WdfObjectDereference and Cancellation
in [Device Drivers]
|
From: 泛若不繫舟 on 17 Apr 2008 10:36 Hi all, I got a strange problem when handling cancel/compete. My driver is a bus driver and some vendor's driver is child. First, I install a cancel routine for the request. WdfObjectReference(Request); WdfRequestMarkCancelable(Request, __XferHWProcessingRequestCancel); VOID __XferHWProcessingRequestCancel( IN WDFREQUEST Request ) { //try to stop hardware ... etc. //Cancel request here WdfRequestComplete(Request, STATUS_CANCELLED); } In my cleanup routine, I check the request's status and make sure this request had been canceled. Then I WdfObjectDereference this request and get bugcheck. Before bugcheck, I found the vendor's driver always send the same request handle to my driver. My driver handle the URB inside the request. Is it my fault or something wrong? ^_^a Thanks in advance for any comment or sugguestion. ^_^ Ziv ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 806d7029, The address that the exception occurred at Arg3: 82bab608, Exception Record Address Arg4: 82bab304, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" FAULTING_IP: Wdf01000!FxDevice::FreeRequestMemory+3c 806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 EXCEPTION_RECORD: 82bab608 -- (.exr 0xffffffff82bab608) ExceptionAddress: 806d7029 (Wdf01000!FxDevice::FreeRequestMemory +0x0000003c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 0000009a Attempt to read from address 0000009a CONTEXT: 82bab304 -- (.cxr 0xffffffff82bab304) eax=00000000 ebx=869cb464 ecx=86a72540 edx=00000000 esi=8070c394 edi=86a72540 eip=806d7029 esp=82bab6d0 ebp=82bab6d8 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 Wdf01000!FxDevice::FreeRequestMemory+0x3c: 806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 ds: 0023:0000009a=?? Resetting default scope PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" READ_ADDRESS: 0000009a BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from 806cf461 to 806d7029 STACK_TEXT: 82bab6d8 806cf461 86b94c38 86b94c38 86b94c38 Wdf01000! FxDevice::FreeRequestMemory+0x3c 82bab6e8 806d48ea 00000000 00000000 00000000 Wdf01000! FxRequestFromLookaside::SelfDestruct+0x16 82bab700 806cef06 79634ba8 869cb490 82bab728 Wdf01000! FxObject::ProcessDestroy+0x9f 82bab710 806d03d6 00000000 00000065 00000000 Wdf01000!FxObject::Release +0x10c 82bab728 806bc275 00000000 00000065 97a783b0 Wdf01000! FxRequest::Release+0x26 82bab744 97a6ada2 86698df8 86b94c38 00000000 Wdf01000! imp_WdfObjectDereferenceActual+0x3c 82bab760 97a6ced4 7946b3c0 00000000 00000065 rtkwhci! WdfObjectDereferenceActual+0x22 [c:\winddk\6001.17051\inc\wdf\kmdf \1.7\wdfobject.h @ 522] 82bab7b0 806cea2c 79634ba8 869cb450 869cb464 rtkwhci! __WusbEpCleanupCallbak+0x224 [d:\project\wdf\whci\build\wusb_ep.c @ 103] 82bab7c0 806d5174 8070c2bc 869cb450 00000004 Wdf01000! FxObject::CallCleanup+0x38 82bab7d8 806d4c67 00000005 bab84c00 00000000 Wdf01000! FxObject::DisposeChildrenWorker+0x144 82bab7f8 806d4e18 bab84c00 00000000 869cb450 Wdf01000! FxObject::PerformDisposingDisposeChildrenLocked+0xa6 82bab80c 806d5020 bab84c00 00000000 86b922cc Wdf01000! FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 