Crash in Wdf01000!FxInterrupt::_InterruptThunk?

NTDEV
1

Hi,
I am in the process of developing my KWDF driver for a PCI device.
I encountered a crash (Windbg output below) when I made the following sequence.

The sequence is:
1.My EvtDevicePrepareHardware is called.
2.I call a generic function named resetChip.
3.Since its generic, its calls WdfInterruptDisable to disable the interrupts.
4.At the end of my EvtDevicePrepareHardware callback I call WdfInterruptEnable to re-enable the interrupt.

After this sequence, the first interrupt causes the crash.
If I don't muck with WdfInterruptDisable/WdfInterruptEnable at EvtDevicePrepareHardware I am OK so I used a flag to indicate I am under device initialization and checked it in my resetChip function to decide whether to disable the interrupts or not.

So, what is the proper use of the WdfInterruptDisable/WdfInterruptEnable functions and when am I allowed to call them?

Attached below is windbg output. The machine is win2k3 SP1 x64, and KWDF version is 1.5.

Thanks,
Eran.

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: fffffadfc8b3d4d0

Debugging Details:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x3D

PROCESS_NAME: Idle

CURRENT_IRQL: 5

EXCEPTION_RECORD: fffffadfc941d930 -- (.exr fffffadfc941d930)
ExceptionAddress: fffffadfc8b3d4d0 (Wdf01000!FxInterrupt::_InterruptThunk+0x0000000000000018)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME: fffffadfc941d9c0 -- (.trap fffffadfc941d9c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed.
rax=fffffadfce655500 rbx=fffff800011b6940 rcx=0000000000000000
rdx=00000000fffffadf rsi=0000000032737065 rdi=fffffadfce7bf040
rip=fffffadfc8b3d4d0 rsp=fffffadfc941db58 rbp=fffffadfc941dc30
r8=0000034b290d63b8 r9=0000000000000000 r10=fffffadfc90ad450
r11=fffffadfce655588 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
Wdf01000!FxInterrupt::_InterruptThunk+0x18:
fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h] ds:0002:fffffadfce655608=444f784600000000
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800010e1d8e to fffff800010499e0

STACK_TEXT:
fffffadfc941c2a8 fffff800010e1d8e : 0000000000000000 0000000000000000 000000000000003d fffff8000105f60e : nt!DbgBreakPointWithStatus
fffffadfc941c2b0 fffff800010e3384 : fffff80000000003 000000000000003d 0000000000000000 0000000000000000 : nt!KiBugCheckDebugBreak+0x1e
fffffadfc941c310 fffff8000104e994 : 0000000000000202 fffff80001055a70 0000000000000008 fffffadfc90ab180 : nt!KeBugCheck2+0x676
fffffadfc941c960 fffff8000104e5b4 : 000000000000003d 0000000000000000 0000000000000000 0000000000000000 : nt!KeBugCheckEx+0x104
fffffadfc941c9a0 fffff8000104f478 : fffffadfc941cc50 0000000000000000 fffffadfc941d930 fffff8000104f557 : nt!KiBugCheckDispatch+0x74
fffffadfc941cb20 fffff8000105be2d : fffffadfc941d930 00000000c941d930 0000000000000000 fffffadfc941da40 : nt!KiInterruptHandler+0x28
fffffadfc941cb50 fffff80001031251 : 0000000000000064 fffffadfc941db60 0000000000000000 00000000c941d930 : nt!RtlpExecuteHandlerForException+0xd
fffffadfc941cb80 fffff8000101736a : fffffadf00000000 fffffadfc941d340 fffffadfc941d930 fffffadfc941da40 : nt!RtlDispatchException+0x2c0
fffffadfc941d240 fffff8000104e6af : fffffadfc941d930 0000000000000000 fffffadfc941d9c0 fffff8000105259d : nt!KiDispatchException+0xd9
fffffadfc941d840 fffff8000104d34d : fffffabdaa8ecca0 fffffadfc8ffc488 0000000000000000 fffff800010599f0 : nt!KiExceptionExit
fffffadfc941d9c0 fffffadfc8b3d4d0 : fffff8000104f749 0000000000000000 fffffadfce76d010 0000000000000246 : nt!KiGeneralProtectionFault+0xcd
fffffadfc941db58 fffff8000104f749 : 0000000000000000 fffffadfce76d010 0000000000000246 fffff800010027e1 : Wdf01000!FxInterrupt::_InterruptThunk+0x18
fffffadfc941db60 fffff8000104f557 : fffffadfc90ad480 fffffadfc941dc30 fffffadfc90ad480 fffffadfce965a90 : nt!KiScanInterruptObjectList+0x89
fffffadfc941dbb0 fffffadfc8d55b42 : fffffadfc8d55759 0000000000000010 0000000000000246 fffffadfc941dd70 : nt!KiChainedDispatch+0xd7
fffffadfc941dd48 fffffadfc8d55759 : 0000000000000010 0000000000000246 fffffadfc941dd70 fffffadfcef31040 : intelppm!C1Halt+0x2
fffffadfc941dd50 fffff80001055a16 : fffffadfc90ad450 fffff800011b6940 fffffadfcef31040 0000000000000000 : intelppm!AcpiC1Idle+0x19
fffffadfc941dd80 fffff8000106fcee : fffffadfc90ab180 fffffadfc90ab180 fffffadfc90b3680 fffffadfcef31040 : nt!PopProcessorIdle+0x10a
fffffadfc941ddb0 fffff800014231d1 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x1e
fffffadfc941dde0 00000000fffffadf : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemStartup+0x1bf
fffffadfc90ad640 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0068000000000000 : 0xfffffadf
fffffadfc90ad648 0000000000000000 : 0000000000000000 0000000000000000 0068000000000000 0000000000000000 : 0x0
fffffadfc90ad650 0000000000000000 : 0000000000000000 0068000000000000 0000000000000000 0000000000000000 : 0x0
fffffadfc90ad658 0000000000000000 : 0068000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0
fffffadfc90ad660 0068000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0
fffffadfc90ad668 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x68000000000000 fffffadfc90ad670 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad678 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad680 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad688 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad690 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad698 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6a0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6a8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6b0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6b8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6c0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6c8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6d0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6d8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6e0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6e8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6f0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad6f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad700 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad708 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad710 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad718 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad720 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad728 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad730 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad738 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad740 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad748 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad750 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad758 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad760 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad768 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad770 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad778 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad780 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad788 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad790 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad798 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7a0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7a8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7b0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7b8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7c0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7c8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7d0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7d8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7e0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7e8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7f0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x0 fffffadfc90ad7f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x0

