bsod during miniport unload: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7E)

NTDEV
1

Hi,

I am dealing with a BSOD which I can not figure out the reason behind it
happening. This is a miniport driver (NDIS 6.20). Our unload routine is
being called and this is where something goes wrong.
After the following call strange thing happen
“WdfDriverMiniportUnload(WdfGetDriver());”. Believe that there is an issue
with our driver not releasing it’s resources but can’t say for sure.

Any ideas???

Below is the !analyze -v output.

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: 828bc39c, The address that the exception occurred at
Arg3: bada187c, Exception Record Address
Arg4: bada1460, Context Record Address

Debugging Details:

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments
are invalid

FAULTING_IP:
nt!DbgBreakPoint+0
828bc39c cc int 3

EXCEPTION_RECORD: bada187c – (.exr 0xffffffffbada187c)
ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: b9217298
Parameter[2]: 00000005

CONTEXT: bada1460 – (.cxr 0xffffffffbada1460)
eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
edi=b381ef08
eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 nv up ei pl nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000202
nt!DbgBreakPoint:
828bc39c cc int 3
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x7E

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: b9217298

EXCEPTION_PARAMETER3: 00000005

LAST_CONTROL_TRANSFER: from 84861648 to 828bc39c

STACK_TEXT:
bada1940 84861648 b381efd0 b381ef08 00000000 nt!DbgBreakPoint
bada1958 84861727 b381ef08 0181ef30 b381ef08 Wdf01000!FxPoolDump+0xec
bada196c 84861764 b381ef08 b381ef30 bada198c Wdf01000!FxPoolDestroy+0x35
bada197c 8485f2d7 b381ef08 b381ef08 bada19a4
Wdf01000!FxPoolPackageDestroy+0x12
bada198c 8485e3cb b381ef08 8604cf70 b2fd91a4 Wdf01000!FxDestroy+0x15
bada19a4 84891c86 00000000 b381efd0 939ea938
Wdf01000!FxLibraryCommonUnregisterClient+0x57
bada19c0 84899017 b2fd91a4 b381efd0 b2fd91a4 WDFLDR!DereferenceVersion+0x1e
bada19d4 b2fd08ce b2fd989c b2fd91a4 b381efd0 WDFLDR!WdfVersionUnbind+0x11
bada19e8 b2fd0902 b2fdd2e1 b381efd0 459910d8
MYMINIPORT!FxStubDriverUnloadCommon+0x1f
[d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 130]
bada19ec b2fdd2e1 b381efd0 459910d8 bada1a1c
MYMINIPORT!FxStubDriverMiniportUnload+0x5
[d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 172]
bada19fc 84d2a862 93a8b080 bada1b90 93a8b080 MYMINIPORT!MPUnload+0x45
[c:\miniport\ndiswdm.c @ 824]
bada1a1c 82b0cb7d 93a8b080 a3f631be bde74f00 ndis!ndisMUnloadEx+0x67
bada1b74 82a0141e 00000001 89f401f0 bde0fc94 nt!IopUnloadDriver+0x338
bada1b98 82865caf c45b80c8 89f401f0 00000001 nt!PnpUnloadAttachedDriver+0x73
bada1bbc 82a04951 00000000 c45b80c8 00000000
nt!PnpRemoveLockedDeviceNode+0x1e1
bada1bd0 82a048b7 00000002 00000000 00000000
nt!PnpDeleteLockedDeviceNode+0x2d
bada1c04 82a04238 b944f6a8 c45b80c8 00000002
nt!PnpDeleteLockedDeviceNodes+0x4c
bada1cc4 82a06210 bada1cf4 00000000 c49ea360
nt!PnpProcessQueryRemoveAndEject+0x946
bada1cdc 82a07d58 00000000 b9127d60 b9217298
nt!PnpProcessTargetDeviceEvent+0x38
bada1d00 828bef2b b9127d60 00000000 b9217298 nt!PnpDeviceEventWorker+0x216
bada1d50 82a5f66d 80000001 a3f6375a 00000000 nt!ExpWorkerThread+0x10d
bada1d90 829110d9 828bee1e 80000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

FOLLOWUP_IP:
WDFLDR!DereferenceVersion+1e
84891c86 8bd8 mov ebx,eax

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: WDFLDR!DereferenceVersion+1e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: WDFLDR

IMAGE_NAME: WDFLDR.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf1d

STACK_COMMAND: .cxr 0xffffffffbada1460 ; kb

FAILURE_BUCKET_ID: 0x7E_VRF_WDFLDR!DereferenceVersion+1e

BUCKET_ID: 0x7E_VRF_WDFLDR!DereferenceVersion+1e

Followup: MachineOwner

kd> .cxr 0xffffffffbada1460
eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
edi=b381ef08
eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 nv up ei pl nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000202
nt!DbgBreakPoint:
828bc39c cc int 3

kd> .exr 0xffffffffbada187c
ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: b9217298
Parameter[2]: 00000005

Appreciate the help.