82bab834 806d5158 8070c2bc 86b922b8 00000004 Wdf01000! FxObject::PerformEarlyDispose+0xdf 82bab84c 806d4c67 00000005 bab8c000 00000000 Wdf01000! FxObject::DisposeChildrenWorker+0x128 82bab86c 806d4e18 bab8c000 00000000 86b922b8 Wdf01000! FxObject::PerformDisposingDisposeChildrenLocked+0xa6 82bab880 806d5020 bab8c000 00000000 86b87ae4 Wdf01000! FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 82bab8a8 806d5158 8070c2bc 86b87ad0 00000004 Wdf01000! FxObject::PerformEarlyDispose+0xdf 82bab8c0 806d4c67 00000005 bab93400 00000000 Wdf01000! FxObject::DisposeChildrenWorker+0x128 82bab8e0 806d4e18 bab93400 00000000 86b87ad0 Wdf01000! FxObject::PerformDisposingDisposeChildrenLocked+0xa6 82bab8f4 806d5020 bab93400 00000000 86b5021c Wdf01000! FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 82bab91c 806d5158 8070c2bc 86b50208 00000004 Wdf01000! FxObject::PerformEarlyDispose+0xdf 82bab934 806d4c67 00000005 86b50200 00000001 Wdf01000! FxObject::DisposeChildrenWorker+0x128 82bab954 806d4e18 86b50200 00000001 86b50208 Wdf01000! FxObject::PerformDisposingDisposeChildrenLocked+0xa6 82bab968 806d4f33 86b50200 00000001 00000000 Wdf01000! FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 82bab98c 806f48f9 00000008 86b46880 806f3387 Wdf01000! FxObject::EarlyDispose+0x111 82bab998 806f3387 806f4551 82bab9cc 806f4fec Wdf01000! FxPkgPnp::PnpEventRemovedCommonCode+0xd7 82bab99c 806f4551 82bab9cc 806f4fec 86b46880 Wdf01000! FxPkgFdo::PnpEventFdoRemovedOverload+0x5 82bab9a4 806f4fec 86b46880 8070e380 86b46880 Wdf01000! FxPkgPnp::PnpEventFdoRemoved+0xd 82bab9cc 806f5d40 00000117 86b46920 86b46880 Wdf01000! FxPkgPnp::PnpEnterNewState+0x15c 82bab9f4 806f606d 82baba0c 00000000 86b46880 Wdf01000! FxPkgPnp::PnpProcessEventInner+0x1f5 82baba1c 806ee774 00000200 86b46880 8070d8a0 Wdf01000! FxPkgPnp::PnpProcessEvent+0x1cf 82baba44 806edb83 86b46880 82baba64 96060f20 Wdf01000! FxPkgPnp::_PnpRemoveDevice+0x69 82baba68 806d7665 96060f20 82baba90 806d786a Wdf01000! FxPkgPnp::Dispatch+0x2a6 82baba74 806d786a 86b4cd60 96060f20 96060f20 Wdf01000! FxDevice::Dispatch+0x7f 82baba90 81ace681 86b4cd60 96060f20 86b89820 Wdf01000! FxDevice::DispatchWithLock+0x5d 82babab4 81827e86 89f335a5 86b89950 86b4cd60 nt!IovCallDriver+0x252 82babac8 89f335a5 86b89950 82babaf0 89f33a0e nt!IofCallDriver+0x1b WARNING: Stack unwind information not available. Following frames may be wrong. 82babad4 89f33a0e 86b89898 96060f20 96060f20 pnpfiltr+0x5a5 82babaf0 89f355ff 86b89898 96060f20 96060f20 pnpfiltr+0xa0e 82babb08 81ace681 86b89898 96060f20 96060ffc pnpfiltr+0x25ff 82babb2c 81827e86 819af4a9 82babbcc 86b89898 nt!IovCallDriver+0x252 82babb40 819af4a9 86b45948 86b44b58 86b45948 nt!IofCallDriver+0x1b 82babb74 819af70f 86b45948 82babba8 00000000 nt!IopSynchronousCall +0xce 82babbd0 81806561 86b45948 00000002 9d8d9bf8 nt!IopRemoveDevice+0xd5 82babbfc 819a5ced 00000000 9d8d9bf8 00000000 nt! PnpRemoveLockedDeviceNode+0x172 82babc14 819a5f67 00000000 00000000 00000000 nt! PnpDeleteLockedDeviceNode+0x2b 82babc44 819aa8d8 85471700 9d8d9bf8 00000002 nt! PnpDeleteLockedDeviceNodes+0x4c 82babd04 819aac2b 82babd34 00000000 94f76588 nt! PnpProcessQueryRemoveAndEject+0x8ac 82babd1c 819a9793 00000000 