STACK_COMMAND: kb

FOLLOWUP_IP:
Wdf01000!FxInterrupt::_InterruptThunk+18
fffffadf`c8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h]

SYMBOL_STACK_INDEX: b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Wdf01000

IMAGE_NAME: Wdf01000.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549bdc7

SYMBOL_NAME: Wdf01000!FxInterrupt::_InterruptThunk+18

FAILURE_BUCKET_ID: X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18

BUCKET_ID: X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18

Followup: MachineOwner

1: kd> !wdflogdump ql_topio
Trace searchpath is:

Trace format prefix is: %7!u!: %!FUNC! -
TMF file used for formatting IFR log is: C:\eran\wdf01005.tmf
Log at fffffadfce615000
Gather log: Please wait, this may take a moment (reading 4024 bytes).
% read so far ... 10, 20, 30, 100
There are 30 log entries
--- start of log ---
1: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS= 520
2: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS= 520
3: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS= 520
4: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS= 520
5: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not have a lock order defined in fx\inc\FxVerifierLock.hpp
6: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not have a lock order defined in fx\inc\FxVerifierLock.hpp
7: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
8: FxPkgPnp::Dispatch - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520, IRP_MJ_PNP, !0xD0! IRP 0xDFCEA8C5
9: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
10: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
11: FxInterrupt::AssignResources - Is MSI? 0, MSI-ID 0, AffinityPolicy WdfIrqPolicyOneCloseProcessor, Priority WdfIrqPriorityUndefined, Affinity 0x3, Irql 0x5, Vector 0x151
12: FxInterrupt::ForceDisconnect - Force disconnect called on WDFDEVICE 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
13: FxInterrupt::ForceReconnect - Force connect called on WDFDEVICE 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
14: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
15: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
16: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
17: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
18: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
19: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
20: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
21: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
22: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
23: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
24: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering Power State 0xCEA8C5D0 from 0xFFFFFADF
25: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
26: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
27: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
28: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
29: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
30: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520 entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
---- end of log ----

2

you should not be touching your hardware in PrepareHardware in any sense that touches the interrupt. You can be mapping memory mapped i/o and checking for the device’s revision since PrepareHardware is only called once when resources are assigned. You should be resetting your chip in D0Entry. The actual PKINTERRUPT is not connected until D0Entry() returns NT_SUCESS() since that is when we call EvtInterruptEnable. If you need the interrupt to be enabled and valid, you should do your reset of your chip in D0EntryPostInterruptsEnabled

With that said, I will look at making the code and see where I can make it more resilient to misuse

d

3

xxxxx@topio.com wrote:

I am in the process of developing my KWDF driver for a PCI device.
I encountered a crash (Windbg output below) when I made the following sequence.

The sequence is:
1.My EvtDevicePrepareHardware is called.
2.I call a generic function named resetChip.
3.Since its generic, its calls WdfInterruptDisable to disable the interrupts.
4.At the end of my EvtDevicePrepareHardware callback I call WdfInterruptEnable to re-enable the interrupt.

After this sequence, the first interrupt causes the crash.
If I don’t muck with WdfInterruptDisable/WdfInterruptEnable at EvtDevicePrepareHardware I am OK so I used a flag to indicate I am under device initialization and checked it in my resetChip function to decide whether to disable the interrupts or not.

So, what is the proper use of the WdfInterruptDisable/WdfInterruptEnable functions and when am I allowed to call them?

Attached below is windbg output. The machine is win2k3 SP1 x64, and KWDF version is 1.5.

TRAP_FRAME: fffffadfc941d9c0 – (.trap fffffadfc941d9c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed.
rax=fffffadfce655500 rbx=fffff800011b6940 rcx=0000000000000000
rdx=00000000fffffadf rsi=0000000032737065 rdi=fffffadfce7bf040
rip=fffffadfc8b3d4d0 rsp=fffffadfc941db58 rbp=fffffadfc941dc30
r8=0000034b290d63b8 r9=0000000000000000 r10=fffffadfc90ad450
r11=fffffadfce655588 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
Wdf01000!FxInterrupt::_InterruptThunk+0x18:
fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h] ds:0002:fffffadfce655608=444f784600000000
Resetting default scope

Note the address it is trying to jump to – 444f784600000000. That is
the ASCII string “DOxF”. Is it possible you haven’t configured your
interrupt handler yet?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

4

You can not call WdfInterruptEnable/Disable until after PrepareHardware has
completed. This is the time that the interrupt objects will be initialized
on your behalf (connected to your ISR routine) by the framework. In fact,
you may have to wait until after D0Entry, but I don’t remeber for certain.