Thanks
Faik

2

you hit a breakpoint in kmdfs unload processing. Rerun the test with a
debugger attached. This is very likely an assertion in kmdf regarding
pool allocations - did you forget to free something you allocated?

With the debugger attached you will get more information.

On Wednesday, January 20, 2010, Faik Riza wrote:
> Hi,
>
> I am dealing with a BSOD which I can not figure out the reason behind it happening. This is a miniport driver (NDIS 6.20). Our unload routine is being called and this is where something goes wrong.
> After the following call strange thing happen “WdfDriverMiniportUnload(WdfGetDriver());”. Believe that there is an issue with our driver not releasing it’s resources but can’t say for sure.
>
> Any ideas???
>
>
> Below is the !analyze -v output.
>
>
>
> kd> !analyze -v
> ******
> ???
> ??? Bugcheck Analysis???
> ???
>
>
> SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
> This is a very common bugcheck.? Usually the exception address pinpoints
> the driver/function that caused the problem.? Always note this address
> as well as the link date of the driver/image that contains this address.
> Arguments:
> Arg1: 80000003, The exception code that was not handled
> Arg2: 828bc39c, The address that the exception occurred at
> Arg3: bada187c, Exception Record Address
> Arg4: bada1460, Context Record Address
>
> Debugging Details:
> ------------------
>
>
> EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
>
> FAULTING_IP:
> nt!DbgBreakPoint+0
> 828bc39c cc??? int??? 3
>
> EXCEPTION_RECORD:? bada187c – (.exr 0xffffffffbada187c)
> ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
> ?? ExceptionCode: 80000003 (Break instruction exception)
> ? ExceptionFlags: 00000000
> NumberParameters: 3
> ?? Parameter[0]: 00000000
> ?? Parameter[1]: b9217298
> ?? Parameter[2]: 00000005
>
> CONTEXT:? bada1460 – (.cxr 0xffffffffbada1460)
> eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc edi=b381ef08
> eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0??? nv up ei pl nz na po nc
> cs=0008? ss=0010? ds=0023? es=0023? fs=0030? gs=0000??? efl=00000202
> nt!DbgBreakPoint:
> 828bc39c cc??? int??? 3
> Resetting default scope
>
> DEFAULT_BUCKET_ID:? VISTA_DRIVER_FAULT
>
> BUGCHECK_STR:? 0x7E
>
> PROCESS_NAME:? System
>
> CURRENT_IRQL:? 0
>
> ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}? Breakpoint? A breakpoint has been reached.
>
> EXCEPTION_PARAMETER1:? 00000000
>
> EXCEPTION_PARAMETER2:? b9217298
>
> EXCEPTION_PARAMETER3:? 00000005
>
> LAST_CONTROL_TRANSFER:? from 84861648 to 828bc39c
>
> STACK_TEXT:
> bada1940 84861648 b381efd0 b381ef08 00000000 nt!DbgBreakPoint
> bada1958 84861727 b381ef08 0181ef30 b381ef08 Wdf01000!FxPoolDump+0xec
> bada196c 84861764 b381ef08 b381ef30 bada198c Wdf01000!FxPoolDestroy+0x35
> bada197c 8485f2d7 b381ef08 b381ef08 bada19a4 Wdf01000!FxPoolPackageDestroy+0x12
> bada198c 8485e3cb b381ef08 8604cf70 b2fd91a4 Wdf01000!FxDestroy+0x15
> bada19a4 84891c86 00000000 b381efd0 939ea938 Wdf01000!FxLibraryCommonUnregisterClient+0x57
> bada19c0 84899017 b2fd91a4 b381efd0 b2fd91a4 WDFLDR!DereferenceVersion+0x1e
> bada19d4 b2fd08ce b2fd989c b2fd91a4 b381efd0 WDFLDR!WdfVersionUnbind+0x11
> bada19e8 b2fd0902 b2fdd2e1 b381efd0 459910d8 MYMINIPORT!FxStubDriverUnloadCommon+0x1f [d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 130]
> bada19ec b2fdd2e1 b381efd0 459910d8 bada1a1c MYMINIPORT!FxStubDriverMiniportUnload+0x5 [d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 172]
> bada19fc 84d2a862 93a8b080 bada1b90 93a8b080 MYMINIPORT!MPUnload+0x45 [c:\miniport\ndiswdm.c @ 824]
> bada1a1c 82b0cb7d 93a8b080 a3f631be bde74f00 ndis!ndisMUnloadEx+0x67
> bada1b74 82a0141e 00000001 89f401f0 bde0fc94 nt!IopUnloadDriver+0x338
> bada1b98 82865caf c45b80c8 89f401f0 00000001 nt!PnpUnloadAttachedDriver+0x73
> bada1bbc 82a04951 00000000 c45b80c8 00000000 nt!PnpRemoveLockedDeviceNode+0x1e1
> bada1bd0 82a048b7 00000002 00000000 00000000 nt!PnpDeleteLockedDeviceNode+0x2d
> bada1c04 82a04238 b944f6a8 c45b80c8 00000002 nt!PnpDeleteLockedDeviceNodes+0x4c
> bada1cc4 82a06210 bada1cf4 00000000 c49ea360 nt!PnpProcessQueryRemoveAndEject+0x946
> bada1cdc 82a07d58 00000000 b9127d60 b9217298 nt!PnpProcessTargetDeviceEvent+0x38
> bada1d00 828bef2b b9127d60 00000000 b9217298 nt!PnpDeviceEventWorker+0x216
> bada1d50 82a5f66d 80000001 a3f6375a 00000000 nt!ExpWorkerThread+0x10d
> bada1d90 829110d9 828bee1e 80000001 00000000 nt!PspSystemThreadStartup+0x9e
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
>
>
> FOLLOWUP_IP:
> WDFLDR!DereferenceVersion+1e
> 84891c86 8bd8??? mov??? ebx,eax
>
> SYMBOL_STACK_INDEX:? 6
>
> SYMBOL_NAME:? WDFLDR!DereferenceVersion+1e
>
> FOLLOWUP_NAME:? MachineOwner
>
> MODULE_NAME: WDFLDR
>
> IMAGE_NAME:? WDFLDR.SYS
>
> DEBUG_FLR_IMAGE_TIMESTAMP:? 4a5bbf1d
>
> STACK_COMMAND:? .cxr 0xffffffffbada1460 ; kb
>
> FAILURE_BUCKET_ID:? 0x7E_VRF_WDFLDR!DereferenceVersion+1e
>
> BUCKET_ID:? 0x7E_VRF_WDFLDR!DereferenceVersion+1e
>
> Followup: MachineOwner
> ---------
>
>
> kd> .cxr 0xffffffffbada1460
> eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc edi=b381ef08
> eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0??? nv up ei pl nz na po nc
> cs=0008? ss=0010? ds=0023? es=0023? fs=0030? gs=0000??? efl=00000202
> nt!DbgBreakPoint:
> 828bc39c cc??? int??? 3
>
>
> kd> .exr 0xffffffffbada187c
> ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
> ?? ExceptionCode: 80000003 (Break instruction exception)
> ? ExceptionFlags: 00000000
> NumberParameters: 3
> ?? Parameter[0]: 00000000
> ?? Parameter[1]: b9217298
> ?? Parameter[2]: 00000005
>
>
> Appreciate the help.
>
> Thanks
> Faik
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


