i’m intermittently getting a bugcheck in our driver. we’re using version 1.5 of WDF, running in XP Pro SP2. windbg says its in wdf01000!imp_WdfWorkItemEnqueue+0x29.
is there anyway to get more visibility into wdf01000.sys to find out what when wrong and prevent this?
xxxxx@ddc-web.com wrote:
i’m intermittently getting a bugcheck in our driver. we’re using version 1.5 of WDF, running in XP Pro SP2. windbg says its in wdf01000!imp_WdfWorkItemEnqueue+0x29.
is there anyway to get more visibility into wdf01000.sys to find out what when wrong and prevent this?
Which bug check? WDF issues some bug checks on its own for validation
problems. What does the in-flight recorder say (!wdflogdump)?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
kd> !analyze -v
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
…
Loading User Symbols
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4549b23a
FAULTING_IP:
nt!DbgBreakPoint+0
8052a828 cc int 3
EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 8052a828 (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 00000001
Parameter[2]: 00000000
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x0
LAST_CONTROL_TRANSFER: from f4d0e1f5 to 8052a828
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
805503c0 f4d0e1f5 805503fc f79bc619 86546b28 nt!DbgBreakPoint
805503c8 f79bc619 86546b28 86586940 00000000 Wdf01000!imp_WdfWorkItemEnqueue+0x29
805503fc f4d489ee 00000004 00002020 8055b0a0 e2mapci!ddcEvtInterruptDpc+0x237 [c:\e2mapci\sys\isrdpc.c @ 489]
80550418 f4d48a37 85f54eb0 00000000 ffdff980 Wdf01000!FxInterrupt::DpcHandler+0x76
80550428 805450bf 85f54efc 85f54eb0 85f54eb0 Wdf01000!FxInterrupt::_InterruptDpcThunk+0x13
80550450 80544fa4 00000000 0000000e 00000000 nt!KiDispatchInterrupt+0x4bf
8055ae40 00000000 8055ae48 8055ae48 8055ae50 nt!KiDispatchInterrupt+0x3a4
STACK_COMMAND: kb
FOLLOWUP_IP:
Wdf01000!imp_WdfWorkItemEnqueue+29
f4d0e1f5 5d pop ebp
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
SYMBOL_NAME: Wdf01000!imp_WdfWorkItemEnqueue+29
BUCKET_ID: WRONG_SYMBOLS
This is not a bugcheck, this is a programmatic error on your part (note that the bugcheck params are all zero, there is a call DbgBreakpoint on the stack). !wdflogdump will tell you what went wrong. Based on the stack, you passed in a bad WDFWORKITEM handle, perhaps it was already freed
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@ddc-web.com
Sent: Tuesday, November 13, 2007 10:46 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] WdfWorkItemEnqueue Bugcheck
kd> !analyze -v
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
…
Loading User Symbols
Loading unloaded module list
…
****************************************************************************
*
Bugcheck Analysis
***************************************************************************
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4549b23a
FAULTING_IP:
nt!DbgBreakPoint+0
8052a828 cc int 3
EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 8052a828 (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 00000001
Parameter[2]: 00000000
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
BUGCHECK_STR: 0x0
LAST_CONTROL_TRANSFER: from f4d0e1f5 to 8052a828
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
805503c0 f4d0e1f5 805503fc f79bc619 86546b28 nt!DbgBreakPoint
805503c8 f79bc619 86546b28 86586940 00000000 Wdf01000!imp_WdfWorkItemEnqueue+0x29
805503fc f4d489ee 00000004 00002020 8055b0a0 e2mapci!ddcEvtInterruptDpc+0x237 [c:\e2mapci\sys\isrdpc.c @ 489]
80550418 f4d48a37 85f54eb0 00000000 ffdff980 Wdf01000!FxInterrupt::DpcHandler+0x76
80550428 805450bf 85f54efc 85f54eb0 85f54eb0 Wdf01000!FxInterrupt::_InterruptDpcThunk+0x13
80550450 80544fa4 00000000 0000000e 00000000 nt!KiDispatchInterrupt+0x4bf
8055ae40 00000000 8055ae48 8055ae48 8055ae50 nt!KiDispatchInterrupt+0x3a4
STACK_COMMAND: kb
FOLLOWUP_IP:
Wdf01000!imp_WdfWorkItemEnqueue+29
f4d0e1f5 5d pop ebp
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
SYMBOL_NAME: Wdf01000!imp_WdfWorkItemEnqueue+29
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
xxxxx@ddc-web.com wrote:
kd> !analyze -v
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
…
Loading User SymbolsLoading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
…
FAULTING_IP:
nt!DbgBreakPoint+0
8052a828 cc int 3EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 8052a828 (nt!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
…
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
805503c0 f4d0e1f5 805503fc f79bc619 86546b28 nt!DbgBreakPoint
805503c8 f79bc619 86546b28 86586940 00000000 Wdf01000!imp_WdfWorkItemEnqueue+0x29
805503fc f4d489ee 00000004 00002020 8055b0a0 e2mapci!ddcEvtInterruptDpc+0x237 [c:\e2mapci\sys\isrdpc.c @ 489]
Notice in the call to WdfWorkItemEnqueue that the parameters are all
kernel addresses. In KMDF, handles are the complement (roughly) of the
structure addresses, so that KMDF handles are always positive numbers.
