Could you change the UMDF file object policy in your INF to “CannotUseFsContexts” and try again? I suspect there is a conflict (with modem) in the usage of the WDM file object’s FsContext.
UmdfFsContextUsePolicy=CannotUseFsContexts
https://msdn.microsoft.com/windows/hardware/drivers/wdf/specifying-wdf-directives-in-inf-files
(original thread is now locked due to age)
03 Mar 16 06:29
Mathias Doreille
xxxxx@smr.ch
Join Date: 03 Mar 2016
Posts To This List: 1
BSoD in the reflector of an UMDF virtual modem driver
Hello,
I have written a UMDF 1.11 driver that implements a virtual PnP modem.
The virtual PnP modem device is installed by a KMDF virtual bus driver,
similar to what is done in the Toaster Sample Driver of the WDK 8.1
samples. The virtual modem device, among other things, forward the Send
and Receive IoRequests to two IOTargets connected to two named pipes.
This virtual modem driver works correctly when the serial COM port is
used to communicate with the virtual modem device. It also works
correctly when the TAPI3 API is used to access the modem. But when the
process that initiate the TAPI3 session terminates, the OS crash with a
fatal error in the WUDFRd reflector driver of the virtual PnP modem driver.
The process that initiates the TAPI3 session is a .NET c# application,
and the TAPI3 is wrapped using the .NET RCW. This is not officially
supported by Microsoft but this usage of TAPI3 already works for an
existing .NET application on many type of modem.
I have enabled the UMDF Verifier on the UMDF virtual modem, and the KMDF
verifier on the WUDFRd reflector driver and the KMDF virtual bus driver.
They return no error until the BSoD.
Any ideas of the problem would be greatly appreciated.
Plateform Toolset: WindowsUserModeDriver8.1 from Windows Driver Kit
Version 8.100.26846
OS: Windows 7 Professional SP1 64bits
*******************************************************************************
* *
* Bugcheck
Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880055b853e, Address of the instruction which caused the
bugcheck
Arg3: fffff88005e37cb0, Address of the context record for the exception
that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff880055b853e
BUGCHECK_P3: fffff88005e37cb0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
WUDFRd!RdFdoDevice::RdClose+16a
[d:\w8rtm\drivers\wdf\umdf\redirector\driver\fdoio.cpp @ 805]
fffff880`055b853e 4c8b7860 mov r15,qword ptr [rax+60h]
CONTEXT: fffff88005e37cb0 – (.cxr 0xfffff88005e37cb0)
rax=0000000000000000 rbx=fffffa8006c25ee0 rcx=fffffa8007b8db50
rdx=0000000000000038 rsi=fffff880055cf158 rdi=fffffa8006c25e10
rip=fffff880055b853e rsp=fffff88005e38690 rbp=fffffa8007c267d0
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff88005e38798 r12=0000000000000200 r13=fffff880055cce80
r14=fffffa8007c267d0 r15=0000000080000000
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
WUDFRd!WudfFdoCreateContext::RemoveCloseMessage [inlined in
WUDFRd!RdFdoDevice::RdClose+0x16a]:
fffff880055b853e 4c8b7860 mov r15,qword ptr [rax+60h] ds:002b:0000000000000060=???
Resetting default scope
CPU_COUNT: 2
CPU_MHZ: 746
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: f
CPU_STEPPING: 2
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: Test.exe
CURRENT_IRQL: 2
ANALYSIS_VERSION: 10.0.10240.9 amd64fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
LAST_CONTROL_TRANSFER: from fffff880055abd42 to fffff880055b853e
STACK_TEXT:
fffff88005e38690 fffff880055abd42 : 0000000000000000 fffffa80068d9ae0 0000000000000002 fffffa8006c25e10 :
WUDFRd!RdFdoDevice::RdClose+0x16a
[d:\w8rtm\drivers\wdf\umdf\redirector\driver\fdoio.cpp @ 805]
fffff88005e38720 fffff880055a84ce : 0000000000000000 fffffa8007c26502 fffffa8006c25e10 0000000000000000 :
WUDFRd!RdDevice::ProcessIrp+0x8e
[d:\w8rtm\drivers\wdf\umdf\redirector\driver\device.cpp @ 1388]
fffff88005e38760 fffff880055df848 : fffffa8006c25f28 fffffa8006c25e10 fffffa8007c265d0 fffffa8006c25e10 :
WUDFRd!RdDriver::RdDispatch+0xda
[d:\w8rtm\drivers\wdf\umdf\redirector\driver\driver.cpp @ 657]
fffff88005e387a0 fffff880055e0741 : fffffa8007c56570 0000000000000000 0000000000000000 fffffa8007c56570 :
modem!WaitForLowerDriverToCompleteIrp+0x74
fffff88005e38800 fffff880055dfe25 : fffffa8007c56710 fffffa8007c56420 fffffa8006c25e10 fffff88005e38a80 :
modem!UniCloseStarter+0x69
fffff88005e38830 fffff80001b7df6e : fffffa80094c7f20 0000000000000001 fffffa8006c25e10 0000000000000000 : modem!UniClose+0x5d
fffff88005e38860 fffff80001887a44 : fffff88005e38a80 fffffa80094c7ef0 fffffa80065768a0 fffff8a005a88de0 :
nt!IopDeleteFile+0x11e
fffff88005e388f0 fffff80001b78171 : fffffa80094c7ef0 0000000000000000 fffffa8007b8db50 0000000000000000 :
nt!ObfDereferenceObject+0xd4
fffff88005e38950 fffff80001b35bd4 : 0000000000000588 fffff8a0021bfb20 fffff8a005aba620 0000000000000588 :
nt!ObpCloseHandleTableEntry+0xc1
fffff88005e389e0 fffff80001b35ad4 : 0000000000000404 0000000000000000 fffffa8008dd1b10 fffff80001b210b1 :
nt!ObpCloseHandleProcedure+0x30
fffff88005e38a20 fffff80001b36152 : fffff8a003c94001 0000000000000001 fffffa8008dd1b10 ffffffffffffffff :
nt!ExSweepHandleTable+0x74
fffff88005e38a60 fffff80001b5415c : fffff8a003c94060 0000000000000000 0000000000000000 0000000000000000 :
nt!ObKillProcess+0x62
fffff88005e38aa0 fffff80001b35d1c : 0000000000000000 0000000000000001 000007fffffde000 0000000000000000 :
nt!PspExitThread+0x51c
fffff88005e38ba0 fffff8000187d653 : fffffa8008dd1b10 000007fe00000000 fffffa8007b8db50 000007fefab2a960 :
nt!NtTerminateProcess+0x138
fffff88005e38c20 00000000778fd67a : 00000000778d340b 0000000000000000 0000000000000000 0000000000000000 :
nt!KiSystemServiceCopyEnd+0x13
000000000043f228 00000000778d340b : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 :
ntdll!ZwTerminateProcess+0xa
000000000043f230 000007fefaa4ccee : 0000000000000000 0000000000000000 000000000062c6c0 0000000000000001 :
ntdll!RtlExitUserProcess+0x9b
000000000043f260 0000000000000000 : 0000000000000000 000000000062c6c0 0000000000000001 0000000000000001 :
mscoreei!RuntimeDesc::ShutdownAllActiveRuntimes+0x294
FOLLOWUP_IP:
WUDFRd!RdFdoDevice::RdClose+16a
[d:\w8rtm\drivers\wdf\umdf\redirector\driver\fdoio.cpp @ 805]
fffff880`055b853e 4c8b7860 mov r15,qword ptr [rax+60h]
FAULTING_SOURCE_LINE: d:\w8rtm\drivers\wdf\umdf\redirector\driver\fdoio.cpp
FAULTING_SOURCE_FILE: d:\w8rtm\drivers\wdf\umdf\redirector\driver\fdoio.cpp
FAULTING_SOURCE_LINE_NUMBER: 805
FAULTING_SOURCE_CODE:
No source found for ‘d:\w8rtm\drivers\wdf\umdf\redirector\driver\fdoio.hpp’
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: WUDFRd!RdFdoDevice::RdClose+16a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WUDFRd
IMAGE_NAME: WUDFRd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5010aabe
STACK_COMMAND: .cxr 0xfffff88005e37cb0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_WUDFRd!RdFdoDevice::RdClose+16a
BUCKET_ID: X64_0x3B_WUDFRd!RdFdoDevice::RdClose+16a
PRIMARY_PROBLEM_CLASS: X64_0x3B_WUDFRd!RdFdoDevice::RdClose+16a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x3b_wudfrd!rdfdodevice::rdclose+16a
FAILURE_ID_HASH: {5fb83978-c527-82e8-a15b-dbadf1b32dfc}
Followup: MachineOwner