Mark Roddy

3

Hi Mark,

Thanks for taking time.

Unfortunatly those systems did not have firewire. I did step through the
code on an other system (the issue hasn’t been seen on this system) and
indeed just before DbgBreakPoint is called there is a check for 0. I do not
hit the bp on this machine since the check is ok. If my analysis was correct
the check is done on ((MYDRIVER!WdfDriverGlobals - 0xc8) + 0x28) + 0x96.

In the failure case it is not null and hence the break point. But the thing
is I have no idea what it is checking for, if I knew I would continue. But
as you say this could be some memory that has not been freed.

Any Ideas on how to proceed?

Thanks
/Faik

On Wed, Jan 20, 2010 at 11:45 AM, Mark Roddy wrote:

> you hit a breakpoint in kmdfs unload processing. Rerun the test with a
> debugger attached. This is very likely an assertion in kmdf regarding
> pool allocations - did you forget to free something you allocated?
>
> With the debugger attached you will get more information.
>
> On Wednesday, January 20, 2010, Faik Riza wrote:
> > Hi,
> >
> > I am dealing with a BSOD which I can not figure out the reason behind it
> happening. This is a miniport driver (NDIS 6.20). Our unload routine is
> being called and this is where something goes wrong.
> > After the following call strange thing happen
> “WdfDriverMiniportUnload(WdfGetDriver());”. Believe that there is an issue
> with our driver not releasing it’s resources but can’t say for sure.
> >
> > Any ideas???
> >
> >
> > Below is the !analyze -v output.
> >
> >
> >
> > kd> !analyze -v
> >
> *****
> >
>
>
> > * Bugcheck
> Analysis
> >
>
>
> >
>
> >
> > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
> > This is a very common bugcheck. Usually the exception address pinpoints
> > the driver/function that caused the problem. Always note this address
> > as well as the link date of the driver/image that contains this address.
> > Arguments:
> > Arg1: 80000003, The exception code that was not handled
> > Arg2: 828bc39c, The address that the exception occurred at
> > Arg3: bada187c, Exception Record Address
> > Arg4: bada1460, Context Record Address
> >
> > Debugging Details:
> > ------------------
> >
> >
> > EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments
> are invalid
> >
> > FAULTING_IP:
> > nt!DbgBreakPoint+0
> > 828bc39c cc int 3
> >
> > EXCEPTION_RECORD: bada187c – (.exr 0xffffffffbada187c)
> > ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
> > ExceptionCode: 80000003 (Break instruction exception)
> > ExceptionFlags: 00000000
> > NumberParameters: 3
> > Parameter[0]: 00000000
> > Parameter[1]: b9217298
> > Parameter[2]: 00000005
> >
> > CONTEXT: bada1460 – (.cxr 0xffffffffbada1460)
> > eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
> edi=b381ef08
> > eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 nv up ei pl nz na
> po nc
> > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00000202
> > nt!DbgBreakPoint:
> > 828bc39c cc int 3
> > Resetting default scope
> >
> > DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x7E
> >
> > PROCESS_NAME: System
> >
> > CURRENT_IRQL: 0
> >
> > ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
> has been reached.
> >
> > EXCEPTION_PARAMETER1: 00000000
> >
> > EXCEPTION_PARAMETER2: b9217298
> >
> > EXCEPTION_PARAMETER3: 00000005
> >
> > LAST_CONTROL_TRANSFER: from 84861648 to 828bc39c
