Hello, All!
Checked XP SP2. IEEE 1394 devices…
Before crash:
[MyDriver]: attach device 82613EB8 (1394 PC)
[MyDriver]: attach device 82613B00 (NIC1394)
[MyDriver]: attach device 8248FC80 (iLINK DRIVE)
[MyDriver]: QueryDeviceText
[MyDriver]: QueryDeviceText
[MyDriver]: InternalDeviceControl to \Driver\ohci1394
ndisEnum1394BusRequest: 1394 Bus driver failed the IRB. Status c00000bb
ndisEnum1394GetLocalHostForRemoteNode: ndisEnum1394BusRequest for
REQUEST_GET_LOCAL_HOST_INFO failed. Status c00000bb
ndisEnum1394AddDevice: ndisEnum1394GetLocalHostForRemoteNode failed. Status c00000bb
Unload module enum1394.sys at f87cf000
[MyDriver]: QueryDeviceText
[MyDriver]: QueryDeviceText
[MyDriver]: InternalDeviceControl to \Driver\ohci1394
ndisEnum1394BusRequest: 1394 Bus driver failed the IRB. Status c00000bb
ndisEnum1394GetLocalHostForRemoteNode: ndisEnum1394BusRequest for
REQUEST_GET_LOCAL_HOST_INFO failed. Status c00000bb
ndisEnum1394AddDevice: ndisEnum1394GetLocalHostForRemoteNode failed. Status c00000bb
Unload module enum1394.sys at f87df000
…
…
*** Fatal System Error: 0x00000050
(0x985B7764,0x00000000,0x8082BB23,0x00000000)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols
…
Loading User Symbols
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {985b7764, 0, 8082bb23, 0}
*** No owner thread found for resource 808f25c0
*** No owner thread found for resource 808f25c0
*** No owner thread found for resource 808f25c0
Probably caused by : ntkrnlmp.exe ( nt!IopRemoveLockedDeviceNode+19d )
Followup: MachineOwner
nt!RtlpBreakWithStatusInstruction:
808b8300 cc int 3
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 985b7764, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8082bb23, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
*** No owner thread found for resource 808f25c0
*** No owner thread found for resource 808f25c0
*** No owner thread found for resource 808f25c0
READ_ADDRESS: 985b7764
FAULTING_IP:
nt!IopRemoveLockedDeviceNode+19d
8082bb23 8b4010 mov eax,dword ptr [eax+10h]
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
TRAP_FRAME: f88aaabc – (.trap fffffffff88aaabc)
ErrCode = 00000000
eax=985b7754 ebx=8209c120 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=8082bb23 esp=f88aab30 ebp=f88aab48 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!IopRemoveLockedDeviceNode+0x19d:
8082bb23 8b4010 mov eax,dword ptr [eax+10h] ds:0023:985b7764=???
Resetting default scope
LOCK_ADDRESS: 808f2640 – (!locks 808f2640)
PNP_TRIAGE:
Lock address : 0x808f2640
Thread Count : 1
Thread address: 0x82a77020
Thread wait : 0x153a
LAST_CONTROL_TRANSFER: from 8082ebcd to 808b8300
STACK_TEXT:
f88aa600 8082ebcd 00000003 985b7764 00000000 nt!RtlpBreakWithStatusInstruction
f88aa64c 8082f840 00000003 c02616dc 00000001 nt!KiBugCheckDebugBreak+0x19
f88aaa2c 8082fdd1 00000050 985b7764 00000000 nt!KeBugCheck2+0x574
f88aaa4c 8089ca53 00000050 985b7764 00000000 nt!KeBugCheckEx+0x1b
f88aaaa4 808d6db8 00000000 985b7764 00000000 nt!MmAccessFault+0xd33
f88aaaa4 8082bb23 00000000 985b7764 00000000 nt!KiTrap0E+0xdc
f88aab48 80955f75 8209c120 0000001f e2461e00 nt!IopRemoveLockedDeviceNode+0x19d
f88aab68 80956157 8209c120 00000002 e2461e00 nt!IopDeleteLockedDeviceNode+0x99
