Bugcheck 0xC7 while running Win HCK Test suite for Network Filter driver

I am running Win HCK Test suite for Network Filter driver on 64 bit Windows 7.

“DF - Concurrent Hardware And Operating System (CHAOS)” Test for driver certification resulted with Bugcheck 0xC7. Dump details are as below. Need some pointers to debug this issue which is caused due to incorrect use of Kernel timer or DPC. This crash is consistent and occurring while rebooting the machine as part of CHAOS test case execution.

Dump details

Use !analyze -v to get detailed debugging information.

BugCheck C7, {0, fffffa8004833278, fffffa8004833278, fffffa80048332b8}

Probably caused by : MyNtFlt.sys ( MyNtFlt!MPInitialize+f7 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
fffff800`02a7c9f0 cc int 3
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

TIMER_OR_DPC_INVALID (c7)
Kernel timer or DPC used incorrectly.
Arguments:
Arg1: 0000000000000000, Timer object found in memory which must not contain such items.
Arg2: fffffa8004833278, Address of the timer object.
Arg3: fffffa8004833278, Start of memory range being checked.
Arg4: fffffa80048332b8, End of memory range being checked.

Debugging Details:

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xC7

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80002b75a12 to fffff80002a7c9f0

STACK_TEXT:
fffff88001fae8b8 fffff80002b75a12 : 0000000000000000 fffffa80039bc040 0000000000000065 fffff80002abf878 : nt!RtlpBreakWithStatusInstruction
fffff88001fae8c0 fffff80002b767fe : fffffa8000000003 0000000000000000 fffff80002ac00d0 00000000000000c7 : nt!KiBugCheckDebugBreak+0x12
fffff88001fae920 fffff80002a84cc4 : 0000000000000002 fffff80002a414be 0000000000000000 fffffa80038fa128 : nt!KeBugCheck2+0x71e
fffff88001faeff0 fffff80002b2dbcb : 00000000000000c7 0000000000000000 fffffa8004833278 fffffa8004833278 : nt!KeBugCheckEx+0x104
fffff88001faf030 fffff80002f194c6 : 0000000000000000 fffffa80038fa128 000000000000006a 0000000000000000 : nt!KeCheckForTimer+0x18b
fffff88001faf0a0 fffff8800164581e : fffffa8004833278 0000000000000000 0000000000000000 fffffa80048331a0 : nt!VerifierKeInitializeTimerEx+0x26
fffff88001faf0d0 fffff880016e2e27 : 0000000000000073 0000000000000010 0000000000000000 0000000000000000 : ndis!NdisInitializeTimer+0x1e
fffff88001faf100 fffff88002fde697 : 0000000000000001 0000000000000004 fffff9800dae0f70 fffffa80048331a0 : ndis!NdisMSetAttributesEx+0x177
fffff88001faf140 fffff880016dc7a1 : fffff88001faf2a8 fffff88001faf210 fffff8800169c550 fffff9800000000f : MyNtFlt!MPInitialize+0xf7 [C:\Source\MyNtFlt\miniport.cpp @ 136]
fffff88001faf1a0 fffff880016e0e73 : 0000000000000000 fffffa8005d3ccd0 fffff9800166cb00 01cee770041f795d : ndis! ?? ::LNCPHCLB::string'+0x2e8d fffff88001faf560 fffff880016e302c : 0000000000000000 fffffa8004833050 fffff8800169c110 fffff880016e80f7 : ndis!ndisInitializeAdapter+0x113 fffff88001faf5c0 fffff880016f5252 : fffff9800166cb00 fffffa8005d3cc00 fffff8800169c110 fffffa80048331a0 : ndis!ndisPnPStartDevice+0xac fffff88001faf620 fffff880016f5496 : fffff8800169c110 fffff9800166cb00 fffffa8005d3ccd0 fffffa80048331a0 : ndis!ndisIMInitializeDeviceInstance+0x82 fffff88001faf660 fffff88002fe021c : fffff98004146cf0 fffffa8005390a10 fffff980125e8ffe fffff98003f8cf78 : ndis!NdisIMInitializeDeviceInstanceEx+0x146 fffff88001faf6c0 fffff880016da362 : fffff88001faf8d0 fffff88001faf7f0 fffff98003f8cf78 fffff88001faf7c0 : MyNtFlt!PtBindAdapter+0x3bc [C:\Source\MyNtFlt\protocol.cpp @ 246] fffff88001faf790 fffff880016d7f58 : fffff98004146cf0 4000000000000001 fffffa8000000000 fffff88001faf8f8 : ndis!ndisInitializeBinding+0x2b2 fffff88001faf8c0 fffff880016f4e44 : fffff980123dcfe0 ffffffff800002b0 0000000000000000 0000000000000000 : ndis!ndisCheckAdapterBindings+0x278 fffff88001fafa00 fffff80002a8e261 : fffff80002c2a200 fffff80002d7b101 fffff880016d7010 fffffa80039bc040 : ndis!ndisDevicePowerOn+0x8a4 fffff88001fafb70 fffff80002d212ea : 0000000000000000 fffffa80039bc040 0000000000000080 fffffa8003994b30 : nt!ExpWorkerThread+0x111 fffff88001fafc00 fffff80002a758e6 : fffff880031f3180 fffffa80039bc040 fffff880031fdfc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a fffff88001fafc40 0000000000000000 : fffff88001fb0000 fffff88001faa000 fffff88001fae920 00000000`00000000 : nt!KxStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
MyNtFlt!MPInitialize+f7 [C:\Source\MyNtFlt\miniport.cpp @ 136]
fffff880`02fde697 4c8b5c2430 mov r11,qword ptr [rsp+30h]