> >
> > STACK_TEXT:
> > bada1940 84861648 b381efd0 b381ef08 00000000 nt!DbgBreakPoint
> > bada1958 84861727 b381ef08 0181ef30 b381ef08 Wdf01000!FxPoolDump+0xec
> > bada196c 84861764 b381ef08 b381ef30 bada198c Wdf01000!FxPoolDestroy+0x35
> > bada197c 8485f2d7 b381ef08 b381ef08 bada19a4
> Wdf01000!FxPoolPackageDestroy+0x12
> > bada198c 8485e3cb b381ef08 8604cf70 b2fd91a4 Wdf01000!FxDestroy+0x15
> > bada19a4 84891c86 00000000 b381efd0 939ea938
> Wdf01000!FxLibraryCommonUnregisterClient+0x57
> > bada19c0 84899017 b2fd91a4 b381efd0 b2fd91a4
> WDFLDR!DereferenceVersion+0x1e
> > bada19d4 b2fd08ce b2fd989c b2fd91a4 b381efd0 WDFLDR!WdfVersionUnbind+0x11
> > bada19e8 b2fd0902 b2fdd2e1 b381efd0 459910d8
> MYMINIPORT!FxStubDriverUnloadCommon+0x1f
> [d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 130]
> > bada19ec b2fdd2e1 b381efd0 459910d8 bada1a1c
> MYMINIPORT!FxStubDriverMiniportUnload+0x5
> [d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 172]
> > bada19fc 84d2a862 93a8b080 bada1b90 93a8b080 MYMINIPORT!MPUnload+0x45
> [c:\miniport\ndiswdm.c @ 824]
> > bada1a1c 82b0cb7d 93a8b080 a3f631be bde74f00 ndis!ndisMUnloadEx+0x67
> > bada1b74 82a0141e 00000001 89f401f0 bde0fc94 nt!IopUnloadDriver+0x338
> > bada1b98 82865caf c45b80c8 89f401f0 00000001
> nt!PnpUnloadAttachedDriver+0x73
> > bada1bbc 82a04951 00000000 c45b80c8 00000000
> nt!PnpRemoveLockedDeviceNode+0x1e1
> > bada1bd0 82a048b7 00000002 00000000 00000000
> nt!PnpDeleteLockedDeviceNode+0x2d
> > bada1c04 82a04238 b944f6a8 c45b80c8 00000002
> nt!PnpDeleteLockedDeviceNodes+0x4c
> > bada1cc4 82a06210 bada1cf4 00000000 c49ea360
> nt!PnpProcessQueryRemoveAndEject+0x946
> > bada1cdc 82a07d58 00000000 b9127d60 b9217298
> nt!PnpProcessTargetDeviceEvent+0x38
> > bada1d00 828bef2b b9127d60 00000000 b9217298
> nt!PnpDeviceEventWorker+0x216
> > bada1d50 82a5f66d 80000001 a3f6375a 00000000 nt!ExpWorkerThread+0x10d
> > bada1d90 829110d9 828bee1e 80000001 00000000
> nt!PspSystemThreadStartup+0x9e
> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
> >
> >
> > FOLLOWUP_IP:
> > WDFLDR!DereferenceVersion+1e
> > 84891c86 8bd8 mov ebx,eax
> >
> > SYMBOL_STACK_INDEX: 6
> >
> > SYMBOL_NAME: WDFLDR!DereferenceVersion+1e
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > MODULE_NAME: WDFLDR
> >
> > IMAGE_NAME: WDFLDR.SYS
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf1d
> >
> > STACK_COMMAND: .cxr 0xffffffffbada1460 ; kb
> >
> > FAILURE_BUCKET_ID: 0x7E_VRF_WDFLDR!DereferenceVersion+1e
> >
> > BUCKET_ID: 0x7E_VRF_WDFLDR!DereferenceVersion+1e
> >
> > Followup: MachineOwner
> > ---------
> >
> >
> > kd> .cxr 0xffffffffbada1460
> > eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
> edi=b381ef08
> > eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 nv up ei pl nz na
> po nc
> > cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00000202
> > nt!DbgBreakPoint:
> > 828bc39c cc int 3
> >
> >
> > kd> .exr 0xffffffffbada187c
> > ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
> > ExceptionCode: 80000003 (Break instruction exception)
> > ExceptionFlags: 00000000
> > NumberParameters: 3
> > Parameter[0]: 00000000
> > Parameter[1]: b9217298
> > Parameter[2]: 00000005
> >
> >
> > Appreciate the help.
> >
> > Thanks
> > Faik
> > —
> > NTDEV is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> –
> Mark Roddy
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

