none
windows NDIS KMDF USB driver RRS feed

  • Question

  • I am writing a Windows NDIS KMDF driver for USB wifi adapter.

    I am using a continuous reader to read the packets.

    when the read callback is called, i get assertion from the kernel at random times.

    This happens sometimes after 1 hour of ping run, 2 hours etc.

    It happens only when the callback routine context attempts to acquire a spinlock.

    posting the output of "analyze -v":

     kd> gh
    Assertion failure - code c0000420 (first chance)
    nt! ?? ::FNODOBFM::`string'+0x4f4a:
    fffff800`0312f7d6 cd2c            int     2Ch
    0: kd> gn

    *** Fatal System Error: 0x0000003d
                           (0xFFFFF8000486A970,0x0000000000000000,0x0000000000000000,0xFFFFF8000312F7D6)

    Break instruction exception - code 80000003 (first chance)

    A fatal system error has occurred.
    Debugger entered on first try; Bugcheck callbacks have not been invoked.

    A fatal system error has occurred.

    nt!DbgBreakPointWithStatus:
    fffff800`030cf3f0 cc              int     3
    0: kd> !analyze -v
    Connected to Windows 7 7601 x64 target at (Thu Sep  3 09:46:49.402 2015 (UTC + 1:00)), ptr64 TRUE
    Loading Kernel Symbols
    ..........................

    Loading unloaded module list
    .................Unable to enumerate user-mode unloaded modules, Win32 error 0n30
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
    Arguments:
    Arg1: fffff8000486a970
    Arg2: 0000000000000000
    Arg3: 0000000000000000
    Arg4: fffff8000312f7d6

    Debugging Details:
    ------------------


    CONTEXT:  fffff8000486a970 -- (.cxr 0xfffff8000486a970;r)
    rax=00000d8349d83d70 rbx=fffff80003257e80 rcx=0000000000000002
    rdx=0000000000000000 rsi=fffffa8015889040 rdi=0000000000000001
    rip=fffff8000312f7d6 rsp=fffff8000486b350 rbp=0000000000000001
     r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000002
    r14=0000000000000004 r15=0000000000000001
    iopl=0         nv up ei pl zr na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
    nt! ?? ::FNODOBFM::`string'+0x4f4a:
    fffff800`0312f7d6 cd2c            int     2Ch
    Last set context:
    rax=00000d8349d83d70 rbx=fffff80003257e80 rcx=0000000000000002
    rdx=0000000000000000 rsi=fffffa8015889040 rdi=0000000000000001
    rip=fffff8000312f7d6 rsp=fffff8000486b350 rbp=0000000000000001
     r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000002
    r14=0000000000000004 r15=0000000000000001
    iopl=0         nv up ei pl zr na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
    nt! ?? ::FNODOBFM::`string'+0x4f4a:
    fffff800`0312f7d6 cd2c            int     2Ch
    Resetting default scope

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    BUGCHECK_STR:  0x3D

    CURRENT_IRQL:  0

    ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

    EXCEPTION_RECORD:  0000000000000001 -- (.exr 0x1)
    Cannot read Exception record @ 0000000000000001

    TRAP_FRAME:  fffff880056c7f60 -- (.trap 0xfffff880056c7f60)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    Unable to get program counter
    rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=0000000000000004 rsp=fffff800034df610 rbp=fffff800034b12e0
     r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=3 vip     ov dn ei ng nz na pe nc
    d110:0004 ??              ???
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800030e1d67 to fffff8000312f7d6