FAULTING_SOURCE_LINE: C:\Source\MyNtFlt\miniport.cpp

FAULTING_SOURCE_FILE: C:\Source\MyNtFlt\miniport.cpp

FAULTING_SOURCE_LINE_NUMBER: 136

FAULTING_SOURCE_CODE:

122 NdisMSetAttributesEx(MiniportAdapterHandle,
123 pAdapt,
124 0, // CheckForHangTimeInSeconds
125: NDIS_ATTRIBUTE_IGNORE_PACKET_TIMEOUT |
126: NDIS_ATTRIBUTE_IGNORE_REQUEST_TIMEOUT|
127: NDIS_ATTRIBUTE_INTERMEDIATE_DRIVER |
128: NDIS_ATTRIBUTE_DESERIALIZE |
129: NDIS_ATTRIBUTE_NO_HALT_ON_SUSPEND,
130: (NDIS_INTERFACE_TYPE)0);
131:
132:
133: //
134: // Initialize LastIndicatedStatus to be NDIS_STATUS_MEDIA_CONNECT
135: //

136: pAdapt->LastIndicatedStatus = NDIS_STATUS_MEDIA_CONNECT;
137:
138: //
139: // Initialize the power states for both the lower binding (PTDeviceState)
140: // and our miniport edge to Powered On.
141: //

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: MyNtFlt!MPInitialize+f7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: MyNtFlt

IMAGE_NAME: MyNtFlt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 528f02c4

FAILURE_BUCKET_ID: X64_0xC7_VRF_MyNtFlt!MPInitialize+f7

BUCKET_ID: X64_0xC7_VRF_MyNtFlt!MPInitialize+f7

Followup: MachineOwner

==========================================================

Regards,
Prasad Talekar

Any pointer to start with???

I tried !timer and !swd commands from WinDbg but not moving ahead.

On Mon, Nov 25, 2013 at 10:02 AM, wrote:

> I am running Win HCK Test suite for Network Filter driver on 64 bit
> Windows 7.
>
> “DF - Concurrent Hardware And Operating System (CHAOS)” Test for driver
> certification resulted with Bugcheck 0xC7. Dump details are as below. Need
> some pointers to debug this issue which is caused due to incorrect use of
> Kernel timer or DPC. This crash is consistent and occurring while rebooting
> the machine as part of CHAOS test case execution.
>
> Dump details
> ==========================================================
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck C7, {0, fffffa8004833278, fffffa8004833278, fffffa80048332b8}
>
> Probably caused by : MyNtFlt.sys ( MyNtFlt!MPInitialize+f7 )
>
> Followup: MachineOwner
> ---------
>
> nt!RtlpBreakWithStatusInstruction:
> fffff80002a7c9f0 cc int 3<br>&gt; 1: kd&gt; !analyze -v<br>&gt;<br>&gt; *******************************************************************************<br>&gt; *<br>&gt; *<br>&gt; * Bugcheck Analysis<br>&gt; *<br>&gt; *<br>&gt; *<br>&gt;<br>&gt;******************************************************************************* <br>&gt;<br>&gt; TIMER_OR_DPC_INVALID (c7)<br>&gt; Kernel timer or DPC used incorrectly.<br>&gt; Arguments:<br>&gt; Arg1: 0000000000000000, Timer object found in memory which must not<br>&gt; contain such items.<br>&gt; Arg2: fffffa8004833278, Address of the timer object.<br>&gt; Arg3: fffffa8004833278, Start of memory range being checked.<br>&gt; Arg4: fffffa80048332b8, End of memory range being checked.<br>&gt;<br>&gt; Debugging Details:<br>&gt; ------------------<br>&gt;<br>&gt;<br>&gt; DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT<br>&gt;<br>&gt; BUGCHECK_STR: 0xC7<br>&gt;<br>&gt; PROCESS_NAME: System<br>&gt;<br>&gt; CURRENT_IRQL: 2<br>&gt;<br>&gt; LAST_CONTROL_TRANSFER: from fffff80002b75a12 to fffff80002a7c9f0<br>&gt;<br>&gt; STACK_TEXT:<br>&gt; fffff88001fae8b8 fffff80002b75a12 : 0000000000000000 fffffa80039bc040<br>&gt; 0000000000000065 fffff80002abf878 : nt!RtlpBreakWithStatusInstruction<br>&gt; fffff88001fae8c0 fffff80002b767fe : fffffa8000000003 0000000000000000<br>&gt; fffff80002ac00d0 00000000000000c7 : nt!KiBugCheckDebugBreak+0x12<br>&gt; fffff88001fae920 fffff80002a84cc4 : 0000000000000002 fffff80002a414be<br>&gt; 0000000000000000 fffffa80038fa128 : nt!KeBugCheck2+0x71e<br>&gt; fffff88001faeff0 fffff80002b2dbcb : 00000000000000c7 0000000000000000<br>&gt; fffffa8004833278 fffffa8004833278 : nt!KeBugCheckEx+0x104<br>&gt; fffff88001faf030 fffff80002f194c6 : 0000000000000000 fffffa80038fa128<br>&gt; 000000000000006a 0000000000000000 : nt!KeCheckForTimer+0x18b<br>&gt; fffff88001faf0a0 fffff8800164581e : fffffa8004833278 0000000000000000<br>&gt; 0000000000000000 fffffa80048331a0 : nt!VerifierKeInitializeTimerEx+0x26<br>&gt; fffff88001faf0d0 fffff880016e2e27 : 0000000000000073 0000000000000010<br>&gt; 0000000000000000 0000000000000000 : ndis!NdisInitializeTimer+0x1e<br>&gt; fffff88001faf100 fffff88002fde697 : 0000000000000001 0000000000000004<br>&gt; fffff9800dae0f70 fffffa80048331a0 : ndis!NdisMSetAttributesEx+0x177<br>&gt; fffff88001faf140 fffff880016dc7a1 : fffff88001faf2a8 fffff88001faf210<br>&gt; fffff8800169c550 fffff9800000000f : MyNtFlt!MPInitialize+0xf7<br>&gt; [C:\Source\MyNtFlt\miniport.cpp @ 136]<br>&gt; fffff88001faf1a0 fffff880016e0e73 : 0000000000000000 fffffa8005d3ccd0<br>&gt; fffff9800166cb00 01cee770041f795d : ndis! ?? ::LNCPHCLB::string’+0x2e8d