4

There are several approaches here:

  1. Use Driver Verifier against your driver, so you can dump all unfreed allocations your driver made. So !verifier 3 <driver_name>. Then you can do !pool on each to see what they are.
    2) Try !pool with the “not null value” you described (if it’s kernel address).
    3) Enabling kmdf verifier () and TrackHandles option for some of the kmdf objects might help.
    4) Use KD over USB.

    Krzysztof Uchronski</driver_name>
5

Hi,

1: Verifier should be on, I am seeing the issue while running DTM CSS
and as far as I know DV is set to run under this test.
2: It isn’t a kernel address the value was/is 1.
3: Didn’t try this, still trying to figure out what that value is
supposed to be. What WDF is checking here.
4: I have had issues with this approach, the issue happens during
sleep/resume and as far as i know using USB to debug this scenario is
not ideal.

Anyway, I had an error in my previous post. Trying to recap the
analysis I gave you the wrong information. I meant to write
(MYDRIVER!WdfDriverGlobals - 0xc8) + 0x96 and NOT
((MYDRIVER!WdfDriverGlobals - 0xc8) + 0x28) + 0x96.

/Faik

On Wed, Jan 20, 2010 at 2:52 PM, wrote:
> There are several approaches here:
> 1) Use Driver Verifier against your driver, so you can dump all unfreed allocations your driver made. So !verifier 3 <driver_name>. Then you can do !pool on each to see what they are.
> 2) Try !pool with the “not null value” you described (if it’s kernel address).
> 3) Enabling kmdf verifier () and TrackHandles option for some of the kmdf objects might help.
> 4) Use KD over USB.
>
> Krzysztof Uchronski
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
></driver_name>

6

So are there any allocations? Can you check their tags?

Krzysztof Uchronski

7

Have you dumped the WDF log from this system? That should give you the
reason for the breakpoint.