818fde3c 846ff580 nt! PnpProcessTargetDeviceEvent+0x38 82babd44 81878e18 86b13aa8 00000000 846ff580 nt!PnpDeviceEventWorker +0x201 82babd7c 81a254a8 86b13aa8 82ba0680 00000000 nt!ExpWorkerThread+0xfd 82babdc0 8189145e 81878d1b 00000001 00000000 nt!PspSystemThreadStartup +0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 FOLLOWUP_IP: rtkwhci!WdfObjectDereferenceActual+22 [c:\winddk\6001.17051\inc\wdf \kmdf\1.7\wdfobject.h @ 522] 97a6ada2 5d pop ebp FAULTING_SOURCE_CODE: 518: PCHAR File 519: ) 520: { 521: ((PFN_WDFOBJECTDEREFERENCEACTUAL) WdfFunctions[WdfObjectDereferenceActualTableIndex])(WdfDriverGlobals, Handle, Tag, Line, File); > 522: } 523: 524: // 525: // WDF Function: WdfObjectCreate 526: // 527: typedef SYMBOL_STACK_INDEX: 6 SYMBOL_NAME: rtkwhci!WdfObjectDereferenceActual+22
From: Doron Holan [MSFT] on 17 Apr 2008 15:05 i think you are dereferencing too many times. your dereference should not go down the path that is shown in the bugcheck b/c that means the last reference is going away. d -- Please do not send e-mail directly to this alias. this alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. "泛若不繫舟" <ZivHuang(a)gmail.com> wrote in message news:20f80a2c-1e61-456c-81a9-2e6d7417df0d(a)2g2000hsn.googlegroups.com... > Hi all, > > I got a strange problem when handling cancel/compete. > My driver is a bus driver and some vendor's driver is child. > > First, I install a cancel routine for the request. > > WdfObjectReference(Request); > WdfRequestMarkCancelable(Request, __XferHWProcessingRequestCancel); > > > VOID > __XferHWProcessingRequestCancel( > IN WDFREQUEST Request > ) > { > //try to stop hardware ... etc. > //Cancel request here > WdfRequestComplete(Request, STATUS_CANCELLED); > } > > > In my cleanup routine, I check the request's status and make sure this > request had been canceled. Then I WdfObjectDereference this request > and get bugcheck. > > Before bugcheck, I found the vendor's driver always send the same > request handle to my driver. My driver handle the URB inside the > request. > > Is it my fault or something wrong? ^_^a > > Thanks in advance for any comment or sugguestion. ^_^ > > Ziv > > ******************************************************************************* > * > * > * Bugcheck > Analysis * > * > * > ******************************************************************************* > > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) > This is a very common bugcheck. Usually the exception address > pinpoints > the driver/function that caused the problem. Always note this address > as well as the link date of the driver/image that contains this > address. > Arguments: > Arg1: c0000005, The exception code that was not handled > Arg2: 806d7029, The address that the exception occurred at > Arg3: 82bab608, Exception Record Address > Arg4: 82bab304, Context Record Address > > Debugging Details: > ------------------ > > > > > > > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" > > FAULTING_IP: > Wdf01000!FxDevice::FreeRequestMemory+3c > 806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 > > EXCEPTION_RECORD: 82bab608 -- (.exr 0xffffffff82bab608) > ExceptionAddress: 806d7029 (Wdf01000!FxDevice::FreeRequestMemory > +0x0000003c) > ExceptionCode: c0000005 (Access violation) > ExceptionFlags: 00000000 > NumberParameters: 2 > Parameter[0]: 00000000 > Parameter[1]: 0000009a > Attempt to read from address 0000009a > > CONTEXT: 82bab304 -- (.cxr 0xffffffff82bab304) > eax=00000000 ebx=869cb464 ecx=86a72540 edx=00000000 esi=8070c394 > edi=86a72540 > eip=806d7029 esp=82bab6d0 ebp=82bab6d8 iopl=0 nv up ei pl zr > na pe nc > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 > efl=00010246 > Wdf01000!FxDevice::FreeRequestMemory+0x3c: > 806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 ds: > 0023:0000009a=?? > Resetting default scope > > PROCESS_NAME: System > > CURRENT_IRQL: 0 > > ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" > > READ_ADDRESS: 0000009a > > BUGCHECK_STR: 0x7E > > DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE > > LAST_CONTROL_TRANSFER: from 806cf461 to 806d7029 > > STACK_TEXT: > 82bab6d8 806cf461 86b94c38 86b94c38 86b94c38 Wdf01000! > FxDevice::FreeRequestMemory+0x3c > 82bab6e8 806d48ea 00000000 00000000 00000000 Wdf01000! > FxRequestFromLookaside::SelfDestruct+0x16 > 82bab700 806cef06 79634ba8 869cb490 82bab728 Wdf01000! > FxObject::ProcessDestroy+0x9f > 82bab710 806d03d6 00000000 00000065 00000000 Wdf01000!FxObject::Release > +0x10c > 82bab728 806bc275 00000000 00000065 97a783b0 Wdf01000! > FxRequest::Release+0x26 > 82bab744 97a6ada2 86698df8 86b94c38 00000000 Wdf01000! > imp_WdfObjectDereferenceActual+0x3c > 82bab760 97a6ced4 7946b3c0 00000000 00000065 rtkwhci! > WdfObjectDereferenceActual+0x22 [c:\winddk\6001.17051\inc\wdf\kmdf > \1.7\wdfobject.h @ 522] > 82bab7b0 806cea2c 79634ba8 869cb450 869cb464 rtkwhci! > __WusbEpCleanupCallbak+0x224 [d:\project\wdf\whci\build\wusb_ep.c @ > 103] > 82bab7c0 806d5174 8070c2bc 869cb450 00000004 Wdf01000! > FxObject::CallCleanup+0x38 > 82bab7d8 806d4c67 00000005 bab84c00 00000000 Wdf01000! > FxObject::DisposeChildrenWorker+0x144 > 82bab7f8 806d4e18 bab84c00 00000000 869cb450 Wdf01000! > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > 82bab80c 806d5020 bab84c00 00000000 86b922cc Wdf01000! > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > 82bab834 806d5158 8070c2bc 86b922b8 00000004 Wdf01000! > FxObject::PerformEarlyDispose+0xdf > 82bab84c 806d4c67 00000005 bab8c000 00000000 Wdf01000! > FxObject::DisposeChildrenWorker+0x128 > 82bab86c 806d4e18 bab8c000 00000000 86b922b8 Wdf01000! > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > 82bab880 806d5020 bab8c000 00000000 86b87ae4 Wdf01000! > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > 82bab8a8 806d5158 8070c2bc 86b87ad0 00000004 Wdf01000! > FxObject::PerformEarlyDispose+0xdf > 82bab8c0 806d4c67 00000005 bab93400 00000000 Wdf01000! > FxObject::DisposeChildrenWorker+0x128 > 82bab8e0 806d4e18 bab93400 00000000 86b87ad0 Wdf01000! > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > 82bab8f4 806d5020 bab93400 00000000 86b5021c Wdf01000! > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > 82bab91c 806d5158 8070c2bc 86b50208 00000004 Wdf01000! > FxObject::PerformEarlyDispose+0xdf > 82bab934 806d4c67 00000005 86b50200 00000001 Wdf01000! > FxObject::DisposeChildrenWorker+0x128 > 82bab954 806d4e18 86b50200 