Hi,
I have WDFTIMER for implementation I/O request Timeout.
It calls function:
VOID SerialReadTimeout( IN WDFTIMER Timer)
{
PFDO_DATA DevExt = ddFdoGetData(WdfTimerGetParentObject(Timer));
WDFREQUEST NextQueuerequest ;
NTSTATUS status = STATUS_SUCCESS;
if (STATUS_SUCCESS == WdfIoQueueRetrieveNextRequest(DevExt->ReadQueue, &NextQueuerequest))
{
if (NextQueuerequest != NULL)
{
WdfRequestComplete(NextQueuerequest, status);
}
}
}
if its called from timer cb, it sometimes (1 per 1000) calls crashed on the WdfRequestComplete
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001e, Type of memory safety violation
Arg2: fffff804630f72f0, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff804630f7248, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 0
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 0
BUGCHECK_P1: 1e
BUGCHECK_P2: fffff804630f72f0
BUGCHECK_P3: fffff804630f7248
BUGCHECK_P4: 0
TRAP_FRAME: fffff804630f72f0 – (.trap 0xfffff804630f72f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff830a4b5a0040 rbx=0000000000000000 rcx=000000000000001e
rdx=fffff80460200000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff804603fc096 rsp=fffff804630f7480 rbp=fffff804630f7500
r8=8000000000000000 r9=0000000000000000 r10=fffff8045b881100
r11=ffff830a4b691080 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
nt!KiDeferredReadyThread+0x1b32e6:
fffff804`603fc096 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff804630f7248 – (.exr 0xfffff804630f7248)
ExceptionAddress: fffff804603fc096 (nt!KiDeferredReadyThread+0x00000000001b32e6)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000001e
Subcode: 0x1e FAST_FAIL_INVALID_NEXT_THREAD
CPU_COUNT: 2
CPU_MHZ: b79
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: 9
CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 1’00000000 (cache) 1’00000000 (init)
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_NEXT_THREAD
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 000000000000001e
ANALYSIS_SESSION_HOST: DESKTOP-FMGRFN0
ANALYSIS_SESSION_TIME: 01-22-2020 21:43:01.0115
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
LAST_CONTROL_TRANSFER: from fffff804604a9422 to fffff804603c90b0
STACK_TEXT:
fffff804630f6828 fffff804
604a9422 : 000000000000001e 00000000
00000003 fffff804630f6990 fffff804
6031db20 : nt!DbgBreakPointWithStatus
fffff804630f6830 fffff804
604a8b12 : 0000000000000003 fffff804
630f6990 fffff804603d5960 00000000
00000139 : nt!KiBugCheckDebugBreak+0x12
fffff804630f6890 fffff804
603c1327 : ffff830a4bcd1000 00000000
00000000 ffff830a4b691080 00000000
00000000 : nt!KeBugCheck2+0x952
fffff804630f6f90 fffff804
603d30e9 : 0000000000000139 00000000
0000001e fffff804630f72f0 fffff804
630f7248 : nt!KeBugCheckEx+0x107
fffff804630f6fd0 fffff804
603d3510 : 0000000000000401 fffff804
630f7398 0000000000000001 00000000
00000000 : nt!KiBugCheckDispatch+0x69
fffff804630f7110 fffff804
603d18a5 : 010800000001000e 00000000
00000000 fffff804630f7370 00000000
c0010000 : nt!KiFastFailDispatch+0xd0
fffff804630f72f0 fffff804
603fc096 : ffff2f436698b0a6 00000000
00000000 0000000200010000 fffff804
630f7850 : nt!KiRaiseSecurityCheckFailure+0x325
fffff804630f7480 fffff804
60248c93 : fffff8045b881180 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiDeferredReadyThread+0x1b32e6
fffff804630f7540 fffff804
60248a75 : ffff830a4b6911f0 00000000
00000000 0000000000000002 00000000
00000000 : nt!KiReadyThread+0x33
fffff804630f7570 fffff804
60247b9b : ffff830a531859e0 fffff804
6025d144 ffff830a4b691080 fffff804
630f76e0 : nt!KiExitDispatcher+0x105