See http://www.osronline.com/article.cfm?id=496

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Faik Riza” wrote in message news:xxxxx@ntdev…
Hi,

I am dealing with a BSOD which I can not figure out the reason behind it
happening. This is a miniport driver (NDIS 6.20). Our unload routine is
being called and this is where something goes wrong.
After the following call strange thing happen
“WdfDriverMiniportUnload(WdfGetDriver());”. Believe that there is an issue
with our driver not releasing it’s resources but can’t say for sure.

Any ideas???

Below is the !analyze -v output.

kd> !analyze -v

Bugcheck Analysis



******

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: 828bc39c, The address that the exception occurred at
Arg3: bada187c, Exception Record Address
Arg4: bada1460, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments
are invalid

FAULTING_IP:
nt!DbgBreakPoint+0
828bc39c cc int 3

EXCEPTION_RECORD: bada187c – (.exr 0xffffffffbada187c)
ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: b9217298
Parameter[2]: 00000005

CONTEXT: bada1460 – (.cxr 0xffffffffbada1460)
eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
edi=b381ef08
eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 nv up ei pl nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000202
nt!DbgBreakPoint:
828bc39c cc int 3
Resetting default scope

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x7E

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: b9217298

EXCEPTION_PARAMETER3: 00000005

LAST_CONTROL_TRANSFER: from 84861648 to 828bc39c

STACK_TEXT:
bada1940 84861648 b381efd0 b381ef08 00000000 nt!DbgBreakPoint
bada1958 84861727 b381ef08 0181ef30 b381ef08 Wdf01000!FxPoolDump+0xec
bada196c 84861764 b381ef08 b381ef30 bada198c Wdf01000!FxPoolDestroy+0x35
bada197c 8485f2d7 b381ef08 b381ef08 bada19a4
Wdf01000!FxPoolPackageDestroy+0x12
bada198c 8485e3cb b381ef08 8604cf70 b2fd91a4 Wdf01000!FxDestroy+0x15
bada19a4 84891c86 00000000 b381efd0 939ea938
Wdf01000!FxLibraryCommonUnregisterClient+0x57
bada19c0 84899017 b2fd91a4 b381efd0 b2fd91a4 WDFLDR!DereferenceVersion+0x1e
bada19d4 b2fd08ce b2fd989c b2fd91a4 b381efd0 WDFLDR!WdfVersionUnbind+0x11
bada19e8 b2fd0902 b2fdd2e1 b381efd0 459910d8
MYMINIPORT!FxStubDriverUnloadCommon+0x1f
[d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 130]
bada19ec b2fdd2e1 b381efd0 459910d8 bada1a1c
MYMINIPORT!FxStubDriverMiniportUnload+0x5
[d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 172]
bada19fc 84d2a862 93a8b080 bada1b90 93a8b080 MYMINIPORT!MPUnload+0x45
[c:\miniport\ndiswdm.c @ 824]
bada1a1c 82b0cb7d 93a8b080 a3f631be bde74f00 ndis!ndisMUnloadEx+0x67
bada1b74 82a0141e 00000001 89f401f0 bde0fc94 nt!IopUnloadDriver+0x338
bada1b98 82865caf c45b80c8 89f401f0 00000001 nt!PnpUnloadAttachedDriver+0x73
bada1bbc 82a04951 00000000 c45b80c8 00000000
nt!PnpRemoveLockedDeviceNode+0x1e1
bada1bd0 82a048b7 00000002 00000000 00000000
nt!PnpDeleteLockedDeviceNode+0x2d
bada1c04 82a04238 b944f6a8 c45b80c8 00000002
nt!PnpDeleteLockedDeviceNodes+0x4c
bada1cc4 82a06210 bada1cf4 00000000 c49ea360
nt!PnpProcessQueryRemoveAndEject+0x946
bada1cdc 82a07d58 00000000 b9127d60 b9217298
nt!PnpProcessTargetDeviceEvent+0x38
bada1d00 828bef2b b9127d60 00000000 b9217298 nt!PnpDeviceEventWorker+0x216
bada1d50 82a5f66d 80000001 a3f6375a 00000000 nt!ExpWorkerThread+0x10d
bada1d90 829110d9 828bee1e 80000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

FOLLOWUP_IP:
WDFLDR!DereferenceVersion+1e
84891c86 8bd8 mov ebx,eax

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: WDFLDR!DereferenceVersion+1e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: WDFLDR

IMAGE_NAME: WDFLDR.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf1d

STACK_COMMAND: .cxr 0xffffffffbada1460 ; kb

FAILURE_BUCKET_ID: 0x7E_VRF_WDFLDR!DereferenceVersion+1e

BUCKET_ID: 0x7E_VRF_WDFLDR!DereferenceVersion+1e

Followup: MachineOwner
---------

kd> .cxr 0xffffffffbada1460
eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
edi=b381ef08
eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 nv up ei pl nz na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000202
nt!DbgBreakPoint:
828bc39c cc int 3

kd> .exr 0xffffffffbada187c
ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: b9217298
Parameter[2]: 00000005

Appreciate the help.