00000001 86b50208 Wdf01000! > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > 82bab968 806d4f33 86b50200 00000001 00000000 Wdf01000! > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > 82bab98c 806f48f9 00000008 86b46880 806f3387 Wdf01000! > FxObject::EarlyDispose+0x111 > 82bab998 806f3387 806f4551 82bab9cc 806f4fec Wdf01000! > FxPkgPnp::PnpEventRemovedCommonCode+0xd7 > 82bab99c 806f4551 82bab9cc 806f4fec 86b46880 Wdf01000! > FxPkgFdo::PnpEventFdoRemovedOverload+0x5 > 82bab9a4 806f4fec 86b46880 8070e380 86b46880 Wdf01000! > FxPkgPnp::PnpEventFdoRemoved+0xd > 82bab9cc 806f5d40 00000117 86b46920 86b46880 Wdf01000! > FxPkgPnp::PnpEnterNewState+0x15c > 82bab9f4 806f606d 82baba0c 00000000 86b46880 Wdf01000! > FxPkgPnp::PnpProcessEventInner+0x1f5 > 82baba1c 806ee774 00000200 86b46880 8070d8a0 Wdf01000! > FxPkgPnp::PnpProcessEvent+0x1cf > 82baba44 806edb83 86b46880 82baba64 96060f20 Wdf01000! > FxPkgPnp::_PnpRemoveDevice+0x69 > 82baba68 806d7665 96060f20 82baba90 806d786a Wdf01000! > FxPkgPnp::Dispatch+0x2a6 > 82baba74 806d786a 86b4cd60 96060f20 96060f20 Wdf01000! > FxDevice::Dispatch+0x7f > 82baba90 81ace681 86b4cd60 96060f20 86b89820 Wdf01000! > FxDevice::DispatchWithLock+0x5d > 82babab4 81827e86 89f335a5 86b89950 86b4cd60 nt!IovCallDriver+0x252 > 82babac8 89f335a5 86b89950 82babaf0 89f33a0e nt!IofCallDriver+0x1b > WARNING: Stack unwind information not available. Following frames may > be wrong. > 82babad4 89f33a0e 86b89898 96060f20 96060f20 pnpfiltr+0x5a5 > 82babaf0 89f355ff 86b89898 96060f20 96060f20 pnpfiltr+0xa0e > 82babb08 81ace681 86b89898 96060f20 96060ffc pnpfiltr+0x25ff > 82babb2c 81827e86 819af4a9 82babbcc 86b89898 nt!IovCallDriver+0x252 > 82babb40 819af4a9 86b45948 86b44b58 86b45948 nt!IofCallDriver+0x1b > 82babb74 819af70f 86b45948 82babba8 00000000 nt!IopSynchronousCall > +0xce > 82babbd0 81806561 86b45948 00000002 9d8d9bf8 nt!IopRemoveDevice+0xd5 > 82babbfc 819a5ced 00000000 9d8d9bf8 00000000 nt! > PnpRemoveLockedDeviceNode+0x172 > 82babc14 819a5f67 00000000 00000000 00000000 nt! > PnpDeleteLockedDeviceNode+0x2b > 82babc44 819aa8d8 85471700 9d8d9bf8 00000002 nt! > PnpDeleteLockedDeviceNodes+0x4c > 82babd04 819aac2b 82babd34 00000000 94f76588 nt! > PnpProcessQueryRemoveAndEject+0x8ac > 82babd1c 819a9793 00000000 818fde3c 846ff580 nt! > PnpProcessTargetDeviceEvent+0x38 > 82babd44 81878e18 86b13aa8 00000000 846ff580 nt!PnpDeviceEventWorker > +0x201 > 82babd7c 81a254a8 86b13aa8 82ba0680 00000000 nt!ExpWorkerThread+0xfd > 82babdc0 8189145e 81878d1b 00000001 00000000 nt!PspSystemThreadStartup > +0x9d > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 > > > FOLLOWUP_IP: > rtkwhci!WdfObjectDereferenceActual+22 [c:\winddk\6001.17051\inc\wdf > \kmdf\1.7\wdfobject.h @ 522] > 97a6ada2 5d pop ebp > > FAULTING_SOURCE_CODE: > 518: PCHAR File > 519: ) > 520: { > 521: ((PFN_WDFOBJECTDEREFERENCEACTUAL) > WdfFunctions[WdfObjectDereferenceActualTableIndex])(WdfDriverGlobals, > Handle, Tag, Line, File); >> 522: } > 523: > 524: // > 525: // WDF Function: WdfObjectCreate > 526: // > 527: typedef > > > SYMBOL_STACK_INDEX: 6 > > SYMBOL_NAME: rtkwhci!WdfObjectDereferenceActual+22 >