Beverly

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Thursday, November 30, 2006 7:43 AM
Subject: [ntdev] Crash in Wdf01000!FxInterrupt::_InterruptThunk?

> Hi,
> I am in the process of developing my KWDF driver for a PCI device.
> I encountered a crash (Windbg output below) when I made the following
> sequence.
>
> The sequence is:
> 1.My EvtDevicePrepareHardware is called.
> 2.I call a generic function named resetChip.
> 3.Since its generic, its calls WdfInterruptDisable to disable the
> interrupts.
> 4.At the end of my EvtDevicePrepareHardware callback I call
> WdfInterruptEnable to re-enable the interrupt.
>
> After this sequence, the first interrupt causes the crash.
> If I don’t muck with WdfInterruptDisable/WdfInterruptEnable at
> EvtDevicePrepareHardware I am OK so I used a flag to indicate I am under
> device initialization and checked it in my resetChip function to decide
> whether to disable the interrupts or not.
>
> So, what is the proper use of the WdfInterruptDisable/WdfInterruptEnable
> functions and when am I allowed to call them?
>
> Attached below is windbg output. The machine is win2k3 SP1 x64, and KWDF
> version is 1.5.
>
> Thanks,
> Eran.
>
> 1: kd> !analyze -v
> ***
> *
>
> * Bugcheck Analysis
>
> *
>
>
>
> INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
> Arguments:
> Arg1: 0000000000000000
> Arg2: 0000000000000000
> Arg3: 0000000000000000
> Arg4: fffffadfc8b3d4d0
>
> Debugging Details:
> ------------------
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x3D
>
> PROCESS_NAME: Idle
>
> CURRENT_IRQL: 5
>
> EXCEPTION_RECORD: fffffadfc941d930 – (.exr fffffadfc941d930)
> ExceptionAddress: fffffadfc8b3d4d0
> (Wdf01000!FxInterrupt::_InterruptThunk+0x0000000000000018)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 0000000000000000
> Parameter[1]: ffffffffffffffff
> Attempt to read from address ffffffffffffffff
>
> TRAP_FRAME: fffffadfc941d9c0 – (.trap fffffadfc941d9c0)
> NOTE: The trap frame does not contain all registers.
> Some register values may be zeroed.
> rax=fffffadfce655500 rbx=fffff800011b6940 rcx=0000000000000000
> rdx=00000000fffffadf rsi=0000000032737065 rdi=fffffadfce7bf040
> rip=fffffadfc8b3d4d0 rsp=fffffadfc941db58 rbp=fffffadfc941dc30
> r8=0000034b290d63b8 r9=0000000000000000 r10=fffffadfc90ad450
> r11=fffffadfce655588 r12=0000000000000000 r13=0000000000000000
> r14=0000000000000000 r15=0000000000000000
> iopl=0 nv up ei pl zr na po nc
> Wdf01000!FxInterrupt::_InterruptThunk+0x18:
> fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h] <br>&gt; ds:0002:fffffadfce655608=444f784600000000
> Resetting default scope
>
> LAST_CONTROL_TRANSFER: from fffff800010e1d8e to fffff800010499e0
>
> STACK_TEXT:
> fffffadfc941c2a8 fffff800010e1d8e : 0000000000000000 0000000000000000
> 000000000000003d fffff8000105f60e : nt!DbgBreakPointWithStatus
> fffffadfc941c2b0 fffff800010e3384 : fffff80000000003 000000000000003d
> 0000000000000000 0000000000000000 : nt!KiBugCheckDebugBreak+0x1e
> fffffadfc941c310 fffff8000104e994 : 0000000000000202 fffff80001055a70
> 0000000000000008 fffffadfc90ab180 : nt!KeBugCheck2+0x676
> fffffadfc941c960 fffff8000104e5b4 : 000000000000003d 0000000000000000
> 0000000000000000 0000000000000000 : nt!KeBugCheckEx+0x104
> fffffadfc941c9a0 fffff8000104f478 : fffffadfc941cc50 0000000000000000
> fffffadfc941d930 fffff8000104f557 : nt!KiBugCheckDispatch+0x74
> fffffadfc941cb20 fffff8000105be2d : fffffadfc941d930 00000000c941d930
> 0000000000000000 fffffadfc941da40 : nt!KiInterruptHandler+0x28
> fffffadfc941cb50 fffff80001031251 : 0000000000000064 fffffadfc941db60
> 0000000000000000 00000000c941d930 :
> nt!RtlpExecuteHandlerForException+0xd
> fffffadfc941cb80 fffff8000101736a : fffffadf00000000 fffffadfc941d340
> fffffadfc941d930 fffffadfc941da40 : nt!RtlDispatchException+0x2c0
> fffffadfc941d240 fffff8000104e6af : fffffadfc941d930 0000000000000000
> fffffadfc941d9c0 fffff8000105259d : nt!KiDispatchException+0xd9
> fffffadfc941d840 fffff8000104d34d : fffffabdaa8ecca0 fffffadfc8ffc488
> 0000000000000000 fffff800010599f0 : nt!KiExceptionExit
> fffffadfc941d9c0 fffffadfc8b3d4d0 : fffff8000104f749 0000000000000000
> fffffadfce76d010 0000000000000246 : nt!KiGeneralProtectionFault+0xcd
> fffffadfc941db58 fffff8000104f749 : 0000000000000000 fffffadfce76d010
> 0000000000000246 fffff800010027e1 :
> Wdf01000!FxInterrupt::_InterruptThunk+0x18
> fffffadfc941db60 fffff8000104f557 : fffffadfc90ad480 fffffadfc941dc30
> fffffadfc90ad480 fffffadfce965a90 : nt!KiScanInterruptObjectList+0x89
> fffffadfc941dbb0 fffffadfc8d55b42 : fffffadfc8d55759 0000000000000010
> 0000000000000246 fffffadfc941dd70 : nt!KiChainedDispatch+0xd7
> fffffadfc941dd48 fffffadfc8d55759 : 0000000000000010 0000000000000246
> fffffadfc941dd70 fffffadfcef31040 : intelppm!C1Halt+0x2
> fffffadfc941dd50 fffff80001055a16 : fffffadfc90ad450 fffff800011b6940
> fffffadfcef31040 0000000000000000 : intelppm!AcpiC1Idle+0x19
> fffffadfc941dd80 fffff8000106fcee : fffffadfc90ab180 fffffadfc90ab180
> fffffadfc90b3680 fffffadfcef31040 : nt!PopProcessorIdle+0x10a
> fffffadfc941ddb0 fffff800014231d1 : 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x1e
> fffffadfc941dde0 00000000fffffadf : 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 : nt!KiSystemStartup+0x1bf
> fffffadfc90ad640 0000000000000000 : 0000000000000000 0000000000000000
> 0000000000000000 0068000000000000 : 0xfffffadf
> fffffadfc90ad648 0000000000000000 : 0000000000000000 0000000000000000
> 0068000000000000 0000000000000000 : 0x0