> fffff88001faf560 fffff880016e302c : 0000000000000000 fffffa8004833050
> fffff8800169c110 fffff880016e80f7 : ndis!ndisInitializeAdapter+0x113
> fffff88001faf5c0 fffff880016f5252 : fffff9800166cb00 fffffa8005d3cc00
> fffff8800169c110 fffffa80048331a0 : ndis!ndisPnPStartDevice+0xac
> fffff88001faf620 fffff880016f5496 : fffff8800169c110 fffff9800166cb00
> fffffa8005d3ccd0 fffffa80048331a0 :
> ndis!ndisIMInitializeDeviceInstance+0x82
> fffff88001faf660 fffff88002fe021c : fffff98004146cf0 fffffa8005390a10
> fffff980125e8ffe fffff98003f8cf78 :
> ndis!NdisIMInitializeDeviceInstanceEx+0x146
> fffff88001faf6c0 fffff880016da362 : fffff88001faf8d0 fffff88001faf7f0
> fffff98003f8cf78 fffff88001faf7c0 : MyNtFlt!PtBindAdapter+0x3bc
> [C:\Source\MyNtFlt\protocol.cpp @ 246]
> fffff88001faf790 fffff880016d7f58 : fffff98004146cf0 4000000000000001
> fffffa8000000000 fffff88001faf8f8 : ndis!ndisInitializeBinding+0x2b2
> fffff88001faf8c0 fffff880016f4e44 : fffff980123dcfe0 ffffffff800002b0
> 0000000000000000 0000000000000000 : ndis!ndisCheckAdapterBindings+0x278
> fffff88001fafa00 fffff80002a8e261 : fffff80002c2a200 fffff80002d7b101
> fffff880016d7010 fffffa80039bc040 : ndis!ndisDevicePowerOn+0x8a4
> fffff88001fafb70 fffff80002d212ea : 0000000000000000 fffffa80039bc040
> 0000000000000080 fffffa8003994b30 : nt!ExpWorkerThread+0x111
> fffff88001fafc00 fffff80002a758e6 : fffff880031f3180 fffffa80039bc040
> fffff880031fdfc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a
> fffff88001fafc40 0000000000000000 : fffff88001fb0000 fffff88001faa000
> fffff88001fae920 0000000000000000 : nt!KxStartSystemThread+0x16
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> MyNtFlt!MPInitialize+f7 [C:\Source\MyNtFlt\miniport.cpp @ 136]
> fffff880`02fde697 4c8b5c2430 mov r11,qword ptr [rsp+30h]
>
> FAULTING_SOURCE_LINE: C:\Source\MyNtFlt\miniport.cpp
>
> FAULTING_SOURCE_FILE: C:\Source\MyNtFlt\miniport.cpp
>
> FAULTING_SOURCE_LINE_NUMBER: 136
>
> FAULTING_SOURCE_CODE:
>
> 122 NdisMSetAttributesEx(MiniportAdapterHandle,
> 123 pAdapt,
> 124 0,
> // CheckForHangTimeInSeconds
> 125: NDIS_ATTRIBUTE_IGNORE_PACKET_TIMEOUT
> |
> 126: NDIS_ATTRIBUTE_IGNORE_REQUEST_TIMEOUT|
> 127: NDIS_ATTRIBUTE_INTERMEDIATE_DRIVER |
> 128: NDIS_ATTRIBUTE_DESERIALIZE |
> 129: NDIS_ATTRIBUTE_NO_HALT_ON_SUSPEND,
> 130: (NDIS_INTERFACE_TYPE)0);
> 131:
> 132:
> 133: //
> 134: // Initialize LastIndicatedStatus to be
> NDIS_STATUS_MEDIA_CONNECT
> 135: //
> > 136: pAdapt->LastIndicatedStatus = NDIS_STATUS_MEDIA_CONNECT;
> 137:
> 138: //
> 139: // Initialize the power states for both the lower binding
> (PTDeviceState)
> 140: // and our miniport edge to Powered On.
> 141: //
>
>
> SYMBOL_STACK_INDEX: 8
>
> SYMBOL_NAME: MyNtFlt!MPInitialize+f7
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: MyNtFlt
>
> IMAGE_NAME: MyNtFlt.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 528f02c4
>
> FAILURE_BUCKET_ID: X64_0xC7_VRF_MyNtFlt!MPInitialize+f7
>
> BUCKET_ID: X64_0xC7_VRF_MyNtFlt!MPInitialize+f7
>
> Followup: MachineOwner
>
> ==========================================================
>
> Regards,
> Prasad Talekar
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>