Thanks
Faik

8

Hi Scott,

Thanks a lot for reminding. Did that yesterday but for some reason
never went through the logs. I am seeing the leaked pools now. It is
spelled out clearly.

Thanks
/Faik

On Wed, Jan 20, 2010 at 4:11 PM, Scott Noone wrote:
> Have you dumped the WDF log from this system? That should give you the
> reason for the breakpoint.
>
> See http://www.osronline.com/article.cfm?id=496
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Faik Riza” wrote in message news:xxxxx@ntdev…
> Hi,
>
> I am dealing with a BSOD which I can not figure out the reason behind it
> happening. This is a miniport driver (NDIS 6.20). Our unload routine is
> being called and this is where something goes wrong.
> After the following call strange thing happen
> “WdfDriverMiniportUnload(WdfGetDriver());”. Believe that there is an issue
> with our driver not releasing it’s resources but can’t say for sure.
>
> Any ideas???
>
>
> Below is the !analyze -v output.
>
>
>
> kd> !analyze -v
> ***
> *
> * ? ? ? ? ? ? ? ? ? ? ? ?Bugcheck Analysis
> *
>
>
> SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
> This is a very common bugcheck. ?Usually the exception address pinpoints
> the driver/function that caused the problem. ?Always note this address
> as well as the link date of the driver/image that contains this address.
> Arguments:
> Arg1: 80000003, The exception code that was not handled
> Arg2: 828bc39c, The address that the exception occurred at
> Arg3: bada187c, Exception Record Address
> Arg4: bada1460, Context Record Address
>
> Debugging Details:
> ------------------
>
>
> EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments
> are invalid
>
> FAULTING_IP:
> nt!DbgBreakPoint+0
> 828bc39c cc ? ? ? ? ? ? ?int ? ? 3
>
> EXCEPTION_RECORD: ?bada187c – (.exr 0xffffffffbada187c)
> ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
> ?ExceptionCode: 80000003 (Break instruction exception)
> ?ExceptionFlags: 00000000
> NumberParameters: 3
> ?Parameter[0]: 00000000
> ?Parameter[1]: b9217298
> ?Parameter[2]: 00000005
>
> CONTEXT: ?bada1460 – (.cxr 0xffffffffbada1460)
> eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
> edi=b381ef08
> eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 ? ? ? ? nv up ei pl nz na po
> nc
> cs=0008 ?ss=0010 ?ds=0023 ?es=0023 ?fs=0030 ?gs=0000 efl=00000202
> nt!DbgBreakPoint:
> 828bc39c cc ? ? ? ? ? ? ?int ? ? 3
> Resetting default scope
>
> DEFAULT_BUCKET_ID: ?VISTA_DRIVER_FAULT
>
> BUGCHECK_STR: ?0x7E
>
> PROCESS_NAME: ?System
>
> CURRENT_IRQL: ?0
>
> ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} ?Breakpoint ?A breakpoint
> has been reached.
>
> EXCEPTION_PARAMETER1: ?00000000
>
> EXCEPTION_PARAMETER2: ?b9217298
>
> EXCEPTION_PARAMETER3: ?00000005
>
> LAST_CONTROL_TRANSFER: ?from 84861648 to 828bc39c
>
> STACK_TEXT:
> bada1940 84861648 b381efd0 b381ef08 00000000 nt!DbgBreakPoint
> bada1958 84861727 b381ef08 0181ef30 b381ef08 Wdf01000!FxPoolDump+0xec
> bada196c 84861764 b381ef08 b381ef30 bada198c Wdf01000!FxPoolDestroy+0x35
> bada197c 8485f2d7 b381ef08 b381ef08 bada19a4
> Wdf01000!FxPoolPackageDestroy+0x12
> bada198c 8485e3cb b381ef08 8604cf70 b2fd91a4 Wdf01000!FxDestroy+0x15
> bada19a4 84891c86 00000000 b381efd0 939ea938
> Wdf01000!FxLibraryCommonUnregisterClient+0x57
> bada19c0 84899017 b2fd91a4 b381efd0 b2fd91a4 WDFLDR!DereferenceVersion+0x1e
> bada19d4 b2fd08ce b2fd989c b2fd91a4 b381efd0 WDFLDR!WdfVersionUnbind+0x11
> bada19e8 b2fd0902 b2fdd2e1 b381efd0 459910d8
> MYMINIPORT!FxStubDriverUnloadCommon+0x1f
> [d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 130]
> bada19ec b2fdd2e1 b381efd0 459910d8 bada1a1c
> MYMINIPORT!FxStubDriverMiniportUnload+0x5
> [d:\w7rtm\minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 172]
> bada19fc 84d2a862 93a8b080 bada1b90 93a8b080 MYMINIPORT!MPUnload+0x45
> [c:\miniport\ndiswdm.c @ 824]
> bada1a1c 82b0cb7d 93a8b080 a3f631be bde74f00 ndis!ndisMUnloadEx+0x67
> bada1b74 82a0141e 00000001 89f401f0 bde0fc94 nt!IopUnloadDriver+0x338
> bada1b98 82865caf c45b80c8 89f401f0 00000001 nt!PnpUnloadAttachedDriver+0x73
> bada1bbc 82a04951 00000000 c45b80c8 00000000
> nt!PnpRemoveLockedDeviceNode+0x1e1
> bada1bd0 82a048b7 00000002 00000000 00000000
> nt!PnpDeleteLockedDeviceNode+0x2d
> bada1c04 82a04238 b944f6a8 c45b80c8 00000002
> nt!PnpDeleteLockedDeviceNodes+0x4c
> bada1cc4 82a06210 bada1cf4 00000000 c49ea360
> nt!PnpProcessQueryRemoveAndEject+0x946
> bada1cdc 82a07d58 00000000 b9127d60 b9217298
> nt!PnpProcessTargetDeviceEvent+0x38
> bada1d00 828bef2b b9127d60 00000000 b9217298 nt!PnpDeviceEventWorker+0x216
> bada1d50 82a5f66d 80000001 a3f6375a 00000000 nt!ExpWorkerThread+0x10d
> bada1d90 829110d9 828bee1e 80000001 00000000 nt!PspSystemThreadStartup+0x9e
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
>
>
> FOLLOWUP_IP:
> WDFLDR!DereferenceVersion+1e
> 84891c86 8bd8 ? ? ? ? ? ?mov ? ? ebx,eax
>
> SYMBOL_STACK_INDEX: ?6
>
> SYMBOL_NAME: ?WDFLDR!DereferenceVersion+1e
>
> FOLLOWUP_NAME: ?MachineOwner
>
> MODULE_NAME: WDFLDR
>
> IMAGE_NAME: ?WDFLDR.SYS
>
> DEBUG_FLR_IMAGE_TIMESTAMP: ?4a5bbf1d
>
> STACK_COMMAND: ?.cxr 0xffffffffbada1460 ; kb
>
> FAILURE_BUCKET_ID: ?0x7E_VRF_WDFLDR!DereferenceVersion+1e
>
> BUCKET_ID: ?0x7E_VRF_WDFLDR!DereferenceVersion+1e
>
> Followup: MachineOwner
> ---------
>
>
> kd> .cxr 0xffffffffbada1460
> eax=00000005 ebx=8487a584 ecx=00000000 edx=00000005 esi=b381efdc
> edi=b381ef08
> eip=828bc39c esp=bada1944 ebp=bada1958 iopl=0 ? ? ? ? nv up ei pl nz na po
> nc
> cs=0008 ?ss=0010 ?ds=0023 ?es=0023 ?fs=0030 ?gs=0000 efl=00000202
> nt!DbgBreakPoint:
> 828bc39c cc ? ? ? ? ? ? ?int ? ? 3
>
>
> kd> .exr 0xffffffffbada187c
> ExceptionAddress: 828bc39c (nt!DbgBreakPoint)
> ?ExceptionCode: 80000003 (Break instruction exception)
> ?ExceptionFlags: 00000000
> NumberParameters: 3
> ?Parameter[0]: 00000000
> ?Parameter[1]: b9217298
> ?Parameter[2]: 00000005
>
>
> Appreciate the help.
>
> Thanks
> Faik
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>