatch+0xce nt!KiPageFault+0x217 UcmCx!GetConnectorById+0x22 UcmCx!imp_UcmConnectorCreate+0x15f UCM_Test!UcmConnectorCreate+0x56 [c:\program files (x86)\windows kits\10\include\10.0.15063.0\km\ucm\1.0\ucmmanager.h @ 284] UCM_Test!EvtDevicePrepareHardware+0xb8 [e:\study\ucm_test\ucm_test\device.c @ 201] Wdf01000!FxPnpDevicePrepareHardware::InvokeClient+0x28 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpcallbacks.cpp @ 347] Wdf01000!FxPrePostCallback::InvokeStateful+0x5a [minkernel\wdf\framework\shared\irphandlers\pnp\cxpnppowercallbacks.cpp @ 467] Wdf01000!FxPnpDevicePrepareHardware::Invoke+0x17 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpcallbacks.cpp @ 321] Wdf01000!FxPkgPnp::PnpPrepareHardware+0xdf [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 3599] Wdf01000!FxPkgPnp::PnpEventHardwareAvailable+0x7a [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1399] Wdf01000!FxPkgPnp::PnpEnterNewState+0xc9 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1234] Wdf01000!FxPkgPnp::PnpProcessEventInner+0x1a1 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 1150] Wdf01000!FxPkgPnp::_PnpProcessEventInner+0x58 [minkernel\wdf\framework\shared\irphandlers\pnp\pnpstatemachine.cpp @ 981] Wdf01000!FxEventQueue::EventQueueWorker+0x83 [minkernel\wdf\framework\shared\irphandlers\pnp\eventqueue.cpp @ 277] Wdf01000!FxWorkItemEventQueue::_WorkItemCallback+0x9f [minkernel\wdf\framework\shared\irphandlers\pnp\km\eventqueuekm.cpp @ 110] nt!IopProcessWorkItem+0xfb nt!ExpWorkerThread+0xf5 nt!PspSystemThreadStartup+0x47 nt!KiStartSystemThread+0x16 Please support. Any thought would be appreciated.
  Message 2 of 4  
13 Nov 17 15:10
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11654
Windwos 10 RS3 UCM Bug

On 11/12/2017 11:45 PM, xxxxx@gmail.com wrote: > Hi, I'm upgrade to Windows 10 x64 RS3 and got BSOD from one of my old driver. Analyzing the memory dump point out that driver UCMCx.sys caused the BSOD when create UCM Connecter. The UCM Initialization was follow guideline on MSDN here: https://msdn.microsoft.com/en-us/library/windows/hardware/mt187909(v=vs.85).aspx. This issue not occurs on Windows 10 x64 RS2. You're calling this a UCM bug, but the crash happened when you call UcmConnectorCreate.  You should triple-check to make sure all the parameters you are passing to UcmConnectorCreate are correct, and check the documentation to make sure nothing changed in that area. -- Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
  Message 3 of 4  
14 Nov 17 03:20
thanh dang
xxxxxx@gmail.com
Join Date: 01 Oct 2014
Posts To This List: 18
Windwos 10 RS3 UCM Bug