> fffffadfc90ad650 0000000000000000 : 0000000000000000 0068000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad658 0000000000000000 : 0068000000000000 0000000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad660 0068000000000000 : 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad668 0000000000000000 : 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 : 0x68000000000000<br>&gt; fffffadfc90ad670 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad678 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad680 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad688 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad690 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad698 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6a0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6a8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6b0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6b8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6c0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6c8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6d0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6d8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6e0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6e8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6f0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6f8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad700 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad708 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad710 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad718 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad720 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad728 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad730 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad738 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad740 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad748 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad750 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad758 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad760 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad768 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad770 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad778 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad780 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad788 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad790 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad798 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7a0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7a8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7b0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7b8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7c0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7c8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7d0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7d8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7e0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7e8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7f0 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7f8 0000000000000000 : 0000000000000000 0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt;<br>&gt;<br>&gt; STACK_COMMAND: kb<br>&gt;<br>&gt; FOLLOWUP_IP:<br>&gt; Wdf01000!FxInterrupt::_InterruptThunk+18<br>&gt; fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h]
>
> SYMBOL_STACK_INDEX: b
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: Wdf01000
>
> IMAGE_NAME: Wdf01000.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4549bdc7
>
> SYMBOL_NAME: Wdf01000!FxInterrupt::_InterruptThunk+18
>
> FAILURE_BUCKET_ID: X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18
>
> BUCKET_ID: X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18
>
> Followup: MachineOwner
> ---------
>
> 1: kd> !wdflogdump ql_topio
> Trace searchpath is:
>
> Trace format prefix is: %7!u!: %!FUNC! -
> TMF file used for formatting IFR log is: C:\eran\wdf01005.tmf
> Log at fffffadfce615000
> Gather log: Please wait, this may take a moment (reading 4024 bytes).
> % read so far … 10, 20, 30, 100
> There are 30 log entries
> — start of log —
> 1: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 2: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 3: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 4: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 5: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not have
> a lock order defined in fx\inc\FxVerifierLock.hpp
> 6: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not have
> a lock order defined in fx\inc\FxVerifierLock.hpp
> 7: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 8: FxPkgPnp::Dispatch - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520,
> IRP_MJ_PNP, !0xD0! IRP 0xDFCEA8C5
> 9: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 10: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 11: FxInterrupt::AssignResources - Is MSI? 0, MSI-ID 0, AffinityPolicy
> WdfIrqPolicyOneCloseProcessor, Priority WdfIrqPriorityUndefined, Affinity
> 0x3, Irql 0x5, Vector 0x151
> 12: FxInterrupt::ForceDisconnect - Force disconnect called on WDFDEVICE
> 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
> 13: FxInterrupt::ForceReconnect - Force connect called on WDFDEVICE
> 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
> 14: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 15: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 16: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 17: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 18: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 19: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 20: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 21: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 22: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 23: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 24: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 25: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 26: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 27: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 28: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 29: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 30: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> ---- end of log ----
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

