Hi All,
I am developing a WFP callout driver and got a DPC WatchDog violation BSOD when trying to traverse a list at DISPATCH_LEVEL.
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
DISPATCH_LEVEL or above. The offending component can usually be
identified with a stack trace.
Arg2: 0000000000001e00, The watchdog period.
Arg3: fffff80730d54380, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding the cumulative timeout
Arg4: 0000000000000000
The thread callstack at the time of the BSOD.
THREAD ffffd78808721040 Cid 0004.1efc Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 0
Not impersonating
DeviceMap ffffb18d16a13600
Owning Process ffffd787faa6a300 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 128817 Ticks: 56 (0:00:00:00.875)
Context Switch Count 3694173 IdealProcessor: 1
UserTime 00:00:00.000
KernelTime 00:01:39.171
Win32 Start Address drvtest!ctrl_ioThread (0xfffff806071ee1f0)
Stack Init ffffc20aaf645c90 Current ffffc20aaf645820
Base ffffc20aaf646000 Limit ffffc20aaf640000 Call 0000000000000000
Priority 31 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
The above thread is running for 56ticks, does this thread is consuming more time at DISPATCH_LEVEL? I don’t think so, since it is only 56ticks. But I am not sure about the duration.
Do I need to check the dump file for any other threads. When I check the MSDN doc, it says “For parameter of 1, the code may not stop in the offending area of code. In this case one approach is to use the event tracing to attempt to track down which driver is exceeding it’s normal execution duration.”
Could anyone shed some light on this to move forward.
Thanks,