Thanks Tim for your reply. I do some other experiment and seem like the error was because the UcmCx.sys cannot be unloaded properly. ================ 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce) A driver unloaded without cancelling timers, DPCs, worker threads, etc. The broken driver's name is displayed on the screen and saved in KiBugCheckDriver. Arguments: Arg1: fffff8004bced4b0, memory referenced Arg2: 0000000000000010, value 0 = read operation, 1 = write operation Arg3: fffff8004bced4b0, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000000, Mm internal code. TRAP_FRAME: ffff810d4eb48600 -- (.trap 0xffff810d4eb48600) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff8004bced4b0 rbx=0000000000000000 rcx=ffffd88eabc03318 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8004bced4b0 rsp=ffff810d4eb48798 rbp=ffff810d4eb48819 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc <Unloaded_UcmCx.sys>+0x1d4b0: fffff800`4bced4b0 ?? ??? Resetting default scope IP_MODULE_UNLOADED: UcmCx.sys+1d4b0 fffff800`4bced4b0 ?? ??? LAST_CONTROL_TRANSFER: from fffff80046639d95 to fffff800465f27d0 STACK_TEXT: ffff810d`4eb48378 fffff800`46639d95 : 00000000`00000050 fffff800`4bced4b0 00000000`00000010 ffff810d`4eb48600 : nt!KeBugCheckEx ffff810d`4eb48380 fffff800`4651ba97 : 00000000`00000010 fffff800`4bced4b0 ffff810d`4eb48600 ffff810d`4eb48520 : nt!MiSystemFault+0x100e85 ffff810d`4eb48420 fffff800`465fc372 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`465139f6 : nt!MmAccessFault+0xae7 ffff810d`4eb48600 fffff800`4bced4b0 : fffff800`469c9b3e 00000000`00000000 00000000`00000009 ffffc288`982115c0 : nt!KiPageFault+0x132 ffff810d`4eb48798 fffff800`469c9b3e : 00000000`00000000 00000000`00000009 ffffc288`982115c0 00000000`00000090 : <Unloaded_UcmCx.sys>+0x1d4b0 ffff810d`4eb487a0 fffff800`469c98f5 : ffffd88e`abc032e0 ffffc288`928cbe70 ffffd88e`abc032e0 ffffc288`928cbe70 : nt!EtwpSendDataBlock+0xfa ffff810d`4eb48880 fffff800`469c94a5 : fffff780`00000380 fffff780`00000380 ffffc288`928cbe70 ffffc288`926b1000 : nt!EtwpClearSessionAndUnreferenceEntry+0x2a9 ffff810d`4eb48950 fffff800`469cdd24 : 00000000`00000000 ffffc288`99c39040 ffffc288`926b1000 01d35cf5`27a297a3 : nt!EtwpDisableTraceProviders+0x71 ffff810d`4eb489a0 fffff800`469cd67f : ffffc288`99c39040 ffffc288`926b1000 ffff810d`4eb48a60 00000000`00000019 : nt!EtwpStopLoggerInstance+0x4c ffff810d`4eb489d0 fffff800`46bce872 : 00000000`00000019 ffffc288`926b1000 ffffc288`926f9d00 ffffc288`99c39040 : nt!EtwpStopTrace+0xff ffff810d`4eb48a40 fffff800`468b6a61 : ffffc288`9ac0d700 fffff800`468b6870 ffffc288`926f9d20 fffff800`467edf20 : nt!EtwShutdown+0x122 ffff810d`4eb48b40 fffff800`464e9645 : ffffc288`926f9d20 ffffc288`926f9d00 ffffc288`926f9d00 ffffc288`926f9d20 : nt!PopGracefulShutdown+0x1f1 ffff810d`4eb48b80 fffff800`465723a7 : ffffc288`9ac06640 00000000`00000080 ffffc288`926b8480 ffffc288`9ac0d700 : nt!ExpWorkerThread+0xf5 ffff810d`4eb48c10 fffff800`465f7d66 : fffff800`456a7180 ffffc288`9ac0d700 fffff800`46572360 00000000`00000000 : nt!PspSystemThreadStartup+0x47 ffff810d`4eb48c60 00000000`00000000 : ffff810d`4eb49000 ffff810d`4eb43000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 ============================ I test with a very simple driver which only call UcmInitializeDevice and UcmConnectorCreate with corresponding WdfObjectDelete to release the connector. Everythings work fine until I restart the test machine and bugcheck occurs. My question is, is there any other way to release/uninitialized UCM module? I only call WdfObjectDelete on Release HW and it work fine on RS2. Please advice. Many thanks!
  Message 4 of 4  
14 Nov 17 10:48
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11654
Windwos 10 RS3 UCM Bug

On Nov 14, 2017, at 12:19 AM, xxxxx@gmail.com <xxxxx@lists.osr.com> wrote: > > Thanks Tim for your reply. > I do some other experiment and seem like the error was because the UcmCx.sys cannot be unloaded properly. This is an entirely different crash dump from the one you posted first. > I test with a very simple driver which only call UcmInitializeDevice and UcmConnectorCreate with corresponding WdfObjectDelete to release the connector. > Everythings work fine until I restart the test machine and bugcheck occurs. Of course. Did you read the documentation? The parent object is WdfDevice. You can set the ParentObject member of WDF_OBJECT_ATTRIBUTES <https://msdn.microsoft.com/en-us/library/windows/hardware/ff552400(v=vs.85).aspx > to NULL or the WDFDEVICE handle. The connector object gets deleted when the parent WDFDEVICE object gets deleted. YOU do not call WdfObjectDelete. It will be done automatically. ??? Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc. --
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 00:36.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license