5

Yup, they are connected post D0Entry

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
Sent: Friday, December 01, 2006 7:05 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Crash in Wdf01000!FxInterrupt::_InterruptThunk?

You can not call WdfInterruptEnable/Disable until after PrepareHardware
has
completed. This is the time that the interrupt objects will be
initialized
on your behalf (connected to your ISR routine) by the framework. In
fact,
you may have to wait until after D0Entry, but I don’t remeber for
certain.

Beverly

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Thursday, November 30, 2006 7:43 AM
Subject: [ntdev] Crash in Wdf01000!FxInterrupt::_InterruptThunk?

> Hi,
> I am in the process of developing my KWDF driver for a PCI device.
> I encountered a crash (Windbg output below) when I made the following
> sequence.
>
> The sequence is:
> 1.My EvtDevicePrepareHardware is called.
> 2.I call a generic function named resetChip.
> 3.Since its generic, its calls WdfInterruptDisable to disable the
> interrupts.
> 4.At the end of my EvtDevicePrepareHardware callback I call
> WdfInterruptEnable to re-enable the interrupt.
>
> After this sequence, the first interrupt causes the crash.
> If I don’t muck with WdfInterruptDisable/WdfInterruptEnable at
> EvtDevicePrepareHardware I am OK so I used a flag to indicate I am
under
> device initialization and checked it in my resetChip function to
decide
> whether to disable the interrupts or not.
>
> So, what is the proper use of the
WdfInterruptDisable/WdfInterruptEnable
> functions and when am I allowed to call them?
>
> Attached below is windbg output. The machine is win2k3 SP1 x64, and
KWDF
> version is 1.5.
>
> Thanks,
> Eran.
>
> 1: kd> !analyze -v
>
*****************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
>
*****************************************************************
>
> INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
> Arguments:
> Arg1: 0000000000000000
> Arg2: 0000000000000000
> Arg3: 0000000000000000
> Arg4: fffffadfc8b3d4d0
>
> Debugging Details:
> ------------------
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x3D
>
> PROCESS_NAME: Idle
>
> CURRENT_IRQL: 5
>
> EXCEPTION_RECORD: fffffadfc941d930 – (.exr fffffadfc941d930)
> ExceptionAddress: fffffadfc8b3d4d0
> (Wdf01000!FxInterrupt::_InterruptThunk+0x0000000000000018)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 0000000000000000
> Parameter[1]: ffffffffffffffff
> Attempt to read from address ffffffffffffffff
>
> TRAP_FRAME: fffffadfc941d9c0 – (.trap fffffadfc941d9c0)
> NOTE: The trap frame does not contain all registers.
> Some register values may be zeroed.
> rax=fffffadfce655500 rbx=fffff800011b6940 rcx=0000000000000000
> rdx=00000000fffffadf rsi=0000000032737065 rdi=fffffadfce7bf040
> rip=fffffadfc8b3d4d0 rsp=fffffadfc941db58 rbp=fffffadfc941dc30
> r8=0000034b290d63b8 r9=0000000000000000 r10=fffffadfc90ad450
> r11=fffffadfce655588 r12=0000000000000000 r13=0000000000000000
> r14=0000000000000000 r15=0000000000000000
> iopl=0 nv up ei pl zr na po nc
> Wdf01000!FxInterrupt::_InterruptThunk+0x18:
> fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h] <br>&gt; ds:0002:fffffadfce655608=444f784600000000
> Resetting default scope
>
> LAST_CONTROL_TRANSFER: from fffff800010e1d8e to fffff800010499e0
>
> STACK_TEXT:
> fffffadfc941c2a8 fffff800010e1d8e : 0000000000000000<br>0000000000000000
> 000000000000003d fffff8000105f60e : nt!DbgBreakPointWithStatus
> fffffadfc941c2b0 fffff800010e3384 : fffff80000000003<br>000000000000003d
> 0000000000000000 0000000000000000 : nt!KiBugCheckDebugBreak+0x1e
> fffffadfc941c310 fffff8000104e994 : 0000000000000202<br>fffff80001055a70
> 0000000000000008 fffffadfc90ab180 : nt!KeBugCheck2+0x676
> fffffadfc941c960 fffff8000104e5b4 : 000000000000003d<br>0000000000000000
> 0000000000000000 0000000000000000 : nt!KeBugCheckEx+0x104
> fffffadfc941c9a0 fffff8000104f478 : fffffadfc941cc50<br>0000000000000000
> fffffadfc941d930 fffff8000104f557 : nt!KiBugCheckDispatch+0x74
> fffffadfc941cb20 fffff8000105be2d : fffffadfc941d930<br>00000000c941d930
> 0000000000000000 fffffadfc941da40 : nt!KiInterruptHandler+0x28
> fffffadfc941cb50 fffff80001031251 : 0000000000000064<br>fffffadfc941db60
> 0000000000000000 00000000c941d930 :
> nt!RtlpExecuteHandlerForException+0xd
> fffffadfc941cb80 fffff8000101736a : fffffadf00000000<br>fffffadfc941d340
> fffffadfc941d930 fffffadfc941da40 : nt!RtlDispatchException+0x2c0
> fffffadfc941d240 fffff8000104e6af : fffffadfc941d930<br>0000000000000000
> fffffadfc941d9c0 fffff8000105259d : nt!KiDispatchException+0xd9
> fffffadfc941d840 fffff8000104d34d : fffffabdaa8ecca0<br>fffffadfc8ffc488
> 0000000000000000 fffff800010599f0 : nt!KiExceptionExit
> fffffadfc941d9c0 fffffadfc8b3d4d0 : fffff8000104f749<br>0000000000000000
> fffffadfce76d010 0000000000000246 : nt!KiGeneralProtectionFault+0xcd
> fffffadfc941db58 fffff8000104f749 : 0000000000000000<br>fffffadfce76d010
> 0000000000000246 fffff800010027e1 :
> Wdf01000!FxInterrupt::_InterruptThunk+0x18
> fffffadfc941db60 fffff8000104f557 : fffffadfc90ad480<br>fffffadfc941dc30
> fffffadfc90ad480 fffffadfce965a90 :
nt!KiScanInterruptObjectList+0x89
> fffffadfc941dbb0 fffffadfc8d55b42 : fffffadfc8d55759<br>0000000000000010
> 0000000000000246 fffffadfc941dd70 : nt!KiChainedDispatch+0xd7
> fffffadfc941dd48 fffffadfc8d55759 : 0000000000000010<br>0000000000000246
> fffffadfc941dd70 fffffadfcef31040 : intelppm!C1Halt+0x2
> fffffadfc941dd50 fffff80001055a16 : fffffadfc90ad450<br>fffff800011b6940
> fffffadfcef31040 0000000000000000 : intelppm!AcpiC1Idle+0x19
> fffffadfc941dd80 fffff8000106fcee : fffffadfc90ab180<br>fffffadfc90ab180
> fffffadfc90b3680 fffffadfcef31040 : nt!PopProcessorIdle+0x10a
> fffffadfc941ddb0 fffff800014231d1 : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x1e
> fffffadfc941dde0 00000000fffffadf : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : nt!KiSystemStartup+0x1bf
> fffffadfc90ad640 0000000000000000 : 0000000000000000<br>0000000000000000
> 0000000000000000 0068000000000000 : 0xfffffadf
> fffffadfc90ad648 0000000000000000 : 0000000000000000<br>0000000000000000
> 0068000000000000 0000000000000000 : 0x0
> fffffadfc90ad650 0000000000000000 : 0000000000000000<br>0068000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad658 0000000000000000 : 0068000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad660 0068000000000000 : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad668 0000000000000000 : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : 0x68000000000000<br>&gt; fffffadfc90ad670 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad678 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad680 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad688 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad690 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad698 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6a0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6a8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6b0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6b8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6c0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6c8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6d0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6d8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6e0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6e8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6f0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6f8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad700 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad708 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad710 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad718 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad720 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad728 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad730 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad738 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad740 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad748 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad750 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad758 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad760 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad768 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad770 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad778 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad780 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad788 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad790 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad798 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7a0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7a8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7b0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7b8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7c0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7c8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7d0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7d8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7e0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7e8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7f0 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7f8 0000000000000000 : 0000000000000000
0000000000000000 <br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt;<br>&gt;<br>&gt; STACK_COMMAND: kb<br>&gt;<br>&gt; FOLLOWUP_IP:<br>&gt; Wdf01000!FxInterrupt::_InterruptThunk+18<br>&gt; fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h]
>
> SYMBOL_STACK_INDEX: b
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: Wdf01000
>
> IMAGE_NAME: Wdf01000.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4549bdc7
>
> SYMBOL_NAME: Wdf01000!FxInterrupt::_InterruptThunk+18
>
> FAILURE_BUCKET_ID:
X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18
>
> BUCKET_ID: X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18
>
> Followup: MachineOwner
> ---------
>
> 1: kd> !wdflogdump ql_topio
> Trace searchpath is:
>
> Trace format prefix is: %7!u!: %!FUNC! -
> TMF file used for formatting IFR log is: C:\eran\wdf01005.tmf
> Log at fffffadfce615000
> Gather log: Please wait, this may take a moment (reading 4024 bytes).
> % read so far … 10, 20, 30, 100
> There are 30 log entries
> — start of log —
> 1: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 2: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 3: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 4: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 5: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not
have
> a lock order defined in fx\inc\FxVerifierLock.hpp
> 6: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not
have
> a lock order defined in fx\inc\FxVerifierLock.hpp
> 7: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 8: FxPkgPnp::Dispatch - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520,
> IRP_MJ_PNP, !0xD0! IRP 0xDFCEA8C5
> 9: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 10: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 11: FxInterrupt::AssignResources - Is MSI? 0, MSI-ID 0, AffinityPolicy