fffff804630f75d0 fffff804
60247667 : 0000000000000000 00000000
00000000 0000000000000001 00000000
00000000 : nt!IopfCompleteRequest+0x51b
fffff804630f76e0 fffff804
61c983f8 : 0000000000000000 ffff830a
4ecf38e0 0000000000000002 fffff804
61c9a4c0 : nt!IofCompleteRequest+0x17
fffff804630f7710 fffff804
61c97ecb : fffff80460791402 00000000
00000000 ffff830a52e6e5c0 00000000
00000000 : Wdf01000!FxRequest::CompleteInternal+0x228 [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869]
fffff804630f77a0 fffff802
bd5e2545 : 00007cf5b1745708 ffff830a
4ecf38e0 0000000000000000 ffff830a
4e8baa28 : Wdf01000!imp_WdfRequestComplete+0x8b [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 436]
fffff804630f7800 fffff802
bd5e3339 : 00007cf5b130c718 fffff804
00000000 0000000000000001 00000000
00000000 : dd_device!WdfRequestComplete+0x45 [c:\program files (x86)\windows kits\10\include\wdf\kmdf\1.25\wdfrequest.h @ 1025]
fffff804630f7840 fffff804
61c9200e : 00007cf5b1745708 00000000
00000000 ffff907ff5474c41 fffff804
630f78c8 : dd_device!SerialReadTimeout+0x79 [c:\users\user\projects\dd_drivers\dd_device\uart_utils.c @ 23]
fffff804630f7890 fffff804
602682ba : fffff804630f7989 fffff804
61c91f50 fffff80461c91f50 fffff804
630f7be0 : Wdf01000!FxTimer::_FxTimerExtCallbackThunk+0xbe [minkernel\wdf\framework\shared\core\fxtimer.cpp @ 440]
fffff804630f78e0 fffff804
602688c3 : fffff804630f7a28 ffff830a
52c1ecf8 fffff804630f7a28 00000000
00000002 : nt!KiExpireTimer2+0x3ea
fffff804630f79f0 fffff804
6026a9b7 : 0000000000000006 00000000
00369e99 fffff804630f7bb0 00000000
00000089 : nt!KiTimer2Expiration+0x163
fffff804630f7ab0 fffff804
603c4d64 : 0000000000000000 fffff804
5b881180 fffff80460791400 ffff830a
4b68a080 : nt!KiRetireDpcList+0x6c7
fffff804630f7ce0 00000000
00000000 : fffff804630f8000 fffff804
630f2000 0000000000000000 00000000
00000000 : nt!KiIdleLoop+0x84
THREAD_SHA1_HASH_MOD_FUNC: 97a1cac6bfb93e6ecc382435ef8e0b89865851f2
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 72f51d27dd57d6004b2d3876986cd6ec5c5b22ab
THREAD_SHA1_HASH_MOD: daca4372dfa0a4b50d09a31b77c61c429821638c
FOLLOWUP_IP:
dd_device!WdfRequestComplete+45 [c:\program files (x86)\windows kits\10\include\wdf\kmdf\1.25\wdfrequest.h @ 1025]
fffff802`bd5e2545 4883c438 add rsp,38h
FAULT_INSTR_CODE: 38c48348
FAULTING_SOURCE_LINE: c:\program files (x86)\windows kits\10\include\wdf\kmdf\1.25\wdfrequest.h
FAULTING_SOURCE_FILE: c:\program files (x86)\windows kits\10\include\wdf\kmdf\1.25\wdfrequest.h
FAULTING_SOURCE_LINE_NUMBER: 1025
FAULTING_SOURCE_CODE:
1021: NTSTATUS Status
1022: )
1023: {
1024: ((PFN_WDFREQUESTCOMPLETE) WdfFunctions[WdfRequestCompleteTableIndex])(WdfDriverGlobals, Request, Status);
1025: }
1026:
1027: //
1028: // WDF Function: WdfRequestCompleteWithPriorityBoost
1029: //
1030: typedef
SYMBOL_STACK_INDEX: e
SYMBOL_NAME: dd_device!WdfRequestComplete+45
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dd_device
IMAGE_NAME: dd_device.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5e28b361
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 45
FAILURE_BUCKET_ID: 0x139_1e_INVALID_NEXT_THREAD_dd_device!WdfRequestComplete
BUCKET_ID: 0x139_1e_INVALID_NEXT_THREAD_dd_device!WdfRequestComplete
PRIMARY_PROBLEM_CLASS: 0x139_1e_INVALID_NEXT_THREAD_dd_device!WdfRequestComplete
TARGET_TIME: 2020-01-22T19:42:39.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 2c18
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_1e_invalid_next_thread_dd_device!wdfrequestcomplete
FAILURE_ID_HASH: {5af8c457-6a1c-8c86-1972-e17b6b6cf98b}
Followup: MachineOwner