Hi All,
I am trying to developing a WDF driver for a USB device. This driver acts as as the bus driver and loads other drivers above it. All the drivers and application pend IOCTLs to the WDF driver. I am having this problem when I am doing a surprise removal.
when EvtDeviceSurpriseRemoval is called where I cancel all the pending IRPs
then EvtDeviceD0Exit is called
then EvtDeviceReleaseHardware is called
then it gives the following bugcheck
What could be the possible issue? Please someone help me.
*** Fatal System Error: 0x000000d1
(0x00000000,0x00000002,0x00000001,0x8704F3F5)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows 7 7600 x86 compatible target at (Wed Aug 25 19:15:33.452 2010 (GMT+6)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.......
*** ERROR: Module load completed but symbols could not be loaded for wpsdrvnt.sys
*** WARNING: Unable to verify timestamp for volmgrx.sys
*** ERROR: Module load completed but symbols could not be loaded for volmgrx.sys
*** WARNING: Unable to verify timestamp for msrpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
*** WARNING: Unable to verify timestamp for Fs_Rec.sys
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.sys
*** WARNING: Unable to verify timestamp for vmstorfl.sys
*** ERROR: Module load completed but symbols could not be loaded for vmstorfl.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** ERROR: Module load completed but symbols could not be loaded for SRTSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for NAVEX15.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for NAVENG.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSPX.SYS
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 1, 8704f3f5}
Probably caused by : Wdf01000.sys ( Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+11 )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
82ebc3b4 cc int 3
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8704f3f5, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+11
8704f3f5 8916 mov dword ptr [esi],edx
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 893278e8 -- (.trap 0xffffffff893278e8)
ErrCode = 00000002
eax=8476e9c0 ebx=84e49630 ecx=84e49630 edx=83107ef7 esi=00000000 edi=00000000
eip=8704f3f5 esp=8932795c ebp=89327960 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+0x11:
8704f3f5 8916 mov dword ptr [esi],edx ds:0023:00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 82f2de71 to 82ebc3b4
STACK_TEXT:
893274b4 82f2de71 00000003 a22621e0 00000065 nt!RtlpBreakWithStatusInstruction
89327504 82f2e96d 00000003 00000000 8704f3f5 nt!KiBugCheckDebugBreak+0x1c
893278c8 82e9782b 0000000a 00000000 00000002 nt!KeBugCheck2+0x68b
893278c8 8704f3f5 0000000a 00000000 00000002 nt!KiTrap0E+0x2cf
89327960 8704f599 8476e968 84e495b8 89327980 Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+0x11
89327970 8704f6c4 00000000 89327994 8932798c Wdf01000!FxIrpQueue::RemoveNextIrpFromQueue+0x2f
89327980 87049fbe 89327994 893279ac 8705d08d Wdf01000!FxIrpQueue::GetNextRequest+0xf
8932798c 8705d08d 84e49630 84e49798 84e495b8 Wdf01000!FxRequest::GetNextRequest+0x11
893279ac 8705d410 00000001 00000001 00000000 Wdf01000!FxIoQueue::QueuePurge+0x283
893279cc 8705f2a7 00000002 00000008 85601d30 Wdf01000!FxIoQueue::StopProcessingForPower+0x30
893279ec 87056e61 00000002 89327a0c 87078ed6 Wdf01000!FxPkgIo::StopProcessingForPower+0xbd
893279f8 87078ed6 85497418 00000002 85601d30 Wdf01000!FxDeviceToMx::FxPkgIo_StopProcessingForPower+0x16
89327a0c 87079104 00000000 85601d30 0000012b Wdf01000!FxPkgPnp::PnpCleanupForRemove+0x2b
89327a20 87078484 85601d30 85601dd8 85601d30 Wdf01000!FxPkgPnp::PnpEventFailed+0x14
89327a48 87078db2 0000012a 85601dd8 85601d30 Wdf01000!FxPkgPnp::PnpEnterNewState+0x104
89327a6c 8707947a 89327a84 84673f08 85601d30 Wdf01000!FxPkgPnp::PnpProcessEventInner+0x149
89327a90 87072540 00000400 00000000 85601d30 Wdf01000!FxPkgPnp::PnpProcessEvent+0x13e
89327aa4 87077316 89327ad8 89327ad0 87071e02 Wdf01000!FxPkgPnp::PnpSurpriseRemoval+0x29
89327ab0 87071e02 85601d30 89327ad8 84fa1bd8 Wdf01000!FxPkgFdo::_PnpSurpriseRemoval+0x10
89327ad0 8704ea3f 84fa1bd8 89327af8 8704ec63 Wdf01000!FxPkgPnp::Dispatch+0x207
89327adc 8704ec63 865bf350 84fa1bd8 84fa1d44 Wdf01000!FxDevice::Dispatch+0x7f
89327af8 82e8d4bc 865bf350 84fa1bd8 89327b94 Wdf01000!FxDevice::DispatchWithLock+0x7b
89327b10 8302df03 84ec0030 8478ce78 84ec0030 nt!IofCallDriver+0x63
89327b40 83004b55 84ec0030 00000000 8478ce78 nt!IopSynchronousCall+0xc2
89327b98 8310fb66 84ec0030 00000017 8478ce78 nt!IopRemoveDevice+0xd4
89327bc0 8300495d af269298 00000000 89327c04 nt!PnpSurpriseRemoveLockedDeviceNode+0x101
89327bd0 830048cf 00000003 00000000 00000000 nt!PnpDeleteLockedDeviceNode+0x21
89327c04 83003e8e 84ee16a8 af269298 00000003 nt!PnpDeleteLockedDeviceNodes+0x4c
89327cc4 83006228 89327cf4 00000000 af8bdf50 nt!PnpProcessQueryRemoveAndEject+0x586
89327cdc 83007d70 00000000 860a3a38 845cfd48 nt!PnpProcessTargetDeviceEvent+0x38
89327d00 82ebef3b 860a3a38 00000000 845cfd48 nt!PnpDeviceEventWorker+0x216
89327d50 8305f6d3 00000001 a2262974 00000000 nt!ExpWorkerThread+0x10d
89327d90 82f110f9 82ebee2e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+11
8704f3f5 8916 mov dword ptr [esi],edx
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+11
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf28
FAILURE_BUCKET_ID: 0xD1_Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+11
BUCKET_ID: 0xD1_Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+11
Followup: MachineOwner
0: kd> .trap 0xffffffff893278e8
ErrCode = 00000002
eax=8476e9c0 ebx=84e49630 ecx=84e49630 edx=83107ef7 esi=00000000 edi=00000000
eip=8704f3f5 esp=8932795c ebp=89327960 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+0x11:
8704f3f5 8916 mov dword ptr [esi],edx ds:0023:00000000=????????