> WdfIrqPolicyOneCloseProcessor, Priority WdfIrqPriorityUndefined,
Affinity
> 0x3, Irql 0x5, Vector 0x151
> 12: FxInterrupt::ForceDisconnect - Force disconnect called on
WDFDEVICE
> 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
> 13: FxInterrupt::ForceReconnect - Force connect called on WDFDEVICE
> 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
> 14: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 15: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 16: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 17: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 18: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 19: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 20: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 21: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 22: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 23: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 24: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 25: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 26: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 27: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 28: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 29: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 30: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> ---- end of log ----
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

6

I would suggest doing what you’re trying to do in
EvtDeviceD0EntryPostInterruptsEnabled. That’s what it’s for.

  • Jake

“Doron Holan” wrote in message
news:xxxxx@ntdev…
Yup, they are connected post D0Entry

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
Sent: Friday, December 01, 2006 7:05 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Crash in Wdf01000!FxInterrupt::_InterruptThunk?

You can not call WdfInterruptEnable/Disable until after PrepareHardware
has
completed. This is the time that the interrupt objects will be
initialized
on your behalf (connected to your ISR routine) by the framework. In
fact,
you may have to wait until after D0Entry, but I don’t remeber for
certain.

Beverly

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Thursday, November 30, 2006 7:43 AM
Subject: [ntdev] Crash in Wdf01000!FxInterrupt::_InterruptThunk?