From: 泛若不繫舟 on 17 Apr 2008 21:14 Thanks Doron, I checked the reference count, it seems match in my code. I will check it again. Why this driver got bugcheck at FreeRequestMemory instead of imp_WdfObjectDereferenceActual if I dereferenced too many time? ^_^a Thank you. ^_^ Ziv On 4ÔÂ18ÈÕ, ÉÏÎç3r05·Ö, "Doron Holan [MSFT]" <dor...(a)online.microsoft.com> wrote: > i think you are dereferencing too many times. your dereference should not > go down the path that is shown in the bugcheck b/c that means the last > reference is going away. > > d > > -- > Please do not send e-mail directly to this alias. this alias is for > newsgroup purposes only. > This posting is provided "AS IS" with no warranties, and confers no rights.. > > "·ºÈô²»ÀMÖÛ" <ZivHu...(a)gmail.com> wrote in message > > news:20f80a2c-1e61-456c-81a9-2e6d7417df0d(a)2g2000hsn.googlegroups.com... > > > > > Hi all, > > > I got a strange problem when handling cancel/compete. > > My driver is a bus driver and some vendor's driver is child. > > > First, I install a cancel routine for the request. > > > WdfObjectReference(Request); > > WdfRequestMarkCancelable(Request, __XferHWProcessingRequestCancel); > > > VOID > > __XferHWProcessingRequestCancel( > > IN WDFREQUEST Request > > ) > > { > > //try to stop hardware ... etc. > > //Cancel request here > > WdfRequestComplete(Request, STATUS_CANCELLED); > > } > > > In my cleanup routine, I check the request's status and make sure this > > request had been canceled. Then I WdfObjectDereference this request > > and get bugcheck. > > > Before bugcheck, I found the vendor's driver always send the same > > request handle to my driver. My driver handle the URB inside the > > request. > > > Is it my fault or something wrong? ^_^a > > > Thanks in advance for any comment or sugguestion. ^_^ > > > Ziv > > > ***************************************************************************-**** > > * > > * > > * Bugcheck > > Analysis * > > * > > * > > ***************************************************************************-**** > > > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) > > This is a very common bugcheck. Usually the exception address > > pinpoints > > the driver/function that caused the problem. Always note this address > > as well as the link date of the driver/image that contains this > > address. > > Arguments: > > Arg1: c0000005, The exception code that was not handled > > Arg2: 806d7029, The address that the exception occurred at > > Arg3: 82bab608, Exception Record Address > > Arg4: 82bab304, Context Record Address > > > Debugging Details: > > ------------------ > > > EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" > > > FAULTING_IP: > > Wdf01000!FxDevice::FreeRequestMemory+3c > > 806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 > > > EXCEPTION_RECORD: 82bab608 -- (.exr 0xffffffff82bab608) > > ExceptionAddress: 806d7029 (Wdf01000!FxDevice::FreeRequestMemory > > +0x0000003c) > > ExceptionCode: c0000005 (Access violation) > > ExceptionFlags: 00000000 > > NumberParameters: 2 > > Parameter[0]: 00000000 > > Parameter[1]: 0000009a > > Attempt to read from address 0000009a > > > CONTEXT: 82bab304 -- (.cxr 0xffffffff82bab304) > > eax=00000000 ebx=869cb464 ecx=86a72540 edx=00000000 esi=8070c394 > > edi=86a72540 > > eip=806d7029 esp=82bab6d0 ebp=82bab6d8 iopl=0 nv up ei pl zr > > na pe nc > > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 > > efl=00010246 > > Wdf01000!FxDevice::FreeRequestMemory+0x3c: > > 806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 ds: > > 0023:0000009a=?? > > Resetting default scope > > > PROCESS_NAME: System > > > CURRENT_IRQL: 0 > > > ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" > > > READ_ADDRESS: 0000009a > > > BUGCHECK_STR: 0x7E > > > DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE > > > LAST_CONTROL_TRANSFER: from 806cf461 to 806d7029 > > > STACK_TEXT: > > 82bab6d8 806cf461 86b94c38 86b94c38 86b94c38 Wdf01000! > > FxDevice::FreeRequestMemory+0x3c > > 82bab6e8 806d48ea 00000000 00000000 00000000 Wdf01000! > > FxRequestFromLookaside::SelfDestruct+0x16 > > 82bab700 806cef06 79634ba8 869cb490 82bab728 Wdf01000! > > FxObject::ProcessDestroy+0x9f > > 82bab710 806d03d6 00000000 00000065 00000000 Wdf01000!FxObject::Release > > +0x10c > > 82bab728 806bc275 00000000 00000065 97a783b0 Wdf01000! > > FxRequest::Release+0x26 > > 82bab744 97a6ada2 86698df8 86b94c38 00000000 Wdf01000! > > imp_WdfObjectDereferenceActual+0x3c > > 82bab760 97a6ced4 7946b3c0 00000000 00000065 rtkwhci! > > WdfObjectDereferenceActual+0x22 [c:\winddk\6001.17051\inc\wdf\kmdf > > \1.7\wdfobject.h @ 522] > > 82bab7b0 806cea2c 79634ba8 869cb450 869cb464 rtkwhci! > > __WusbEpCleanupCallbak+0x224 [d:\project\wdf\whci\build\wusb_ep.c @ > > 103] > > 82bab7c0 806d5174 8070c2bc 869cb450 00000004 Wdf01000! > > FxObject::CallCleanup+0x38 > > 82bab7d8 806d4c67 00000005 bab84c00 00000000 Wdf01000! > > FxObject::DisposeChildrenWorker+0x144 > > 82bab7f8 806d4e18 bab84c00 00000000 869cb450 Wdf01000! > > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > > 82bab80c 806d5020 bab84c00 00000000 86b922cc Wdf01000! > > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > > 82bab834 806d5158 8070c2bc 86b922b8 00000004 Wdf01000! > > FxObject::PerformEarlyDispose+0xdf > > 82bab84c 806d4c67 00000005 bab8c000 00000000 Wdf01000! > > FxObject::DisposeChildrenWorker+0x128 > > 82bab86c 806d4e18 bab8c000 00000000 86b922b8 Wdf01000! > > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > > 82bab880 806d5020 bab8c000 00000000 86b87ae4 Wdf01000! > > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > > 82bab8a8 806d5158 8070c2bc 86b87ad0 00000004 Wdf01000! > > FxObject::PerformEarlyDispose+0xdf > > 82bab8c0 806d4c67 00000005 bab93400 00000000 Wdf01000! > > FxObject::DisposeChildrenWorker+0x128 > > 82bab8e0 806d4e18 bab93400 00000000 86b87ad0 Wdf01000! > > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > > 82bab8f4 806d5020 bab93400 00000000 86b5021c Wdf01000! > > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > > 82bab91c 806d5158 8070c2bc 86b50208 00000004 Wdf01000! > > FxObject::PerformEarlyDispose+0xdf > > 82bab934 806d4c67 00000005 86b50200 00000001 Wdf01000! > > FxObject::DisposeChildrenWorker+0x128 > > 82bab954 806d4e18 86b50200 00000001 86b50208 Wdf01000! > > FxObject::PerformDisposingDisposeChildrenLocked+0xa6 > > 82bab968 806d4f33 86b50200 00000001 00000000 Wdf01000! > > FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2 > > 82bab98c 806f48f9 00000008 86b46880 806f3387 Wdf01000! > > FxObject::EarlyDispose+0x111 > > 82bab998 806f3387 806f4551 82bab9cc 806f4fec Wdf01000! > > FxPkgPnp::PnpEventRemovedCommonCode+0xd7 > > 82bab99c 806f4551 82bab9cc 806f4fec 86b46880 Wdf01000! > > FxPkgFdo::PnpEventFdoRemovedOverload+0x5 > > 82bab9a4 806f4fec 86b46880 8070e380 86b46880 Wdf01000! > > FxPkgPnp::PnpEventFdoRemoved+0xd > > 82bab9cc 806f5d40 00000117 86b46920 86b46880 Wdf01000! > > FxPkgPnp::PnpEnterNewState+0x15c > > 82bab9f4 806f606d 82baba0c 00000000 86b46880 Wdf01000! > > FxPkgPnp::PnpProcessEventInner+0x1f5 > > 82baba1c 806ee774 00000200 86b46880 8070d8a0 Wdf01000! > > FxPkgPnp::PnpProcessEvent+0x1cf > > 82baba44 806edb83 86b46880 82baba64 96060f20 Wdf01000! > > FxPkgPnp::_PnpRemoveDevice+0x69 > > 82baba68 806d7665 96060f20 82baba90 806d786a Wdf01000! > > FxPkgPnp::Dispatch+0x2a6 > > 82baba74 806d786a 86b4cd60 96060f20 96060f20 Wdf01000! > > FxDevice::Dispatch+0x7f > > 82baba90 81ace681 86b4cd60 96060f20 86b89820 Wdf01000! > > FxDevice::DispatchWithLock+0x5d > > 82babab4 81827e86 89f335a5 86b89950 86b4cd60 nt!IovCallDriver+0x252 > > 82babac8 89f335a5 86b89950 82babaf0 89f33a0e nt!IofCallDriver+0x1b > > WARNING: Stack unwind information not available. Following frames may > > be wrong. > > 82babad4 89f33a0e 86b89898 96060f20 96060f20 pnpfiltr+0x5a5 > > 82babaf0 89f355ff 86b89898 96060f20 96060f20 pnpfiltr+0xa0e > > 82babb08 81ace681 86b89898 96060f20 96060ffc pnpfiltr+0x25ff > > 82babb2c 81827e86 819af4a9 82babbcc 86b89898 nt!IovCallDriver+0x252 > > 82babb40 819af4a9 86b45948 86b44b58 86b45948 nt!IofCallDriver+0x1b > > 82babb74 819af70f 86b45948 82babba8 00000000 nt!IopSynchronousCall > > +0xce > > 82babbd0 81806561 86b45948 00000002 9d8d9bf8 nt!IopRemoveDevice+0xd5 > > 82babbfc 819a5ced 00000000 9d8d9bf8 00000000 nt! > > PnpRemoveLockedDeviceNode+0x172 > > 82babc14 819a5f67 00000000 00000000 00000000 nt! > > PnpDeleteLockedDeviceNode+0x2b > > 82babc44 819aa8d8 85471700 9d8d9bf8 00000002 nt! > > PnpDeleteLockedDeviceNodes+0x4c > > 82babd04 819aac2b 82babd34 00000000 94f76588 nt! > > PnpProcessQueryRemoveAndEject+0x8ac > > 82babd1c 819a9793 00000000 818fde3c 846ff580 nt! > > PnpProcessTargetDeviceEvent+0x38 > > 82babd44 81878e18 86b13aa8 00000000 846ff580 nt!PnpDeviceEventWorker > > +0x201 > > 82babd7c 81a254a8 86b13aa8 82ba0680 00000000 nt!ExpWorkerThread+0xfd > > 82babdc0 8189145e 81878d1b 00000001 00000000 nt!PspSystemThreadStartup > > +0x9d > > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 > > > FOLLOWUP_IP: > > rtkwhci!WdfObjectDereferenceActual+22 [c:\winddk\6001.17051\inc\wdf > > \kmdf\1.7\wdfobject.h @ 522] > > 97a6ada2 5d pop ebp > > > FAULTING_SOURCE_CODE: > > 518: PCHAR File > > 519: ) > > 520: { > > 521: ((PFN_WDFOBJECTDEREFERENCEACTUAL) > > WdfFunctions[WdfObjectDereferenceActualTableIndex])(WdfDriverGlobals, > > Handle, Tag, Line, File); > >> 522: } > > 523: > > 524: // > > 525: // WDF Function: WdfObjectCreate > > 526: // > > 527: typedef > > > SYMBOL_STACK_INDEX: 6 > > > SYMBOL_NAME: rtkwhci!WdfObjectDereferenceActual+22- ë[²Ø±»ÒýÓÃÎÄ×Ö - > > - ï@ʾ±»ÒýÓÃÎÄ×Ö -
|
Pages: 1 Prev: GDI Halftoning, HT_PATSIZE_SUPERCELL Next: USB Audio device inf file |