f88aaba0 80964369 82613eb8 e2461e00 00000002 nt!IopDeleteLockedDeviceNodes+0x89
f88aac34 809647a2 f88aac74 80b95b24 e2852640 nt!PiProcessQueryRemoveAndEject+0x945
f88aac50 80964b74 f88aac74 82a77020 8090829c nt!PiProcessTargetDeviceEvent+0x6c
f88aad80 808c9e45 82105dd8 00000000 82a77020 nt!PiWalkDeviceList+0x1aa
f88aadac 809c996e 82105dd8 00000000 00000000 nt!ExpWorkerThread+0x10f
f88aaddc 808d8f22 808c9d36 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IopRemoveLockedDeviceNode+19d
8082bb23 8b4010 mov eax,dword ptr [eax+10h]
SYMBOL_STACK_INDEX: 6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 411089a3
SYMBOL_NAME: nt!IopRemoveLockedDeviceNode+19d
FAILURE_BUCKET_ID: 0x50_VRF_nt!IopRemoveLockedDeviceNode+19d
BUCKET_ID: 0x50_VRF_nt!IopRemoveLockedDeviceNode+19d
Followup: MachineOwner
0: kd> !devnode 8209c120
DevNode 0x8209c120 for PDO 0x82613eb8
Parent 0x82a21238 Sibling 0x82100008 Child 0000000000
InstancePath is “1394\Microsoft&1394_PC\2538000714C0000”
ServiceName is “ENUM1394”
State = DeviceNodeInitialized (0x302)
Previous State = DeviceNodeUnspecified (0x300)
StateHistory[02] = DeviceNodeAwaitingQueuedRemoval (0x30f)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
StateHistory[12] = Unknown State (0x0)
StateHistory[11] = Unknown State (0x0)
StateHistory[10] = Unknown State (0x0)
StateHistory[09] = Unknown State (0x0)
StateHistory[08] = Unknown State (0x0)
StateHistory[07] = Unknown State (0x0)
StateHistory[06] = Unknown State (0x0)
StateHistory[05] = Unknown State (0x0)
StateHistory[04] = Unknown State (0x0)
StateHistory[03] = Unknown State (0x0)
Flags (0x00000030) DNF_ENUMERATED, DNF_IDS_QUERIED
CapabilityFlags (0x000000d0) Removable, UniqueID,
SilentInstall
0: kd> !devobj 82613eb8
Device object (82613eb8) is for:
00000076 \Driver\ohci1394 DriverObject 82a1d818
Current Irp 00000000 RefCount 0 Type 0000002a Flags 00001040
Dacl e161d8b4 DevExt 82613f70 DevObjExt 82613fd0 DevNode 8209c120
ExtensionFlags (0xc0000010) DOE_START_PENDING, DOE_BOTTOM_OF_FDO_STACK,
DOE_DESIGNATED_FDO
AttachedDevice (Upper) 8260c628 \Driver\MyDriver
Device queue is not busy.
0: kd> !devobj 82613B00
Device object (82613b00) is for:
00000077 \Driver\ohci1394 DriverObject 82a1d818
Current Irp 00000000 RefCount 0 Type 0000002a Flags 00001040
Dacl e161d8b4 DevExt 82613bb8 DevObjExt 82613c18 DevNode 82100008
ExtensionFlags (0xc0000010) DOE_START_PENDING, DOE_BOTTOM_OF_FDO_STACK,
DOE_DESIGNATED_FDO
AttachedDevice (Upper) 8260c2c0 \Driver\MyDriver
Device queue is not busy.
0: kd> !devobj 8248FC80
Device object (8248fc80) is for:
0000007a \Driver\ohci1394 DriverObject 82a1d818
Current Irp 00000000 RefCount 0 Type 0000002a Flags 00001040
Dacl e161d8b4 DevExt 8248fd38 DevObjExt 8248fd98 DevNode 820d0ed8
ExtensionFlags (0xc0000000) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
AttachedDevice (Upper) 8246bcb8 \Driver\MyDriver
Device queue is not busy.
What is wrong? The same logic for USB works very well. Are ENUM1394 & NIC1394 special
device objects? If I skip processing these device objects, my driver will work ok with
other devices.
PS: My driver block attaching (modify QDR BusRelations list) any devices during system
boot until GINA starts. After that devices will be refreshed with help of
CM_Reenumerate_DevNode.
thanks,
Eugene.