    STACK_TEXT:  
    fffff800`0486b350 fffff800`030e1d67 : fffffa80`0c7be010 fffff800`03257e80 00000000`00026160 fffff800`0486b4e0 : nt! ?? ::FNODOBFM::`string'+0x4f4a
    fffff800`0486b3e0 fffff800`03025895 : fffff800`0304b460 fffff800`0486b590 fffff800`0304b460 fffffa80`00000000 : nt!KeUpdateSystemTime+0x377
    fffff800`0486b4e0 fffff800`030d3b13 : 00000000`00000000 fffffa80`0c9ee001 00000000`48c4c0e9 fffffa80`0d23c180 : hal!HalpHpetClockInterrupt+0x8d
    fffff800`0486b510 fffff800`030bf2a3 : 00000000`00000001 fffff880`056b8dc0 fffff880`056c7f60 fffffa80`0d556ed0 : nt!KiInterruptDispatchNoLock+0x163
    fffff800`0486b6a0 fffff800`030cd57f : fffff800`03257e80 00000000`00000000 fffffa80`0d556f01 00000000`00000000 : nt!KxWaitForSpinLockAndAcquire+0x23
    fffff800`0486b6d0 fffff880`0692b42b : 00000000`00000000 ffff0001`00000000 fffffa80`12dd1f90 fffffa80`111800a8 : nt!KeAcquireSpinLockAtDpcLevel+0x6f
    fffff800`0486b720 fffff880`0692b5c5 : fffffa80`0c9ee030 fffff880`00e3fd65 fffffa80`0d556f21 000003e7`00000200 : usbztex!HwGetReceivedMPDU+0x2b [d:\development\usbztex_10july\hw\hw_recv.c @ 705]
    fffff800`0486b760 fffff880`0693222d : fffffa80`0c9ee030 00000000`0000000a fffffa80`11c7b4c0 00000000`00000088 : usbztex!HwHandleReceiveInterrupt+0x95 [d:\development\usbztex_10july\hw\hw_recv.c @ 3176]
    fffff800`0486b810 fffff880`00e5f8e0 : 0000057f`ee07afd8 0000057f`ee384bb8 00000000`00000088 fffffa80`0c9f51f0 : usbztex!UsbTargetPipeReadComplete+0x7d [d:\development\usbztex_10july\hw\usb.c @ 838]
    fffff800`0486b870 fffff880`00e0cc6c : fffffa80`13382c00 00000000`00000000 fffffa80`0fd73320 00000000`00000000 : Wdf01000!FxUsbPipeContinuousReader::_FxUsbPipeRequestComplete+0x64
    fffff800`0486b8f0 fffff880`00e0d950 : fffffa80`11f85030 fffffa80`11f85020 00000000`00000001 fffffa80`11f85030 : Wdf01000!FxRequestBase::CompleteSubmitted+0x170
    fffff800`0486b970 fffff880`00e0ce2c : fffffa80`11180002 fffff880`0615d222 00000000`00000000 00000000`00000000 : Wdf01000!FxIoTarget::RequestCompletionRoutine+0x1c0
    fffff800`0486b9e0 fffff800`030c3dc5 : ff000000`00000000 00000000`00000009 fffffa80`0c900e08 fffff880`00000000 : Wdf01000!FxIoTarget::_RequestCompletionRoutine+0x3c
    fffff800`0486ba10 fffff800`030da8f1 : fffffa80`12117bd3 00000000`00000000 00000000`00000000 fffff880`00000002 : nt!IopUnloadSafeCompletion+0x55
    fffff800`0486ba50 fffff880`056b04bb : 00000000`00000002 00000000`00000000 fffffa80`111663c0 00000000`00000000 : nt!IopfCompleteRequest+0x341
    fffff800`0486bb40 fffff880`056a0908 : fffffa80`111800a8 00000000`00000000 fffff800`0486bbe0 fffffa80`131a7e90 : iusb3xhc+0x634bb
    fffff800`0486bb70 fffff880`05699191 : fffffa80`0d556e00 fffffa80`111663c0 fffff880`056c7f60 fffffa80`12fcbce0 : iusb3xhc+0x53908
    fffff800`0486bbf0 fffff880`05684bc2 : fffffa80`111800a8 fffffa80`0fd3f000 fffffa80`0d556ed0 fffffa80`12fcbce0 : iusb3xhc+0x4c191
    fffff800`0486bc30 fffff880`0567a664 : fffffa80`0d556ed0 fffffa80`0fd3f000 fffffa80`0fd3f000 00000000`00000001 : iusb3xhc+0x37bc2
    fffff800`0486bca0 fffff880`05664432 : fffffa80`0fd3f000 fffffa80`11fb5450 fffffa80`11f85a02 00000000`00000001 : iusb3xhc+0x2d664
    fffff800`0486bdd0 fffff880`056638b7 : 00000000`00000000 fffffa80`0fd3f000 fffffa80`11f85fa0 00000000`00000010 : iusb3xhc+0x17432
    fffff800`0486bed0 fffff800`030e2ecc : fffff800`03257e80 fffff880`014e47a0 fffffa80`0d245158 00000000`00000000 : iusb3xhc+0x168b7