> Hi,
> I am in the process of developing my KWDF driver for a PCI device.
> I encountered a crash (Windbg output below) when I made the following
> sequence.
>
> The sequence is:
> 1.My EvtDevicePrepareHardware is called.
> 2.I call a generic function named resetChip.
> 3.Since its generic, its calls WdfInterruptDisable to disable the
> interrupts.
> 4.At the end of my EvtDevicePrepareHardware callback I call
> WdfInterruptEnable to re-enable the interrupt.
>
> After this sequence, the first interrupt causes the crash.
> If I don’t muck with WdfInterruptDisable/WdfInterruptEnable at
> EvtDevicePrepareHardware I am OK so I used a flag to indicate I am
under
> device initialization and checked it in my resetChip function to
decide
> whether to disable the interrupts or not.
>
> So, what is the proper use of the
WdfInterruptDisable/WdfInterruptEnable
> functions and when am I allowed to call them?
>
> Attached below is windbg output. The machine is win2k3 SP1 x64, and
KWDF
> version is 1.5.
>
> Thanks,
> Eran.
>
> 1: kd> !analyze -v
>
*****************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
>
*****************************************************************
>
> INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
> Arguments:
> Arg1: 0000000000000000
> Arg2: 0000000000000000
> Arg3: 0000000000000000
> Arg4: fffffadfc8b3d4d0
>
> Debugging Details:
> ------------------
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x3D
>
> PROCESS_NAME: Idle
>
> CURRENT_IRQL: 5
>
> EXCEPTION_RECORD: fffffadfc941d930 – (.exr fffffadfc941d930)
> ExceptionAddress: fffffadfc8b3d4d0
> (Wdf01000!FxInterrupt::_InterruptThunk+0x0000000000000018)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 0000000000000000
> Parameter[1]: ffffffffffffffff
> Attempt to read from address ffffffffffffffff
>
> TRAP_FRAME: fffffadfc941d9c0 – (.trap fffffadfc941d9c0)
> NOTE: The trap frame does not contain all registers.
> Some register values may be zeroed.
> rax=fffffadfce655500 rbx=fffff800011b6940 rcx=0000000000000000
> rdx=00000000fffffadf rsi=0000000032737065 rdi=fffffadfce7bf040
> rip=fffffadfc8b3d4d0 rsp=fffffadfc941db58 rbp=fffffadfc941dc30
> r8=0000034b290d63b8 r9=0000000000000000 r10=fffffadfc90ad450
> r11=fffffadfce655588 r12=0000000000000000 r13=0000000000000000
> r14=0000000000000000 r15=0000000000000000
> iopl=0 nv up ei pl zr na po nc
> Wdf01000!FxInterrupt::_InterruptThunk+0x18:
> fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h]<br>&gt; ds:0002:fffffadfce655608=444f784600000000
> Resetting default scope
>
> LAST_CONTROL_TRANSFER: from fffff800010e1d8e to fffff800010499e0
>
> STACK_TEXT:
> fffffadfc941c2a8 fffff800010e1d8e : 0000000000000000<br>0000000000000000
> 000000000000003d fffff8000105f60e : nt!DbgBreakPointWithStatus
> fffffadfc941c2b0 fffff800010e3384 : fffff80000000003<br>000000000000003d
> 0000000000000000 0000000000000000 : nt!KiBugCheckDebugBreak+0x1e
> fffffadfc941c310 fffff8000104e994 : 0000000000000202<br>fffff80001055a70
> 0000000000000008 fffffadfc90ab180 : nt!KeBugCheck2+0x676
> fffffadfc941c960 fffff8000104e5b4 : 000000000000003d<br>0000000000000000
> 0000000000000000 0000000000000000 : nt!KeBugCheckEx+0x104
> fffffadfc941c9a0 fffff8000104f478 : fffffadfc941cc50<br>0000000000000000
> fffffadfc941d930 fffff8000104f557 : nt!KiBugCheckDispatch+0x74
> fffffadfc941cb20 fffff8000105be2d : fffffadfc941d930<br>00000000c941d930
> 0000000000000000 fffffadfc941da40 : nt!KiInterruptHandler+0x28
> fffffadfc941cb50 fffff80001031251 : 0000000000000064<br>fffffadfc941db60
> 0000000000000000 00000000c941d930 :
> nt!RtlpExecuteHandlerForException+0xd
> fffffadfc941cb80 fffff8000101736a : fffffadf00000000<br>fffffadfc941d340
> fffffadfc941d930 fffffadfc941da40 : nt!RtlDispatchException+0x2c0
> fffffadfc941d240 fffff8000104e6af : fffffadfc941d930<br>0000000000000000
> fffffadfc941d9c0 fffff8000105259d : nt!KiDispatchException+0xd9
> fffffadfc941d840 fffff8000104d34d : fffffabdaa8ecca0<br>fffffadfc8ffc488
> 0000000000000000 fffff800010599f0 : nt!KiExceptionExit
> fffffadfc941d9c0 fffffadfc8b3d4d0 : fffff8000104f749<br>0000000000000000
> fffffadfce76d010 0000000000000246 : nt!KiGeneralProtectionFault+0xcd
> fffffadfc941db58 fffff8000104f749 : 0000000000000000<br>fffffadfce76d010
> 0000000000000246 fffff800010027e1 :
> Wdf01000!FxInterrupt::_InterruptThunk+0x18
> fffffadfc941db60 fffff8000104f557 : fffffadfc90ad480<br>fffffadfc941dc30
> fffffadfc90ad480 fffffadfce965a90 :
nt!KiScanInterruptObjectList+0x89
> fffffadfc941dbb0 fffffadfc8d55b42 : fffffadfc8d55759<br>0000000000000010
> 0000000000000246 fffffadfc941dd70 : nt!KiChainedDispatch+0xd7
> fffffadfc941dd48 fffffadfc8d55759 : 0000000000000010<br>0000000000000246
> fffffadfc941dd70 fffffadfcef31040 : intelppm!C1Halt+0x2
> fffffadfc941dd50 fffff80001055a16 : fffffadfc90ad450<br>fffff800011b6940
> fffffadfcef31040 0000000000000000 : intelppm!AcpiC1Idle+0x19
> fffffadfc941dd80 fffff8000106fcee : fffffadfc90ab180<br>fffffadfc90ab180
> fffffadfc90b3680 fffffadfcef31040 : nt!PopProcessorIdle+0x10a
> fffffadfc941ddb0 fffff800014231d1 : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x1e
> fffffadfc941dde0 00000000fffffadf : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : nt!KiSystemStartup+0x1bf
> fffffadfc90ad640 0000000000000000 : 0000000000000000<br>0000000000000000
> 0000000000000000 0068000000000000 : 0xfffffadf
> fffffadfc90ad648 0000000000000000 : 0000000000000000<br>0000000000000000
> 0068000000000000 0000000000000000 : 0x0
> fffffadfc90ad650 0000000000000000 : 0000000000000000<br>0068000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad658 0000000000000000 : 0068000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad660 0068000000000000 : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : 0x0
> fffffadfc90ad668 0000000000000000 : 0000000000000000<br>0000000000000000
> 0000000000000000 0000000000000000 : 0x68000000000000<br>&gt; fffffadfc90ad670 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad678 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad680 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad688 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad690 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad698 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6a0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6a8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6b0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6b8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6c0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6c8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6d0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6d8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6e0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6e8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6f0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad6f8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad700 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad708 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad710 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad718 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad720 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad728 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad730 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad738 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad740 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad748 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad750 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad758 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad760 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad768 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad770 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad778 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad780 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad788 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad790 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad798 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7a0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7a8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7b0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7b8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7c0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7c8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7d0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7d8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7e0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7e8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7f0 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt; fffffadfc90ad7f8 0000000000000000 : 0000000000000000
0000000000000000<br>&gt; 0000000000000000 0000000000000000 : 0x0<br>&gt;<br>&gt;<br>&gt; STACK_COMMAND: kb<br>&gt;<br>&gt; FOLLOWUP_IP:<br>&gt; Wdf01000!FxInterrupt::_InterruptThunk+18<br>&gt; fffffadfc8b3d4d0 48ffa008010000 jmp qword ptr [rax+108h]
>
> SYMBOL_STACK_INDEX: b
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: Wdf01000
>
> IMAGE_NAME: Wdf01000.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4549bdc7
>
> SYMBOL_NAME: Wdf01000!FxInterrupt::_InterruptThunk+18
>
> FAILURE_BUCKET_ID:
X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18
>
> BUCKET_ID: X64_0x3D_VRF_Wdf01000!FxInterrupt::_InterruptThunk+18
>
> Followup: MachineOwner
> ---------
>
> 1: kd> !wdflogdump ql_topio
> Trace searchpath is:
>
> Trace format prefix is: %7!u!: %!FUNC! -
> TMF file used for formatting IFR log is: C:\eran\wdf01005.tmf
> Log at fffffadfce615000
> Gather log: Please wait, this may take a moment (reading 4024 bytes).
> % read so far … 10, 20, 30, 100
> There are 30 log entries
> — start of log —
> 1: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 2: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 3: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 4: imp_WdfRegistryQueryULong - WDFKEY 312B1C98, QueryULong, NTSTATUS=
> 520
> 5: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not
have
> a lock order defined in fx\inc\FxVerifierLock.hpp
> 6: FxVerifierLock::InitializeLockOrder - Object Type 0x1036 does not
have
> a lock order defined in fx\inc\FxVerifierLock.hpp
> 7: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 8: FxPkgPnp::Dispatch - WDFDEVICE 0x31A7B4F8 !devobj 0x00000520,
> IRP_MJ_PNP, !0xD0! IRP 0xDFCEA8C5
> 9: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 10: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 11: FxInterrupt::AssignResources - Is MSI? 0, MSI-ID 0, AffinityPolicy