Is it possible that you allocated a regular work item (like a
WORK_QUEUE_ITEM or an IO_WORKITEM) and tried to hand that to
WdfWorkItemEnqueue? That doesn’t work. It has to be created by
WdfWorkItemCreate.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Getting your symbols working would be a good idea, whatever the problem
is. You might wish to try this:
.symopt+ 0x80000000
.sympath srv*<local_folder>http://msdl.microsoft.com/download/symbols
.reload -f -n
lml
LOCAL_FOLDER is the path of folder on your computer you wish to use to
store the symbols.
You should see (the lml output) a list of symbols that are loaded, and
no more than a few error messages listed, and those will only be for
more or less non-microsoft files; minimally, you must have symbols (not
just exports) for nt and hal before proceeding.
Good luck,
mm
Tim Roberts wrote:
> xxxxx@ddc-web.com wrote:
>> kd> !analyze -v
>> Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
>> ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
>> Loading Kernel Symbols
>> …
>> Loading User Symbols
>>
>> Loading unloaded module list
>> …
>>***************************************************************************
>> * *
>> * Bugcheck Analysis *
>> * *
>> *******************************************************************************
>> …
>> FAULTING_IP:
>> nt!DbgBreakPoint+0
>> 8052a828 cc int 3
>>
>> EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
>> ExceptionAddress: 8052a828 (nt!DbgBreakPoint)
>> ExceptionCode: 80000003 (Break instruction exception)
>> ExceptionFlags: 00000000
>> …
>> ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
>>
>> STACK_TEXT:
>> WARNING: Stack unwind information not available. Following frames may be wrong.
>> 805503c0 f4d0e1f5 805503fc f79bc619 86546b28 nt!DbgBreakPoint
>> 805503c8 f79bc619 86546b28 86586940 00000000 Wdf01000!imp_WdfWorkItemEnqueue+0x29
>> 805503fc f4d489ee 00000004 00002020 8055b0a0 e2mapci!ddcEvtInterruptDpc+0x237 [c:\e2mapci\sys\isrdpc.c @ 489]
>>
>
> Notice in the call to WdfWorkItemEnqueue that the parameters are all
> kernel addresses. In KMDF, handles are the complement (roughly) of the
> structure addresses, so that KMDF handles are always positive numbers.
>
> Is it possible that you allocated a regular work item (like a
> WORK_QUEUE_ITEM or an IO_WORKITEM) and tried to hand that to
> WdfWorkItemEnqueue? That doesn’t work. It has to be created by
> WdfWorkItemCreate.
></local_folder>
Just to be clear, the <> around LOCAL_FOLDER should not be included in
the .sympath.
mm
Martin O’Brien wrote:
Getting your symbols working would be a good idea, whatever the problem
is. You might wish to try this:.symopt+ 0x80000000
.sympath srv*<local_folder>http://msdl.microsoft.com/download/symbols
> .reload -f -n
> lml
>
> LOCAL_FOLDER is the path of folder on your computer you wish to use to
> store the symbols.
>
> You should see (the lml output) a list of symbols that are loaded, and
> no more than a few error messages listed, and those will only be for
> more or less non-microsoft files; minimally, you must have symbols (not
> just exports) for nt and hal before proceeding.
>
> Good luck,
>
> mm
>
>
>
> Tim Roberts wrote:
>> xxxxx@ddc-web.com wrote:
>>> kd> !analyze -v
>>> Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
>>> ERROR: Symbol file could not be found. Defaulted to export
>>> symbols for ntkrpamp.exe - Loading Kernel Symbols
>>> …
>>>
>>> Loading User Symbols
>>>
>>> Loading unloaded module list
>>> …
>>>***************************************************************************
>>>
>>> *
>>> *
>>> * Bugcheck
>>> Analysis *
>>> *
>>> *
>>> *******************************************************************************
>>>
>>> …
>>> FAULTING_IP: nt!DbgBreakPoint+0
>>> 8052a828 cc int 3
>>>
>>> EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
>>> ExceptionAddress: 8052a828 (nt!DbgBreakPoint)
>>> ExceptionCode: 80000003 (Break instruction exception)
>>> ExceptionFlags: 00000000
>>> …
>>> ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A
>>> breakpoint has been reached.
>>>
>>> STACK_TEXT: WARNING: Stack unwind information not available.
>>> Following frames may be wrong.
>>> 805503c0 f4d0e1f5 805503fc f79bc619 86546b28 nt!DbgBreakPoint
>>> 805503c8 f79bc619 86546b28 86586940 00000000
>>> Wdf01000!imp_WdfWorkItemEnqueue+0x29
>>> 805503fc f4d489ee 00000004 00002020 8055b0a0
>>> e2mapci!ddcEvtInterruptDpc+0x237 [c:\e2mapci\sys\isrdpc.c @ 489]
>>>
>>
>> Notice in the call to WdfWorkItemEnqueue that the parameters are all
>> kernel addresses. In KMDF, handles are the complement (roughly) of the
>> structure addresses, so that KMDF handles are always positive numbers.
>>
>> Is it possible that you allocated a regular work item (like a
>> WORK_QUEUE_ITEM or an IO_WORKITEM) and tried to hand that to
>> WdfWorkItemEnqueue? That doesn’t work. It has to be created by
>> WdfWorkItemCreate.
>>
></local_folder>
here’s what i get with wdflogdump. the system is on a private network so i have the symblols on a local drive.
0: kd> !wdfkd.wdflogdump e2mapci
Trace searchpath is:
Trace format prefix is: %7!u!: %!FUNC! -
Log at 86503000
Gather log: Please wait, this may take a moment (reading 4032 bytes).
% read so far … 10, 20, 30, 40, 50, 60, 70, 80, 90, 100
There are 110 log entries
— start of log —
Unknown( 30): GUID=c0c46952-af17-391c-53da-6d2c4e9fb061 (No Format Information found).
Unknown( 54): GUID=c0c46952-af17-391c-53da-6d2c4e9fb061 (No Format Information found).
Unknown( 16): GUID=94d75394-61b1-cfc4-39ce-38ac1897e23f (No Format Information found).
Unknown( 43): GUID=c0c46952-af17-391c-53da-6d2c4e9fb061 (No Format Information found).
Unknown( 12): GUID=3b30e107-5dbd-62b0-a39e-45720da4f791 (No Format Information found).
Unknown( 15): GUID=94d75394-61b1-cfc4-39ce-38ac1897e23f (No Format Information found).
Unknown( 33): GUID=c0c46952-af17-391c-53da-6d2c4e9fb061 (No Format Information found).
Unknown( 38): GUID=c0c46952-af17-391c-53da-6d2c4e9fb061 (No Format Information found).
Unknown( 48): GUID=c0c46952-af17-391c-53da-6d2c4e9fb061 (No Format Information found).
Unknown( 22): GUID=329115be-5f6c-039a-32ab-17a8ecf643e0 (No Format Information found).
Unknown( 25): GUID=329115be-5f6c-039a-32ab-17a8ecf643e0 (No Format Information found).
Unknown( 17): GUID=329115be-5f6c-039a-32ab-17a8ecf643e0 (No Format Information found).
xxxxx@ddc-web.com wrote:
here’s what i get with wdflogdump. the system is on a private network so i have the symblols on a local drive.
You need
!wdfkd.wdftmffile \winddk\6000\tools\tracing\i386\wdf01005.tmf
first so it can crack the messages in the log (assuming you are running
KMDF 1.5).
Note that after you have done !wdfkd.xxx once, you don’t need to specify
“wdfkd” any more. !wdflogdump will work.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.