    fffff800`0486bf00 fffff800`030da035 : 00000000`00000000 fffffa80`15889040 00000000`00000000 fffff880`056637ac : nt!KiRetireDpcList+0x1bc
    fffff800`0486bfb0 fffff800`030d9e4c : fffffa80`128297b0 fffffa80`11f85ac0 00000000`00000004 00000000`00000000 : nt!KxRetireDpcList+0x5
    fffff880`0943b5b0 fffff800`03122653 : fffff800`030d3456 fffff800`030d34c2 fffffa80`12773050 fffffa80`0c964801 : nt!KiDispatchInterruptContinue
    fffff880`0943b5e0 fffff800`030d34c2 : fffffa80`12773050 fffffa80`0c964801 fffffa80`0d23c840 fffffa80`118ecca0 : nt!KiDpcInterruptBypass+0x13
    fffff880`0943b5f0 fffff880`0692e327 : fffffa80`0c9ee030 fffffa80`0c9ee230 fffffa80`1242eae0 fffffa80`132643c0 : nt!KiInterruptDispatch+0x212
    fffff880`0943b780 fffff880`0692e00f : fffffa80`0c9ee030 fffffa80`0c9ee230 fffffa80`1242eae0 fffffa80`121d8201 : usbztex!HwCompleteTxMSDU+0x87 [d:\development\usbztex_10july\hw\hw_send.c @ 2477]
    fffff880`0943b7b0 fffff880`0692efc3 : fffffa80`0c9ee030 fffffa80`0c9ee230 fffffa80`1242eae0 00000000`00000035 : usbztex!HwCheckSendQueueForCompletion+0x18f [d:\development\usbztex_10july\hw\hw_send.c @ 2522]
    fffff880`0943b830 fffff880`0693060f : fffffa80`0c9ee030 fffffa80`0ca31010 fffff880`0000003c 00000000`00000000 : usbztex!HwHandleSendCompleteInterrupt+0x73 [d:\development\usbztex_10july\hw\hw_send.c @ 3599]
    fffff880`0943b870 fffff880`0692fb2c : fffffa80`0c9ee030 fffffa80`0c9ee230 fffffa80`1242ef00 fffffa80`12773050 : usbztex!HwSubmitReadyMSDUs+0x26f [d:\development\usbztex_10july\hw\hw_send.c @ 1591]
    fffff880`0943b8f0 fffff880`0692d9eb : fffffa80`0c9ee030 fffffa80`0c9ee230 fffff880`00000013 fffff880`00000009 : usbztex!HwProcessReservedTxPackets+0x1bc [d:\development\usbztex_10july\hw\hw_send.c @ 1038]
    fffff880`0943b940 fffff880`069526f0 : fffffa80`0c9f0bf0 fffffa80`0cb2cb00 fffff880`00000000 fffff880`0698a910 : usbztex!Hw11SendPackets+0x47b [d:\development\usbztex_10july\hw\hw_send.c @ 3555]
    fffff880`0943b9f0 fffff880`069523b6 : fffffa80`0c9d0040 fffffa80`00000009 fffffa80`0cb2cb00 fffffa80`00000000 : usbztex!VNicSendPktsToHw+0x1f0 [d:\development\usbztex_10july\hvl\vnic_send.c @ 117]
    fffff880`0943ba60 fffff880`0694e13c : fffffa80`0c9d0040 fffffa80`0cfe0000 00000000`00000001 fffff880`0943bba8 : usbztex!VNicProcessQueuedPkts+0x246 [d:\development\usbztex_10july\hvl\vnic_send.c @ 157]
    fffff880`0943bac0 fffff800`033cdc73 : fffffa80`0c9d0040 fffffa80`12aef3b0 fffffa80`12b91a30 fffffa80`15889040 : usbztex!VNicPendingOpsWorkItem+0x32c [d:\development\usbztex_10july\hvl\vnic_main.c @ 1262]
    fffff880`0943bb40 fffff800`030e11b5 : fffff800`03282200 fffff800`033cdc01 fffffa80`15889000 fffffa80`00000002 : nt!IopProcessWorkItem+0x23
    fffff880`0943bb70 fffff800`033708e2 : 00000001`00100010 fffffa80`15889040 00000000`00000080 fffffa80`0c7a7040 : nt!ExpWorkerThread+0x111
    fffff880`0943bc00 fffff800`030c8f46 : fffff800`03257e80 fffffa80`15889040 fffffa80`1310d040 fffff8a0`050a6b01 : nt!PspSystemThreadStartup+0x5a
    fffff880`0943bc40 00000000`00000000 : fffff880`0943c000 fffff880`09436000 fffff880`0943b8a0 00000000`00000000 : nt!KxStartSystemThread+0x16

    • Edited by kk_2112 Thursday, September 3, 2015 9:11 AM
    Tuesday, September 1, 2015 9:45 AM

All replies

  • you should be able to submit requests for much later than max packet transfer size. Post your code, post the output of !analyze -v (with correct symbols)

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, September 3, 2015 3:10 AM