> WdfIrqPolicyOneCloseProcessor, Priority WdfIrqPriorityUndefined,
Affinity
> 0x3, Irql 0x5, Vector 0x151
> 12: FxInterrupt::ForceDisconnect - Force disconnect called on
WDFDEVICE
> 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
> 13: FxInterrupt::ForceReconnect - Force connect called on WDFDEVICE
> 31A7B4F8, WDFINTERRUPT 00000520, PKINTERRUPT 319B69D8
> 14: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 15: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 16: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 17: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 18: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 19: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 20: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 21: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 22: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 23: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 24: FxPkgPnp::PowerEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering Power State 0xCEA8C5D0 from 0xFFFFFADF
> 25: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 26: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 27: FxPkgPnp::PowerPolicyEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
> 0x00000520 entering power policy state 0xCEA8C5D0 from 0xFFFFFADF
> 28: FxPowerIdleMachine::ProcessEventLocked - WDFDEVICE 0x31A7B4F8
!devobj
> 0x00000520 entering power idle state 0xCEA8C5D0 from 0xFFFFFADF
> 29: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> 30: FxPkgPnp::PnpEnterNewState - WDFDEVICE 0x31A7B4F8 !devobj
0x00000520
> entering PnP State 0xCEA8C5D0 from 0xFFFFFADF
> ---- end of log ----
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer