Bug Check 0xA at waiting thread exit

Hi All,

I use a worker thread in a driver, and using KeWaitForSingleObject to wait
that thread exit at the close dispatch. But when the KillThread routine is
excuted at KeWait, the bug check 0x0a occured,

MM:***PAGE FAULT AT IRQL > 1 Va 00000000, IRQL 1c
*** Fatal System Error: 0x0000000a
(0x00000000,0x0000001C,0x00000001,0x8043AA0C)

Here is my codes:

Routine to create the thread when device is created,

InitializeObjectAttributes(&ObjectAttributes, NULL, OBJ_KERNEL_HANDLE, NULL,
NULL);
status = PsCreateSystemThread( &hThread,
(ACCESS_MASK)0,
&ObjectAttributes,//always specify
kernel mode
(HANDLE)0,
NULL,
WorkerThreadMain,
NULL ); // arg
gWorkerThreadObj=NULL;
if (NT_SUCCESS(status)) {
ObReferenceObjectByHandle(
hThread,
THREAD_ALL_ACCESS,
NULL,
KernelMode,

(PVOID*)&gWorkerThreadObj,
NULL );
ZwClose( hThread );
// don’t need handle at all
}

KillThread called when device closed

gStopWorkerThread = TRUE;
// Make sure the thread wakes up
KeReleaseSemaphore(
&gSemWorkQueue,
0, // No priority boost
1, // Increment semaphore by 1
FALSE ); // WaitForXxx after this
call

// Wait for the thread to terminate
if( gWorkerThreadObj ){
KeWaitForSingleObject(
&gWorkerThreadObj,
Executive,
KernelMode,
FALSE,
NULL );
ObDereferenceObject( &gWorkerThreadObj);
}

Bug check occured at
KeWaitForSingleObject(&gWorkerThreadObj,Executive,KernelMode,FALSE,NULL );

What’s wrong with my code?

Thanks in advance,

-sxw

The code segment you provided is basically unreadable due to tabs or other
formatting cruft. You might want to review the code to make sure that your
kernel API parameter usage is correct. On the other hand you could just sit
back and wait for somebody to do this for you for free.

-----Original Message-----
From: sxw [mailto:xxxxx@yahoo.com]
Sent: Friday, June 06, 2003 2:37 PM
To: NT Developers Interest List
Subject: [ntdev] Bug Check 0xA at waiting thread exit

Hi All,

I use a worker thread in a driver, and using KeWaitForSingleObject to wait
that thread exit at the close dispatch. But when the KillThread routine is
excuted at KeWait, the bug check 0x0a occured,

MM:***PAGE FAULT AT IRQL > 1 Va 00000000, IRQL 1c
*** Fatal System Error: 0x0000000a
(0x00000000,0x0000001C,0x00000001,0x8043AA0C)

Here is my codes:

Routine to create the thread when device is created,

InitializeObjectAttributes(&ObjectAttributes, NULL, OBJ_KERNEL_HANDLE, NULL,
NULL);
status = PsCreateSystemThread( &hThread,
(ACCESS_MASK)0,
&ObjectAttributes,//always specify
kernel mode
(HANDLE)0,
NULL,
WorkerThreadMain,
NULL ); // arg
gWorkerThreadObj=NULL;
if (NT_SUCCESS(status)) {
ObReferenceObjectByHandle(
hThread,
THREAD_ALL_ACCESS,
NULL,
KernelMode,

(PVOID*)&gWorkerThreadObj,
NULL );
ZwClose( hThread );
// don’t need handle at all
}

KillThread called when device closed

gStopWorkerThread = TRUE;
// Make sure the thread wakes up
KeReleaseSemaphore(
&gSemWorkQueue,
0, // No priority boost
1, // Increment semaphore by 1
FALSE ); // WaitForXxx after this
call

// Wait for the thread to terminate
if( gWorkerThreadObj ){
KeWaitForSingleObject(
&gWorkerThreadObj,
Executive,
KernelMode,
FALSE,
NULL );
ObDereferenceObject( &gWorkerThreadObj);
}

Bug check occured at
KeWaitForSingleObject(&gWorkerThreadObj,Executive,KernelMode,FALSE,NULL );

What’s wrong with my code?

Thanks in advance,

-sxw

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hello,

Friday, June 06, 2003, 10:16:08 PM, you wrote:

RM> // Wait for the thread to terminate
RM> if( gWorkerThreadObj ){
RM> KeWaitForSingleObject(
RM> &gWorkerThreadObj,
RM> Executive,
RM> KernelMode,
RM> FALSE,
RM> NULL );
RM> ObDereferenceObject( &gWorkerThreadObj);
RM> }
just a quick look at the code - shouldn’t it be

KeWaitForSingleObject(
gWorkerThreadObj,
Executive,
KernelMode,
FALSE,
NULL );
ObDereferenceObject(gWorkerThreadObj);

?

–
Best regards,
Ivona Prenosilova